diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-05-25 23:29:36 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-06-01 00:36:01 +0200 |
commit | 39366733c3fe943363566756e2e152c45a1b3cb2 (patch) | |
tree | 228b0735896af90ca78151c9a69aa3efd12c8cae /patches/source/bash/bash-4.3-patches/bash43-047 | |
parent | d31c50870d0bee042ce660e445c9294a59a3a65b (diff) | |
download | current-14.2.tar.gz |
Fri May 25 23:29:36 UTC 201814.2
patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.2.txz: Rebuilt.
Handle removal of US/Pacific-New timezone. If we see that the machine is
using this, it will be automatically switched to US/Pacific.
Diffstat (limited to 'patches/source/bash/bash-4.3-patches/bash43-047')
-rw-r--r-- | patches/source/bash/bash-4.3-patches/bash43-047 | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/patches/source/bash/bash-4.3-patches/bash43-047 b/patches/source/bash/bash-4.3-patches/bash43-047 new file mode 100644 index 00000000..316e3afc --- /dev/null +++ b/patches/source/bash/bash-4.3-patches/bash43-047 @@ -0,0 +1,150 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.3 +Patch-ID: bash43-047 + +Bug-Reported-by: Bernd Dietzel +Bug-Reference-ID: +Bug-Reference-URL: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025 + +Bug-Description: + +Bash performs word expansions on the prompt strings after the special +escape sequences are expanded. If a malicious user can modify the system +hostname or change the name of the bash executable and coerce a user into +executing it, and the new name contains word expansions (including +command substitution), bash will expand them in prompt strings containing +the \h or \H and \s escape sequences, respectively. + +Patch (apply with `patch -p0'): + +*** ../bash-4.3-patched/parse.y 2015-08-13 15:11:54.000000000 -0400 +--- parse.y 2016-03-07 15:44:14.000000000 -0500 +*************** +*** 5259,5263 **** + int result_size, result_index; + int c, n, i; +! char *temp, octal_string[4]; + struct tm *tm; + time_t the_time; +--- 5259,5263 ---- + int result_size, result_index; + int c, n, i; +! char *temp, *t_host, octal_string[4]; + struct tm *tm; + time_t the_time; +*************** +*** 5407,5411 **** + case 's': + temp = base_pathname (shell_name); +! temp = savestring (temp); + goto add_string; + +--- 5407,5415 ---- + case 's': + temp = base_pathname (shell_name); +! /* Try to quote anything the user can set in the file system */ +! if (promptvars || posixly_correct) +! temp = sh_backslash_quote_for_double_quotes (temp); +! else +! temp = savestring (temp); + goto add_string; + +*************** +*** 5497,5503 **** + case 'h': + case 'H': +! temp = savestring (current_host_name); +! if (c == 'h' && (t = (char *)strchr (temp, '.'))) + *t = '\0'; + goto add_string; + +--- 5501,5515 ---- + case 'h': + case 'H': +! t_host = savestring (current_host_name); +! if (c == 'h' && (t = (char *)strchr (t_host, '.'))) + *t = '\0'; ++ if (promptvars || posixly_correct) ++ /* Make sure that expand_prompt_string is called with a ++ second argument of Q_DOUBLE_QUOTES if we use this ++ function here. */ ++ temp = sh_backslash_quote_for_double_quotes (t_host); ++ else ++ temp = savestring (t_host); ++ free (t_host); + goto add_string; + +*** ../bash-4.3-patched/y.tab.c 2015-08-13 15:11:54.000000000 -0400 +--- y.tab.c 2016-03-07 15:44:14.000000000 -0500 +*************** +*** 7571,7575 **** + int result_size, result_index; + int c, n, i; +! char *temp, octal_string[4]; + struct tm *tm; + time_t the_time; +--- 7571,7575 ---- + int result_size, result_index; + int c, n, i; +! char *temp, *t_host, octal_string[4]; + struct tm *tm; + time_t the_time; +*************** +*** 7719,7723 **** + case 's': + temp = base_pathname (shell_name); +! temp = savestring (temp); + goto add_string; + +--- 7719,7727 ---- + case 's': + temp = base_pathname (shell_name); +! /* Try to quote anything the user can set in the file system */ +! if (promptvars || posixly_correct) +! temp = sh_backslash_quote_for_double_quotes (temp); +! else +! temp = savestring (temp); + goto add_string; + +*************** +*** 7809,7815 **** + case 'h': + case 'H': +! temp = savestring (current_host_name); +! if (c == 'h' && (t = (char *)strchr (temp, '.'))) + *t = '\0'; + goto add_string; + +--- 7813,7827 ---- + case 'h': + case 'H': +! t_host = savestring (current_host_name); +! if (c == 'h' && (t = (char *)strchr (t_host, '.'))) + *t = '\0'; ++ if (promptvars || posixly_correct) ++ /* Make sure that expand_prompt_string is called with a ++ second argument of Q_DOUBLE_QUOTES if we use this ++ function here. */ ++ temp = sh_backslash_quote_for_double_quotes (t_host); ++ else ++ temp = savestring (t_host); ++ free (t_host); + goto add_string; + +*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 +--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 46 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 47 + + #endif /* _PATCHLEVEL_H_ */ |