Patchlevel 30
This commit is contained in:
parent
c6c0cde02b
commit
f96c394fe3
10
bash.spec
10
bash.spec
@ -1,5 +1,5 @@
|
|||||||
#% define beta_tag rc2
|
#% define beta_tag rc2
|
||||||
%define patchleveltag .28
|
%define patchleveltag .30
|
||||||
%define baseversion 4.3
|
%define baseversion 4.3
|
||||||
%bcond_without tests
|
%bcond_without tests
|
||||||
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
||||||
@ -58,6 +58,9 @@ Patch027: bash-4.2-cve-2014-7169-1.patch
|
|||||||
#patchlevel 28
|
#patchlevel 28
|
||||||
Patch028: bash-4.2-cve-2014-7169-2.patch
|
Patch028: bash-4.2-cve-2014-7169-2.patch
|
||||||
|
|
||||||
|
Patch029: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-029
|
||||||
|
Patch030: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-030
|
||||||
|
|
||||||
|
|
||||||
# Other patches
|
# Other patches
|
||||||
Patch101: bash-2.02-security.patch
|
Patch101: bash-2.02-security.patch
|
||||||
@ -169,6 +172,8 @@ This package contains documentation files for %{name}.
|
|||||||
%patch026 -p0 -b .026
|
%patch026 -p0 -b .026
|
||||||
%patch027 -p0 -b .7169-1
|
%patch027 -p0 -b .7169-1
|
||||||
%patch028 -p0 -b .7169-2
|
%patch028 -p0 -b .7169-2
|
||||||
|
%patch029 -p0 -b .029
|
||||||
|
%patch030 -p0 -b .030
|
||||||
|
|
||||||
# Other patches
|
# Other patches
|
||||||
%patch101 -p1 -b .security
|
%patch101 -p1 -b .security
|
||||||
@ -394,6 +399,9 @@ end
|
|||||||
%doc doc/*.ps doc/*.0 doc/*.html doc/article.txt
|
%doc doc/*.ps doc/*.0 doc/*.html doc/article.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Oct 06 2014 Ondrej Oprala <ooprala@redhat.com> - 4.3.30-1
|
||||||
|
- Patchlevel 30
|
||||||
|
|
||||||
* Mon Oct 06 2014 Ondrej Oprala <ooprala@redhat.com> - 4.3.28-1
|
* Mon Oct 06 2014 Ondrej Oprala <ooprala@redhat.com> - 4.3.28-1
|
||||||
- RedHat's patchlevel 28
|
- RedHat's patchlevel 28
|
||||||
|
|
||||||
|
59
bash43-029
Normal file
59
bash43-029
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
BASH PATCH REPORT
|
||||||
|
=================
|
||||||
|
|
||||||
|
Bash-Release: 4.3
|
||||||
|
Patch-ID: bash43-029
|
||||||
|
|
||||||
|
Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
|
||||||
|
Bug-Reference-ID:
|
||||||
|
Bug-Reference-URL:
|
||||||
|
|
||||||
|
Bug-Description:
|
||||||
|
|
||||||
|
When bash is parsing a function definition that contains a here-document
|
||||||
|
delimited by end-of-file (or end-of-string), it leaves the closing delimiter
|
||||||
|
uninitialized. This can result in an invalid memory access when the parsed
|
||||||
|
function is later copied.
