diff --git a/bash-4.2-CVE-2014-6271.patch b/bash-4.2-CVE-2014-6271.patch index 3865d07e..4522da9a 100644 --- a/bash-4.2-CVE-2014-6271.patch +++ b/bash-4.2-CVE-2014-6271.patch @@ -1,23 +1,19 @@ ---- - builtins/common.h | 2 ++ - builtins/evalstring.c | 11 +++++++++++ - variables.c | 14 ++++---------- - 3 files changed, 17 insertions(+), 10 deletions(-) - ---- builtins/common.h -+++ builtins/common.h 2014-09-16 23:35:45.000000000 +0000 -@@ -35,6 +35,8 @@ +diff -ur a/bash/builtins/common.h b/bash/builtins/common.h +--- a/bash/builtins/common.h 2010-05-31 00:31:51.000000000 +0200 ++++ b/bash/builtins/common.h 2014-09-16 21:36:20.139826595 +0200 +@@ -33,6 +33,8 @@ + #define SEVAL_RESETLINE 0x010 + #define SEVAL_PARSEONLY 0x020 #define SEVAL_NOLONGJMP 0x040 - - /* Flags for describe_command, shared between type.def and command.def */ +#define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ +#define SEVAL_ONECMD 0x100 /* only allow a single command */ + + /* Flags for describe_command, shared between type.def and command.def */ #define CDESC_ALL 0x001 /* type -a */ - #define CDESC_SHORTDESC 0x002 /* command -V */ - #define CDESC_REUSABLE 0x004 /* command -v */ ---- builtins/evalstring.c -+++ builtins/evalstring.c 2014-09-16 23:35:45.000000000 +0000 -@@ -261,6 +261,14 @@ parse_and_execute (string, from_file, fl +diff -ur a/bash/builtins/evalstring.c b/bash/builtins/evalstring.c +--- a/bash/builtins/evalstring.c 2010-11-23 14:22:15.000000000 +0100 ++++ b/bash/builtins/evalstring.c 2014-09-16 21:36:20.139826595 +0200 +@@ -261,6 +261,14 @@ { struct fd_bitmap *bitmap; @@ -32,7 +28,7 @@ bitmap = new_fd_bitmap (FD_BITMAP_SIZE); begin_unwind_frame ("pe_dispose"); add_unwind_protect (dispose_fd_bitmap, bitmap); -@@ -321,6 +329,9 @@ parse_and_execute (string, from_file, fl +@@ -321,6 +329,9 @@ dispose_command (command); dispose_fd_bitmap (bitmap); discard_unwind_frame ("pe_dispose"); @@ -42,26 +38,23 @@ } } else ---- variables.c -+++ variables.c 2014-09-16 23:35:45.000000000 +0000 -@@ -347,12 +347,10 @@ initialize_shell_variables (env, privmod +diff -ur a/bash/variables.c b/bash/variables.c +--- a/bash/variables.c 2014-09-16 21:35:34.878850652 +0200 ++++ b/bash/variables.c 2014-09-16 21:37:16.221034763 +0200 +@@ -347,7 +347,11 @@ temp_string[char_index] = ' '; strcpy (temp_string + char_index + 1, string); - parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); -- -- /* Ancient backwards compatibility. Old versions of bash exported -- functions like name()=() {...} */ -- if (name[char_index - 1] == ')' && name[char_index - 2] == '(') -- name[char_index - 2] = '\0'; -+ /* Don't import function names that are invalid identifiers from the -+ environment. */ -+ if (legal_identifier (name)) -+ parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); ++ /* Don't import function names that are invalid identifiers from the ++ environment, though we still allow them to be defined as shell ++ variables. */ ++ if (legal_identifier (name)) ++ parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); - if (temp_var = find_function (name)) - { -@@ -361,10 +359,6 @@ initialize_shell_variables (env, privmod + /* Ancient backwards compatibility. Old versions of bash exported + functions like name()=() {...} */ +@@ -361,10 +365,6 @@ } else report_error (_("error importing function definition for `%s'"), name); diff --git a/bash.spec b/bash.spec index e6002932..0ab9139e 100644 --- a/bash.spec +++ b/bash.spec @@ -322,7 +322,7 @@ done %endif %patch46 -p0 -b .notimestamp %patch47 -%patch48 -p0 +%patch48 -p2 %patch0 -p0 -b .0 pushd ../readline-%{rl_vers}%{extend} for patch in ../readline-%{rl_vers}-patches/*; do