diff options
author | Lars Wendler <polynomial-c@gentoo.org> | 2016-09-20 16:59:44 +0200 |
---|---|---|
committer | Lars Wendler <polynomial-c@gentoo.org> | 2016-09-20 16:59:44 +0200 |
commit | 7722e02ff41d7e30b1e2226d0cabd4458cd6567c (patch) | |
tree | dcfcb53822d826b3a40ef4712716a51aac78c2e6 /app-shells/bash/files | |
parent | sci-libs/hdf5: update SRC_URI, fixes #594454 (diff) | |
download | gentoo-7722e02ff41d7e30b1e2226d0cabd4458cd6567c.tar.gz gentoo-7722e02ff41d7e30b1e2226d0cabd4458cd6567c.tar.bz2 gentoo-7722e02ff41d7e30b1e2226d0cabd4458cd6567c.zip |
app-shells/bash: Revbump to fix CVE-2016-0634 (bug #594496).
Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'app-shells/bash/files')
-rw-r--r-- | app-shells/bash/files/bash-4.3-prompt-string-comsub.patch | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/app-shells/bash/files/bash-4.3-prompt-string-comsub.patch b/app-shells/bash/files/bash-4.3-prompt-string-comsub.patch new file mode 100644 index 000000000000..175bc53d6f54 --- /dev/null +++ b/app-shells/bash/files/bash-4.3-prompt-string-comsub.patch @@ -0,0 +1,118 @@ +http://seclists.org/oss-sec/2016/q3/538 +https://bugs.gentoo.org/594496 + +*** ../bash-4.3-patched/parse.y 2015-08-13 15:11:54.000000000 -0400 +--- parse.y 2016-03-07 15:44:14.000000000 -0500 +*************** +*** 5259,5263 **** + int result_size, result_index; + int c, n, i; +! char *temp, octal_string[4]; + struct tm *tm; + time_t the_time; +--- 5259,5263 ---- + int result_size, result_index; + int c, n, i; +! char *temp, *t_host, octal_string[4]; + struct tm *tm; + time_t the_time; +*************** +*** 5407,5411 **** + case 's': + temp = base_pathname (shell_name); +! temp = savestring (temp); + goto add_string; + +--- 5407,5415 ---- + case 's': + temp = base_pathname (shell_name); +! /* Try to quote anything the user can set in the file system */ +! if (promptvars || posixly_correct) +! temp = sh_backslash_quote_for_double_quotes (temp); +! else +! temp = savestring (temp); + goto add_string; + +*************** +*** 5497,5503 **** + case 'h': + case 'H': +! temp = savestring (current_host_name); +! if (c == 'h' && (t = (char *)strchr (temp, '.'))) + *t = '\0'; + goto add_string; + +--- 5501,5515 ---- + case 'h': + case 'H': +! t_host = savestring (current_host_name); +! if (c == 'h' && (t = (char *)strchr (t_host, '.'))) + *t = '\0'; ++ if (promptvars || posixly_correct) ++ /* Make sure that expand_prompt_string is called with a ++ second argument of Q_DOUBLE_QUOTES if we use this ++ function here. */ ++ temp = sh_backslash_quote_for_double_quotes (t_host); ++ else ++ temp = savestring (t_host); ++ free (t_host); + goto add_string; + +*** ../bash-4.3-patched/y.tab.c 2015-08-13 15:11:54.000000000 -0400 +--- y.tab.c 2016-03-07 15:44:14.000000000 -0500 +*************** +*** 7571,7575 **** + int result_size, result_index; + int c, n, i; +! char *temp, octal_string[4]; + struct tm *tm; + time_t the_time; +--- 7571,7575 ---- + int result_size, result_index; + int c, n, i; +! char *temp, *t_host, octal_string[4]; + struct tm *tm; + time_t the_time; +*************** +*** 7719,7723 **** + case 's': + temp = base_pathname (shell_name); +! temp = savestring (temp); + goto add_string; + +--- 7719,7727 ---- + case 's': + temp = base_pathname (shell_name); +! /* Try to quote anything the user can set in the file system */ +! if (promptvars || posixly_correct) +! temp = sh_backslash_quote_for_double_quotes (temp); +! else +! temp = savestring (temp); + goto add_string; + +*************** +*** 7809,7815 **** + case 'h': + case 'H': +! temp = savestring (current_host_name); +! if (c == 'h' && (t = (char *)strchr (temp, '.'))) + *t = '\0'; + goto add_string; + +--- 7813,7827 ---- + case 'h': + case 'H': +! t_host = savestring (current_host_name); +! if (c == 'h' && (t = (char *)strchr (t_host, '.'))) + *t = '\0'; ++ if (promptvars || posixly_correct) ++ /* Make sure that expand_prompt_string is called with a ++ second argument of Q_DOUBLE_QUOTES if we use this ++ function here. */ ++ temp = sh_backslash_quote_for_double_quotes (t_host); ++ else ++ temp = savestring (t_host); ++ free (t_host); + goto add_string; + + |