Patchlevel 30
This commit is contained in:
parent
c6c0cde02b
commit
f96c394fe3
10
bash.spec
10
bash.spec
@ -1,5 +1,5 @@
|
||||
#% define beta_tag rc2
|
||||
%define patchleveltag .28
|
||||
%define patchleveltag .30
|
||||
%define baseversion 4.3
|
||||
%bcond_without tests
|
||||
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
||||
@ -58,6 +58,9 @@ Patch027: bash-4.2-cve-2014-7169-1.patch
|
||||
#patchlevel 28
|
||||
Patch028: bash-4.2-cve-2014-7169-2.patch
|
||||
|
||||
Patch029: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-029
|
||||
Patch030: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-030
|
||||
|
||||
|
||||
# Other patches
|
||||
Patch101: bash-2.02-security.patch
|
||||
@ -169,6 +172,8 @@ This package contains documentation files for %{name}.
|
||||
%patch026 -p0 -b .026
|
||||
%patch027 -p0 -b .7169-1
|
||||
%patch028 -p0 -b .7169-2
|
||||
%patch029 -p0 -b .029
|
||||
%patch030 -p0 -b .030
|
||||
|
||||
# Other patches
|
||||
%patch101 -p1 -b .security
|
||||
@ -394,6 +399,9 @@ end
|
||||
%doc doc/*.ps doc/*.0 doc/*.html doc/article.txt
|
||||
|
||||
%changelog
|
||||
* Thu Oct 06 2014 Ondrej Oprala <ooprala@redhat.com> - 4.3.30-1
|
||||
- Patchlevel 30
|
||||
|
||||
* Mon Oct 06 2014 Ondrej Oprala <ooprala@redhat.com> - 4.3.28-1
|
||||
- RedHat's patchlevel 28
|
||||
|
||||
|
59
bash43-029
Normal file
59
bash43-029
Normal file
@ -0,0 +1,59 @@
|
||||
BASH PATCH REPORT
|
||||
=================
|
||||
|
||||
Bash-Release: 4.3
|
||||
Patch-ID: bash43-029
|
||||
|
||||
Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
|
||||
Bug-Reference-ID:
|
||||
Bug-Reference-URL:
|
||||
|
||||
Bug-Description:
|
||||
|
||||
When bash is parsing a function definition that contains a here-document
|
||||
delimited by end-of-file (or end-of-string), it leaves the closing delimiter
|
||||
uninitialized. This can result in an invalid memory access when the parsed
|
||||
function is later copied.
|
||||
|
||||
Patch (apply with `patch -p0'):
|
||||
|
||||
*** ../bash-4.3.28/make_cmd.c 2011-12-16 08:08:01.000000000 -0500
|
||||
--- make_cmd.c 2014-10-02 11:24:23.000000000 -0400
|
||||
***************
|
||||
*** 693,696 ****
|
||||
--- 693,697 ----
|
||||
temp->redirector = source;
|
||||
temp->redirectee = dest_and_filename;
|
||||
+ temp->here_doc_eof = 0;
|
||||
temp->instruction = instruction;
|
||||
temp->flags = 0;
|
||||
*** ../bash-4.3.28/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400
|
||||
--- copy_cmd.c 2014-10-02 11:24:23.000000000 -0400
|
||||
***************
|
||||
*** 127,131 ****
|
||||
case r_reading_until:
|
||||
case r_deblank_reading_until:
|
||||
! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
|
||||
/*FALLTHROUGH*/
|
||||
case r_reading_string:
|
||||
--- 127,131 ----
|
||||
case r_reading_until:
|
||||
case r_deblank_reading_until:
|
||||
! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
|
||||
/*FALLTHROUGH*/
|
||||
case r_reading_string:
|
||||
*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
|
||||
--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
|
||||
***************
|
||||
*** 26,30 ****
|
||||
looks for to find the patch level (for the sccs version string). */
|
||||
|
||||
! #define PATCHLEVEL 26
|
||||
|
||||
#endif /* _PATCHLEVEL_H_ */
|
||||
--- 26,30 ----
|
||||
looks for to find the patch level (for the sccs version string). */
|
||||
|
||||
! #define PATCHLEVEL 29
|
||||
|
||||
#endif /* _PATCHLEVEL_H_ */
|
132
bash43-030
Normal file
132
bash43-030
Normal file
@ -0,0 +1,132 @@
|
||||
BASH PATCH REPORT
|
||||
=================
|
||||
|
||||
Bash-Release: 4.3
|
||||
Patch-ID: bash43-030
|
||||
|
||||
Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
|
||||
Bug-Reference-ID:
|
||||
Bug-Reference-URL:
|
||||
|
||||
Bug-Description:
|
||||
|
||||
A combination of nested command substitutions and function importing from
|
||||
the environment can cause bash to execute code appearing in the environment
|
||||
variable value following the function definition.