|
||||||
|
|
||||||
|
Patch (apply with `patch -p0'):
|
||||||
|
|
||||||
|
*** ../bash-4.3.28/make_cmd.c 2011-12-16 08:08:01.000000000 -0500
|
||||||
|
--- make_cmd.c 2014-10-02 11:24:23.000000000 -0400
|
||||||
|
***************
|
||||||
|
*** 693,696 ****
|
||||||
|
--- 693,697 ----
|
||||||
|
temp->redirector = source;
|
||||||
|
temp->redirectee = dest_and_filename;
|
||||||
|
+ temp->here_doc_eof = 0;
|
||||||
|
temp->instruction = instruction;
|
||||||
|
temp->flags = 0;
|
||||||
|
*** ../bash-4.3.28/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400
|
||||||
|
--- copy_cmd.c 2014-10-02 11:24:23.000000000 -0400
|
||||||
|
***************
|
||||||
|
*** 127,131 ****
|
||||||
|
case r_reading_until:
|
||||||
|
case r_deblank_reading_until:
|
||||||
|
! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
|
||||||
|
/*FALLTHROUGH*/
|
||||||
|
case r_reading_string:
|
||||||
|
--- 127,131 ----
|
||||||
|
case r_reading_until:
|
||||||
|
case r_deblank_reading_until:
|
||||||
|
! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
|
||||||
|
/*FALLTHROUGH*/
|
||||||
|
case r_reading_string:
|
||||||
|
*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
|
||||||
|
--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
|
||||||
|
***************
|
||||||
|
*** 26,30 ****
|
||||||
|
looks for to find the patch level (for the sccs version string). */
|
||||||
|
|
||||||
|
! #define PATCHLEVEL 26
|
||||||
|
|
||||||
|
#endif /* _PATCHLEVEL_H_ */
|
||||||
|
--- 26,30 ----
|
||||||
|
looks for to find the patch level (for the sccs version string). */
|
||||||
|
|
||||||
|
! #define PATCHLEVEL 29
|
||||||
|
|
||||||
|
#endif /* _PATCHLEVEL_H_ */
|
132
bash43-030
Normal file
132
bash43-030
Normal file
@ -0,0 +1,132 @@
|
|||||||
|
BASH PATCH REPORT
|
||||||
|
=================
|
||||||
|
|
||||||
|
Bash-Release: 4.3
|
||||||
|
Patch-ID: bash43-030
|
||||||
|
|
||||||
|
Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
|
||||||
|
Bug-Reference-ID:
|
||||||
|
Bug-Reference-URL:
|
||||||
|
|
||||||
|
Bug-Description:
|
||||||
|
|
||||||
|
A combination of nested command substitutions and function importing from
|
||||||
|
the environment can cause bash to execute code appearing in the environment
|
||||||
|
variable value following the function definition.
|
||||||
|
|
||||||
|
Patch (apply with `patch -p0'):
|
||||||
|
|
||||||
|
*** ../bash-4.3.29/builtins/evalstring.c 2014-10-01 12:57:47.000000000 -0400
|
||||||
|
--- builtins/evalstring.c 2014-10-03 11:57:04.000000000 -0400
|
||||||
|
***************
|
||||||
|
*** 309,318 ****
|
||||||
|
struct fd_bitmap *bitmap;
|
||||||
|
|
||||||
|
! if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
|
||||||
|
{
|
||||||
|
! internal_warning ("%s: ignoring function definition attempt", from_file);
|
||||||
|
! should_jump_to_top_level = 0;
|
||||||
|
! last_result = last_command_exit_value = EX_BADUSAGE;
|
||||||
|
! break;
|
||||||
|
}
|
||||||
|
|
||||||
|
--- 313,335 ----
|
||||||
|
struct fd_bitmap *bitmap;
|
||||||
|
|
||||||
|
! if (flags & SEVAL_FUNCDEF)
|
||||||
|
{
|
||||||
|
! char *x;
|
||||||
|
!
