Patchlevel 30

2014-10-06 07:06:32 +02:00 · 2014-10-06 07:06:32 +02:00 · 915e5b4463
commit 915e5b4463
parent a3009e6751
3 changed files with 200 additions and 1 deletions
--- a/bash.spec
+++ b/bash.spec
@ -1,5 +1,5 @@
 #% define beta_tag rc2
-%define patchleveltag .28
+%define patchleveltag .30
 %define baseversion 4.3
 %bcond_without tests
 %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -58,6 +58,9 @@ Patch027: bash-4.2-cve-2014-7169-1.patch
 #patchlevel 28
 Patch028: bash-4.2-cve-2014-7169-2.patch

+Patch029: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-029
+Patch030: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-030
+

 # Other patches
 Patch101: bash-2.02-security.patch
@ -169,6 +172,8 @@ This package contains documentation files for %{name}.
 %patch026 -p0 -b .026
 %patch027 -p0 -b .7169-1
 %patch028 -p0 -b .7169-2
+%patch029 -p0 -b .029
+%patch030 -p0 -b .030

 # Other patches
 %patch101 -p1 -b .security
@ -394,6 +399,9 @@ end
 %doc doc/*.ps doc/*.0 doc/*.html doc/article.txt

 %changelog
+* Thu Oct 06 2014 Ondrej Oprala <ooprala@redhat.com> - 4.3.30-1
+- Patchlevel 30
+
 * Mon Oct 06 2014  Ondrej Oprala <ooprala@redhat.com> - 4.3.28-1
 - RedHat's patchlevel 28

--- a/59
+++ b/59
@ -0,0 +1,59 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.3
+Patch-ID:	bash43-029
+
+Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+When bash is parsing a function definition that contains a here-document
+delimited by end-of-file (or end-of-string), it leaves the closing delimiter
+uninitialized.  This can result in an invalid memory access when the parsed
+function is later copied.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3.28/make_cmd.c	2011-12-16 08:08:01.000000000 -0500
+--- make_cmd.c	2014-10-02 11:24:23.000000000 -0400
+***************
+*** 693,696 ****
+--- 693,697 ----
+    temp->redirector = source;
+    temp->redirectee = dest_and_filename;
+   temp->here_doc_eof = 0;
+    temp->instruction = instruction;
+    temp->flags = 0;
+*** ../bash-4.3.28/copy_cmd.c	2009-09-11 16:28:02.000000000 -0400
+--- copy_cmd.c	2014-10-02 11:24:23.000000000 -0400
+***************
+*** 127,131 ****
+      case r_reading_until:
+      case r_deblank_reading_until:
+!       new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
+        /*FALLTHROUGH*/
+      case r_reading_string:
+--- 127,131 ----
+      case r_reading_until:
+      case r_deblank_reading_until:
+!       new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
+        /*FALLTHROUGH*/
+      case r_reading_string:
+*** ../bash-4.3/patchlevel.h	2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h	2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 26
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 29
+  
+  #endif /* _PATCHLEVEL_H_ */
--- a/132
+++ b/132
@ -0,0 +1,132 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.3
+Patch-ID:	bash43-030
+
+Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+A combination of nested command substitutions and function importing from
+the environment can cause bash to execute code appearing in the environment
+variable value following the function definition.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3.29/builtins/evalstring.c	2014-10-01 12:57:47.000000000 -0400
+--- builtins/evalstring.c	2014-10-03 11:57:04.000000000 -0400
+***************
+*** 309,318 ****
+  	      struct fd_bitmap *bitmap;
+  
+! 	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+  		{
+! 		  internal_warning ("%s: ignoring function definition attempt", from_file);
+! 		  should_jump_to_top_level = 0;
+! 		  last_result = last_command_exit_value = EX_BADUSAGE;
+! 		  break;
+  		}
+  
+--- 313,335 ----
+  	      struct fd_bitmap *bitmap;
+  
+! 	      if (flags & SEVAL_FUNCDEF)
+  		{
+! 		  char *x;
+! 
+! 		  /* If the command parses to something other than a straight
+! 		     function definition, or if we have not consumed the entire
+! 		     string, or if the parser has transformed the function
+! 		     name (as parsing will if it begins or ends with shell
+! 		     whitespace, for example), reject the attempt */
+! 		  if (command->type != cm_function_def ||
+! 		      ((x = parser_remaining_input ()) && *x) ||
+! 		      (STREQ (from_file, command->value.Function_def->name->word) == 0))
+! 		    {
+! 		      internal_warning (_("%s: ignoring function definition attempt"), from_file);
+! 		      should_jump_to_top_level = 0;
+! 		      last_result = last_command_exit_value = EX_BADUSAGE;
+! 		      reset_parser ();
+! 		      break;
+! 		    }
+  		}
+  
+***************
+*** 379,383 ****
+  
+  	      if (flags & SEVAL_ONECMD)
+! 		break;
+  	    }
+  	}
+--- 396,403 ----
+  
+  	      if (flags & SEVAL_ONECMD)
+! 		{
+! 		  reset_parser ();
+! 		  break;
+! 		}
+  	    }
+  	}
+*** ../bash-4.3.29/parse.y	2014-10-01 12:58:43.000000000 -0400
+--- parse.y	2014-10-03 14:48:59.000000000 -0400
+***************
+*** 2539,2542 ****
+--- 2539,2552 ----
+  }
+  
+ char *
+ parser_remaining_input ()
+ {
+   if (shell_input_line == 0)
+     return 0;
+   if (shell_input_line_index < 0 || shell_input_line_index >= shell_input_line_len)
+     return '\0';	/* XXX */
+   return (shell_input_line + shell_input_line_index);
+ }
+ 
+  #ifdef INCLUDE_UNUSED
+  /* Back the input pointer up by one, effectively `ungetting' a character. */
+***************
+*** 4028,4033 ****
+    /* reset_parser clears shell_input_line and associated variables */
+    restore_input_line_state (&ls);
+!   if (interactive)
+!     token_to_read = 0;
+  
+    /* Need to find how many characters parse_and_execute consumed, update
+--- 4053,4058 ----
+    /* reset_parser clears shell_input_line and associated variables */
+    restore_input_line_state (&ls);
+! 
+!   token_to_read = 0;
+  
+    /* Need to find how many characters parse_and_execute consumed, update
+*** ../bash-4.3.29/shell.h	2014-10-01 12:57:39.000000000 -0400
+--- shell.h	2014-10-03 14:49:12.000000000 -0400
+***************
+*** 181,184 ****
+--- 181,186 ----
+  
+  /* Let's try declaring these here. */
+ extern char *parser_remaining_input __P((void));
+ 
+  extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
+  extern void restore_parser_state __P((sh_parser_state_t *));
+*** ../bash-4.3/patchlevel.h	2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h	2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 29
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 30
+  
+  #endif /* _PATCHLEVEL_H_ */