app-shells/bash: Revbump to fix CVE-2016-0634 (bug #594496).

Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

1 files changed, 118 insertions, 0 deletions

diff --git a/app-shells/bash/files/bash-4.3-prompt-string-comsub.patch b/app-shells/bash/files/bash-4.3-prompt-string-comsub.patch
new file mode 100644
index 000000000000..175bc53d6f54
--- /dev/null
+++ b/app-shells/bash/files/bash-4.3-prompt-string-comsub.patch
@@ -0,0 +1,118 @@
+http://seclists.org/oss-sec/2016/q3/538
+https://bugs.gentoo.org/594496
+
+*** ../bash-4.3-patched/parse.y	2015-08-13 15:11:54.000000000 -0400
+--- parse.y	2016-03-07 15:44:14.000000000 -0500
+***************
+*** 5259,5263 ****
+    int result_size, result_index;
+    int c, n, i;
+!   char *temp, octal_string[4];
+    struct tm *tm;  
+    time_t the_time;
+--- 5259,5263 ----
+    int result_size, result_index;
+    int c, n, i;
+!   char *temp, *t_host, octal_string[4];
+    struct tm *tm;  
+    time_t the_time;
+***************
+*** 5407,5411 ****
+  	    case 's':
+  	      temp = base_pathname (shell_name);
+! 	      temp = savestring (temp);
+  	      goto add_string;
+  
+--- 5407,5415 ----
+  	    case 's':
+  	      temp = base_pathname (shell_name);
+! 	      /* Try to quote anything the user can set in the file system */
+! 	      if (promptvars || posixly_correct)
+! 		temp = sh_backslash_quote_for_double_quotes (temp);
+! 	      else
+! 		temp = savestring (temp);
+  	      goto add_string;
+  
+***************
+*** 5497,5503 ****
+  	    case 'h':
+  	    case 'H':
+! 	      temp = savestring (current_host_name);
+! 	      if (c == 'h' && (t = (char *)strchr (temp, '.')))
+  		*t = '\0';
+  	      goto add_string;
+  
+--- 5501,5515 ----
+  	    case 'h':
+  	    case 'H':
+! 	      t_host = savestring (current_host_name);
+! 	      if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+  		*t = '\0';
++ 	      if (promptvars || posixly_correct)
++ 		/* Make sure that expand_prompt_string is called with a
++ 		   second argument of Q_DOUBLE_QUOTES if we use this
++ 		   function here. */
++ 		temp = sh_backslash_quote_for_double_quotes (t_host);
++ 	      else
++ 		temp = savestring (t_host);
++ 	      free (t_host);
+  	      goto add_string;
+  
+*** ../bash-4.3-patched/y.tab.c	2015-08-13 15:11:54.000000000 -0400
+--- y.tab.c	2016-03-07 15:44:14.000000000 -0500
+***************
+*** 7571,7575 ****
+    int result_size, result_index;
+    int c, n, i;
+!   char *temp, octal_string[4];
+    struct tm *tm;  
+    time_t the_time;
+--- 7571,7575 ----
+    int result_size, result_index;
+    int c, n, i;
+!   char *temp, *t_host, octal_string[4];
+    struct tm *tm;  
+    time_t the_time;
+***************
+*** 7719,7723 ****
+  	    case 's':
+  	      temp = base_pathname (shell_name);
+! 	      temp = savestring (temp);
+  	      goto add_string;
+  
+--- 7719,7727 ----
+  	    case 's':
+  	      temp = base_pathname (shell_name);
+! 	      /* Try to quote anything the user can set in the file system */
+! 	      if (promptvars || posixly_correct)
+! 		temp = sh_backslash_quote_for_double_quotes (temp);
+! 	      else
+! 		temp = savestring (temp);
+  	      goto add_string;
+  
+***************
+*** 7809,7815 ****
+  	    case 'h':
+  	    case 'H':
+! 	      temp = savestring (current_host_name);
+! 	      if (c == 'h' && (t = (char *)strchr (temp, '.')))
+  		*t = '\0';
+  	      goto add_string;
+  
+--- 7813,7827 ----
+  	    case 'h':
+  	    case 'H':
+! 	      t_host = savestring (current_host_name);
+! 	      if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+  		*t = '\0';
++ 	      if (promptvars || posixly_correct)
++ 		/* Make sure that expand_prompt_string is called with a
++ 		   second argument of Q_DOUBLE_QUOTES if we use this
++ 		   function here. */
++ 		temp = sh_backslash_quote_for_double_quotes (t_host);
++ 	      else
++ 		temp = savestring (t_host);
++ 	      free (t_host);
+  	      goto add_string;
+  
+