testing/bash
SHA256
3
0
Fork 0
forked from pool/bash
Code Pull Requests Activity

Fix boo#1010845

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=225
This commit is contained in:
Dr. Werner Fink 2016-11-28 11:43:24 +00:00 committed by Git OBS Bridge
parent c33fb6aabd
commit b8e07aad0d
3 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bash.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Nov 28 11:41:49 UTC 2016 - werner@suse.de
- Add upstream patch popd-offset-overflow.patch to fix boo#1010845
CVE-2016-9401: bash: popd controlled free (Segmentation fault)
Remark: this is a simple Segmentation fault, no security risk
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 17 09:27:21 UTC 2016 - werner@suse.de Thu Nov 17 09:27:21 UTC 2016 - werner@suse.de

3
bash.spec
View File

@ -92,6 +92,8 @@ Patch27: readline-6.2-xmalloc.dif
Patch30: readline-6.3-destdir.patch Patch30: readline-6.3-destdir.patch
Patch31: readline-6.3-rltrace.patch Patch31: readline-6.3-rltrace.patch
Patch40: bash-4.1-bash.bashrc.dif Patch40: bash-4.1-bash.bashrc.dif
# PATCH-FIX-UPSTREAM boo#1010845 -- CVE-2016-9401: bash: popd controlled free (Segmentation fault)
Patch41: popd-offset-overflow.patch
Patch46: man2html-no-timestamp.patch Patch46: man2html-no-timestamp.patch
Patch47: bash-4.3-perl522.patch Patch47: bash-4.3-perl522.patch
# PATCH-FIX-SUSE # PATCH-FIX-SUSE
@ -300,6 +302,7 @@ done
#%patch25 -p0 -b .endpw #%patch25 -p0 -b .endpw
%patch31 -p0 -b .tmp %patch31 -p0 -b .tmp
%patch40 -p0 -b .bashrc %patch40 -p0 -b .bashrc
%patch41 -p0 -b .popd
%patch46 -p0 -b .notimestamp %patch46 -p0 -b .notimestamp
%patch47 -p0 -b .perl522 %patch47 -p0 -b .perl522
%if %{with import_function} %if %{with import_function}

27
popd-offset-overflow.patch Normal file
View File

@ -0,0 +1,27 @@
*** ../bash-4.4-patched/builtins/pushd.def 2016-01-25 13:31:49.000000000 -0500
--- builtins/pushd.def 2016-10-28 10:46:49.000000000 -0400
***************
*** 366,370 ****
}
! if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
{
pushd_error (directory_list_offset, which_word ? which_word : "");
--- 366,370 ----
}
! if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
{
pushd_error (directory_list_offset, which_word ? which_word : "");
***************
*** 388,391 ****
--- 388,396 ----
of the list into place. */
i = (direction == '+') ? directory_list_offset - which : which;
+ if (i < 0 || i > directory_list_offset)
+ {
+ pushd_error (directory_list_offset, which_word ? which_word : "");
+ return (EXECUTION_FAILURE);
+ }
free (pushd_directory_list[i]);
directory_list_offset--;