From b7da73b716a211b5b14c1484fc6aec2aa0602fe3c67fd6d2cc0348d69b8dec5e Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Fri, 4 Dec 2009 09:41:03 +0000 Subject: [PATCH 1/5] . OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=14 --- bash-4.0-patches.tar.bz2 | 4 +- bash-4.0-security.patch | 100 ++++++++++++--------------------------- bash.changes | 16 +++++++ 3 files changed, 47 insertions(+), 73 deletions(-) diff --git a/bash-4.0-patches.tar.bz2 b/bash-4.0-patches.tar.bz2 index 351be21..894d618 100644 --- a/bash-4.0-patches.tar.bz2 +++ b/bash-4.0-patches.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:64b45587a32f84769d300c251406047bf8ecf8e54eec72281da82913b4ad4b5b -size 17535 +oid sha256:b64645f66d1d3121f0fc26215a902d5ca5ec6b4d59a14981617fdf69554ce259 +size 18292 diff --git a/bash-4.0-security.patch b/bash-4.0-security.patch index f140a80..5987424 100644 --- a/bash-4.0-security.patch +++ b/bash-4.0-security.patch @@ -1,85 +1,43 @@ -Index: variables.c -=================================================================== ---- variables.c.orig -+++ variables.c -@@ -1203,6 +1203,7 @@ init_seconds_var () - return v; - } - -+#if !defined(linux) - /* The random number seed. You can change this by setting RANDOM. */ - static unsigned long rseed = 1; +--- variables.c ++++ variables.c 2009-12-04 09:31:06.579929599 +0000 +@@ -1216,6 +1216,7 @@ static unsigned long rseed = 1; static int last_random_value; -@@ -1256,6 +1257,24 @@ seedrand () + static int seeded_subshell = 0; + ++#if !defined(linux) + /* A linear congruential random number generator based on the example + one in the ANSI C standard. This one isn't very good, but a more + complicated one is overkill. */ +@@ -1264,6 +1265,32 @@ seedrand () sbrand (tv.tv_sec ^ tv.tv_usec ^ getpid ()); } +#else -+ -+static int last_sbrand_pid; -+ -+static int brand () ++/* Use ISO C Random Number Functions of the glibc */ ++static int ++brand (void) +{ -+ return random() & 32767; -+} -+ -+static void sbrand (unsigned long seed) -+{ -+ srandom(seed); ++ if (rseed == 0) ++ seedrand (); ++ return rand() & 32767; +} + +static void -+seedrand () {} ++sbrand (unsigned long seed) ++{ ++ rseed = seed; ++ srand(seed); ++} ++ ++static void ++seedrand (void) ++{ ++ struct timeval tv; ++ gettimeofday (&tv, NULL); ++ srand (tv.tv_sec ^ tv.tv_usec ^ getpid ()); ++} +#endif + static SHELL_VAR * assign_random (self, value, unused, key) SHELL_VAR *self; -@@ -1264,8 +1283,10 @@ assign_random (self, value, unused, key) - char *key; - { - sbrand (strtoul (value, (char **)NULL, 10)); -+#if !defined(linux) - if (subshell_environment) - seeded_subshell = getpid (); -+#endif - return (self); - } - -@@ -1274,6 +1295,7 @@ get_random_number () - { - int rv, pid; - -+#if !defined(linux) - /* Reset for command and process substitution. */ - pid = getpid (); - if (subshell_environment && seeded_subshell != pid) -@@ -1285,6 +1307,18 @@ get_random_number () - do - rv = brand (); - while (rv == last_random_value); -+#else -+ if (subshell_environment) -+ { -+ int mypid = getpid(); -+ if (mypid != last_sbrand_pid) -+ { -+ last_sbrand_pid = mypid; -+ sbrand (mypid + NOW); -+ } -+ } -+ rv = brand(); -+#endif - return rv; - } - -@@ -1296,7 +1330,9 @@ get_random (var) - char *p; - - rv = get_random_number (); -+#if !defined(linux) - last_random_value = rv; -+#endif - p = itos (rv); - - FREE (value_cell (var)); diff --git a/bash.changes b/bash.changes index dec5b89..7386ebe 100644 --- a/bash.changes +++ b/bash.