import bash-4.4.19-12.el8
This commit is contained in:
parent
647f33afbc
commit
b29a3bd7f6
61
SOURCES/bash-5.0-cve-2019-18276.patch
Normal file
61
SOURCES/bash-5.0-cve-2019-18276.patch
Normal file
@ -0,0 +1,61 @@
|
||||
diff --git a/config.h.in b/config.h.in
|
||||
index 1a89e85..2df4786 100644
|
||||
--- a/config.h.in
|
||||
+++ b/config.h.in
|
||||
@@ -801,6 +801,14 @@
|
||||
#undef HAVE_SETREGID
|
||||
#undef HAVE_DECL_SETREGID
|
||||
|
||||
+/* Define if you have the setregid function. */
|
||||
+#undef HAVE_SETRESGID
|
||||
+#undef HAVE_DECL_SETRESGID
|
||||
+
|
||||
+/* Define if you have the setresuid function. */
|
||||
+#undef HAVE_SETRESUID
|
||||
+#undef HAVE_DECL_SETRESUID
|
||||
+
|
||||
/* Define if you have the setvbuf function. */
|
||||
#undef HAVE_SETVBUF
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index a3f6d8f..e5162c4 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -799,6 +799,7 @@ AC_CHECK_DECLS([confstr])
|
||||
AC_CHECK_DECLS([printf])
|
||||
AC_CHECK_DECLS([sbrk])
|
||||
AC_CHECK_DECLS([setregid])
|
||||
+AC_CHECK_DECLS[(setresuid, setresgid])
|
||||
AC_CHECK_DECLS([strcpy])
|
||||
AC_CHECK_DECLS([strsignal])
|
||||
|
||||
diff --git a/shell.c b/shell.c
|
||||
index 4aae182..484d8a9 100644
|
||||
--- a/shell.c
|
||||
+++ b/shell.c
|
||||
@@ -1286,7 +1286,11 @@ disable_priv_mode ()
|
||||
{
|
||||
int e;
|
||||
|
||||
+#if HAVE_DECL_SETRESUID
|
||||
+ if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
|
||||
+#else
|
||||
if (setuid (current_user.uid) < 0)
|
||||
+#endif
|
||||
{
|
||||
e = errno;
|
||||
sys_error (_("cannot set uid to %d: effective uid %d"), current_user.uid, current_user.euid);
|
||||
@@ -1295,7 +1299,11 @@ disable_priv_mode ()
|
||||
exit (e);
|
||||
#endif
|
||||
}
|
||||
+#if HAVE_DECL_SETRESGID
|
||||
+ if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
|
||||
+#else
|
||||
if (setgid (current_user.gid) < 0)
|
||||
+#endif
|
||||
sys_error (_("cannot set gid to %d: effective gid %d"), current_user.gid, current_user.egid);
|
||||
|
||||
current_user.euid = current_user.uid;
|
||||
--
|
||||
2.25.4
|
@ -6,7 +6,10 @@ if [ -f /etc/bashrc ]; then
|
||||
fi
|
||||
|
||||
# User specific environment
|
||||
PATH="$HOME/.local/bin:$HOME/bin:$PATH"
|
||||
if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
|
||||
then
|
||||
PATH="$HOME/.local/bin:$HOME/bin:$PATH"
|
||||
fi
|
||||
export PATH
|
||||
|
||||
# Uncomment the following line if you don't like systemctl's auto-paging feature:
|
||||
|
@ -7,7 +7,7 @@
|
||||
Version: %{baseversion}%{patchleveltag}
|
||||
Name: bash
|
||||
Summary: The GNU Bourne Again shell
|
||||
Release: 10%{?dist}
|
||||
Release: 12%{?dist}
|
||||
License: GPLv3+
|
||||
Url: https://www.gnu.org/software/bash
|
||||
Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
|
||||
@ -103,6 +103,10 @@ Patch133: bash-5.0-syslog-history.patch
|
||||
# https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00065.html
|
||||
Patch134: bash-5.0-shellpid-subshell.patch
|
||||
|
||||
# 1793943 - CVE-2019-18276: when effective UID is not equal to its real UID the saved UID is
|
||||
# not dropped
|
||||
Patch135: bash-5.0-cve-2019-18276.patch
|
||||
|
||||
BuildRequires: texinfo bison
|
||||
BuildRequires: ncurses-devel
|
||||
BuildRequires: autoconf, gettext
|
||||
@ -326,6 +330,14 @@ end
|
||||
%{_libdir}/pkgconfig/%{name}.pc
|
||||
|
||||
%changelog
|
||||
* Mon Jun 22 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-12
|
||||
- Avoid duplicating user path entries
|
||||
Resolves: #1667008
|
||||
|
||||
* Mon Jun 22 2020 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-11
|
||||
- Drop saved UID when effective UID is not equal to its real UID
|
||||
Resolves: #1793943
|
||||
|
||||
* Thu Aug 22 2019 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.19-10
|
||||
- Fix runtime option to enable history logging to syslog
|
||||
Related: #1687835
|
||||
|
Loading…
Reference in New Issue
Block a user