import bash-4.4.19-14.el8

This commit is contained in:
CentOS Sources 2021-05-18 02:38:36 -04:00 committed by Andrew Lukoshko
parent c818218c2a
commit 457649ce62
3 changed files with 150 additions and 1 deletions

View File

@ -0,0 +1,95 @@
diff --git a/include/typemax.h b/include/typemax.h
--- a/include/typemax.h
+++ b/include/typemax.h
@@ -35,14 +35,23 @@
# define TYPE_SIGNED(t) (! ((t) 0 < (t) -1))
#endif
+#ifndef TYPE_SIGNED_MAGNITUDE
+# define TYPE_SIGNED_MAGNITUDE(t) ((t) ~ (t) 0 < (t) -1)
+#endif
+
+#ifndef TYPE_WIDTH
+# define TYPE_WIDTH(t) (sizeof (t) * CHAR_BIT)
+#endif
+
#ifndef TYPE_MINIMUM
-# define TYPE_MINIMUM(t) ((t) (TYPE_SIGNED (t) \
- ? ~ (t) 0 << (sizeof (t) * CHAR_BIT - 1) \
- : (t) 0))
+# define TYPE_MINIMUM(t) ((t) ~ TYPE_MAXIMUM (t))
#endif
#ifndef TYPE_MAXIMUM
-# define TYPE_MAXIMUM(t) ((t) (~ (t) 0 - TYPE_MINIMUM (t)))
+# define TYPE_MAXIMUM(t) \
+ ((t) (! TYPE_SIGNED (t) \
+ ? (t) -1 \
+ : ((((t) 1 << (TYPE_WIDTH (t) - 2)) - 1) * 2 + 1)))
#endif
#ifdef HAVE_LONG_LONG
diff --git a/jobs.c b/jobs.c
--- a/jobs.c
+++ b/jobs.c
@@ -72,6 +72,8 @@
#include "execute_cmd.h"
#include "flags.h"
+#include "typemax.h"
+
#include "builtins/builtext.h"
#include "builtins/common.h"
@@ -92,7 +94,7 @@ extern int killpg __P((pid_t, int));
#endif
#if !MAX_CHILD_MAX
-# define MAX_CHILD_MAX 8192
+# define MAX_CHILD_MAX 32768
#endif
#if !defined (DEBUG)
@@ -751,7 +753,7 @@ stop_pipeline (async, deferred)
static void
bgp_resize ()
{
- ps_index_t nsize;
+ ps_index_t nsize, nsize_cur, nsize_max;
ps_index_t psi;
if (bgpids.nalloc == 0)
@@ -765,11 +767,20 @@ bgp_resize ()
else
nsize = bgpids.nalloc;
- while (nsize < js.c_childmax)
- nsize *= 2;
+ nsize_max = TYPE_MAXIMUM (ps_index_t);
+ nsize_cur = (ps_index_t)js.c_childmax;
+ if (nsize_cur < 0) /* overflow */
+ nsize_cur = MAX_CHILD_MAX;
- if (bgpids.nalloc < js.c_childmax)
- {
+ while (nsize > 0 && nsize < nsize_cur) /* > 0 should catch overflow */
+ nsize <<= 1;
+ if (nsize > nsize_max || nsize <= 0) /* overflow? */
+ nsize = nsize_max;
+ if (nsize > MAX_CHILD_MAX)
+ nsize = nsize_max = MAX_CHILD_MAX; /* hard cap */
+
+ if (bgpids.nalloc < nsize_cur && bgpids.nalloc < nsize_max)
+ {
bgpids.storage = (struct pidstat *)xrealloc (bgpids.storage, nsize * sizeof (struct pidstat));
for (psi = bgpids.nalloc; psi < nsize; psi++)
@@ -787,7 +798,7 @@ bgp_getindex ()
{
ps_index_t psi;
- if (bgpids.nalloc < js.c_childmax || bgpids.head >= bgpids.nalloc)
+ if (bgpids.nalloc < (ps_index_t)js.c_childmax || bgpids.head >= bgpids.nalloc)
bgp_resize ();
pshash_delindex (bgpids.head); /* XXX - clear before reusing */

View File

@ -0,0 +1,41 @@
diff --git a/configure.ac b/configure.ac
index e5162c4..b82a33b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -799,10 +799,13 @@ AC_CHECK_DECLS([confstr])
AC_CHECK_DECLS([printf])
AC_CHECK_DECLS([sbrk])
AC_CHECK_DECLS([setregid])
-AC_CHECK_DECLS[(setresuid, setresgid])
+dnl AC_CHECK_DECLS[(setresuid])
+dnl AC_CHECK_DECLS[(setresgid])
AC_CHECK_DECLS([strcpy])
AC_CHECK_DECLS([strsignal])
+AC_CHECK_FUNCS(setresuid setresgid)
+
dnl Extra test to detect the horribly broken HP/UX 11.00 strtold(3)
AC_CHECK_DECLS([strtold], [
AC_MSG_CHECKING([for broken strtold])
diff --git a/shell.c b/shell.c
index 484d8a9..5c24922 100644
--- a/shell.c
+++ b/shell.c
@@ -1286,7 +1286,7 @@ disable_priv_mode ()
{
int e;
-#if HAVE_DECL_SETRESUID
+#if HAVE_SETRESUID
if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
#else
if (setuid (current_user.uid) < 0)
@@ -1299,7 +1299,7 @@ disable_priv_mode ()
exit (e);
#endif
}
-#if HAVE_DECL_SETRESGID
+#if HAVE_SETRESGID
if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
#else
if (setgid (current_user.gid) < 0)

View File

@ -7,7 +7,7 @@
Version: %{baseversion}%{patchleveltag}
Name: bash
Summary: The GNU Bourne Again shell
Release: 12%{?dist}
Release: 14%{?dist}
License: GPLv3+
Url: https://www.gnu.org/software/bash
Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@ -106,6 +106,11 @@ Patch134: bash-5.0-shellpid-subshell.patch
# 1793943 - CVE-2019-18276: when effective UID is not equal to its real UID the saved UID is
# not dropped
Patch135: bash-5.0-cve-2019-18276.patch
Patch136: bash-5.0-cve-2019-18276-2.patch
# 1890888 - Took long time to return when bash -c 'exit 2 & wait $!' run in the big size LimitNPROC
# values
Patch137: bash-5.0-bgp-resize.patch
BuildRequires: texinfo bison
BuildRequires: ncurses-devel
@ -330,6 +335,14 @@ end
%{_libdir}/pkgconfig/%{name}.pc
%changelog
* Wed Nov 04 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-14
- Fix hang when limit for nproc is very high
Resolves: #1890888
* Fri Oct 09 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-13
- Correctly drop saved UID when effective UID is not equal to its real UID
Resolves: #1793943
* Mon Jun 22 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-12
- Avoid duplicating user path entries
Resolves: #1667008