From 5e29b60a5c337c028b4c08dac4af476bad2fbedf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= Date: Mon, 18 Sep 2023 12:49:48 +0200 Subject: [PATCH] Fix set +r so that it cannot unset the restricted option Resolves: #1948588 --- ksh-20120801-set+r-fix.patch | 57 ++++++++++++++++++++++++++++++++++++ ksh.spec | 9 +++++- 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 ksh-20120801-set+r-fix.patch diff --git a/ksh-20120801-set+r-fix.patch b/ksh-20120801-set+r-fix.patch new file mode 100644 index 0000000..ba1fdf1 --- /dev/null +++ b/ksh-20120801-set+r-fix.patch @@ -0,0 +1,57 @@ +From 74b4162178c8a2347491b9fd3a22d8e6e1b7e831 Mon Sep 17 00:00:00 2001 +From: Johnothan King +Date: Wed, 10 Jun 2020 10:19:41 -0700 +Subject: [PATCH] Fix `set +r` so that it cannot unset the restricted option + +The ksh man page documents that the restricted option cannot be +unset once it is set, which means `set +r` should be invalid. +While this was true for `set +o restricted`, `set +r` was causing +the restricted option to be unset. The fix for this problem comes +from one of Solaris' patches, which adds an error check to prevent +this behavior. + +Solaris' patch: +https://github.com/oracle/solaris-userland/blob/master/components/ksh93/patches/020-CR6919590.patch + +src/cmd/ksh93/sh/args.c: + - Add an error check to stop `set +r` from unsetting the + restricted option. + +src/cmd/ksh93/tests/restricted.sh: + - Add two regression tests to make sure the restricted option + cannot be unset. + +(cherry picked from commit bef4fee404d8e24b38fce66420c14a39ac4a123e) +--- + src/cmd/ksh93/sh/args.c | 2 ++ + src/cmd/ksh93/tests/restricted.sh | 6 ++++++ + 2 files changed, 8 insertions(+) + +diff --git a/src/cmd/ksh93/sh/args.c b/src/cmd/ksh93/sh/args.c +index a4a11012d90a..70bcabea680d 100644 +--- a/src/cmd/ksh93/sh/args.c ++++ b/src/cmd/ksh93/sh/args.c +@@ -302,6 +302,8 @@ int sh_argopts(int argc,register char *argv[], void *context) + } + else + { ++ if ((o == SH_RESTRICTED) && sh_isoption(SH_RESTRICTED)) ++ errormsg(SH_DICT,ERROR_exit(1),e_restricted,"r"); /* set -r cannot be unset */ + if(o==SH_XTRACE) + trace = 0; + off_option(&newflags,o); +diff --git a/src/cmd/ksh93/tests/restricted.sh b/src/cmd/ksh93/tests/restricted.sh +index abf33cc82c04..eb32c01bb62e 100755 +--- a/src/cmd/ksh93/tests/restricted.sh ++++ b/src/cmd/ksh93/tests/restricted.sh +@@ -87,4 +87,10 @@ for i in PATH ENV FPATH + do check_restricted "function foo { typeset $i=foobar;};foo" || err_exit "$i can be changed in function by using typeset" + done + ++# ====== ++# `set +r` and `set +o restricted` should not unset the restricted option ++check_restricted 'set +r' 2> /dev/null || err_exit '`set +r` unsets the restricted option' ++check_restricted 'set +o restricted' 2> /dev/null || err_exit '`set +o restricted` unsets the restricted option' ++ ++# ====== + exit $((Errors<125?Errors:125)) diff --git a/ksh.spec b/ksh.spec index ad9c337..bc13c6d 100644 --- a/ksh.spec +++ b/ksh.spec @@ -6,7 +6,7 @@ Summary: The Original ATT Korn Shell URL: http://www.kornshell.com/ License: EPL-1.0 Version: %{releasedate} -Release: 259%{?dist} +Release: 260%{?dist} Source0: http://www.research.att.com/~gsf/download/tgz/ast-ksh.%{release_date}.tgz Source1: http://www.research.att.com/~gsf/download/tgz/INIT.%{release_date}.tgz Source2: kshcomp.conf @@ -236,6 +236,9 @@ Patch93: ksh-20120801-stack-robustness-2.patch # upstream commit: https://github.com/ksh93/ksh/commit/6f3b23e6f4d59590a51bfbcc66dc60082728b71d Patch94: ksh-20120801-segfault-long-command.patch +# rhbz#1948588 +# upstream commit: https://github.com/ksh93/ksh/commit/74b4162178c8a2347491b9fd3a22d8e6e1b7e831 +Patch95: ksh-20120801-set+r-fix.patch Conflicts: pdksh Requires: coreutils, diffutils, chkconfig @@ -390,6 +393,10 @@ fi %config(noreplace) %{_sysconfdir}/binfmt.d/kshcomp.conf %changelog +* Mon Sep 18 2023 Lukáš Zaoral - 20120801-260 +- Fix set +r so that it cannot unset the restricted option + Resolves: #1948588 + * Fri Aug 25 2023 Vincent Mihalkovic - 20120801-259 - Fix crash on trying a very long command Fix license tag