Accepting request 251830 from Base:System

- Add bash-4.2-CVE-2014-6271.patch to fix CVE-2014-6271, the unexpected code execution with environment variables (bnc#896776) - Add patch bash-4.2-error-getpwd.patch which is the backport of the corrected german error message for a failing getpwd (bnc#895475) OBS-URL: https://build.opensuse.org/request/show/251830 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bash?expand=0&rev=118
2014-09-28 17:53:46 +00:00 · 2014-09-28 17:53:46 +00:00 · 0fe4637ee1
commit 0fe4637ee1
parent 5fec065b3c e261e6e10e
4 changed files with 103 additions and 0 deletions
--- a/bash-4.2-CVE-2014-6271.patch
+++ b/bash-4.2-CVE-2014-6271.patch
@ -0,0 +1,67 @@
+diff -ur a/bash/builtins/common.h b/bash/builtins/common.h
+--- a/bash/builtins/common.h	2010-05-31 00:31:51.000000000 +0200
+++ b/bash/builtins/common.h	2014-09-16 21:36:20.139826595 +0200
+@@ -33,6 +33,8 @@
+ #define SEVAL_RESETLINE	0x010
+ #define SEVAL_PARSEONLY	0x020
+ #define SEVAL_NOLONGJMP 0x040
+#define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
+#define SEVAL_ONECMD	0x100		/* only allow a single command */
+ 
+ /* Flags for describe_command, shared between type.def and command.def */
+ #define CDESC_ALL		0x001	/* type -a */
+diff -ur a/bash/builtins/evalstring.c b/bash/builtins/evalstring.c
+--- a/bash/builtins/evalstring.c	2010-11-23 14:22:15.000000000 +0100
+++ b/bash/builtins/evalstring.c	2014-09-16 21:36:20.139826595 +0200
+@@ -261,6 +261,14 @@
+ 	    {
+ 	      struct fd_bitmap *bitmap;
+ 
+	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+		{
+		  internal_warning ("%s: ignoring function definition attempt", from_file);
+		  should_jump_to_top_level = 0;
+		  last_result = last_command_exit_value = EX_BADUSAGE;
+		  break;
+		}
+
+ 	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+ 	      begin_unwind_frame ("pe_dispose");
+ 	      add_unwind_protect (dispose_fd_bitmap, bitmap);
+@@ -321,6 +329,9 @@
+ 	      dispose_command (command);
+ 	      dispose_fd_bitmap (bitmap);
+ 	      discard_unwind_frame ("pe_dispose");
+
+	      if (flags & SEVAL_ONECMD)
+		break;
+ 	    }
+ 	}
+       else
+diff -ur a/bash/variables.c b/bash/variables.c
+--- a/bash/variables.c	2014-09-16 21:35:34.878850652 +0200
+++ b/bash/variables.c	2014-09-16 21:37:16.221034763 +0200
+@@ -347,7 +347,11 @@
+ 	  temp_string[char_index] = ' ';
+ 	  strcpy (temp_string + char_index + 1, string);
+ 
+-	  parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
+ 	  /* Don't import function names that are invalid identifiers from the
+ 	     environment, though we still allow them to be defined as shell
+ 	     variables. */
+ 	  if (legal_identifier (name))
+ 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+ 
+ 	  /* Ancient backwards compatibility.  Old versions of bash exported
+ 	     functions like name()=() {...} */
+@@ -361,10 +365,6 @@
+ 	    }
+ 	  else
+ 	    report_error (_("error importing function definition for `%s'"), name);
+-
+-	  /* ( */
+-	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+-	    name[char_index - 2] = '(';		/* ) */
+ 	}
+ #if defined (ARRAY_VARS)
+ #  if 0
--- a/bash-4.2-error-getpwd.patch
+++ b/bash-4.2-error-getpwd.patch
@ -0,0 +1,16 @@
+Backport of the corrected error message for a failing getpwd (bnc#895475)
+---
+ po/de.po |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- po/de.po
+++ po/de.po	2014-09-15 08:46:03.482235134 +0000
+@@ -267,7 +267,7 @@ msgstr "Fehler beim Ermitteln der Termin
+ #: builtins/common.c:563
+ #, c-format
+ msgid "%s: error retrieving current directory: %s: %s\n"
+-msgstr "%s: Kann das nicht aktuelle Verzeichnis wiederfinden: %s: %s\n"
+msgstr "%s: Kann das aktuelle Verzeichnis nicht wiederfinden: %s: %s\n"
+ 
+ #: builtins/common.c:629 builtins/common.c:631
+ #, c-format
--- a/bash.changes
+++ b/bash.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu Sep 18 12:10:17 UTC 2014 - werner@suse.de
+
+- Add bash-4.2-CVE-2014-6271.patch
+  to fix CVE-2014-6271, the unexpected code execution with
+  environment variables (bnc#896776)
+
+-------------------------------------------------------------------
+Mon Sep 15 08:52:13 UTC 2014 - werner@suse.de
+
+- Add patch bash-4.2-error-getpwd.patch
+  which is the backport of the corrected german error message for
+  a failing getpwd (bnc#895475)
+
 -------------------------------------------------------------------
 Sun Jun 29 13:24:47 UTC 2014 - schwab@linux-m68k.org

--- a/bash.spec
+++ b/bash.spec
@ -93,10 +93,14 @@ Patch27:        readline-6.2-xmalloc.dif
 Patch30:        readline-6.2-destdir.patch
 Patch31:        readline-6.2-rltrace.patch
 Patch40:        bash-4.1-bash.bashrc.dif
+# PATCH-FIX-UPSTREAM bnc#895475 -- locale de_DE.utf8 has wrong translations
+Patch41:        bash-4.2-error-getpwd.patch
 Patch42:        audit-patch
 Patch43:        audit-rl-patch
 Patch46:        man2html-no-timestamp.patch
 Patch47:        config-guess-sub-update.patch
+# PATCH-FIX-UPSTREAM bnc#895475 -- bnc#896776, CVE-2014-6271: unexpected code execution with environment variables
+Patch48:        bash-4.2-CVE-2014-6271.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %global         _sysconfdir /etc
 %global         _incdir     %{_includedir}
@ -312,11 +316,13 @@ done
 %patch26 -p0 -b .msgdy
 %patch31 -p0 -b .tmp
 %patch40 -p0 -b .bashrc
+%patch41 -p0 -b .errgetpwd
 %if 0%suse_version >= 1100
 %patch42 -p1 -b .audit
 %endif
 %patch46 -p0 -b .notimestamp
 %patch47
+%patch48 -p2
 %patch0  -p0 -b .0
 pushd ../readline-%{rl_vers}%{extend}
 for patch in ../readline-%{rl_vers}-patches/*; do