diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-12-14 21:19:34 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-12-14 23:46:49 +0100 |
commit | fc0ff5a5d7c45f929eb214b3147aa538e736e2aa (patch) | |
tree | 50597023627f75dde70715de78423e655589cdbd /source/a | |
parent | ac5857bb77042a1843e9436852630091adc75982 (diff) | |
download | current-fc0ff5a5d7c45f929eb214b3147aa538e736e2aa.tar.gz current-fc0ff5a5d7c45f929eb214b3147aa538e736e2aa.tar.xz |
Wed Dec 14 21:19:34 UTC 202220221214211934
a/bash-5.2.015-x86_64-1.txz: Upgraded.
a/tcsh-6.24.06-x86_64-1.txz: Upgraded.
ap/inxi-3.3.24_1-noarch-1.txz: Upgraded.
ap/nano-7.1-x86_64-1.txz: Upgraded.
d/git-2.39.0-x86_64-1.txz: Upgraded.
d/rust-1.65.0-x86_64-1.txz: Upgraded.
d/strace-6.1-x86_64-1.txz: Upgraded.
kde/krita-5.1.4-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_54-x86_64-1.txz: Upgraded.
l/nodejs-19.3.0-x86_64-1.txz: Upgraded.
l/pcre2-10.42-x86_64-1.txz: Upgraded.
n/iproute2-6.1.0-x86_64-1.txz: Upgraded.
x/makedepend-1.0.8-x86_64-1.txz: Upgraded.
x/xhost-1.0.9-x86_64-1.txz: Upgraded.
x/xorg-server-21.1.5-x86_64-1.txz: Upgraded.
This release fixes 6 recently reported security vulnerabilities in
various extensions.
For more information, see:
https://lists.x.org/archives/xorg-announce/2022-December/003302.html
https://www.cve.org/CVERecord?id=CVE-2022-46340
https://www.cve.org/CVERecord?id=CVE-2022-46341
https://www.cve.org/CVERecord?id=CVE-2022-46342
https://www.cve.org/CVERecord?id=CVE-2022-46343
https://www.cve.org/CVERecord?id=CVE-2022-46344
https://www.cve.org/CVERecord?id=CVE-2022-4283
(* Security fix *)
x/xorg-server-xephyr-21.1.5-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-21.1.5-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-21.1.5-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-22.1.6-x86_64-1.txz: Upgraded.
This release fixes 6 recently reported security vulnerabilities in
various extensions.
For more information, see:
https://lists.x.org/archives/xorg-announce/2022-December/003302.html
https://www.cve.org/CVERecord?id=CVE-2022-46340
https://www.cve.org/CVERecord?id=CVE-2022-46341
https://www.cve.org/CVERecord?id=CVE-2022-46342
https://www.cve.org/CVERecord?id=CVE-2022-46343
https://www.cve.org/CVERecord?id=CVE-2022-46344
https://www.cve.org/CVERecord?id=CVE-2022-4283
(* Security fix *)
xap/mozilla-thunderbird-102.6.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/
https://www.cve.org/CVERecord?id=CVE-2022-46880
https://www.cve.org/CVERecord?id=CVE-2022-46872
https://www.cve.org/CVERecord?id=CVE-2022-46881
https://www.cve.org/CVERecord?id=CVE-2022-46874
https://www.cve.org/CVERecord?id=CVE-2022-46875
https://www.cve.org/CVERecord?id=CVE-2022-46882
https://www.cve.org/CVERecord?id=CVE-2022-46878
(* Security fix *)
xap/xscreensaver-6.06-x86_64-1.txz: Upgraded.
testing/packages/mozilla-firefox-108.0-x86_64-1.txz: Upgraded.
Starting this out in /testing for now, since I've been trying for 2 days to
get it to compile on 32-bit with no luck. It ends up failing with a bunch of
errors like this:
ld.lld: error: undefined hidden symbol: tabs_4d51_TabsStore_sync
Any help getting this to build on 32-bit would be greatly appreciated.
