import bash-4.4.20-1.el8_4

2021-05-18 13:11:13 -04:00 · 2021-05-18 13:11:13 -04:00 · 9eaf795c44
commit 9eaf795c44
parent febb0790b3
2 changed files with 50 additions and 4 deletions
--- a/SOURCES/bash-5.0-cve-2019-18276-2.patch
+++ b/SOURCES/bash-5.0-cve-2019-18276-2.patch
@ -0,0 +1,41 @@
+diff --git a/configure.ac b/configure.ac
+index e5162c4..b82a33b 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -799,10 +799,13 @@ AC_CHECK_DECLS([confstr])
+ AC_CHECK_DECLS([printf])
+ AC_CHECK_DECLS([sbrk])
+ AC_CHECK_DECLS([setregid])
+-AC_CHECK_DECLS[(setresuid, setresgid])
+dnl AC_CHECK_DECLS[(setresuid])
+dnl AC_CHECK_DECLS[(setresgid])
+ AC_CHECK_DECLS([strcpy])
+ AC_CHECK_DECLS([strsignal])
+ 
+AC_CHECK_FUNCS(setresuid setresgid)
+
+ dnl Extra test to detect the horribly broken HP/UX 11.00 strtold(3)
+ AC_CHECK_DECLS([strtold], [
+     AC_MSG_CHECKING([for broken strtold])
+diff --git a/shell.c b/shell.c
+index 484d8a9..5c24922 100644
+--- a/shell.c
+++ b/shell.c
+@@ -1286,7 +1286,7 @@ disable_priv_mode ()
+ {
+   int e;
+ 
+-#if HAVE_DECL_SETRESUID
+#if HAVE_SETRESUID
+   if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
+ #else
+   if (setuid (current_user.uid) < 0)
+@@ -1299,7 +1299,7 @@ disable_priv_mode ()
+ 	exit (e);
+ #endif
+     }
+-#if HAVE_DECL_SETRESGID
+#if HAVE_SETRESGID
+   if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
+ #else
+   if (setgid (current_user.gid) < 0)
--- a/SPECS/bash.spec
+++ b/SPECS/bash.spec
@ -1,13 +1,13 @@
 #% define beta_tag rc2
 %global _hardened_build 1
-%define patchleveltag .19
+%define patchleveltag .20
 %define baseversion 4.4
 %bcond_without tests

 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 14%{?dist}
+Release: 1%{?dist}
 License: GPLv3+
 Url: https://www.gnu.org/software/bash
 Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@ -106,6 +106,7 @@ Patch134: bash-5.0-shellpid-subshell.patch
 # 1793943 - CVE-2019-18276: when effective UID is not equal to its real UID the saved UID is
 # not dropped
 Patch135: bash-5.0-cve-2019-18276.patch
+Patch136: bash-5.0-cve-2019-18276-2.patch

 # 1890888 - Took long time to return when bash -c 'exit 2 & wait $!' run in the big size LimitNPROC
 # values
@ -334,14 +335,18 @@ end
 %{_libdir}/pkgconfig/%{name}.pc

 %changelog
-* Fri Mar 26 2021 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-14
+* Fri Mar 26 2021 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.20-1
 - Fix infinite loop in long running scripts
  Resolves: #1943495

-* Wed Nov 04 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-13
+* Wed Nov 04 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-14
 - Fix hang when limit for nproc is very high
  Resolves: #1890888

+* Fri Oct 09 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-13
+- Correctly drop saved UID when effective UID is not equal to its real UID
+  Resolves: #1793943
+
 * Mon Jun 22 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-12
 - Avoid duplicating user path entries
  Resolves: #1667008