From 4533026da95ca85fab57eafbc91c28a3a2dabd79 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 30 Apr 2024 11:33:19 +0000 Subject: [PATCH] import CS bash-5.1.8-9.el9_3 --- SOURCES/bash-3.2-audit.patch | 96 ---------------------------- SOURCES/bash-4.3-audit.patch | 12 ++++ SOURCES/bash-5.2-add-newline.patch | 12 ++++ SOURCES/bash-5.2-pipeline-exec.patch | 15 +++++ SPECS/bash.spec | 26 +++++++- 5 files changed, 62 insertions(+), 99 deletions(-) delete mode 100644 SOURCES/bash-3.2-audit.patch create mode 100644 SOURCES/bash-4.3-audit.patch create mode 100644 SOURCES/bash-5.2-add-newline.patch create mode 100644 SOURCES/bash-5.2-pipeline-exec.patch diff --git a/SOURCES/bash-3.2-audit.patch b/SOURCES/bash-3.2-audit.patch deleted file mode 100644 index 48a1751..0000000 --- a/SOURCES/bash-3.2-audit.patch +++ /dev/null @@ -1,96 +0,0 @@ -diff -up bash-4.2/config.h.in.audit bash-4.2/config.h.in ---- bash-4.2/config.h.in.audit 2013-01-31 16:26:16.857698992 +0100 -+++ bash-4.2/config.h.in 2013-01-31 16:26:16.876699255 +0100 -@@ -1131,6 +1131,14 @@ - - /* End additions for lib/intl */ - -+ -+/* Additions for lib/readline */ -+ -+/* Define if you have and it defines AUDIT_USER_TTY */ -+#undef HAVE_DECL_AUDIT_USER_TTY -+ -+/* End additions for lib/readline */ -+ - #include "config-bot.h" - - #endif /* _CONFIG_H_ */ -diff -up bash-4.2/configure.in.audit bash-4.2/configure.in ---- bash-4.2/configure.in.audit 2013-01-31 16:26:16.858699005 +0100 -+++ bash-4.2/configure.ac 2013-01-31 16:26:16.877699269 +0100 -@@ -888,6 +888,8 @@ BASH_FUNC_DUP2_CLOEXEC_CHECK - BASH_SYS_PGRP_SYNC - BASH_SYS_SIGNAL_VINTAGE - -+AC_CHECK_DECLS([AUDIT_USER_TTY],,, [[#include ]]) -+ - dnl checking for the presence of certain library symbols - BASH_SYS_ERRLIST - BASH_SYS_SIGLIST -diff -up bash-4.2/lib/readline/readline.c.audit bash-4.2/lib/readline/readline.c ---- bash-4.2/lib/readline/readline.c.audit 2013-01-31 16:26:16.871699185 +0100 -+++ bash-4.2/lib/readline/readline.c 2013-01-31 17:24:23.902744860 +0100 -@@ -55,6 +55,12 @@ - extern int errno; - #endif /* !errno */ - -+#if defined (HAVE_DECL_AUDIT_USER_TTY) -+# include -+# include -+# include -+#endif -+ - /* System-specific feature definitions and include files. */ - #include "rldefs.h" - #include "rlmbutil.h" -@@ -301,7 +307,48 @@ rl_set_prompt (prompt) - rl_visible_prompt_length = rl_expand_prompt (rl_prompt); - return 0; - } -- -+ -+#if defined (HAVE_DECL_AUDIT_USER_TTY) -+/* Report STRING to the audit system. */ -+static void -+audit_tty (char *string) -+{ -+ struct sockaddr_nl addr; -+ struct msghdr msg; -+ struct nlmsghdr nlm; -+ struct iovec iov[2]; -+ size_t size; -+ int fd; -+ -+ size = strlen (string) + 1; -+ fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT); -+ if (fd < 0) -+ return; -+ nlm.nlmsg_len = NLMSG_LENGTH (size); -+ nlm.nlmsg_type = AUDIT_USER_TTY; -+ nlm.nlmsg_flags = NLM_F_REQUEST; -+ nlm.nlmsg_seq = 0; -+ nlm.nlmsg_pid = 0; -+ iov[0].iov_base = &nlm; -+ iov[0].iov_len = sizeof (nlm); -+ iov[1].iov_base = string; -+ iov[1].iov_len = size; -+ addr.nl_family = AF_NETLINK; -+ addr.nl_pad = 0; -+ addr.nl_pid = 0; -+ addr.nl_groups = 0; -+ msg.msg_name = &addr; -+ msg.msg_namelen = sizeof (addr); -+ msg.msg_iov = iov; -+ msg.msg_iovlen = 2; -+ msg.msg_control = NULL; -+ msg.msg_controllen = 0; -+ msg.msg_flags = 0; -+ (void)sendmsg (fd, &msg, 0); -+ close (fd); -+} -+#endif -+ - /* Read a line of input. Prompt with PROMPT. An empty PROMPT means - none. A return value of NULL means that EOF was encountered. */ - char * diff --git a/SOURCES/bash-4.3-audit.patch b/SOURCES/bash-4.3-audit.patch new file mode 100644 index 0000000..9270403 --- /dev/null +++ b/SOURCES/bash-4.3-audit.patch @@ -0,0 +1,12 @@ +diff --git a/lib/readline/rlconf.h b/lib/readline/rlconf.h +--- a/lib/readline/rlconf.h ++++ b/lib/readline/rlconf.h +@@ -64,7 +64,7 @@ + + /* Define this if you want to enable code that talks to the Linux kernel + tty auditing system. */ +-/* #define ENABLE_TTY_AUDIT_SUPPORT */ ++#define ENABLE_TTY_AUDIT_SUPPORT + + /* Defaults for the various editing mode indicators, inserted at the beginning + of the last (maybe only) line of the prompt if show-mode-in-prompt is on */ diff --git a/SOURCES/bash-5.2-add-newline.patch b/SOURCES/bash-5.2-add-newline.patch new file mode 100644 index 0000000..073374f --- /dev/null +++ b/SOURCES/bash-5.2-add-newline.patch @@ -0,0 +1,12 @@ +diff --git a/lib/readline/rltty.c b/lib/readline/rltty.c +--- a/lib/readline/rltty.c ++++ b/lib/readline/rltty.c +@@ -694,6 +694,8 @@ rl_deprep_terminal (void) + fprintf (rl_outstream, BRACK_PASTE_FINI); + if (_rl_eof_found) + fprintf (rl_outstream, "\n"); ++ else if (_rl_echoing_p == 0) ++ fprintf (rl_outstream, "\n"); + } + + if (_rl_enable_keypad) diff --git a/SOURCES/bash-5.2-pipeline-exec.patch b/SOURCES/bash-5.2-pipeline-exec.patch new file mode 100644 index 0000000..ba14696 --- /dev/null +++ b/SOURCES/bash-5.2-pipeline-exec.patch @@ -0,0 +1,15 @@ +diff --git a/execute_cmd.c b/execute_cmd.c +--- a/execute_cmd.c ++++ b/execute_cmd.c +@@ -5496,11 +5496,7 @@ execute_disk_command (words, redirects, command_line, pipe_in, pipe_out, + { + /* If we're optimizing out the fork (implicit `exec'), decrement the + shell level like `exec' would do. */ +-#if 0 /* TAG: bash-5.2 psmith 10/11/2020 */ + if (nofork && pipe_in == NO_PIPE && pipe_out == NO_PIPE && (subshell_environment & SUBSHELL_PIPE) == 0) +-#else +- if (nofork && pipe_in == NO_PIPE && pipe_out == NO_PIPE) +-#endif + adjust_shell_level (-1); + + maybe_make_export_env (); diff --git a/SPECS/bash.spec b/SPECS/bash.spec index 479a928..b3ab1c3 100644 --- a/SPECS/bash.spec +++ b/SPECS/bash.spec @@ -6,7 +6,7 @@ Version: %{baseversion}%{patchleveltag} Name: bash Summary: The GNU Bourne Again shell -Release: 6%{?dist} +Release: 9%{?dist} License: GPLv3+ Url: https://www.gnu.org/software/bash Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz @@ -33,8 +33,6 @@ Patch103: bash-2.05a-interpreter.patch Patch104: bash-2.05b-debuginfo.patch # Pid passed to setpgrp() can not be pid of a zombie process. Patch105: bash-2.05b-pgrp_sync.patch -# Enable audit logs -Patch106: bash-3.2-audit.patch # Source bashrc file when bash is run under ssh. Patch107: bash-3.2-ssh_source_bash.patch # Use makeinfo to generate .texi file @@ -93,6 +91,15 @@ Patch129: bash-5.1-mbrtowc.patch # 2141576 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform Patch130: bash-5.2-check-xform.patch +# Enable audit logs +Patch131: bash-4.3-audit.patch + +# Fix an issue with adding newline in bracketed paste mode +Patch132: bash-5.2-add-newline.patch + +# RHEL-20020 - Fix a performance regression while using large number of environment variables +Patch133: bash-5.2-pipeline-exec.patch + BuildRequires: gcc BuildRequires: texinfo bison BuildRequires: ncurses-devel @@ -100,6 +107,7 @@ BuildRequires: autoconf, gettext # Required for bash tests BuildRequires: glibc-all-langpacks BuildRequires: make +BuildRequires: audit-libs-devel Requires: filesystem >= 3 Provides: /bin/sh Provides: /bin/bash @@ -324,6 +332,18 @@ end %{_libdir}/pkgconfig/%{name}.pc %changelog +* Tue Feb 13 2024 Siteshwar Vashisht - 5.1.8-9 +- Fix a performance regression while using large number of environment variables + Resolves: RHEL-20020 + +* Mon Feb 12 2024 Siteshwar Vashisht - 5.1.8-8 +- Fix an issue with adding newline in bracketed paste mode + Resolves: #2168963 + +* Wed Jan 24 2024 Siteshwar Vashisht - 5.1.8-7 +- Restore audit logs in bash-4.3 or newer versions + Resolves: RHEL-22619 + * Tue Nov 22 2022 Siteshwar Vashisht - 5.1.8-6 - Add a null check in parameter_brace_transform() function Resolves: CVE-2022-3715