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Fri Dec 4 10:40:02 CET 2009 - werner@suse.de + +- Fix bug in bash-4.0-security.patch (bnc#559877) + +------------------------------------------------------------------- +Thu Oct 29 15:23:20 CET 2009 - werner@suse.de + +- Update to newest patch level 35 + * bash incorrectly interprets wildcarded path components between + a **/ and the last / + * bash incorrectly treated single and double quotes as + delimiters rather than introducing quoted strings when + splitting the line into words for programmable completion + functions + ------------------------------------------------------------------- Wed Sep 30 13:24:57 CEST 2009 - werner@suse.de From b3ea2115139508b026ea6f54b9a6525242fb431ad55d80c537ade9fe2807c361 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Tue, 8 Dec 2009 11:47:31 +0000 Subject: [PATCH 2/5] checked in OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=15 --- bash-4.0-patches.tar.bz2 | 4 +- bash-4.0-security.patch | 100 +++++++++++++++++++++++++++------------ bash.changes | 16 ------- 3 files changed, 73 insertions(+), 47 deletions(-) diff --git a/bash-4.0-patches.tar.bz2 b/bash-4.0-patches.tar.bz2 index 894d618..351be21 100644 --- a/bash-4.0-patches.tar.bz2 +++ b/bash-4.0-patches.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b64645f66d1d3121f0fc26215a902d5ca5ec6b4d59a14981617fdf69554ce259 -size 18292 +oid sha256:64b45587a32f84769d300c251406047bf8ecf8e54eec72281da82913b4ad4b5b +size 17535 diff --git a/bash-4.0-security.patch b/bash-4.0-security.patch index 5987424..f140a80 100644 --- a/bash-4.0-security.patch +++ b/bash-4.0-security.patch @@ -1,43 +1,85 @@ ---- variables.c -+++ variables.c 2009-12-04 09:31:06.579929599 +0000 -@@ -1216,6 +1216,7 @@ static unsigned long rseed = 1; - static int last_random_value; - static int seeded_subshell = 0; - +Index: variables.c +=================================================================== +--- variables.c.orig ++++ variables.c +@@ -1203,6 +1203,7 @@ init_seconds_var () + return v; + } + +#if !defined(linux) - /* A linear congruential random number generator based on the example - one in the ANSI C standard. This one isn't very good, but a more - complicated one is overkill. */ -@@ -1264,6 +1265,32 @@ seedrand () + /* The random number seed. You can change this by setting RANDOM. */ + static unsigned long rseed = 1; + static int last_random_value; +@@ -1256,6 +1257,24 @@ seedrand () sbrand (tv.tv_sec ^ tv.tv_usec ^ getpid ()); } +#else -+/* Use ISO C Random Number Functions of the glibc */ -+static int -+brand (void) ++ ++static int last_sbrand_pid; ++ ++static int brand () +{ -+ if (rseed == 0) -+ seedrand (); -+ return rand() & 32767; ++ return random() & 32767; ++} ++ ++static void sbrand (unsigned long seed) ++{ ++ srandom(seed); +} + +static void -+sbrand (unsigned long seed) -+{ -+ rseed = seed; -+ srand(seed); -+} -+ -+static void -+seedrand (void) -+{ -+ struct timeval tv; -+ gettimeofday (&tv, NULL); -+ srand (tv.tv_sec ^ tv.tv_usec ^ getpid ()); -+} ++seedrand () {} +#endif + static SHELL_VAR * assign_random (self, value, unused, key) SHELL_VAR *self; +@@ -1264,8 +1283,10 @@ assign_random (self, value, unused, key) + char *key; + { + sbrand (strtoul (value, (char **)NULL, 10)); ++#if !defined(linux) + if (subshell_environment) + seeded_subshell = getpid (); ++#endif + return (self); + } + +@@ -1274,6 +1295,7 @@ get_random_number () + { + int rv, pid; + ++#if !defined(linux) + /* Reset for command and process substitution. */ + pid = getpid (); + if (subshell_environment && seeded_subshell != pid) +@@ -1285,6 +1307,18 @@ get_random_number () + do + rv = brand (); + while (rv == last_random_value); ++#else ++ if (subshell_environment) ++ { ++ int mypid = getpid(); ++ if (mypid != last_sbrand_pid) ++ { ++ last_sbrand_pid = mypid; ++ sbrand (mypid + NOW); ++ } ++ } ++ rv = brand(); ++#endif + return rv; + } + +@@ -1296,7 +1330,9 @@ get_random (var) + char *p; + + rv = get_random_number (); ++#if !defined(linux) + last_random_value = rv; ++#endif + p = itos (rv); + + FREE (value_cell (var)); diff --git a/bash.changes b/bash.changes index 7386ebe..dec5b89 100644 --- a/bash.changes +++ b/bash.changes @@ -1,19 +1,3 @@ -------------------------------------------------------------------- -Fri