|
||||
|
||||
Patch (apply with `patch -p0'):
|
||||
|
||||
*** ../bash-4.3.29/builtins/evalstring.c 2014-10-01 12:57:47.000000000 -0400
|
||||
--- builtins/evalstring.c 2014-10-03 11:57:04.000000000 -0400
|
||||
***************
|
||||
*** 309,318 ****
|
||||
struct fd_bitmap *bitmap;
|
||||
|
||||
! if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
|
||||
{
|
||||
! internal_warning ("%s: ignoring function definition attempt", from_file);
|
||||
! should_jump_to_top_level = 0;
|
||||
! last_result = last_command_exit_value = EX_BADUSAGE;
|
||||
! break;
|
||||
}
|
||||
|
||||
--- 313,335 ----
|
||||
struct fd_bitmap *bitmap;
|
||||
|
||||
! if (flags & SEVAL_FUNCDEF)
|
||||
{
|
||||
! char *x;
|
||||
!
|
||||
! /* If the command parses to something other than a straight
|
||||
! function definition, or if we have not consumed the entire
|
||||
! string, or if the parser has transformed the function
|
||||
! name (as parsing will if it begins or ends with shell
|
||||
! whitespace, for example), reject the attempt */
|
||||
! if (command->type != cm_function_def ||
|
||||
! ((x = parser_remaining_input ()) && *x) ||
|
||||
! (STREQ (from_file, command->value.Function_def->name->word) == 0))
|
||||
! {
|
||||
! internal_warning (_("%s: ignoring function definition attempt"), from_file);
|
||||
! should_jump_to_top_level = 0;
|
||||
! last_result = last_command_exit_value = EX_BADUSAGE;
|
||||
! reset_parser ();
|
||||
! break;
|
||||
! }
|
||||
}
|
||||
|
||||
***************
|
||||
*** 379,383 ****
|
||||
|
||||
if (flags & SEVAL_ONECMD)
|
||||
! break;
|
||||
}
|
||||
}
|
||||
--- 396,403 ----
|
||||
|
||||
if (flags & SEVAL_ONECMD)
|
||||
! {
|
||||
! reset_parser ();
|
||||
! break;
|
||||
! }
|
||||
}
|
||||
}
|
||||
*** ../bash-4.3.29/parse.y 2014-10-01 12:58:43.000000000 -0400
|
||||
--- parse.y 2014-10-03 14:48:59.000000000 -0400
|
||||
***************
|
||||
*** 2539,2542 ****
|
||||
--- 2539,2552 ----
|
||||
}
|
||||
|
||||
+ char *
|
||||
+ parser_remaining_input ()
|
||||
+ {
|
||||
+ if (shell_input_line == 0)
|
||||
+ return 0;
|
||||
+ if (shell_input_line_index < 0 || shell_input_line_index >= shell_input_line_len)
|
||||
+ return '\0'; /* XXX */
|
||||
+ return (shell_input_line + shell_input_line_index);
|
||||
+ }
|
||||
+
|
||||
#ifdef INCLUDE_UNUSED
|
||||
/* Back the input pointer up by one, effectively `ungetting' a character. */
|
||||
***************
|
||||
*** 4028,4033 ****
|
||||
/* reset_parser clears shell_input_line and associated variables */
|
||||
restore_input_line_state (&ls);
|
||||
! if (interactive)
|
||||
! token_to_read = 0;
|
||||
|
||||
/* Need to find how many characters parse_and_execute consumed, update
|
||||
--- 4053,4058 ----
|
||||
/* reset_parser clears shell_input_line and associated variables */
|
||||
restore_input_line_state (&ls);
|
||||
!
|
||||
! token_to_read = 0;
|
||||
|
||||
/* Need to find how many characters parse_and_execute consumed, update
|
||||
*** ../bash-4.3.29/shell.h 2014-10-01 12:57:39.000000000 -0400
|
||||
--- shell.h 2014-10-03 14:49:12.000000000 -0400
|
||||
***************
|
||||
*** 181,184 ****
|
||||
--- 181,186 ----
|
||||
|
||||
/* Let's try declaring these here. */
|
||||
+ extern char *parser_remaining_input __P((void));
|
||||
+
|
||||
extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
|
||||
extern void restore_parser_state __P((sh_parser_state_t *));
|
||||
*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
|
||||
--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
|
||||
***************
|
||||
*** 26,30 ****
|
||||
looks for to find the patch level (for the sccs version string). */
|
||||
|
||||
! #define PATCHLEVEL 29
|
||||
|
||||
#endif /* _PATCHLEVEL_H_ */
|
||||
--- 26,30 ----
|
||||
looks for to find the patch level (for the sccs version string). */
|
||||
|
||||
! #define PATCHLEVEL 30
|
||||
|
||||
#endif /* _PATCHLEVEL_H_ */
|
Loading…
Reference in New Issue
Block a user