I've tried most of ponce's bag of tricks already. :-)
Diffstat (limited to 'source/a')
-rw-r--r-- | source/a/bash/bash-5.2-patches/bash52-013 | 58 | ||||
-rw-r--r-- | source/a/bash/bash-5.2-patches/bash52-014 | 119 | ||||
-rw-r--r-- | source/a/bash/bash-5.2-patches/bash52-015 | 216 |
3 files changed, 393 insertions, 0 deletions
diff --git a/source/a/bash/bash-5.2-patches/bash52-013 b/source/a/bash/bash-5.2-patches/bash52-013 new file mode 100644 index 000000000..3051269c1 --- /dev/null +++ b/source/a/bash/bash-5.2-patches/bash52-013 @@ -0,0 +1,58 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-013 + +Bug-Reported-by: Ralf Oehler <Ralf@Oehler-Privat.de> +Bug-Reference-ID: <20221120140252.2fc6489b@bilbo> +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-11/msg00082.html + +Bug-Description: + +Bash can leak memory when referencing a non-existent associative array +element. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/subst.c 2022-11-05 17:27:48.000000000 -0400 +--- subst.c 2022-11-21 14:42:59.000000000 -0500 +*************** +*** 7498,7503 **** + : quote_escapes (temp); + rflags |= W_ARRAYIND; +- if (estatep) +- *estatep = es; /* structure copy */ + } + /* Note that array[*] and array[@] expanded to a quoted null string by +--- 7508,7511 ---- +*************** +*** 7508,7512 **** + rflags |= W_HASQUOTEDNULL; + +! if (estatep == 0) + flush_eltstate (&es); + } +--- 7516,7522 ---- + rflags |= W_HASQUOTEDNULL; + +! if (estatep) +! *estatep = es; /* structure copy */ +! else + flush_eltstate (&es); + } +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 12 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 13 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/source/a/bash/bash-5.2-patches/bash52-014 b/source/a/bash/bash-5.2-patches/bash52-014 new file mode 100644 index 000000000..c6f3176bf --- /dev/null +++ b/source/a/bash/bash-5.2-patches/bash52-014 @@ -0,0 +1,119 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-014 + +Bug-Reported-by: Andreas Schwab <schwab@suse.de> +Bug-Reference-ID: <mvmv8opcbha.fsf@suse.de> +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00076.html + +Bug-Description: + +Bash defers processing additional terminating signals when running the +EXIT trap while exiting due to a terminating signal. This patch allows the +new terminating signal to kill the shell immediately. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/execute_cmd.c 2022-11-23 17:09:18.000000000 -0500 +--- execute_cmd.c 2022-11-28 10:36:08.000000000 -0500 +*************** +*** 3625,3628 **** +--- 3649,3653 ---- + + dispose_words (es); ++ QUIT; + + if (match) +*** ../bash-5.2-patched/sig.c 2021-11-04 14:15:31.000000000 -0400 +--- sig.c 2022-12-06 09:45:11.000000000 -0500 +*************** +*** 95,98 **** +--- 95,99 ---- + + static void initialize_shell_signals PARAMS((void)); ++ static void kill_shell PARAMS((int)); + + void +*************** +*** 487,490 **** +--- 495,500 ---- + } + ++ static int handling_termsig = 0; ++ + sighandler + termsig_sighandler (sig) +*************** +*** 533,536 **** +--- 543,554 ---- + terminate_immediately = 1; + ++ /* If we are currently handling a terminating signal, we have a couple of ++ choices here. We can ignore this second terminating signal and let the ++ shell exit from the first one, or we can exit immediately by killing ++ the shell with this signal. This code implements the latter; to implement ++ the former, replace the kill_shell(sig) with return. */ ++ if (handling_termsig) ++ kill_shell (sig); /* just short-circuit now */ ++ + terminating_signal = sig; + +*************** +*** 565,572 **** + int sig; + { +- static int handling_termsig = 0; +- int i, core; +- sigset_t mask; +- + /* Simple semaphore to keep this function from being executed multiple + times. Since we no longer are running as a signal handler, we don't +--- 585,588 ---- +*************** +*** 574,578 **** + if (handling_termsig) + return; +! handling_termsig = 1; + terminating_signal = 0; /* keep macro from re-testing true. */ + +--- 590,595 ---- + if (handling_termsig) + return; +! +! handling_termsig = terminating_signal; /* for termsig_sighandler */ + terminating_signal = 0; /* keep macro from re-testing true. */ + +*************** +*** 614,617 **** +--- 631,644 ---- + run_exit_trap (); /* XXX - run exit trap possibly in signal context? */ + ++ kill_shell (sig); ++ } ++ ++ static void ++ kill_shell (sig) ++ int sig; ++ { ++ int i, core; ++ sigset_t mask; ++ + /* We don't change the set of blocked signals. If a user starts the shell + with a terminating signal blocked, we won't get here (and if by some +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 13 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 14 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/source/a/bash/bash-5.2-patches/bash52-015 b/source/a/bash/bash-5.2-patches/bash52-015 new file mode 100644 index 000000000..740a13da5 --- /dev/null +++ b/source/a/bash/bash-5.2-patches/bash52-015 @@ -0,0 +1,216 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-015 + +Bug-Reported-by: Frode Nordahl <frode.nordahl@canonical.com> +Bug-Reference-ID: <20221119070714.351759-1-frode.nordahl@canonical.com> +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-11/msg00078.html + +Bug-Description: + +There are several cases where bash is too aggressive when optimizing out forks +in subshells. For example, `eval' and traps should never be optimized. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/builtins/common.h 2022-11-23 17:09:18.000000000 -0500 +--- builtins/common.h 2022-11-19 18:03:59.000000000 -0500 +*************** +*** 52,55 **** +--- 52,56 ---- + #define SEVAL_ONECMD 0x100 /* only allow a single command */ + #define SEVAL_NOHISTEXP 0x200 /* inhibit history expansion */ ++ #define SEVAL_NOOPTIMIZE 0x400 /* don't try to set optimization flags */ + + /* Flags for describe_command, shared between type.def and command.def */ +*** ../bash-5.2-patched/builtins/evalstring.c 2022-11-05 17:27:44.000000000 -0400 +--- builtins/evalstring.c 2022-11-19 18:23:21.000000000 -0500 +*************** +*** 133,138 **** + (command->value.Connection->connector == AND_AND || command->value.Connection->connector == OR_OR || command->value.Connection->connector == ';') && + (command->value.Connection->second->flags & CMD_TRY_OPTIMIZING) && +! ((startup_state == 2 && should_suppress_fork (command->value.Connection->second)) || +! ((subshell_environment & SUBSHELL_PAREN) && should_optimize_fork (command->value.Connection->second, 0)))) + { + command->value.Connection->second->flags |= CMD_NO_FORK; +--- 133,138 ---- + (command->value.Connection->connector == AND_AND || command->value.Connection->connector == OR_OR || command->value.Connection->connector == ';') && + (command->value.Connection->second->flags & CMD_TRY_OPTIMIZING) && +! (should_suppress_fork (command->value.Connection->second) || +! ((subshell_environment & SUBSHELL_PAREN) && should_optimize_fork (command->value.Connection->second, 0)))) + { + command->value.Connection->second->flags |= CMD_NO_FORK; +*************** +*** 291,294 **** +--- 291,295 ---- + (flags & SEVAL_RESETLINE) -> reset line_number to 1 + (flags & SEVAL_NOHISTEXP) -> history_expansion_inhibited -> 1 ++ (flags & SEVAL_NOOPTIMIZE) -> don't try to turn on optimizing flags + */ + +*************** +*** 503,507 **** + series of connection commands is + command->value.Connection->second. */ +! else if (command->type == cm_connection && can_optimize_connection (command)) + { + command->value.Connection->second->flags |= CMD_TRY_OPTIMIZING; +--- 504,510 ---- + series of connection commands is + command->value.Connection->second. */ +! else if (command->type == cm_connection && +! (flags & SEVAL_NOOPTIMIZE) == 0 && +! can_optimize_connection (command)) + { + command->value.Connection->second->flags |= CMD_TRY_OPTIMIZING; +*** ../bash-5.2-patched/builtins/eval.def 2016-01-25 13:28:37.000000000 -0500 +--- builtins/eval.def 2022-11-19 18:04:25.000000000 -0500 +*************** +*** 54,57 **** + list = loptend; /* skip over possible `--' */ + +! return (list ? evalstring (string_list (list), "eval", SEVAL_NOHIST) : EXECUTION_SUCCESS); + } +--- 54,57 ---- + list = loptend; /* skip over possible `--' */ + +! return (list ? evalstring (string_list (list), "eval", SEVAL_NOHIST|SEVAL_NOOPTIMIZE) : EXECUTION_SUCCESS); + } +*** ../bash-5.2-patched/trap.c 2022-08-10 08:59:45.000000000 -0400 +--- trap.c 2022-12-12 10:57:51.000000000 -0500 +*************** +*** 305,308 **** +--- 305,309 ---- + volatile int save_return_catch_flag, function_code; + procenv_t save_return_catch; ++ char *trap_command, *old_trap; + #if defined (ARRAY_VARS) + ARRAY *ps; +*************** +*** 420,423 **** +--- 421,427 ---- + else + { ++ old_trap = trap_list[sig]; ++ trap_command = savestring (old_trap); ++ + save_parser_state (&pstate); + save_subst_varlist = subst_assign_varlist; +*************** +*** 442,446 **** + + if (function_code == 0) +! x = parse_and_execute (savestring (trap_list[sig]), "trap", SEVAL_NONINT|SEVAL_NOHIST|SEVAL_RESETLINE); + else + { +--- 446,451 ---- + + if (function_code == 0) +! /* XXX is x always last_command_exit_value? */ +! x = parse_and_execute (trap_command, "trap", SEVAL_NONINT|SEVAL_NOHIST|SEVAL_RESETLINE|SEVAL_NOOPTIMIZE); + else + { +*************** +*** 1003,1007 **** + { + reset_parser (); +! parse_and_execute (trap_command, "exit trap", SEVAL_NONINT|SEVAL_NOHIST|SEVAL_RESETLINE); + } + else if (code == ERREXIT) +--- 1008,1012 ---- + { + reset_parser (); +! parse_and_execute (trap_command, "exit trap", SEVAL_NONINT|SEVAL_NOHIST|SEVAL_RESETLINE|SEVAL_NOOPTIMIZE); + } + else if (code == ERREXIT) +*************** +*** 1110,1114 **** + } + +! flags = SEVAL_NONINT|SEVAL_NOHIST; + if (sig != DEBUG_TRAP && sig != RETURN_TRAP && sig != ERROR_TRAP) + flags |= SEVAL_RESETLINE; +--- 1115,1119 ---- + } + +! flags = SEVAL_NONINT|SEVAL_NOHIST|SEVAL_NOOPTIMIZE; + if (sig != DEBUG_TRAP && sig != RETURN_TRAP && sig != ERROR_TRAP) + flags |= SEVAL_RESETLINE; +*** ../bash-5.2-patched/parse.y 2022-11-23 17:09:18.000000000 -0500 +--- parse.y 2022-11-19 18:15:34.000000000 -0500 +*************** +*** 2828,2832 **** + last_lastarg = savestring (last_lastarg); + +! parse_and_execute (savestring (command), vname, SEVAL_NONINT|SEVAL_NOHIST); + + restore_parser_state (&ps); +--- 2844,2848 ---- + last_lastarg = savestring (last_lastarg); + +! parse_and_execute (savestring (command), vname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_NOOPTIMIZE); + + restore_parser_state (&ps); +*** ../bash-5.2-patched/jobs.c 2022-07-18 10:19:56.000000000 -0400 +--- jobs.c 2022-11-19 18:10:24.000000000 -0500 +*************** +*** 4221,4225 **** + for (i = 0; i < nchild; i++) + { +! parse_and_execute (savestring (trap_command), "trap", SEVAL_NOHIST|SEVAL_RESETLINE); + } + +--- 4243,4247 ---- + for (i = 0; i < nchild; i++) + { +! parse_and_execute (savestring (trap_command), "trap", SEVAL_NOHIST|SEVAL_RESETLINE|SEVAL_NOOPTIMIZE); + } + +*** ../bash-5.2-patched/y.tab.c 2022-11-23 17:09:18.000000000 -0500 +--- y.tab.c 2022-11-23 17:21:17.000000000 -0500 +*************** +*** 5139,5143 **** + last_lastarg = savestring (last_lastarg); + +! parse_and_execute (savestring (command), vname, SEVAL_NONINT|SEVAL_NOHIST); + + restore_parser_state (&ps); +--- 5154,5158 ---- + last_lastarg = savestring (last_lastarg); + +! parse_and_execute (savestring (command), vname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_NOOPTIMIZE); + + restore_parser_state (&ps); +*** ../bash-5.2-patched/execute_cmd.c 2022-11-05 17:27:41.000000000 -0400 +--- execute_cmd.c 2022-11-22 17:09:38.000000000 -0500 +*************** +*** 1655,1659 **** + and set CMD_TRY_OPTIMIZING for simple commands on the right side of an + and-or or `;' list to test for optimizing forks when they are executed. */ +! if (user_subshell && command->type == cm_subshell) + optimize_subshell_command (command->value.Subshell->command); + +--- 1665,1670 ---- + and set CMD_TRY_OPTIMIZING for simple commands on the right side of an + and-or or `;' list to test for optimizing forks when they are executed. */ +! if (user_subshell && command->type == cm_subshell && +! (command->flags & (CMD_TIME_PIPELINE|CMD_INVERT_RETURN)) == 0) + optimize_subshell_command (command->value.Subshell->command); + +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 14 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 15 + + #endif /* _PATCHLEVEL_H_ */ |