From 93ee8ce21eae2de73a75739b77e4a43c8e424d73 Mon Sep 17 00:00:00 2001 From: Ondrej Oprala Date: Oct 06 2014 04:44:09 +0000 Subject: RedHat's patchlevel 51 --- diff --git a/bash-4.2-cve-2014-7169-0.patch b/bash-4.2-cve-2014-7169-0.patch deleted file mode 100644 index 5f59b46..0000000 --- a/bash-4.2-cve-2014-7169-0.patch +++ /dev/null @@ -1,12 +0,0 @@ -*** ../bash-20140912/parse.y 2014-08-26 15:09:42.000000000 -0400 ---- parse.y 2014-09-24 22:47:28.000000000 -0400 -*************** -*** 2959,2962 **** ---- 2959,2964 ---- - word_desc_to_read = (WORD_DESC *)NULL; - -+ eol_ungetc_lookahead = 0; -+ - current_token = '\n'; /* XXX */ - last_read_token = '\n'; - diff --git a/bash.spec b/bash.spec index f3495e5..2ab5a72 100644 --- a/bash.spec +++ b/bash.spec @@ -1,12 +1,12 @@ #% define beta_tag rc2 -%define patchleveltag .48 +%define patchleveltag .51 %define baseversion 4.2 %bcond_without tests Version: %{baseversion}%{patchleveltag} Name: bash Summary: The GNU Bourne Again shell -Release: 2%{?dist} +Release: 1%{?dist} Group: System Environment/Shells License: GPLv3+ Url: http://www.gnu.org/software/bash @@ -68,6 +68,18 @@ Patch045: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-045 Patch046: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-046 Patch047: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-047 Patch048: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-048 +Patch049: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-049 +# 1146326 - cve-2014-7169 +# we want to keep these patches from Florian Weimer +# instead of the official ones, to match the ()/%% +# detail we already have applied across RHELs and not to +# create incompatibilities in the future + +#patchlevel 50 +Patch050: bash-4.2-cve-2014-7169-1.patch +#patchlevel 51 +Patch051: bash-4.2-cve-2014-7169-2.patch + # Other patches Patch101: bash-2.02-security.patch @@ -118,12 +130,6 @@ Patch125: bash-4.2-size_type.patch # 903833, Fix missing close(), fixes fd leaks Patch126: bash-4.2-missing_closes.patch -# 1146326 - cve-2014-7169 - -Patch129: bash-4.2-cve-2014-7169-0.patch -Patch130: bash-4.2-cve-2014-7169-1.patch -Patch131: bash-4.2-cve-2014-7169-2.patch - BuildRequires: texinfo bison BuildRequires: ncurses-devel BuildRequires: autoconf, gettext @@ -200,6 +206,9 @@ This package contains documentation files for %{name}. %patch046 -p0 -b .046 %patch047 -p0 -b .047 %patch048 -p0 -b .048 +%patch049 -p0 -b .049 +%patch050 -p0 -b .7169-1 +%patch051 -p0 -b .7169-2 # Other patches %patch101 -p1 -b .security @@ -228,9 +237,6 @@ This package contains documentation files for %{name}. %patch124 -p1 -b .signal %patch125 -p1 -b .size_type %patch126 -p1 -b .missing_closes -%patch129 -p0 -b .7169-0 -%patch130 -p0 -b .7169-1 -%patch131 -p0 -b .7169-2 echo %{version} > _distribution echo %{release} > _patchlevel @@ -423,6 +429,9 @@ end #%doc doc/*.ps doc/*.0 doc/*.html doc/article.txt %changelog +* Mon Oct 06 2014 Ondrej Oprala - 4.2.51-1 +- RedHat's patchlevel 51 + * Thu Sep 25 2014 Ondrej Oprala - 4.2.48-2 - CVE-2014-7169 Resolves: #1146319 diff --git a/bash42-049 b/bash42-049 new file mode 100644 index 0000000..bf3abce --- /dev/null +++ b/bash42-049 @@ -0,0 +1,43 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.2 +Patch-ID: bash42-049 + +Bug-Reported-by: Tavis Ormandy +Bug-Reference-ID: +Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929 + +Bug-Description: + +Under certain circumstances, bash can incorrectly save a lookahead character and +return it on a subsequent call, even when reading a new line. + +Patch (apply with `patch -p0'): + +*** ../bash-4.2.48/parse.y 2012-12-31 11:52:57.000000000 -0500 +--- parse.y 2014-09-25 16:12:19.000000000 -0400 +*************** +*** 2851,2854 **** +--- 2851,2856 ---- + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + current_token = '\n'; /* XXX */ + last_read_token = '\n'; +*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 +--- patchlevel.h Thu Feb 24 21:41:34 2011 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 48 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 49 + + #endif /* _PATCHLEVEL_H_ */