rpms/bash
7
0
Fork 0
Code Issues Pull Requests Releases Activity

RedHat's patchlevel 28

Browse Source
This commit is contained in:
Ondrej Oprala 2014-10-06 06:55:53 +02:00
parent b90fea298d
commit a3009e6751
3 changed files with 80 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bash-4.2-cve-2014-7169-0.patch
View File

@ -1,12 +0,0 @@
*** ../bash-20140912/parse.y 2014-08-26 15:09:42.000000000 -0400
--- parse.y 2014-09-24 22:47:28.000000000 -0400
***************
*** 2959,2962 ****
--- 2959,2964 ----
word_desc_to_read = (WORD_DESC *)NULL;
+ eol_ungetc_lookahead = 0;
+
current_token = '\n'; /* XXX */
last_read_token = '\n';

31
bash.spec
View File

@ -1,5 +1,5 @@
#% define beta_tag rc2 #% define beta_tag rc2
%define patchleveltag .25 %define patchleveltag .28
%define baseversion 4.3 %define baseversion 4.3
%bcond_without tests %bcond_without tests
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -7,7 +7,7 @@
Version: %{baseversion}%{patchleveltag} Version: %{baseversion}%{patchleveltag}
Name: bash Name: bash
Summary: The GNU Bourne Again shell Summary: The GNU Bourne Again shell
Release: 2%{?dist} Release: 1%{?dist}
Group: System Environment/Shells Group: System Environment/Shells
License: GPLv3+ License: GPLv3+
Url: http://www.gnu.org/software/bash Url: http://www.gnu.org/software/bash
@ -46,6 +46,18 @@ Patch022: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-022
Patch023: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-023 Patch023: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-023
Patch024: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-024 Patch024: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-024
Patch025: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 Patch025: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025
Patch026: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026
# 1146326 - cve-2014-7169
# we want to keep these patches from Florian Weimer
# instead of the official ones, to match the ()/%%
# detail we already have applied across RHELs and not to
# create incompatibilities in the future
#patchlevel 27
Patch027: bash-4.2-cve-2014-7169-1.patch
#patchlevel 28
Patch028: bash-4.2-cve-2014-7169-2.patch
# Other patches # Other patches
Patch101: bash-2.02-security.patch Patch101: bash-2.02-security.patch
@ -103,12 +115,6 @@ Patch134: bash-4.3-pathexp-globignore-delim.patch
# 1102815 - fix double echoes in vi visual mode # 1102815 - fix double echoes in vi visual mode
Patch135: bash-4.3-noecho.patch Patch135: bash-4.3-noecho.patch
# 1146319 - cve-2014-7169
Patch136: bash-4.2-cve-2014-7169-0.patch
Patch137: bash-4.2-cve-2014-7169-1.patch
Patch138: bash-4.2-cve-2014-7169-2.patch
BuildRequires: texinfo bison BuildRequires: texinfo bison
BuildRequires: ncurses-devel BuildRequires: ncurses-devel
BuildRequires: autoconf, gettext BuildRequires: autoconf, gettext
@ -160,6 +166,9 @@ This package contains documentation files for %{name}.
%patch023 -p0 -b .023 %patch023 -p0 -b .023
%patch024 -p0 -b .024 %patch024 -p0 -b .024
%patch025 -p0 -b .025 %patch025 -p0 -b .025
%patch026 -p0 -b .026
%patch027 -p0 -b .7169-1
%patch028 -p0 -b .7169-2
# Other patches # Other patches
%patch101 -p1 -b .security %patch101 -p1 -b .security
@ -190,9 +199,6 @@ This package contains documentation files for %{name}.
%patch131 -p0 -b .keyword %patch131 -p0 -b .keyword
%patch134 -p0 -b .delim %patch134 -p0 -b .delim
%patch135 -p1 -b .noecho %patch135 -p1 -b .noecho
%patch136 -p0 -b .7169-0
%patch137 -p0 -b .7169-1
%patch138 -p0 -b .7169-2
echo %{version} > _distribution echo %{version} > _distribution
echo %{release} > _patchlevel echo %{release} > _patchlevel
@ -388,6 +394,9 @@ end
%doc doc/*.ps doc/*.0 doc/*.html doc/article.txt %doc doc/*.ps doc/*.0 doc/*.html doc/article.txt
%changelog %changelog
* Mon Oct 06 2014 Ondrej Oprala <ooprala@redhat.com> - 4.3.28-1
- RedHat's patchlevel 28
* Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> - 4.3.25-2 * Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> - 4.3.25-2
- CVE-2014-7169 - CVE-2014-7169
Resolves: #1146319 Resolves: #1146319

60
bash43-026 Normal file
View File

@ -0,0 +1,60 @@
BASH PATCH REPORT
=================
Bash-Release: 4.3
Patch-ID: bash43-026
Bug-Reported-by: Tavis Ormandy <taviso@cmpxchg8b.com>
Bug-Reference-ID:
Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929
Bug-Description:
Under certain circumstances, bash can incorrectly save a lookahead character and
return it on a subsequent call, even when reading a new line.
Patch (apply with `patch -p0'):
*** ../bash-4.3.25/parse.y 2014-07-30 10:14:31.000000000 -0400
--- parse.y 2014-09-25 20:20:21.000000000 -0400
***************
*** 2954,2957 ****
--- 2954,2959 ----
word_desc_to_read = (WORD_DESC *)NULL;
+ eol_ungetc_lookahead = 0;
+
current_token = '\n'; /* XXX */
last_read_token = '\n';
*** ../bash-4.3.25/y.tab.c 2014-07-30 10:14:32.000000000 -0400
--- y.tab.c 2014-09-25 20:21:48.000000000 -0400
***************
*** 5266,5269 ****
--- 5266,5271 ----
word_desc_to_read = (WORD_DESC *)NULL;
+ eol_ungetc_lookahead = 0;
+
current_token = '\n'; /* XXX */
last_read_token = '\n';
***************
*** 8540,8542 ****
}
#endif /* HANDLE_MULTIBYTE */
-
--- 8542,8543 ----
*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 25
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 26
#endif /* _PATCHLEVEL_H_ */