diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2019-01-11 21:15:41 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2019-01-12 08:59:44 +0100 |
| commit | e6dca6f9460ca8b3504ff908a27d48bd533e4e16 (patch) | |
| tree | 69bbb0c68f4f38b1d2059aa6d477fdc2e26bbdcf /source/a/bash/bash-4.4-patches/bash44-014 | |
| parent | 9bf4df6951d0e5c9d2f7a691fcc18d053cca1c1b (diff) | |
| download | current-e6dca6f9460ca8b3504ff908a27d48bd533e4e16.tar.gz current-e6dca6f9460ca8b3504ff908a27d48bd533e4e16.tar.xz | |
Fri Jan 11 21:15:41 UTC 201920190111211541
a/bash-5.0.000-x86_64-1.txz: Upgraded.
a/glibc-zoneinfo-2018i-noarch-1.txz: Upgraded.
a/lzlib-1.11-x86_64-1.txz: Upgraded.
ap/vim-8.1.0727-x86_64-1.txz: Upgraded.
Fixed vimrc to work with "crontab -e" again now that cron's files have been
moved into /run/cron/. Thanks to Andreas Vögel.
d/subversion-1.11.1-x86_64-1.txz: Upgraded.
n/irssi-1.1.2-x86_64-1.txz: Upgraded.
This update addresses bugs including security and stability issues:
A NULL pointer dereference occurs for an "empty" nick.
Certain nick names could result in out-of-bounds access when printing
theme strings.
Crash due to a NULL pointer dereference w hen the number of windows
exceeds the available space.
Use-after-free when SASL messages are received in an unexpected order.
Use-after-free when a server is disconnected during netsplits.
Use-after-free when hidden lines were expired from the scroll buffer.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5882
(* Security fix *)
xap/vim-gvim-8.1.0727-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/a/bash/bash-4.4-patches/bash44-014')
| -rw-r--r-- | source/a/bash/bash-4.4-patches/bash44-014 | 104 |
1 files changed, 0 insertions, 104 deletions
diff --git a/source/a/bash/bash-4.4-patches/bash44-014 b/source/a/bash/bash-4.4-patches/bash44-014 deleted file mode 100644 index ad3c78ac8..000000000 --- a/source/a/bash/bash-4.4-patches/bash44-014 +++ /dev/null @@ -1,104 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.4 -Patch-ID: bash44-014 - -Bug-Reported-by: Oyvind Hvidsten <oyvind.hvidsten@dhampir.no> -Bug-Reference-ID: <c01b7049-925c-9409-d978-e59bf42591f4@dhampir.no> -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2017-12/msg00023.html - -Bug-Description: - -Under some circumstances, functions that return via the `return' builtin do -not clean up memory they allocated to keep track of FIFOs. - -Patch (apply with `patch -p0'): - -*** ../bash-20171205/execute_cmd.c 2017-12-08 07:38:28.000000000 -0500 ---- execute_cmd.c 2018-01-26 15:23:38.000000000 -0500 -*************** -*** 727,730 **** ---- 727,732 ---- - ofifo = num_fifos (); - ofifo_list = copy_fifo_list ((int *)&osize); -+ begin_unwind_frame ("internal_fifos"); -+ add_unwind_protect (xfree, ofifo_list); - saved_fifo = 1; - } -*************** -*** 742,746 **** - #if defined (PROCESS_SUBSTITUTION) - if (saved_fifo) -! free ((void *)ofifo_list); - #endif - return (last_command_exit_value = EXECUTION_FAILURE); ---- 744,751 ---- - #if defined (PROCESS_SUBSTITUTION) - if (saved_fifo) -! { -! free ((void *)ofifo_list); -! discard_unwind_frame ("internal_fifos"); -! } - #endif - return (last_command_exit_value = EXECUTION_FAILURE); -*************** -*** 1061,1064 **** ---- 1066,1070 ---- - close_new_fifos ((char *)ofifo_list, osize); - free ((void *)ofifo_list); -+ discard_unwind_frame ("internal_fifos"); - } - #endif -*************** -*** 4978,4984 **** - #endif - -! #if defined (PROCESS_SUBSTITUTION) - ofifo = num_fifos (); - ofifo_list = copy_fifo_list (&osize); - #endif - ---- 4984,4995 ---- - #endif - -! #if defined (PROCESS_SUBSTITUTION) -! begin_unwind_frame ("saved_fifos"); -! /* If we return, we longjmp and don't get a chance to restore the old -! fifo list, so we add an unwind protect to free it */ - ofifo = num_fifos (); - ofifo_list = copy_fifo_list (&osize); -+ if (ofifo_list) -+ add_unwind_protect (xfree, ofifo_list); - #endif - -*************** -*** 5064,5068 **** - if (nfifo > ofifo) - close_new_fifos (ofifo_list, osize); -! free (ofifo_list); - #endif - ---- 5075,5081 ---- - if (nfifo > ofifo) - close_new_fifos (ofifo_list, osize); -! if (ofifo_list) -! free (ofifo_list); -! discard_unwind_frame ("saved_fifos"); - #endif - -*** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 ---- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 13 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 14 - - #endif /* _PATCHLEVEL_H_ */ |