diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2019-08-30 18:50:32 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2019-08-31 08:59:46 +0200 |
commit | bfb7494122bbe72a83747ff11d0f7497e9b50e1e (patch) | |
tree | 445109bfc9c568d912036a89b655f55ee267a847 /source/a/bash | |
parent | 0b228c957620e1f1cd1b9ef86f2b1f0b9c104b6f (diff) | |
download | current-bfb7494122bbe72a83747ff11d0f7497e9b50e1e.tar.gz current-bfb7494122bbe72a83747ff11d0f7497e9b50e1e.tar.xz |
Fri Aug 30 18:50:32 UTC 201920190830185032
a/bash-5.0.011-x86_64-1.txz: Upgraded.
a/findutils-4.7.0-x86_64-1.txz: Upgraded.
ap/squashfs-tools-4.4-x86_64-1.txz: Upgraded.
n/irssi-1.2.2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Use after free when receiving duplicate CAP found by Joseph Bisch.
For more information, see:
https://irssi.org/security/html/irssi_sa_2019_08
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15717
(* Security fix *)
x/libvdpau-1.3-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/a/bash')
-rw-r--r-- | source/a/bash/bash-5.0-patches/bash50-010 | 172 | ||||
-rw-r--r-- | source/a/bash/bash-5.0-patches/bash50-011 | 59 |
2 files changed, 231 insertions, 0 deletions
diff --git a/source/a/bash/bash-5.0-patches/bash50-010 b/source/a/bash/bash-5.0-patches/bash50-010 new file mode 100644 index 000000000..bac7aa925 --- /dev/null +++ b/source/a/bash/bash-5.0-patches/bash50-010 @@ -0,0 +1,172 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.0 +Patch-ID: bash50-010 + +Bug-Reported-by: Thorsten Glaser <tg@mirbsd.de> +Bug-Reference-ID: <156622962831.19438.16374961114836556294.reportbug@tglase.lan.tarent.de> +Bug-Reference-URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935115 + +Bug-Description: + +Bash-5.0 changed the way assignment statements preceding special builtins +and shell functions were handled in posix mode. They automatically created +or modified global variables instead of modifying existing local variables +as in bash-4.4. + +The bash-4.4 posix-mode semantics were buggy, and resulted in creating +local variables where they were not intended and modifying global variables +and local variables simultaneously. + +The bash-5.0 changes were intended to fix this issue, but did not preserve +enough backwards compatibility. The posix standard also changed what it +required in these cases, so bash-5.0 is not bound by the strict conformance +requirements that existed in previous issues of the standard. + +This patch modifies the bash-5.0 posix mode behavior in an effort to restore +some backwards compatibility and rationalize the behavior in the presence of +local variables. It + +1. Changes the assignment semantics to be more similar to standalone assignment + statements: assignments preceding a function call or special builtin while + executing in a shell function will modify the value of a local variable + with the same name for the duration of the function's execution; + +2. Changes assignments preceding shell function calls or special builtins + from within a shell function to no longer create or modify global variables + in the presence of a local variable with the same name; + +3. Assignment statements preceding a shell function call or special builtin + at the global scope continue to modify the (global) calling environment, + but are unaffected by assignments preceding function calls or special + builtins within a function, as described in item 2. This is also similar + to the behavior of a standalone assignment statement. + +Patch (apply with `patch -p0'): + +*** ../bash-5.0-patched/variables.c 2018-12-18 11:07:21.000000000 -0500 +--- variables.c 2019-08-22 10:53:44.000000000 -0400 +*************** +*** 4461,4467 **** + + /* Take a variable from an assignment statement preceding a posix special +! builtin (including `return') and create a global variable from it. This +! is called from merge_temporary_env, which is only called when in posix +! mode. */ + static void + push_posix_temp_var (data) +--- 4461,4467 ---- + + /* Take a variable from an assignment statement preceding a posix special +! builtin (including `return') and create a variable from it as if a +! standalone assignment statement had been performed. This is called from +! merge_temporary_env, which is only called when in posix mode. */ + static void + push_posix_temp_var (data) +*************** +*** 4473,4486 **** + var = (SHELL_VAR *)data; + +! binding_table = global_variables->table; +! if (binding_table == 0) +! binding_table = global_variables->table = hash_create (VARIABLES_HASH_BUCKETS); +! +! v = bind_variable_internal (var->name, value_cell (var), binding_table, 