rpms/bash
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Disable unescaped slashes in bracket expressions

Browse Source 
Resolves: RHEL-92267

Signed-off-by: Siteshwar Vashisht <svashisht@redhat.com>
This commit is contained in:
Siteshwar Vashisht 2025-05-29 13:36:03 +02:00
parent 8aaece81f3
commit 3ee228b797
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
bash-5.0-glob-disable-slash.patch Normal file
View File

@ -0,0 +1,40 @@
diff --git a/pathexp.c b/pathexp.c
--- a/pathexp.c
+++ b/pathexp.c
@@ -58,7 +58,10 @@ int extended_glob = EXTGLOB_DEFAULT;
/* Control enabling special handling of `**' */
int glob_star = 0;
-/* Return nonzero if STRING has any unquoted special globbing chars in it. */
+/* Return nonzero if STRING has any unquoted special globbing chars in it.
+ This is supposed to be called when pathname expansion is performed, so
+ it implements the rules in Posix 2.13.3, specifically that an unquoted
+ slash cannot appear in a bracket expression. */
int
unquoted_glob_pattern_p (string)
register char *string;
@@ -89,6 +92,10 @@ unquoted_glob_pattern_p (string)
return (1);
continue;
+ case '/':
+ if (open)
+ open = 0;
+
case '+':
case '@':
case '!':
@@ -98,7 +105,12 @@ unquoted_glob_pattern_p (string)
case CTLESC:
case '\\':
- if (*string++ == '\0')
+ if (open && *string == '/')
+ {
+ string++; /* quoted slashes in bracket expressions are ok */
+ continue;
+ }
+ else if (*string++ == '\0')
return (0);
}

9
bash.spec
View File

@ -7,7 +7,7 @@
Version: %{baseversion}%{patchleveltag} Version: %{baseversion}%{patchleveltag}
Name: bash Name: bash
Summary: The GNU Bourne Again shell Summary: The GNU Bourne Again shell
Release: 5%{?dist} Release: 6%{?dist}
License: GPLv3+ License: GPLv3+
Url: https://www.gnu.org/software/bash Url: https://www.gnu.org/software/bash
Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@ -120,6 +120,9 @@ Patch139: bash-4.4-fix-buffered_getchar-crash.patch
# Enable audit logs # Enable audit logs
Patch140: bash-4.3-audit.patch Patch140: bash-4.3-audit.patch
# Disable unescaped slashes in bracket expressions
Patch141: bash-5.0-glob-disable-slash.patch
BuildRequires: texinfo bison BuildRequires: texinfo bison
BuildRequires: ncurses-devel BuildRequires: ncurses-devel
BuildRequires: autoconf, gettext BuildRequires: autoconf, gettext
@ -344,6 +347,10 @@ end
%{_libdir}/pkgconfig/%{name}.pc %{_libdir}/pkgconfig/%{name}.pc
%changelog %changelog
* Thu May 29 2025 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.20-6
- Disable unescaped slashes in bracket expressions
Resolves: RHEL-92267
* Fri Feb 09 2024 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.20-5 * Fri Feb 09 2024 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.20-5
- Restore audit logs in bash-4.3 or newer versions - Restore audit logs in bash-4.3 or newer versions
Resolves: RHEL-24990 Resolves: RHEL-24990