From ddfad2ae1d7785eddac48aec8ff22b56e47786c1 Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Fri, 4 Dec 2009 09:41:03 +0000 Subject: [PATCH] . OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=14 --- bash-4.0-patches.tar.bz2 | 4 +- bash-4.0-security.patch | 100 ++++++++++++--------------------------- bash.changes | 16 +++++++ 3 files changed, 47 insertions(+), 73 deletions(-) diff --git a/bash-4.0-patches.tar.bz2 b/bash-4.0-patches.tar.bz2 index a7ddf467..64e43a78 100644 --- a/bash-4.0-patches.tar.bz2 +++ b/bash-4.0-patches.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:64b45587a32f84769d300c251406047bf8ecf8e54eec72281da82913b4ad4b5b -size 17535 +oid sha256:b64645f66d1d3121f0fc26215a902d5ca5ec6b4d59a14981617fdf69554ce259 +size 18292 diff --git a/bash-4.0-security.patch b/bash-4.0-security.patch index 2b60b9da..aac37da2 100644 --- a/bash-4.0-security.patch +++ b/bash-4.0-security.patch @@ -1,85 +1,43 @@ -Index: variables.c -=================================================================== ---- variables.c.orig -+++ variables.c -@@ -1203,6 +1203,7 @@ init_seconds_var () - return v; - } - -+#if !defined(linux) - /* The random number seed. You can change this by setting RANDOM. */ - static unsigned long rseed = 1; +--- variables.c ++++ variables.c 2009-12-04 09:31:06.579929599 +0000 +@@ -1216,6 +1216,7 @@ static unsigned long rseed = 1; static int last_random_value; -@@ -1256,6 +1257,24 @@ seedrand () + static int seeded_subshell = 0; + ++#if !defined(linux) + /* A linear congruential random number generator based on the example + one in the ANSI C standard. This one isn't very good, but a more + complicated one is overkill. */ +@@ -1264,6 +1265,32 @@ seedrand () sbrand (tv.tv_sec ^ tv.tv_usec ^ getpid ()); } +#else -+ -+static int last_sbrand_pid; -+ -+static int brand () ++/* Use ISO C Random Number Functions of the glibc */ ++static int ++brand (void) +{ -+ return random() & 32767; -+} -+ -+static void sbrand (unsigned long seed) -+{ -+ srandom(seed); ++ if (rseed == 0) ++ seedrand (); ++ return rand() & 32767; +} + +static void -+seedrand () {} ++sbrand (unsigned long seed) ++{ ++ rseed = seed; ++ srand(seed); ++} ++ ++static void ++seedrand (void) ++{ ++ struct timeval tv; ++ gettimeofday (&tv, NULL); ++ srand (tv.tv_sec ^ tv.tv_usec ^ getpid ()); ++} +#endif + static SHELL_VAR * assign_random (self, value, unused, key) SHELL_VAR *self; -@@ -1264,8 +1283,10 @@ assign_random (self, value, unused, key) - char *key; - { - sbrand (strtoul (value, (char **)NULL, 10)); -+#if !defined(linux) - if (subshell_environment) - seeded_subshell = getpid (); -+#endif - return (self); - } - -@@ -1274,6 +1295,7 @@ get_random_number () - { - int rv, pid; - -+#if !defined(linux) - /* Reset for command and process substitution. */ - pid = getpid (); - if (subshell_environment && seeded_subshell != pid) -@@ -1285,6 +1307,18 @@ get_random_number () - do - rv = brand (); - while (rv == last_random_value); -+#else -+ if (subshell_environment) -+ { -+ int mypid = getpid(); -+ if (mypid != last_sbrand_pid) -+ { -+ last_sbrand_pid = mypid; -+ sbrand (mypid + NOW); -+ } -+ } -+ rv = brand(); -+#endif - return rv; - } - -@@ -1296,7 +1330,9 @@ get_random (var) - char *p; - - rv = get_random_number (); -+#if !defined(linux) - last_random_value = rv; -+#endif - p = itos (rv); - - FREE (value_cell (var)); diff --git a/bash.changes b/bash.changes index cf056bdf..2fc01b7c 100644 --- a/bash.changes +++ b/bash.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Fri Dec 4 10:40:02 CET 2009 - werner@suse.de + +- Fix bug in bash-4.0-security.patch (bnc#559877) + +------------------------------------------------------------------- +Thu Oct 29 15:23:20 CET 2009 - werner@suse.de + +- Update to newest patch level 35 + * bash incorrectly interprets wildcarded path components between + a **/ and the last / + * bash incorrectly treated single and double quotes as + delimiters rather than introducing quoted strings when + splitting the line into words for programmable completion + functions + ------------------------------------------------------------------- Wed Sep 30 13:24:57 CEST 2009 - werner@suse.de