Dec 4 10:40:02 CET 2009 - werner@suse.de - -- Fix bug in bash-4.0-security.patch (bnc#559877) - -------------------------------------------------------------------- -Thu Oct 29 15:23:20 CET 2009 - werner@suse.de - -- Update to newest patch level 35 - * bash incorrectly interprets wildcarded path components between - a **/ and the last / - * bash incorrectly treated single and double quotes as - delimiters rather than introducing quoted strings when - splitting the line into words for programmable completion - functions - ------------------------------------------------------------------- Wed Sep 30 13:24:57 CEST 2009 - werner@suse.de From 00b5524e844d40004f027f5d6c5f850206b3dbb831d0ffb0d4db77f1cb9ae665 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Mon, 14 Dec 2009 22:28:55 +0000 Subject: [PATCH 3/5] Accepting request 26308 from home:jengelh:branches:Base:System Copy from home:jengelh:branches:Base:System/bash via accept of submit request 26308 revision 2. Request was accepted with message: reviewed OBS-URL: https://build.opensuse.org/request/show/26308 OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=16 --- bash-4.0-patches.tar.bz2 | 4 +- bash-4.0-security.patch | 100 ++++++++++++--------------------------- bash.changes | 21 ++++++++ bash.spec | 29 ++++++------ 4 files changed, 67 insertions(+), 87 deletions(-) diff --git a/bash-4.0-patches.tar.bz2 b/bash-4.0-patches.tar.bz2 index 351be21..894d618 100644 --- a/bash-4.0-patches.tar.bz2 +++ b/bash-4.0-patches.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:64b45587a32f84769d300c251406047bf8ecf8e54eec72281da82913b4ad4b5b -size 17535 +oid sha256:b64645f66d1d3121f0fc26215a902d5ca5ec6b4d59a14981617fdf69554ce259 +size 18292 diff --git a/bash-4.0-security.patch b/bash-4.0-security.patch index f140a80..5987424 100644 --- a/bash-4.0-security.patch +++ b/bash-4.0-security.patch @@ -1,85 +1,43 @@ -Index: variables.c -=================================================================== ---- variables.c.orig -+++ variables.c -@@ -1203,6 +1203,7 @@ init_seconds_var () - return v; - } - -+#if !defined(linux) - /* The random number seed. You can change this by setting RANDOM. */ - static unsigned long rseed = 1; +--- variables.c ++++ variables.c 2009-12-04 09:31:06.579929599 +0000 +@@ -1216,6 +1216,7 @@ static unsigned long rseed = 1; static int last_random_value; -@@ -1256,6 +1257,24 @@ seedrand () + static int seeded_subshell = 0; + ++#if !defined(linux) + /* A linear congruential random number generator based on the example + one in the ANSI C standard. This one isn't very good, but a more + complicated one is overkill. */ +@@ -1264,6 +1265,32 @@ seedrand () sbrand (tv.tv_sec ^ tv.tv_usec ^ getpid ()); } +#else -+ -+static int last_sbrand_pid; -+ -+static int brand () ++/* Use ISO C Random Number Functions of the glibc */ ++static int ++brand (void) +{ -+ return random() & 32767; -+} -+ -+static void sbrand (unsigned long seed) -+{ -+ srandom(seed); ++ if (rseed == 0) ++ seedrand (); ++ return rand() & 32767; +} + +static void -+seedrand () {} ++sbrand (unsigned long seed) ++{ ++ rseed = seed; ++ srand(seed); ++} ++ ++static void ++seedrand (void) ++{ ++ struct timeval tv; ++ gettimeofday (&tv, NULL); ++ srand (tv.tv_sec ^ tv.tv_usec ^ getpid ()); ++} +#endif + static SHELL_VAR * assign_random (self, value, unused, key) SHELL_VAR *self; -@@ -1264,8 +1283,10 @@ assign_random (self, value, unused, key) - char *key; - { - sbrand (strtoul (value, (char **)NULL, 10)); -+#if !defined(linux) - if (subshell_environment) - seeded_subshell = getpid (); -+#endif - return (self); - } - -@@ -1274,6 +1295,7 @@ get_random_number () - { - int rv, pid; - -+#if !defined(linux) - /* Reset for command and process substitution. */ - pid = getpid (); - if (subshell_environment && seeded_subshell != pid) -@@ -1285,6 +1307,18 @@ get_random_number () - do - rv = brand (); - while (rv == last_random_value); -+#else -+ if (subshell_environment) -+ { -+ int mypid = getpid(); -+ if (mypid != last_sbrand_pid) -+ { -+ last_sbrand_pid = mypid; -+ sbrand (mypid + NOW); -+ } -+ } -+ rv = brand(); -+#endif - return rv; - } - -@@ -1296,7 +1330,9 @@ get_random (var) - char *p; - - rv = get_random_number (); -+#if !defined(linux) - last_random_value = rv; -+#endif - p = itos (rv); - - FREE (value_cell (var)); diff --git a/bash.changes b/bash.changes index dec5b89..0268738 100644 --- a/bash.changes +++ b/bash.