From c6c0cde02be40558ab9de5a6ed871a1c5bea5b5b Mon Sep 17 00:00:00 2001
From: Ondrej Oprala <ooprala@redhat.com>
Date: Oct 06 2014 05:41:05 +0000
Subject: RedHat's patchlevel 28


---

diff --git a/bash-4.2-cve-2014-7169-0.patch b/bash-4.2-cve-2014-7169-0.patch
deleted file mode 100644
index 5f59b46..0000000
--- a/bash-4.2-cve-2014-7169-0.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-*** ../bash-20140912/parse.y	2014-08-26 15:09:42.000000000 -0400
---- parse.y	2014-09-24 22:47:28.000000000 -0400
-***************
-*** 2959,2962 ****
---- 2959,2964 ----
-    word_desc_to_read = (WORD_DESC *)NULL;
-  
-+   eol_ungetc_lookahead = 0;
-+ 
-    current_token = '\n';		/* XXX */
-    last_read_token = '\n';
-
diff --git a/bash.spec b/bash.spec
index 14d0e82..11bdd8c 100644
--- a/bash.spec
+++ b/bash.spec
@@ -1,5 +1,5 @@
 #% define beta_tag rc2
-%define patchleveltag .25
+%define patchleveltag .28
 %define baseversion 4.3
 %bcond_without tests
 %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
@@ -7,7 +7,7 @@
 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 2%{?dist}
+Release: 1%{?dist}
 Group: System Environment/Shells
 License: GPLv3+
 Url: http://www.gnu.org/software/bash
@@ -46,6 +46,18 @@ Patch022: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-022
 Patch023: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-023
 Patch024: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-024
 Patch025: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025
+Patch026: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026
+
+# 1146326 - cve-2014-7169
+# we want to keep these patches from Florian Weimer
+# instead of the official ones, to match the ()/%%
+# detail we already have applied across RHELs and not to
+# create incompatibilities in the future
+#patchlevel 27
+Patch027: bash-4.2-cve-2014-7169-1.patch
+#patchlevel 28
+Patch028: bash-4.2-cve-2014-7169-2.patch
+
 
 # Other patches
 Patch101: bash-2.02-security.patch
@@ -103,12 +115,6 @@ Patch134: bash-4.3-pathexp-globignore-delim.patch
 # 1102815 - fix double echoes in vi visual mode
 Patch135: bash-4.3-noecho.patch
 
-# 1146319 - cve-2014-7169
-
-Patch136: bash-4.2-cve-2014-7169-0.patch
-Patch137: bash-4.2-cve-2014-7169-1.patch
-Patch138: bash-4.2-cve-2014-7169-2.patch
-
 BuildRequires: texinfo bison
 BuildRequires: ncurses-devel
 BuildRequires: autoconf, gettext
@@ -160,6 +166,9 @@ This package contains documentation files for %{name}.
 %patch023 -p0 -b .023
 %patch024 -p0 -b .024
 %patch025 -p0 -b .025
+%patch026 -p0 -b .026
+%patch027 -p0 -b .7169-1
+%patch028 -p0 -b .7169-2
 
 # Other patches
 %patch101 -p1 -b .security
@@ -190,9 +199,6 @@ This package contains documentation files for %{name}.
 %patch131 -p0 -b .keyword
 %patch134 -p0 -b .delim
 %patch135 -p1 -b .noecho
-%patch136 -p0 -b .7169-0
-%patch137 -p0 -b .7169-1
-%patch138 -p0 -b .7169-2
 
 echo %{version} > _distribution
 echo %{release} > _patchlevel
@@ -388,6 +394,9 @@ end
 %doc doc/*.ps doc/*.0 doc/*.html doc/article.txt
 
 %changelog
+* Mon Oct 06 2014  Ondrej Oprala <ooprala@redhat.com> - 4.3.28-1
+- RedHat's patchlevel 28
+
 * Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> - 4.3.25-2
 - CVE-2014-7169
   Resolves: #1146319
diff --git a/bash43-026 b/bash43-026
new file mode 100644
index 0000000..d5d5b1d
--- /dev/null
+++ b/bash43-026
@@ -0,0 +1,60 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.3
+Patch-ID:	bash43-026
+
+Bug-Reported-by:	Tavis Ormandy <taviso@cmpxchg8b.com>
+Bug-Reference-ID:
+Bug-Reference-URL:	http://twitter.com/taviso/statuses/514887394294652929
+
+Bug-Description:
+
+Under certain circumstances, bash can incorrectly save a lookahead character and
+return it on a subsequent call, even when reading a new line.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3.25/parse.y	2014-07-30 10:14:31.000000000 -0400
+--- parse.y	2014-09-25 20:20:21.000000000 -0400
+***************
+*** 2954,2957 ****
+--- 2954,2959 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+*** ../bash-4.3.25/y.tab.c	2014-07-30 10:14:32.000000000 -0400
+--- y.tab.c	2014-09-25 20:21:48.000000000 -0400
+***************
+*** 5266,5269 ****
+--- 5266,5271 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+***************
+*** 8540,8542 ****
+  }
+  #endif /* HANDLE_MULTIBYTE */
+- 
+--- 8542,8543 ----
+*** ../bash-4.3/patchlevel.h	2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h	2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 25
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 26
+  
+  #endif /* _PATCHLEVEL_H_ */