summaryrefslogtreecommitdiff
path: root/patches/source/bash/bash-4.3-patches/bash43-047
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2018-05-25 23:29:36 +0000
committerEric Hameleers <alien@slackware.com>2018-06-01 00:36:01 +0200
commit39366733c3fe943363566756e2e152c45a1b3cb2 (patch)
tree228b0735896af90ca78151c9a69aa3efd12c8cae /patches/source/bash/bash-4.3-patches/bash43-047
parentd31c50870d0bee042ce660e445c9294a59a3a65b (diff)
downloadcurrent-14.2.tar.gz
Fri May 25 23:29:36 UTC 201814.2
patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.2.txz: Rebuilt. Handle removal of US/Pacific-New timezone. If we see that the machine is using this, it will be automatically switched to US/Pacific.
Diffstat (limited to 'patches/source/bash/bash-4.3-patches/bash43-047')
-rw-r--r--patches/source/bash/bash-4.3-patches/bash43-047150
1 files changed, 150 insertions, 0 deletions
diff --git a/patches/source/bash/bash-4.3-patches/bash43-047 b/patches/source/bash/bash-4.3-patches/bash43-047
new file mode 100644
index 00000000..316e3afc
--- /dev/null
+++ b/patches/source/bash/bash-4.3-patches/bash43-047
@@ -0,0 +1,150 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-047
+
+Bug-Reported-by: Bernd Dietzel
+Bug-Reference-ID:
+Bug-Reference-URL: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
+
+Bug-Description:
+
+Bash performs word expansions on the prompt strings after the special
+escape sequences are expanded. If a malicious user can modify the system
+hostname or change the name of the bash executable and coerce a user into
+executing it, and the new name contains word expansions (including
+command substitution), bash will expand them in prompt strings containing
+the \h or \H and \s escape sequences, respectively.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3-patched/parse.y 2015-08-13 15:11:54.000000000 -0400
+--- parse.y 2016-03-07 15:44:14.000000000 -0500
+***************
+*** 5259,5263 ****
+ int result_size, result_index;
+ int c, n, i;
+! char *temp, octal_string[4];
+ struct tm *tm;
+ time_t the_time;
+--- 5259,5263 ----
+ int result_size, result_index;
+ int c, n, i;
+! char *temp, *t_host, octal_string[4];
+ struct tm *tm;
+ time_t the_time;
+***************
+*** 5407,5411 ****
+ case 's':
+ temp = base_pathname (shell_name);
+! temp = savestring (temp);
+ goto add_string;
+
+--- 5407,5415 ----
+ case 's':
+ temp = base_pathname (shell_name);
+! /* Try to quote anything the user can set in the file system */
+! if (promptvars || posixly_correct)
+! temp = sh_backslash_quote_for_double_quotes (temp);
+! else
+! temp = savestring (temp);
+ goto add_string;
+
+***************
+*** 5497,5503 ****
+ case 'h':
+ case 'H':
+! temp = savestring (current_host_name);
+! if (c == 'h' && (t = (char *)strchr (temp, '.')))
+ *t = '\0';
+ goto add_string;
+
+--- 5501,5515 ----
+ case 'h':
+ case 'H':
+! t_host = savestring (current_host_name);
+! if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+ *t = '\0';
++ if (promptvars || posixly_correct)
++ /* Make sure that expand_prompt_string is called with a
++ second argument of Q_DOUBLE_QUOTES if we use this
++ function here. */
++ temp = sh_backslash_quote_for_double_quotes (t_host);
++ else
++ temp = savestring (t_host);
++ free (t_host);
+ goto add_string;
+
+*** ../bash-4.3-patched/y.tab.c 2015-08-13 15:11:54.000000000 -0400
+--- y.tab.c 2016-03-07 15:44:14.000000000 -0500
+***************
+*** 7571,7575 ****
+ int result_size, result_index;
+ int c, n, i;
+! char *temp, octal_string[4];
+ struct tm *tm;
+ time_t the_time;
+--- 7571,7575 ----
+ int result_size, result_index;
+ int c, n, i;
+! char *temp, *t_host, octal_string[4];
+ struct tm *tm;
+ time_t the_time;
+***************
+*** 7719,7723 ****
+ case 's':
+ temp = base_pathname (shell_name);
+! temp = savestring (temp);
+ goto add_string;
+
+--- 7719,7727 ----
+ case 's':
+ temp = base_pathname (shell_name);
+! /* Try to quote anything the user can set in the file system */
+! if (promptvars || posixly_correct)
+! temp = sh_backslash_quote_for_double_quotes (temp);
+! else
+! temp = savestring (temp);
+ goto add_string;
+
+***************
+*** 7809,7815 ****
+ case 'h':
+ case 'H':
+! temp = savestring (current_host_name);
+! if (c == 'h' && (t = (char *)strchr (temp, '.')))
+ *t = '\0';
+ goto add_string;
+
+--- 7813,7827 ----
+ case 'h':
+ case 'H':
+! t_host = savestring (current_host_name);
+! if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+ *t = '\0';
++ if (promptvars || posixly_correct)
++ /* Make sure that expand_prompt_string is called with a
++ second argument of Q_DOUBLE_QUOTES if we use this
++ function here. */
++ temp = sh_backslash_quote_for_double_quotes (t_host);
++ else
++ temp = savestring (t_host);
++ free (t_host);
+ goto add_string;
+
+*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 46
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 47
+
+ #endif /* _PATCHLEVEL_H_ */