diff --git a/bash-3.2-valgrind.patch b/bash-3.2-valgrind.patch new file mode 100644 index 0000000..08b92f3 --- /dev/null +++ b/bash-3.2-valgrind.patch @@ -0,0 +1,18 @@ +--- array.c ++++ array.c 2007-02-28 11:17:18.000000000 +0000 +@@ -649,13 +649,14 @@ int quoted; + + result = (char *)xmalloc (rsize = 128); + result[0] = '('; ++ indstr[0] = '\0'; + rlen = 1; + + for (ae = element_forw(a->head); ae != a->head; ae = element_forw(ae)) { + is = inttostr (element_index(ae), indstr, sizeof(indstr)); + valstr = element_value (ae) ? sh_double_quote (element_value(ae)) + : (char *)NULL; +- elen = STRLEN (indstr) + 8 + STRLEN (valstr); ++ elen = STRLEN (is) + 3 + STRLEN (valstr); + RESIZE_MALLOCED_BUFFER (result, rlen, (elen + 1), rsize, rsize); + + result[rlen++] = '['; diff --git a/bash-3.2.dif b/bash-3.2.dif index 91a002d..e87b163 100644 --- a/bash-3.2.dif +++ b/bash-3.2.dif @@ -1,6 +1,6 @@ --- .pkgextract +++ .pkgextract 2006-03-27 14:15:25.000000000 +0200 -@@ -0,0 +1,14 @@ +@@ -0,0 +1,15 @@ +tar Oxfj ../bash-3.2-patches.tar.bz2 | patch -p0 -s +patch -p0 -s --suffix=".manual" < ../bash-2.03-manual.patch +patch -p0 -s --suffix=".security" < ../bash-2.05a-security.patch @@ -13,6 +13,7 @@ +patch -p0 -s --suffix=".equote" < ../bash-3.1-extended_quote.patch +patch -p0 -s --suffix=".printf" < ../bash-3.2-printf.patch +patch -p0 -s --suffix=".plugins" < ../bash-3.1-loadables.dif ++patch -p0 -s --suffix=".valgrind" < ../bash-3.2-valgrind.patch +patch -p0 -s --suffix=".zerotty" < ../readline-4.3-input.dif +patch -p0 -s --suffix=".wrap" < ../readline-5.2-wrap.patch +patch -p0 -s --suffix=".conf" < ../readline-5.2-conf.patch diff --git a/bash.changes b/bash.changes index b389083..5a8d8a6 100644 --- a/bash.changes +++ b/bash.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Feb 28 13:25:29 CET 2007 - werner@suse.de + +- Don't access buffer but resulting pointer for array element names + to avoid the not initialized area of the buffer. This also fixes + an inherent wrong calculation of the string length of the array + element names (bug #248717) + ------------------------------------------------------------------- Thu Dec 14 13:10:30 CET 2006 - werner@suse.de diff --git a/bash.spec b/bash.spec index ede8597..e3a56e8 100644 --- a/bash.spec +++ b/bash.spec @@ -1,7 +1,7 @@ # # spec file for package bash (Version 3.2) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -16,7 +16,7 @@ Group: System/Shells Requires: readline >= 5.2 Autoreqprov: on Version: 3.2 -Release: 5 +Release: 12 %define bash_vers 3.2 %define rl_vers 5.2 Summary: The GNU Bourne-Again Shell @@ -38,6 +38,7 @@ Patch8: bash-3.1-random.patch Patch9: bash-3.1-extended_quote.patch Patch10: bash-3.2-printf.patch Patch11: bash-3.1-loadables.dif +Patch12: bash-3.2-valgrind.patch Patch20: readline-%{rl_vers}.dif Patch21: readline-4.3-input.dif Patch22: readline-5.2-wrap.patch @@ -64,7 +65,7 @@ Summary: The Readline Library Group: System/Libraries Provides: bash:/lib/libreadline.so.5 Version: 5.2 -Release: 5 +Release: 12 Autoreqprov: on %description -n readline @@ -84,7 +85,7 @@ Summary: Include Files and Libraries mandatory for Development. Group: Development/Libraries/C and C++ Provides: bash:/usr/lib/libreadline.a Version: 5.2 -Release: 5 +Release: 12 Requires: readline = %{version}-%{release}, %{_libdir}/libncurses.so Autoreqprov: on @@ -118,6 +119,7 @@ unset p %patch9 -p0 -b .extended_quote %patch10 -p0 -b .printf %patch11 -p0 -b .plugins +%patch12 -p0 -b .valgrind for p in ../readline-%{rl_vers}-patches/*; do test -e $p || break case "${p##*/}" in @@ -325,7 +327,12 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libreadline.so %doc %{_mandir}/man3/readline.3.gz -%changelog -n bash +%changelog +* Wed Feb 28 2007 - werner@suse.de +- Don't access buffer but resulting pointer for array element names + to avoid the not initialized area of the buffer. This also fixes + an inherent wrong calculation of the string length of the array + element names (bug #248717) * Thu Dec 14 2006 - werner@suse.de - Update to bash 3.2 patch level 9 * Wed Dec 06 2006 - schwab@suse.de