import CS bash-5.1.8-9.el9_3

2024-04-30 11:33:19 +00:00 · 2024-04-30 11:33:19 +00:00 · 4533026da9
parent 1a3ebc6398
commit 4533026da9
5 changed files with 62 additions and 99 deletions
--- a/SOURCES/bash-3.2-audit.patch
+++ b/SOURCES/bash-3.2-audit.patch
@ -1,96 +0,0 @@
-diff -up bash-4.2/config.h.in.audit bash-4.2/config.h.in
--- bash-4.2/config.h.in.audit	2013-01-31 16:26:16.857698992 +0100
-+++ bash-4.2/config.h.in	2013-01-31 16:26:16.876699255 +0100
-@@ -1131,6 +1131,14 @@
- 
- /* End additions for lib/intl */
- 
-+
-+/* Additions for lib/readline */
-+
-+/* Define if you have <linux/audit.h> and it defines AUDIT_USER_TTY */
-+#undef HAVE_DECL_AUDIT_USER_TTY
-+
-+/* End additions for lib/readline */
-+
- #include "config-bot.h"
- 
- #endif /* _CONFIG_H_ */
-diff -up bash-4.2/configure.in.audit bash-4.2/configure.in
--- bash-4.2/configure.in.audit	2013-01-31 16:26:16.858699005 +0100
-+++ bash-4.2/configure.ac	2013-01-31 16:26:16.877699269 +0100
-@@ -888,6 +888,8 @@ BASH_FUNC_DUP2_CLOEXEC_CHECK
- BASH_SYS_PGRP_SYNC
- BASH_SYS_SIGNAL_VINTAGE
- 
-+AC_CHECK_DECLS([AUDIT_USER_TTY],,, [[#include <linux/audit.h>]])
-+
- dnl checking for the presence of certain library symbols
- BASH_SYS_ERRLIST
- BASH_SYS_SIGLIST
-diff -up bash-4.2/lib/readline/readline.c.audit bash-4.2/lib/readline/readline.c
--- bash-4.2/lib/readline/readline.c.audit	2013-01-31 16:26:16.871699185 +0100
-+++ bash-4.2/lib/readline/readline.c	2013-01-31 17:24:23.902744860 +0100
-@@ -55,6 +55,12 @@
- extern int errno;
- #endif /* !errno */
- 
-+#if defined (HAVE_DECL_AUDIT_USER_TTY)
-+#  include <sys/socket.h>
-+#  include <linux/audit.h>
-+#  include <linux/netlink.h>
-+#endif
-+
- /* System-specific feature definitions and include files. */
- #include "rldefs.h"
- #include "rlmbutil.h"
-@@ -301,7 +307,48 @@ rl_set_prompt (prompt)
-   rl_visible_prompt_length = rl_expand_prompt (rl_prompt);
-   return 0;
- }
-  
-+
-+#if defined (HAVE_DECL_AUDIT_USER_TTY)
-+/* Report STRING to the audit system. */
-+static void
-+audit_tty (char *string)
-+{
-+  struct sockaddr_nl addr;
-+  struct msghdr msg;
-+  struct nlmsghdr nlm;
-+  struct iovec iov[2];
-+  size_t size;
-+  int fd;
-+
-+  size = strlen (string) + 1;
-+  fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
-+  if (fd < 0)
-+    return;
-+  nlm.nlmsg_len = NLMSG_LENGTH (size);
-+  nlm.nlmsg_type = AUDIT_USER_TTY;
-+  nlm.nlmsg_flags = NLM_F_REQUEST;
-+  nlm.nlmsg_seq = 0;
-+  nlm.nlmsg_pid = 0;
-+  iov[0].iov_base = &nlm;
-+  iov[0].iov_len = sizeof (nlm);
-+  iov[1].iov_base = string;
-+  iov[1].iov_len = size;
-+  addr.nl_family = AF_NETLINK;
-+  addr.nl_pad = 0;
-+  addr.nl_pid = 0;
-+  addr.nl_groups = 0;
-+  msg.msg_name = &addr;
-+  msg.msg_namelen = sizeof (addr);
-+  msg.msg_iov = iov;
-+  msg.msg_iovlen = 2;
-+  msg.msg_control = NULL;
-+  msg.msg_controllen = 0;
-+  msg.msg_flags = 0;
-+  (void)sendmsg (fd, &msg, 0);
-+  close (fd);
-+}
-+#endif
-+
- /* Read a line of input.  Prompt with PROMPT.  An empty PROMPT means
-    none.  A return value of NULL means that EOF was encountered. */
- char *
--- a/SOURCES/bash-4.3-audit.patch
+++ b/SOURCES/bash-4.3-audit.patch
@ -0,0 +1,12 @@
+diff --git a/lib/readline/rlconf.h b/lib/readline/rlconf.h
+--- a/lib/readline/rlconf.h
+++ b/lib/readline/rlconf.h
+@@ -64,7 +64,7 @@
+ 
+ /* Define this if you want to enable code that talks to the Linux kernel
+    tty auditing system. */
+-/* #define ENABLE_TTY_AUDIT_SUPPORT */
+#define ENABLE_TTY_AUDIT_SUPPORT
+ 
+ /* Defaults for the various editing mode indicators, inserted at the beginning
+    of the last (maybe only) line of the prompt if show-mode-in-prompt is on */
--- a/SOURCES/bash-5.2-add-newline.patch
+++ b/SOURCES/bash-5.2-add-newline.patch
@ -0,0 +1,12 @@
+diff --git a/lib/readline/rltty.c b/lib/readline/rltty.c
+--- a/lib/readline/rltty.c
+++ b/lib/readline/rltty.c
+@@ -694,6 +694,8 @@ rl_deprep_terminal (void)
+       fprintf (rl_outstream, BRACK_PASTE_FINI);
+       if (_rl_eof_found)
+  	fprintf (rl_outstream, "\n");
+      else if (_rl_echoing_p == 0)
+ 	fprintf (rl_outstream, "\n");
+     }
+ 
+   if (_rl_enable_keypad)
--- a/SOURCES/bash-5.2-pipeline-exec.patch
+++ b/SOURCES/bash-5.2-pipeline-exec.patch
@ -0,0 +1,15 @@
+diff --git a/execute_cmd.c b/execute_cmd.c
+--- a/execute_cmd.c
+++ b/execute_cmd.c
+@@ -5496,11 +5496,7 @@ execute_disk_command (words, redirects, command_line, pipe_in, pipe_out,
+     {
+       /* If we're optimizing out the fork (implicit `exec'), decrement the
+ 	 shell level like `exec' would do. */
+-#if 0 /* TAG: bash-5.2 psmith 10/11/2020 */
+       if (nofork && pipe_in == NO_PIPE && pipe_out == NO_PIPE && (subshell_environment & SUBSHELL_PIPE) == 0)
+-#else
+-      if (nofork && pipe_in == NO_PIPE && pipe_out == NO_PIPE)
+-#endif
+ 	adjust_shell_level (-1);
+ 
+       maybe_make_export_env ();
--- a/SPECS/bash.spec
+++ b/SPECS/bash.spec
@ -6,7 +6,7 @@
 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 6%{?dist}
+Release: 9%{?dist}
 License: GPLv3+
 Url: https://www.gnu.org/software/bash
 Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@ -33,8 +33,6 @@ Patch103: bash-2.05a-interpreter.patch
 Patch104: bash-2.05b-debuginfo.patch
 # Pid passed to setpgrp() can not be pid of a zombie process.
 Patch105: bash-2.05b-pgrp_sync.patch
-# Enable audit logs
-Patch106: bash-3.2-audit.patch
 # Source bashrc file when bash is run under ssh.
 Patch107: bash-3.2-ssh_source_bash.patch
 # Use makeinfo to generate .texi file
@ -93,6 +91,15 @@ Patch129: bash-5.1-mbrtowc.patch
 # 2141576 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform
 Patch130: bash-5.2-check-xform.patch

