Update from patch 006 upto 012

OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=231
2017-01-27 17:54:19 +00:00 · 2017-01-27 17:54:19 +00:00 · 65e65d3aa6
commit 65e65d3aa6
parent e039af2b92
7 changed files with 49 additions and 43 deletions
--- a/bash-4.3-2.4.4.patch
+++ b/bash-4.3-2.4.4.patch
@ -8,7 +8,7 @@
 6 files changed, 17 insertions(+), 7 deletions(-)

 --- array.c
-+++ array.c	2016-09-16 10:37:12.179427118 +0000
+++ array.c	2017-01-27 17:45:42.364066849 +0000
@@ -946,7 +946,7 @@ char	*s, *sep;
  * To make a running version, compile -DTEST_ARRAY and link with:
  * 	xmalloc.o syntax.o lib/malloc/libmalloc.a lib/sh/libsh.a
@ -19,7 +19,7 @@
 int
 signal_is_trapped(s)
 --- examples/loadables/tee.c
-+++ examples/loadables/tee.c	2016-09-16 10:37:12.179427118 +0000
+++ examples/loadables/tee.c	2017-01-27 17:45:42.364066849 +0000
@@ -35,6 +35,7 @@
 #include "bashansi.h"
 
@ -38,7 +38,7 @@
 extern char *strerror ();
 
 --- hashlib.c
-+++ hashlib.c	2016-09-16 10:37:12.179427118 +0000
+++ hashlib.c	2017-01-27 17:45:42.364066849 +0000
@@ -382,7 +382,7 @@ hash_pstats (table, name)
 
 HASH_TABLE *table, *ntable;
@ -49,8 +49,8 @@
 int
 signal_is_trapped (s)
 --- jobs.c
-+++ jobs.c	2016-09-16 10:37:12.183427043 +0000
-@@ -1947,6 +1947,15 @@ make_child (command, async_p)
+++ jobs.c	2017-01-27 17:45:42.364066849 +0000
+@@ -1962,6 +1962,15 @@ make_child (command, async_p)
       pid_t mypid;
 
       mypid = getpid ();
@ -67,7 +67,7 @@
       /* Close default_buffered_input if it's > 0.  We don't close it if it's
 	 0 because that's the file descriptor used when redirecting input,
 --- sig.c
-+++ sig.c	2016-09-16 10:37:12.183427043 +0000
+++ sig.c	2017-01-27 17:45:42.364066849 +0000
@@ -98,10 +98,10 @@ sigset_t top_level_mask;
 #endif /* JOB_CONTROL */
 
@ -82,7 +82,7 @@
 #if defined (SIGWINCH)
 static SigHandler *old_winch = (SigHandler *)SIG_DFL;
 --- sig.h
-+++ sig.h	2016-09-16 10:37:12.183427043 +0000
+++ sig.h	2017-01-27 17:45:42.364066849 +0000
@@ -109,8 +109,8 @@ do { \
 extern volatile sig_atomic_t sigwinch_received;
 extern volatile sig_atomic_t sigterm_received;
--- a/bash-4.3-sigrestart.patch
+++ b/bash-4.3-sigrestart.patch
@ -3,8 +3,8 @@
 1 file changed, 6 insertions(+)