0, ASS_FORCE|ASS_NOLONGJMP); + + /* global variables are no longer temporary and don't need propagating. */ +! var->attributes &= ~(att_tempvar|att_propagate); + if (v) +! v->attributes |= var->attributes; + + if (find_special_var (var->name) >= 0) +--- 4473,4497 ---- + var = (SHELL_VAR *)data; + +! /* Just like do_assignment_internal(). This makes assignments preceding +! special builtins act like standalone assignment statements when in +! posix mode, satisfying the posix requirement that this affect the +! "current execution environment." */ +! v = bind_variable (var->name, value_cell (var), ASS_FORCE|ASS_NOLONGJMP); +! +! /* If this modifies an existing local variable, v->context will be non-zero. +! If it comes back with v->context == 0, we bound at the global context. +! Set binding_table appropriately. It doesn't matter whether it's correct +! if the variable is local, only that it's not global_variables->table */ +! binding_table = v->context ? shell_variables->table : global_variables->table; + + /* global variables are no longer temporary and don't need propagating. */ +! if (binding_table == global_variables->table) +! var->attributes &= ~(att_tempvar|att_propagate); +! + if (v) +! { +! v->attributes |= var->attributes; +! v->attributes &= ~att_tempvar; /* not a temp var now */ +! } + + if (find_special_var (var->name) >= 0) +*************** +*** 4576,4587 **** + { + int i; + + tempvar_list = strvec_create (HASH_ENTRIES (temporary_env) + 1); + tempvar_list[tvlist_ind = 0] = 0; +! +! hash_flush (temporary_env, pushf); +! hash_dispose (temporary_env); + temporary_env = (HASH_TABLE *)NULL; + + tempvar_list[tvlist_ind] = 0; + +--- 4587,4601 ---- + { + int i; ++ HASH_TABLE *disposer; + + tempvar_list = strvec_create (HASH_ENTRIES (temporary_env) + 1); + tempvar_list[tvlist_ind = 0] = 0; +! +! disposer = temporary_env; + temporary_env = (HASH_TABLE *)NULL; + ++ hash_flush (disposer, pushf); ++ hash_dispose (disposer); ++ + tempvar_list[tvlist_ind] = 0; + +*** ../bash-5.0-patched/tests/varenv.right 2018-12-17 15:39:48.000000000 -0500 +--- tests/varenv.right 2019-08-22 16:05:25.000000000 -0400 +*************** +*** 147,153 **** + outside: declare -- var="one" + inside: declare -x var="value" +! outside: declare -x var="value" +! inside: declare -- var="local" +! outside: declare -x var="global" + foo=<unset> environment foo= + foo=foo environment foo=foo +--- 147,153 ---- + outside: declare -- var="one" + inside: declare -x var="value" +! outside: declare -- var="outside" +! inside: declare -x var="global" +! outside: declare -- var="outside" + foo=<unset> environment foo= + foo=foo environment foo=foo +*** ../bash-5.0/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 9 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 10 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/source/a/bash/bash-5.0-patches/bash50-011 b/source/a/bash/bash-5.0-patches/bash50-011 new file mode 100644 index 000000000..a9ae690e0 --- /dev/null +++ b/source/a/bash/bash-5.0-patches/bash50-011 @@ -0,0 +1,59 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.0 +Patch-ID: bash50-011 + +Bug-Reported-by: Matt Whitlock +Bug-Reference-ID: +Bug-Reference-URL: https://savannah.gnu.org/support/?109671 + +Bug-Description: + +The conditional command did not perform appropriate quoted null character +removal on its arguments, causing syntax errors and attempts to stat +invalid pathnames. + +Patch (apply with `patch -p0'): + +*** ../bash-5.0-patched/subst.c 2018-12-22 17:43:37.000000000 -0500 +--- subst.c 2019-04-14 13:25:41.000000000 -0400 +*************** +*** 3626,3630 **** + SPECIAL is 2, this is an rhs argument for the =~ operator, and should + be quoted appropriately for regcomp/regexec. The caller is responsible +! for removing the backslashes if the unquoted word is needed later. */ + char * + cond_expand_word (w, special) +--- 3642,3648 ---- + SPECIAL is 2, this is an rhs argument for the =~ operator, and should + be quoted appropriately for regcomp/regexec. The caller is responsible +! for removing the backslashes if the unquoted word is needed later. In +! any case, since we don't perform word splitting, we need to do quoted +! null character removal. */ + char * + cond_expand_word (w, special) +*************** +*** 3647,3650 **** +--- 3665,3670 ---- + if (special == 0) /* LHS */ + { ++ if (l->word) ++ word_list_remove_quoted_nulls (l); + dequote_list (l); + r = string_list (l); +*** ../bash-5.0/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 10 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 11 + + #endif /* _PATCHLEVEL_H_ */ |