From c3da486016c4145f381c22216d0fb0e565338675 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Tue, 8 Dec 2009 11:47:31 +0000 Subject: [PATCH] checked in OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=15 --- bash-4.0-patches.tar.bz2 | 4 +- bash-4.0-security.patch | 100 +++++++++++++++++++++++++++------------ bash.changes | 16 ------- 3 files changed, 73 insertions(+), 47 deletions(-) diff --git a/bash-4.0-patches.tar.bz2 b/bash-4.0-patches.tar.bz2 index 64e43a78..a7ddf467 100644 --- a/bash-4.0-patches.tar.bz2 +++ b/bash-4.0-patches.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b64645f66d1d3121f0fc26215a902d5ca5ec6b4d59a14981617fdf69554ce259 -size 18292 +oid sha256:64b45587a32f84769d300c251406047bf8ecf8e54eec72281da82913b4ad4b5b +size 17535 diff --git a/bash-4.0-security.patch b/bash-4.0-security.patch index aac37da2..2b60b9da 100644 --- a/bash-4.0-security.patch +++ b/bash-4.0-security.patch @@ -1,43 +1,85 @@ ---- variables.c -+++ variables.c 2009-12-04 09:31:06.579929599 +0000 -@@ -1216,6 +1216,7 @@ static unsigned long rseed = 1; - static int last_random_value; - static int seeded_subshell = 0; - +Index: variables.c +=================================================================== +--- variables.c.orig ++++ variables.c +@@ -1203,6 +1203,7 @@ init_seconds_var () + return v; + } + +#if !defined(linux) - /* A linear congruential random number generator based on the example - one in the ANSI C standard. This one isn't very good, but a more - complicated one is overkill. */ -@@ -1264,6 +1265,32 @@ seedrand () + /* The random number seed. You can change this by setting RANDOM. */ + static unsigned long rseed = 1; + static int last_random_value; +@@ -1256,6 +1257,24 @@ seedrand () sbrand (tv.tv_sec ^ tv.tv_usec ^ getpid ()); } +#else -+/* Use ISO C Random Number Functions of the glibc */ -+static int -+brand (void) ++ ++static int last_sbrand_pid; ++ ++static int brand () +{ -+ if (rseed == 0) -+ seedrand (); -+ return rand() & 32767; ++ return random() & 32767; ++} ++ ++static void sbrand (unsigned long seed) ++{ ++ srandom(seed); +} + +static void -+sbrand (unsigned long seed) -+{ -+ rseed = seed; -+ srand(seed); -+} -+ -+static void -+seedrand (void) -+{ -+ struct timeval tv; -+ gettimeofday (&tv, NULL); -+ srand (tv.tv_sec ^ tv.tv_usec ^ getpid ()); -+} ++seedrand () {} +#endif + static SHELL_VAR * assign_random (self, value, unused, key) SHELL_VAR *self; +@@ -1264,8 +1283,10 @@ assign_random (self, value, unused, key) + char *key; + { + sbrand (strtoul (value, (char **)NULL, 10)); ++#if !defined(linux) + if (subshell_environment) + seeded_subshell = getpid (); ++#endif + return (self); + } + +@@ -1274,6 +1295,7 @@ get_random_number () + { + int rv, pid; + ++#if !defined(linux) + /* Reset for command and process substitution. */ + pid = getpid (); + if (subshell_environment && seeded_subshell != pid) +@@ -1285,6 +1307,18 @@ get_random_number () + do + rv = brand (); + while (rv == last_random_value); ++#else ++ if (subshell_environment) ++ { ++ int mypid = getpid(); ++ if (mypid != last_sbrand_pid) ++ { ++ last_sbrand_pid = mypid; ++ sbrand (mypid + NOW); ++ } ++ } ++ rv = brand(); ++#endif + return rv; + } + +@@ -1296,7 +1330,9 @@ get_random (var) + char *p; + + rv = get_random_number (); ++#if !defined(linux) + last_random_value = rv; ++#endif + p = itos (rv); + + FREE (value_cell (var)); diff --git a/bash.changes b/bash.changes index 2fc01b7c..cf056bdf 100644 --- a/bash.changes +++ b/bash.changes @@ -1,19 +1,3 @@ -------------------------------------------------------------------- -Fri Dec 4 10:40:02 CET 2009 - werner@suse.de - -- Fix bug in bash-4.0-security.patch (bnc#559877) - -------------------------------------------------------------------- -Thu Oct 29 15:23:20 CET 2009 - werner@suse.de - -- Update to newest patch level 35 - * bash incorrectly interprets wildcarded path components between - a **/ and the last / - * bash incorrectly treated single and double quotes as - delimiters rather than introducing quoted strings when - splitting the line into words for programmable completion - functions - ------------------------------------------------------------------- Wed Sep 30 13:24:57 CEST 2009 - werner@suse.de