From c6c0cde02be40558ab9de5a6ed871a1c5bea5b5b Mon Sep 17 00:00:00 2001 From: Ondrej Oprala Date: Mon, 6 Oct 2014 06:55:53 +0200 Subject: [PATCH] RedHat's patchlevel 28 --- bash-4.2-cve-2014-7169-0.patch | 12 ------- bash.spec | 31 +++++++++++------- bash43-026 | 60 ++++++++++++++++++++++++++++++++++ 3 files changed, 80 insertions(+), 23 deletions(-) delete mode 100644 bash-4.2-cve-2014-7169-0.patch create mode 100644 bash43-026 diff --git a/bash-4.2-cve-2014-7169-0.patch b/bash-4.2-cve-2014-7169-0.patch deleted file mode 100644 index 5f59b46..0000000 --- a/bash-4.2-cve-2014-7169-0.patch +++ /dev/null @@ -1,12 +0,0 @@ -*** ../bash-20140912/parse.y 2014-08-26 15:09:42.000000000 -0400 ---- parse.y 2014-09-24 22:47:28.000000000 -0400 -*************** -*** 2959,2962 **** ---- 2959,2964 ---- - word_desc_to_read = (WORD_DESC *)NULL; - -+ eol_ungetc_lookahead = 0; -+ - current_token = '\n'; /* XXX */ - last_read_token = '\n'; - diff --git a/bash.spec b/bash.spec index 14d0e82..11bdd8c 100644 --- a/bash.spec +++ b/bash.spec @@ -1,5 +1,5 @@ #% define beta_tag rc2 -%define patchleveltag .25 +%define patchleveltag .28 %define baseversion 4.3 %bcond_without tests %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -7,7 +7,7 @@ Version: %{baseversion}%{patchleveltag} Name: bash Summary: The GNU Bourne Again shell -Release: 2%{?dist} +Release: 1%{?dist} Group: System Environment/Shells License: GPLv3+ Url: http://www.gnu.org/software/bash @@ -46,6 +46,18 @@ Patch022: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-022 Patch023: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-023 Patch024: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-024 Patch025: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 +Patch026: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026 + +# 1146326 - cve-2014-7169 +# we want to keep these patches from Florian Weimer +# instead of the official ones, to match the ()/%% +# detail we already have applied across RHELs and not to +# create incompatibilities in the future +#patchlevel 27 +Patch027: bash-4.2-cve-2014-7169-1.patch +#patchlevel 28 +Patch028: bash-4.2-cve-2014-7169-2.patch + # Other patches Patch101: bash-2.02-security.patch @@ -103,12 +115,6 @@ Patch134: bash-4.3-pathexp-globignore-delim.patch # 1102815 - fix double echoes in vi visual mode Patch135: bash-4.3-noecho.patch -# 1146319 - cve-2014-7169 - -Patch136: bash-4.2-cve-2014-7169-0.patch -Patch137: bash-4.2-cve-2014-7169-1.patch -Patch138: bash-4.2-cve-2014-7169-2.patch - BuildRequires: texinfo bison BuildRequires: ncurses-devel BuildRequires: autoconf, gettext @@ -160,6 +166,9 @@ This package contains documentation files for %{name}. %patch023 -p0 -b .023 %patch024 -p0 -b .024 %patch025 -p0 -b .025 +%patch026 -p0 -b .026 +%patch027 -p0 -b .7169-1 +%patch028 -p0 -b .7169-2 # Other patches %patch101 -p1 -b .security @@ -190,9 +199,6 @@ This package contains documentation files for %{name}. %patch131 -p0 -b .keyword %patch134 -p0 -b .delim %patch135 -p1 -b .noecho -%patch136 -p0 -b .7169-0 -%patch137 -p0 -b .7169-1 -%patch138 -p0 -b .7169-2 echo %{version} > _distribution echo %{release} > _patchlevel @@ -388,6 +394,9 @@ end %doc doc/*.ps doc/*.0 doc/*.html doc/article.txt %changelog +* Mon Oct 06 2014 Ondrej Oprala - 4.3.28-1 +- RedHat's patchlevel 28 + * Thu Sep 25 2014 Ondrej Oprala - 4.3.25-2 - CVE-2014-7169 Resolves: #1146319 diff --git a/bash43-026 b/bash43-026 new file mode 100644 index 0000000..d5d5b1d --- /dev/null +++ b/bash43-026 @@ -0,0 +1,60 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.3 +Patch-ID: bash43-026 + +Bug-Reported-by: Tavis Ormandy +Bug-Reference-ID: +Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929 + +Bug-Description: + +Under certain circumstances, bash can incorrectly save a lookahead character and +return it on a subsequent call, even when reading a new line. + +Patch (apply with `patch -p0'): + +*** ../bash-4.3.25/parse.y 2014-07-30 10:14:31.000000000 -0400 +--- parse.y 2014-09-25 20:20:21.000000000 -0400 +*************** +*** 2954,2957 **** +--- 2954,2959 ---- + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + current_token = '\n'; /* XXX */ + last_read_token = '\n'; +*** ../bash-4.3.25/y.tab.c 2014-07-30 10:14:32.000000000 -0400 +--- y.tab.c 2014-09-25 20:21:48.000000000 -0400 +*************** +*** 5266,5269 **** +--- 5266,5271 ---- + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + current_token = '\n'; /* XXX */ + last_read_token = '\n'; +*************** +*** 8540,8542 **** + } + #endif /* HANDLE_MULTIBYTE */ +- +--- 8542,8543 ---- +*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 +--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 25 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 26 + + #endif /* _PATCHLEVEL_H_ */