import bash-5.1.8-6.el9_1

2023-03-28 08:53:39 +00:00 · 2023-03-28 08:53:39 +00:00 · 2f5d5b2ad1
parent 89980c9825
commit 2f5d5b2ad1
2 changed files with 20 additions and 1 deletions
--- a/SOURCES/bash-5.2-check-xform.patch
+++ b/SOURCES/bash-5.2-check-xform.patch
@ -0,0 +1,12 @@
+diff --git a/subst.c b/subst.c
+--- a/subst.c
+++ b/subst.c
+@@ -7959,7 +7959,7 @@ parameter_brace_transform (varname, value, ind, xform, rtype, quoted, pflags, fl
+       return ((char *)NULL);
+     }
+ 
+-  if (valid_parameter_transform (xform) == 0)
+  if (xform[0] == 0 || valid_parameter_transform (xform) == 0)
+     {
+       this_command_name = oname;
+ #if 0 /* TAG: bash-5.2 Martin Schulte <gnu@schrader-schulte.de> 10/2020 */
--- a/SPECS/bash.spec
+++ b/SPECS/bash.spec
@ -6,7 +6,7 @@
 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv3+
 Url: https://www.gnu.org/software/bash
 Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@ -90,6 +90,9 @@ Patch128: bash-5.0-syslog-history.patch
 # 2115206 - String matching behaves differently on aarch64
 Patch129: bash-5.1-mbrtowc.patch

+# 2141576 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform
+Patch130: bash-5.2-check-xform.patch
+
 BuildRequires:  gcc
 BuildRequires: texinfo bison
 BuildRequires: ncurses-devel
@ -321,6 +324,10 @@ end
 %{_libdir}/pkgconfig/%{name}.pc

 %changelog
+* Tue Nov 22 2022 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-6
+- Add a null check in parameter_brace_transform() function
+  Resolves: CVE-2022-3715
+
 * Mon Aug 08 2022 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-5
 - Fix an off by one error while calling mbrtowc()
  Resolves: #2115206