Accepting request 453464 from Base:System

- Add upstream patch readline70-002 which replace old one
  There is a race condition in add_history() that can be triggered by a fatal
  signal arriving between the time the history length is updated and the time
  the history list update is completed. A later attempt to reference an
  invalid history entry can cause a crash.
- Add upstream patch readline70-003
  Readline-7.0 uses pselect(2) to allow readline to handle signals that do not
  interrupt read(2), such as SIGALRM, before reading another character.  The
  signal mask used in the pselect call did not take into account signals the
  calling application blocked before calling readline().

- Add upstream patch bash44-006 
  Out-of-range negative offsets to popd can cause the shell to crash
  attempting to free an invalid memory block.
- Remove patch popd-offset-overflow.patch to use bash44-006
- Add upstream patch bash44-007 
  When performing filename completion, bash dequotes the directory
  name being completed, which can result in match failures and
  potential unwanted expansion.
- Duplicate bash44-007 as readline70-002 as it seems to be missed
- Add upstream patch bash44-008 
  Under certain circumstances, bash will evaluate arithmetic
  expressions as part of reading an expression token even when
  evaluation is suppressed. This happens while evaluating a
  conditional expression and skipping over the failed branch of the
  expression.
- Add upstream patch bash44-009 
  There is a race condition in add_history() that can be triggered
  by a fatal signal arriving between the time the history length
  is updated and the time the history list update is completed.

OBS-URL: https://build.opensuse.org/request/show/453464
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bash?expand=0&rev=135

bash-4.3-2.4.4.patch

@@ -8,7 +8,7 @@
  6 files changed, 17 insertions(+), 7 deletions(-)
 
 --- array.c
-+++ array.c	2016-09-16 10:37:12.179427118 +0000
++++ array.c	2017-01-27 17:45:42.364066849 +0000
 @@ -946,7 +946,7 @@ char	*s, *sep;
   * To make a running version, compile -DTEST_ARRAY and link with:
   * 	xmalloc.o syntax.o lib/malloc/libmalloc.a lib/sh/libsh.a
@@ -19,7 +19,7 @@
  int
  signal_is_trapped(s)
 --- examples/loadables/tee.c
-+++ examples/loadables/tee.c	2016-09-16 10:37:12.179427118 +0000
++++ examples/loadables/tee.c	2017-01-27 17:45:42.364066849 +0000
 @@ -35,6 +35,7 @@
  #include "bashansi.h"
  
@@ -38,7 +38,7 @@
  extern char *strerror ();
  
 --- hashlib.c
-+++ hashlib.c	2016-09-16 10:37:12.179427118 +0000
++++ hashlib.c	2017-01-27 17:45:42.364066849 +0000
 @@ -382,7 +382,7 @@ hash_pstats (table, name)
  
  HASH_TABLE *table, *ntable;
@@ -49,8 +49,8 @@
  int
  signal_is_trapped (s)
 --- jobs.c
-+++ jobs.c	2016-09-16 10:37:12.183427043 +0000
-@@ -1947,6 +1947,15 @@ make_child (command, async_p)
++++ jobs.c	2017-01-27 17:45:42.364066849 +0000
+@@ -1962,6 +1962,15 @@ make_child (command, async_p)
        pid_t mypid;
  
        mypid = getpid ();
@@ -67,7 +67,7 @@
        /* Close default_buffered_input if it's > 0.  We don't close it if it's
  	 0 because that's the file descriptor used when redirecting input,
 --- sig.c
-+++ sig.c	2016-09-16 10:37:12.183427043 +0000
++++ sig.c	2017-01-27 17:45:42.364066849 +0000
 @@ -98,10 +98,10 @@ sigset_t top_level_mask;
  #endif /* JOB_CONTROL */
  
@@ -82,7 +82,7 @@
  #if defined (SIGWINCH)
  static SigHandler *old_winch = (SigHandler *)SIG_DFL;
 --- sig.h
-+++ sig.h	2016-09-16 10:37:12.183427043 +0000
++++ sig.h	2017-01-27 17:45:42.364066849 +0000
 @@ -109,8 +109,8 @@ do { \
  extern volatile sig_atomic_t sigwinch_received;
  extern volatile sig_atomic_t sigterm_received;

bash-4.3-sigrestart.patch

@@ -3,8 +3,8 @@
  1 file changed, 6 insertions(+)
 
 --- sig.c
-+++ sig.c	2016-09-14 08:54:54.158863424 +0000
-@@ -738,10 +738,16 @@ set_signal_handler (sig, handler)
++++ sig.c	2017-01-27 17:46:46.602829901 +0000
+@@ -739,10 +739,16 @@ set_signal_handler (sig, handler)
    if (sig == SIGCHLD)
      act.sa_flags |= SA_RESTART;		/* XXX */
  #endif

bash-4.4-patches.tar.bz2

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:14dccf11ec530ff79696ddf8648b9d9e56c924804c8ec73eba78ca9c3581b5c0
-size 3408
+oid sha256:4c8f6d1c5c94802053b08c015b4059446a9366378c329902a0eaf9ab4846f730
+size 8213

