diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-11-24 20:55:37 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-11-25 07:00:37 +0100 |
commit | a8f1aa5a10a2af9c4954e5334d8d0cb2c787b081 (patch) | |
tree | 1994af8a4ab171da12d5fe4eecd6de8103113686 /source/a/bash/bash-5.2-patches/bash52-010 | |
parent | 65b9f8df0a7ec56770c39a7eb04a10610605608d (diff) | |
download | current-a8f1aa5a10a2af9c4954e5334d8d0cb2c787b081.tar.gz current-a8f1aa5a10a2af9c4954e5334d8d0cb2c787b081.tar.xz |
Thu Nov 24 20:55:37 UTC 202220221124205537
a/bash-5.2.012-x86_64-1.txz: Upgraded.
a/less-612-x86_64-1.txz: Upgraded.
a/tcsh-6.24.02-x86_64-1.txz: Upgraded.
ap/vim-9.0.0942-x86_64-1.txz: Upgraded.
d/make-4.4-x86_64-2.txz: Rebuilt.
[SV 63307] Spawn children with the default disposition of sigpipe.
Thanks to nobodino.
d/ruby-3.1.3-x86_64-1.txz: Upgraded.
This release includes a security fix:
HTTP response splitting in CGI.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-33621
(* Security fix *)
l/pipewire-0.3.61-x86_64-1.txz: Upgraded.
n/ipset-7.16-x86_64-1.txz: Upgraded.
x/fcitx5-5.0.21-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.0942-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/a/bash/bash-5.2-patches/bash52-010')
-rw-r--r-- | source/a/bash/bash-5.2-patches/bash52-010 | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/source/a/bash/bash-5.2-patches/bash52-010 b/source/a/bash/bash-5.2-patches/bash52-010 new file mode 100644 index 000000000..b58f4a86b --- /dev/null +++ b/source/a/bash/bash-5.2-patches/bash52-010 @@ -0,0 +1,71 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-010 + +Bug-Reported-by: larsh@apache.org +Bug-Reference-ID: +Bug-Reference-URL: https://savannah.gnu.org/support/?110744 + +Bug-Description: + +Bash-5.2 checks the first 128 characters of an executable file that execve() +refuses to execute to see whether it's a binary file before trying to +execute it as a shell script. This defeats some previously-supported use +cases like "self-executing" jar files or "self-uncompressing" scripts. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/general.c 2022-11-07 10:31:42.000000000 -0500 +--- general.c 2022-11-18 14:48:45.000000000 -0500 +*************** +*** 684,687 **** +--- 684,688 ---- + { + register int i; ++ int nline; + unsigned char c; + +*************** +*** 690,702 **** + + /* Generally we check the first line for NULs. If the first line looks like +! a `#!' interpreter specifier, we just look for NULs anywhere in the +! buffer. */ +! if (sample[0] == '#' && sample[1] == '!') +! return (memchr (sample, '\0', sample_len) != NULL); + + for (i = 0; i < sample_len; i++) + { + c = sample[i]; +! if (c == '\n') + return (0); + if (c == '\0') +--- 691,701 ---- + + /* Generally we check the first line for NULs. If the first line looks like +! a `#!' interpreter specifier, we look for NULs in the first two lines. */ +! nline = (sample[0] == '#' && sample[1] == '!') ? 2 : 1; + + for (i = 0; i < sample_len; i++) + { + c = sample[i]; +! if (c == '\n' && --nline == 0) + return (0); + if (c == '\0') +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 9 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 10 + + #endif /* _PATCHLEVEL_H_ */ |