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Sat Dec 12 18:12:02 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Fri Dec 4 10:40:02 CET 2009 - werner@suse.de + +- Fix bug in bash-4.0-security.patch (bnc#559877) + +------------------------------------------------------------------- +Thu Oct 29 15:23:20 CET 2009 - werner@suse.de + +- Update to newest patch level 35 + * bash incorrectly interprets wildcarded path components between + a **/ and the last / + * bash incorrectly treated single and double quotes as + delimiters rather than introducing quoted strings when + splitting the line into words for programmable completion + functions + ------------------------------------------------------------------- Wed Sep 30 13:24:57 CEST 2009 - werner@suse.de diff --git a/bash.spec b/bash.spec index 6d5976b..54cd79c 100644 --- a/bash.spec +++ b/bash.spec @@ -19,7 +19,7 @@ Name: bash BuildRequires: bison fdupes ncurses-devel -License: GPL v2 or later +License: GPLv2+ Group: System/Shells %define bash_vers 4.0 %define rl_vers 6.0 @@ -28,7 +28,7 @@ Recommends: bash-lang = %bash_vers Suggests: command-not-found AutoReqProv: on Version: 4.0 -Release: 17 +Release: 18 Summary: The GNU Bourne-Again Shell Url: http://www.gnu.org/software/bash/bash.html Source0: ftp://ftp.gnu.org/gnu/bash/bash-%{bash_vers}.tar.bz2 @@ -39,6 +39,7 @@ Source4: run-tests Source5: dot.bashrc Source6: dot.profile Source7: bash-rpmlintrc +Source8: baselibs.conf Patch0: bash-%{bash_vers}.dif Patch1: bash-2.03-manual.patch Patch2: bash-4.0-security.patch @@ -85,13 +86,13 @@ Authors: Chet Ramey %package -n bash-doc -License: GPL v2 or later +License: GPLv2+ Summary: Documentation how to Use the GNU Bourne-Again Shell Group: Documentation/Man Provides: bash:%{_infodir}/bash.info.gz PreReq: %install_info_prereq Version: 4.0 -Release: 17 +Release: 18 AutoReqProv: on %description -n bash-doc @@ -107,11 +108,11 @@ Authors: %lang_package(bash) %package -n bash-devel -License: GPL v2 or later +License: GPLv2+ Summary: Include Files mandatory for Development of bash loadable builtins Group: Development/Languages/C and C++ Version: 4.0 -Release: 6 +Release: 7 AutoReqProv: on %description -n bash-devel @@ -127,11 +128,11 @@ Authors: Chet Ramey %package -n bash-loadables -License: GPL v2 or later +License: GPLv2+ Summary: Loadable bash builtins Group: System/Shells Version: 4.0 -Release: 6 +Release: 7 AutoReqProv: on %description -n bash-loadables @@ -195,12 +196,12 @@ Authors: Chet Ramey %package -n libreadline6 -License: GPL v2 or later +License: GPLv2+ Summary: The Readline Library Group: System/Libraries Provides: bash:/%{_lib}/libreadline.so.%{rl_major} Version: 6.0 -Release: 17 +Release: 18 Recommends: readline-doc = %{version} # bug437293 %ifarch ppc64 @@ -224,12 +225,12 @@ Authors: Chet Ramey %package -n readline-devel -License: GPL v2 or later +License: GPLv2+ Summary: Include Files and Libraries mandatory for Development Group: Development/Libraries/C and C++ Provides: bash:%{_libdir}/libreadline.a Version: 6.0 -Release: 17 +Release: 18 Requires: libreadline6 = %{version} Requires: ncurses-devel Recommends: readline-doc = %{version} @@ -252,13 +253,13 @@ Authors: Chet Ramey %package -n readline-doc -License: GPL v2 or later +License: GPLv2+ Summary: Documentation how to Use and Program with the