+# Enable audit logs
+Patch131: bash-4.3-audit.patch
+
+# Fix an issue with adding newline in bracketed paste mode
+Patch132: bash-5.2-add-newline.patch
+
+# RHEL-20020 - Fix a performance regression while using large number of environment variables
+Patch133: bash-5.2-pipeline-exec.patch
+
 BuildRequires:  gcc
 BuildRequires: texinfo bison
 BuildRequires: ncurses-devel
@ -100,6 +107,7 @@ BuildRequires: autoconf, gettext
 # Required for bash tests
 BuildRequires: glibc-all-langpacks
 BuildRequires: make
+BuildRequires: audit-libs-devel
 Requires: filesystem >= 3
 Provides: /bin/sh
 Provides: /bin/bash
@ -324,6 +332,18 @@ end
 %{_libdir}/pkgconfig/%{name}.pc

 %changelog
+* Tue Feb 13 2024 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-9
+- Fix a performance regression while using large number of environment variables
+  Resolves: RHEL-20020
+
+* Mon Feb 12 2024 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-8
+- Fix an issue with adding newline in bracketed paste mode
+  Resolves: #2168963
+
+* Wed Jan 24 2024 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-7
+- Restore audit logs in bash-4.3 or newer versions
+  Resolves: RHEL-22619
+
 * Tue Nov 22 2022 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-6
 - Add a null check in parameter_brace_transform() function
  Resolves: CVE-2022-3715