|
||||||
|
! /* If the command parses to something other than a straight
|
||||||
|
! function definition, or if we have not consumed the entire
|
||||||
|
! string, or if the parser has transformed the function
|
||||||
|
! name (as parsing will if it begins or ends with shell
|
||||||
|
! whitespace, for example), reject the attempt */
|
||||||
|
! if (command->type != cm_function_def ||
|
||||||
|
! ((x = parser_remaining_input ()) && *x) ||
|
||||||
|
! (STREQ (from_file, command->value.Function_def->name->word) == 0))
|
||||||
|
! {
|
||||||
|
! internal_warning (_("%s: ignoring function definition attempt"), from_file);
|
||||||
|
! should_jump_to_top_level = 0;
|
||||||
|
! last_result = last_command_exit_value = EX_BADUSAGE;
|
||||||
|
! reset_parser ();
|
||||||
|
! break;
|
||||||
|
! }
|
||||||
|
}
|
||||||
|
|
||||||
|
***************
|
||||||
|
*** 379,383 ****
|
||||||
|
|
||||||
|
if (flags & SEVAL_ONECMD)
|
||||||
|
! break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--- 396,403 ----
|
||||||
|
|
||||||
|
if (flags & SEVAL_ONECMD)
|
||||||
|
! {
|
||||||
|
! reset_parser ();
|
||||||
|
! break;
|
||||||
|
! }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*** ../bash-4.3.29/parse.y 2014-10-01 12:58:43.000000000 -0400
|
||||||
|
--- parse.y 2014-10-03 14:48:59.000000000 -0400
|
||||||
|
***************
|
||||||
|
*** 2539,2542 ****
|
||||||
|
--- 2539,2552 ----
|
||||||
|
}
|
||||||
|
|
||||||
|
+ char *
|
||||||
|
+ parser_remaining_input ()
|
||||||
|
+ {
|
||||||
|
+ if (shell_input_line == 0)
|
||||||
|
+ return 0;
|
||||||
|
+ if (shell_input_line_index < 0 || shell_input_line_index >= shell_input_line_len)
|
||||||
|
+ return '\0'; /* XXX */
|
||||||
|
+ return (shell_input_line + shell_input_line_index);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
#ifdef INCLUDE_UNUSED
|
||||||
|
/* Back the input pointer up by one, effectively `ungetting' a character. */
|
||||||
|
***************
|
||||||
|
*** 4028,4033 ****
|
||||||
|
/* reset_parser clears shell_input_line and associated variables */
|
||||||
|
restore_input_line_state (&ls);
|
||||||
|
! if (interactive)
|
||||||
|
! token_to_read = 0;
|
||||||
|
|
||||||
|
/* Need to find how many characters parse_and_execute consumed, update
|
||||||
|
--- 4053,4058 ----
|
||||||
|
/* reset_parser clears shell_input_line and associated variables */
|
||||||
|
restore_input_line_state (&ls);
|
||||||
|
!
|
||||||
|
! token_to_read = 0;
|
||||||
|
|
||||||
|
/* Need to find how many characters parse_and_execute consumed, update
|
||||||
|
*** ../bash-4.3.29/shell.h 2014-10-01 12:57:39.000000000 -0400
|
||||||
|
--- shell.h 2014-10-03 14:49:12.000000000 -0400
|
||||||
|
***************
|
||||||
|
*** 181,184 ****
|
||||||
|
--- 181,186 ----
|
||||||
|
|
||||||
|
/* Let's try declaring these here. */
|
||||||
|
+ extern char *parser_remaining_input __P((void));
|
||||||
|
+
|
||||||
|
extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
|
||||||
|
extern void restore_parser_state __P((sh_parser_state_t *));
|
||||||
|
*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
|
||||||
|
--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
|
||||||
|
***************
|
||||||
|
*** 26,30 ****
|
||||||
|
looks for to find the patch level (for the sccs version string). */
|
||||||
|
|
||||||
|
! #define PATCHLEVEL 29
|
||||||
|
|
||||||
|
#endif /* _PATCHLEVEL_H_ */
|
||||||
|
--- 26,30 ----
|
||||||
|
looks for to find the patch level (for the sccs version string). */
|
||||||
|
|
||||||
|
! #define PATCHLEVEL 30
|
||||||
|
|
||||||
|
#endif /* _PATCHLEVEL_H_ */
|
Loading…
Reference in New Issue
Block a user