From f6ffed783f26b00ddc5f82aa51e5d065af71570a Mon Sep 17 00:00:00 2001 From: Roman Rakus Date: Mon, 11 Mar 2013 20:43:32 +0100 Subject: [PATCH] Patchlevel 45 Signed-off-by: Roman Rakus --- bash.spec | 13 ++++++++-- bash42-043 | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++ bash42-044 | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ bash42-045 | 53 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 199 insertions(+), 2 deletions(-) create mode 100644 bash42-043 create mode 100644 bash42-044 create mode 100644 bash42-045 diff --git a/bash.spec b/bash.spec index 05be2d4..d9124c9 100644 --- a/bash.spec +++ b/bash.spec @@ -1,12 +1,12 @@ #% define beta_tag rc2 -%define patchleveltag .42 +%define patchleveltag .45 %define baseversion 4.2 %bcond_without tests Version: %{baseversion}%{patchleveltag} Name: bash Summary: The GNU Bourne Again shell -Release: 3%{?dist} +Release: 1%{?dist} Group: System Environment/Shells License: GPLv3+ Url: http://www.gnu.org/software/bash @@ -62,6 +62,9 @@ Patch039: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-039 Patch040: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-040 Patch041: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-041 Patch042: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-042 +Patch043: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-043 +Patch044: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-044 +Patch045: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-045 # Other patches Patch101: bash-2.02-security.patch @@ -182,6 +185,9 @@ This package contains documentation files for %{name}. %patch040 -p0 -b .040 %patch041 -p0 -b .041 %patch042 -p0 -b .042 +%patch043 -p0 -b .043 +%patch044 -p0 -b .044 +%patch045 -p0 -b .045 # Other patches %patch101 -p1 -b .security @@ -402,6 +408,9 @@ end #%doc doc/*.ps doc/*.0 doc/*.html doc/article.txt %changelog +* Mon Mar 11 2013 Roman Rakus - 4.2.45-1 +- Patchlevel 45 + * Thu Jan 31 2013 Roman Rakus - 4.2.42-3 - Fix usage of partial unitialized structure Resolves: #857948 diff --git a/bash42-043 b/bash42-043 new file mode 100644 index 0000000..b25a5ee --- /dev/null +++ b/bash42-043 @@ -0,0 +1,65 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.2 +Patch-ID: bash42-043 + +Bug-Reported-by: konsolebox +Bug-Reference-ID: +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2013-01/msg00138.html + +Bug-Description: + +When SIGCHLD is trapped, and a SIGCHLD trap handler runs when a pending +`read -t' invocation times out and generates SIGALRM, bash can crash with +a segmentation fault. + +Patch (apply with `patch -p0'): + +*** ../bash-4.2-patched/builtins/read.def 2012-10-31 21:22:51.000517000 -0400 +--- builtins/read.def 2013-01-25 10:28:16.000038000 -0500 +*************** +*** 386,393 **** + /* Tricky. The top of the unwind-protect stack is the free of + input_string. We want to run all the rest and use input_string, +! so we have to remove it from the stack. */ +! remove_unwind_protect (); +! run_unwind_frame ("read_builtin"); + input_string[i] = '\0'; /* make sure it's terminated */ + retval = 128+SIGALRM; + goto assign_vars; +--- 386,403 ---- + /* Tricky. The top of the unwind-protect stack is the free of + input_string. We want to run all the rest and use input_string, +! so we have to save input_string temporarily, run the unwind- +! protects, then restore input_string so we can use it later. */ +! + input_string[i] = '\0'; /* make sure it's terminated */ ++ if (i == 0) ++ { ++ t = (char *)xmalloc (1); ++ t[0] = 0; ++ } ++ else ++ t = savestring (input_string); ++ ++ run_unwind_frame ("read_builtin"); ++ input_string = t; + retval = 128+SIGALRM; + goto assign_vars; + +*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 +--- patchlevel.h Thu Feb 24 21:41:34 2011 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 42 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 43 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/bash42-044 b/bash42-044 new file mode 100644 index 0000000..e5bf283 --- /dev/null +++ b/bash42-044 @@ -0,0 +1,70 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.2 +Patch-ID: bash42-044 + +Bug-Reported-by: "Dashing" +Bug-Reference-ID: <20130211175049.D90786F446@smtp.hushmail.com> +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2013-02/msg00030.html + +Bug-Description: + +When converting a multibyte string to a wide character string as part of +pattern matching, bash does not handle the end of the string correctly, +causing the search for the NUL to go beyond the end of the string and +reference random memory. Depending on the contents of that memory, bash +can produce errors or crash. + +Patch (apply with `patch -p0'): + +*** ../bash-4.2-patched/lib/glob/xmbsrtowcs.c 2012-07-08 21:53:19.000000000 -0400 +--- lib/glob/xmbsrtowcs.c 2013-02-12 12:00:39.000000000 -0500 +*************** +*** 217,220 **** +--- 217,226 ---- + n = mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state); + ++ if (n == 0 && p == 0) ++ { ++ wsbuf[wcnum] = L'\0'; ++ break; ++ } ++ + /* Compensate for taking single byte on wcs conversion failure above. */ + if (wcslength == 1 && (n == 0 || n == (size_t)-1)) +*************** +*** 222,226 **** + state = tmp_state; + p = tmp_p; +! wsbuf[wcnum++] = *p++; + } + else +--- 228,238 ---- + state = tmp_state; + p = tmp_p; +! wsbuf[wcnum] = *p; +! if (*p == 0) +! break; +! else +! { +! wcnum++; p++; +! } + } + else + +*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 +--- patchlevel.h Thu Feb 24 21:41:34 2011 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 43 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 44 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/bash42-045 b/bash42-045 new file mode 100644 index 0000000..e0f8559 --- /dev/null +++ b/bash42-045 @@ -0,0 +1,53 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.2 +Patch-ID: bash42-045 + +Bug-Reported-by: Stephane Chazelas +Bug-Reference-ID: <20130218195539.GA9620@chaz.gmail.com> +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2013-02/msg00080.html + +Bug-Description: + +The <&n- and >&n- redirections, which move one file descriptor to another, +leave the file descriptor closed when applied to builtins or compound +commands. + +Patch (apply with `patch -p0'): + +*** ../bash-4.2-patched/redir.c 2013-01-30 11:56:09.000000000 -0500 +--- redir.c 2013-02-19 09:38:36.000000000 -0500 +*************** +*** 1008,1011 **** +--- 1008,1021 ---- + REDIRECTION_ERROR (r, errno, -1); + } ++ if ((flags & RX_UNDOABLE) && (ri == r_move_input || ri == r_move_output)) ++ { ++ /* r_move_input and r_move_output add an additional close() ++ that needs to be undone */ ++ if (fcntl (redirector, F_GETFD, 0) != -1) ++ { ++ r = add_undo_redirect (redir_fd, r_close_this, -1); ++ REDIRECTION_ERROR (r, errno, -1); ++ } ++ } + #if defined (BUFFERED_INPUT) + check_bash_input (redirector); + +*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 +--- patchlevel.h Thu Feb 24 21:41:34 2011 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 44 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 45 + + #endif /* _PATCHLEVEL_H_ */