Readline Library Group: System/Libraries Provides: readline:%{_infodir}/readline.info.gz PreReq: %install_info_prereq Version: 6.0 -Release: 17 +Release: 18 AutoReqProv: on %description -n readline-doc From e76ffa0b7cdfe3dc33b9d03915034f011b0481c69a10153690919304867a517c Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Wed, 16 Dec 2009 07:57:07 +0000 Subject: [PATCH 4/5] checked in OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=17 --- bash.changes | 5 ----- bash.spec | 1 - 2 files changed, 6 deletions(-) diff --git a/bash.changes b/bash.changes index 0268738..7386ebe 100644 --- a/bash.changes +++ b/bash.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Sat Dec 12 18:12:02 CET 2009 - jengelh@medozas.de - -- add baselibs.conf as a source - ------------------------------------------------------------------- Fri Dec 4 10:40:02 CET 2009 - werner@suse.de diff --git a/bash.spec b/bash.spec index 54cd79c..72368d9 100644 --- a/bash.spec +++ b/bash.spec @@ -39,7 +39,6 @@ Source4: run-tests Source5: dot.bashrc Source6: dot.profile Source7: bash-rpmlintrc -Source8: baselibs.conf Patch0: bash-%{bash_vers}.dif Patch1: bash-2.03-manual.patch Patch2: bash-4.0-security.patch From b8b91bfde6517ce2923b9a2b4cb54b0d860d997f303201c3e2c05046c1ccc627 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Wed, 16 Dec 2009 07:57:10 +0000 Subject: [PATCH 5/5] Updating link to change in openSUSE:Factory/bash revision 48 OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=6eb90b4fd2b953129f0a8e001d5a4848 --- bash.changes | 5 +++++ bash.spec | 15 ++++++++------- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/bash.changes b/bash.changes index 7386ebe..0268738 100644 --- a/bash.changes +++ b/bash.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Dec 12 18:12:02 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + ------------------------------------------------------------------- Fri Dec 4 10:40:02 CET 2009 - werner@suse.de diff --git a/bash.spec b/bash.spec index 72368d9..f2042c8 100644 --- a/bash.spec +++ b/bash.spec @@ -28,7 +28,7 @@ Recommends: bash-lang = %bash_vers Suggests: command-not-found AutoReqProv: on Version: 4.0 -Release: 18 +Release: 19 Summary: The GNU Bourne-Again Shell Url: http://www.gnu.org/software/bash/bash.html Source0: ftp://ftp.gnu.org/gnu/bash/bash-%{bash_vers}.tar.bz2 @@ -39,6 +39,7 @@ Source4: run-tests Source5: dot.bashrc Source6: dot.profile Source7: bash-rpmlintrc +Source8: baselibs.conf Patch0: bash-%{bash_vers}.dif Patch1: bash-2.03-manual.patch Patch2: bash-4.0-security.patch @@ -91,7 +92,7 @@ Group: Documentation/Man Provides: bash:%{_infodir}/bash.info.gz PreReq: %install_info_prereq Version: 4.0 -Release: 18 +Release: 19 AutoReqProv: on %description -n bash-doc @@ -111,7 +112,7 @@ License: GPLv2+ Summary: Include Files mandatory for Development of bash loadable builtins Group: Development/Languages/C and C++ Version: 4.0 -Release: 7 +Release: 8 AutoReqProv: on %description -n bash-devel @@ -131,7 +132,7 @@ License: GPLv2+ Summary: Loadable bash builtins Group: System/Shells Version: 4.0 -Release: 7 +Release: 8 AutoReqProv: on %description -n bash-loadables @@ -200,7 +201,7 @@ Summary: The Readline Library Group: System/Libraries Provides: bash:/%{_lib}/libreadline.so.%{rl_major} Version: 6.0 -Release: 18 +Release: 19 Recommends: readline-doc = %{version} # bug437293 %ifarch ppc64 @@ -229,7 +230,7 @@ Summary: Include Files and Libraries mandatory for Development Group: Development/Libraries/C and C++ Provides: bash:%{_libdir}/libreadline.a Version: 6.0 -Release: 18 +Release: 19 Requires: libreadline6 = %{version} Requires: ncurses-devel Recommends: readline-doc = %{version} @@ -258,7 +259,7 @@ Group: System/Libraries Provides: readline:%{_infodir}/readline.info.gz PreReq: %install_info_prereq Version: 6.0 -Release: 18 +Release: 19 AutoReqProv: on %description -n readline-doc