bash.changes

@@ -1,3 +1,59 @@
+-------------------------------------------------------------------
+Mon Jan 30 16:11:13 UTC 2017 - werner@suse.de
+
+- Add upstream patch readline70-002 which replace old one
+  There is a race condition in add_history() that can be triggered by a fatal
+  signal arriving between the time the history length is updated and the time
+  the history list update is completed. A later attempt to reference an
+  invalid history entry can cause a crash.
+- Add upstream patch readline70-003
+  Readline-7.0 uses pselect(2) to allow readline to handle signals that do not
+  interrupt read(2), such as SIGALRM, before reading another character.  The
+  signal mask used in the pselect call did not take into account signals the
+  calling application blocked before calling readline().
+
+-------------------------------------------------------------------
+Fri Jan 27 17:31:59 UTC 2017 - werner@suse.de
+
+- Add upstream patch bash44-006 
+  Out-of-range negative offsets to popd can cause the shell to crash
+  attempting to free an invalid memory block.
+- Remove patch popd-offset-overflow.patch to use bash44-006
+- Add upstream patch bash44-007 
+  When performing filename completion, bash dequotes the directory
+  name being completed, which can result in match failures and
+  potential unwanted expansion.
+- Duplicate bash44-007 as readline70-002 as it seems to be missed
+- Add upstream patch bash44-008 
+  Under certain circumstances, bash will evaluate arithmetic
+  expressions as part of reading an expression token even when
+  evaluation is suppressed. This happens while evaluating a
+  conditional expression and skipping over the failed branch of the
+  expression.
+- Add upstream patch bash44-009 
+  There is a race condition in add_history() that can be triggered
+  by a fatal signal arriving between the time the history length
+  is updated and the time the history list update is completed.
+  A later attempt to reference an invalid history entry can cause
+  a crash.
+- Add upstream patch bash44-010 
+  Depending on compiler optimizations and behavior, the `read'
+  builtin may not save partial input when a timeout occurs.
+- Add upstream patch bash44-011 
+  Subshells begun to run command and process substitutions may
+  attempt to set the terminal's process group to an incorrect
+  value if they receive a fatal signal.  This depends on the
+  behavior of the process that starts the shell.
+- Add upstream patch bash44-012 
+  When -N is used, the input is not supposed to be split using
+  $IFS, but leading and trailing IFS whitespace was still removed.
+
+-------------------------------------------------------------------
+Thu Jan 19 12:20:06 UTC 2017 - werner@suse.de
+
+- Remove -L option on screen call dues API change, now we depend
+  on environment variables only.
+
 -------------------------------------------------------------------
 Fri Dec  9 12:09:46 UTC 2016 - mliska@suse.cz
 

bash.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package bash
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -92,8 +92,6 @@ Patch27:        readline-6.2-xmalloc.dif
 Patch30:        readline-6.3-destdir.patch
 Patch31:        readline-6.3-rltrace.patch
 Patch40:        bash-4.1-bash.bashrc.dif
-# PATCH-FIX-UPSTREAM boo#1010845 -- CVE-2016-9401: bash: popd controlled free (Segmentation fault)
-Patch41:        popd-offset-overflow.patch
 Patch46:        man2html-no-timestamp.patch
 Patch47:        bash-4.3-perl522.patch
 # PATCH-FIX-SUSE
@@ -302,7 +300,6 @@ done
 #%patch25 -p0 -b .endpw
 %patch31 -p0 -b .tmp
 %patch40 -p0 -b .bashrc
-%patch41 -p0 -b .popd
 %patch46 -p0 -b .notimestamp
 %patch47 -p0 -b .perl522
 %if %{with import_function}
@@ -343,6 +340,7 @@ done
   SCREENLOG=${SCREENDIR}/log
   cat > $SCREENRC<<-EOF
 	deflogin off
+	deflog on
 	logfile $SCREENLOG
 	logfile flush 1
 	logtstamp off
@@ -548,7 +546,7 @@ popd
   tail -q -s 0.5 -f $SCREENLOG & pid=$!
   env -i HOME=$PWD TERM=$TERM LD_LIBRARY_PATH=$LD_RUN_PATH TMPDIR=$TMPDIR \
 	SCREENRC=$SCREENRC SCREENDIR=$SCREENDIR \
-	screen -L -D -m make TESTSCRIPT=%{SOURCE4} check
+	screen -D -m make TESTSCRIPT=%{SOURCE4} check
   kill -TERM $pid
   make %{?do_profiling:CFLAGS="$CFLAGS %cflags_profile_feedback -fprofile-correction" clean} all
   make -C examples/loadables/

popd-offset-overflow.patch

@@ -1,27 +0,0 @@
-*** ../bash-4.4-patched/builtins/pushd.def	2016-01-25 13:31:49.000000000 -0500
---- builtins/pushd.def	2016-10-28 10:46:49.000000000 -0400
-***************
-*** 366,370 ****
-      }
-  
-!   if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
-      {
-        pushd_error (directory_list_offset, which_word ? which_word : "");
---- 366,370 ----
-      }
-  
-!   if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
-      {
-        pushd_error (directory_list_offset, which_word ? which_word : "");
-***************
-*** 388,391 ****
---- 388,396 ----
-  	 of the list into place. */
-        i = (direction == '+') ? directory_list_offset - which : which;
-+       if (i < 0 || i > directory_list_offset)
-+ 	{
-+ 	  pushd_error (directory_list_offset, which_word ? which_word : "");
-+ 	  return (EXECUTION_FAILURE);
-+ 	}
-        free (pushd_directory_list[i]);
-        directory_list_offset--;