 --- sig.c
-+++ sig.c	2016-09-14 08:54:54.158863424 +0000
-@@ -738,10 +738,16 @@ set_signal_handler (sig, handler)
+++ sig.c	2017-01-27 17:46:46.602829901 +0000
+@@ -739,10 +739,16 @@ set_signal_handler (sig, handler)
   if (sig == SIGCHLD)
     act.sa_flags |= SA_RESTART;		/* XXX */
 #endif
--- a/bash-4.4-patches.tar.bz2
+++ b/bash-4.4-patches.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:14dccf11ec530ff79696ddf8648b9d9e56c924804c8ec73eba78ca9c3581b5c0
-size 3408
+oid sha256:4c8f6d1c5c94802053b08c015b4059446a9366378c329902a0eaf9ab4846f730
+size 8213
--- a/bash.changes
+++ b/bash.changes
@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Fri Jan 27 17:31:59 UTC 2017 - werner@suse.de
+
+- Add upstream patch bash44-006 
+  Out-of-range negative offsets to popd can cause the shell to crash
+  attempting to free an invalid memory block.
+- Remove patch popd-offset-overflow.patch to use bash44-006
+- Add upstream patch bash44-007 
+  When performing filename completion, bash dequotes the directory
+  name being completed, which can result in match failures and
+  potential unwanted expansion.
+- Duplicate bash44-007 as readline70-002 as it seems to be missed
+- Add upstream patch bash44-008 
+  Under certain circumstances, bash will evaluate arithmetic
+  expressions as part of reading an expression token even when
+  evaluation is suppressed. This happens while evaluating a
+  conditional expression and skipping over the failed branch of the
+  expression.
+- Add upstream patch bash44-009 
+  There is a race condition in add_history() that can be triggered
+  by a fatal signal arriving between the time the history length
+  is updated and the time the history list update is completed.
+  A later attempt to reference an invalid history entry can cause
+  a crash.
+- Add upstream patch bash44-010 
+  Depending on compiler optimizations and behavior, the `read'
+  builtin may not save partial input when a timeout occurs.
+- Add upstream patch bash44-011 
+  Subshells begun to run command and process substitutions may
+  attempt to set the terminal's process group to an incorrect
+  value if they receive a fatal signal.  This depends on the
+  behavior of the process that starts the shell.
+- Add upstream patch bash44-012 
+  When -N is used, the input is not supposed to be split using
+  $IFS, but leading and trailing IFS whitespace was still removed.
+
 -------------------------------------------------------------------
 Thu Jan 19 12:20:06 UTC 2017 - werner@suse.de

--- a/bash.spec
+++ b/bash.spec
@ -92,8 +92,6 @@ Patch27:        readline-6.2-xmalloc.dif
 Patch30:        readline-6.3-destdir.patch
 Patch31:        readline-6.3-rltrace.patch
 Patch40:        bash-4.1-bash.bashrc.dif
-# PATCH-FIX-UPSTREAM boo#1010845 -- CVE-2016-9401: bash: popd controlled free (Segmentation fault)
-Patch41:        popd-offset-overflow.patch
 Patch46:        man2html-no-timestamp.patch
 Patch47:        bash-4.3-perl522.patch
 # PATCH-FIX-SUSE
@ -302,7 +300,6 @@ done
 #%patch25 -p0 -b .endpw
 %patch31 -p0 -b .tmp
 %patch40 -p0 -b .bashrc
-%patch41 -p0 -b .popd
 %patch46 -p0 -b .notimestamp
 %patch47 -p0 -b .perl522
 %if %{with import_function}
--- a/popd-offset-overflow.patch
+++ b/popd-offset-overflow.patch
@ -1,27 +0,0 @@
-*** ../bash-4.4-patched/builtins/pushd.def	2016-01-25 13:31:49.000000000 -0500
--- builtins/pushd.def	2016-10-28 10:46:49.000000000 -0400
-***************
-*** 366,370 ****
-      }
-  
-!   if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
-      {
-        pushd_error (directory_list_offset, which_word ? which_word : "");
--- 366,370 ----
-      }
-  
-!   if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
-      {
-        pushd_error (directory_list_offset, which_word ? which_word : "");
-***************
-*** 388,391 ****
--- 388,396 ----
-  	 of the list into place. */
-        i = (direction == '+') ? directory_list_offset - which : which;
-+       if (i < 0 || i > directory_list_offset)
-+ 	{
-+ 	  pushd_error (directory_list_offset, which_word ? which_word : "");
-+ 	  return (EXECUTION_FAILURE);
-+ 	}
-        free (pushd_directory_list[i]);
-        directory_list_offset--;
--- a/readline-7.0-patches.tar.bz2
+++ b/readline-7.0-patches.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:19d888f6cab86092262544ddc1f999dd00d2c5c9c6947045300ed57a61e6f81d
-size 1128
+oid sha256:7a5a7db9aa69394d33787760be74bea581a3ecf1116c5e3f1e7d925ed5da4b57
+size 1789