kumquat-buildroot/package/bash/bash-4.2-029.patch
Gustavo Zacarias 8add5064c3 bash: security bump to version 4.2 pl37
Bump bash to version 4.2 patchlevel 37.
Fixes CVE-2012-3410.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-08-24 23:47:56 +02:00

525 lines
16 KiB
Diff

BASH PATCH REPORT
=================
Bash-Release: 4.2
Patch-ID: bash42-029
Bug-Reported-by: "Michael Kalisz" <michael@kalisz.homelinux.net>
Bug-Reference-ID: <50241.78.69.11.112.1298585641.squirrel@kalisz.homelinux.net>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00274.html
Bug-Description:
Bash-4.2 tries to leave completed directory names as the user typed them,
without expanding them to a full pathname. One effect of this is that
shell variables used in pathnames being completed (e.g., $HOME) are left
unchanged, but the `$' is quoted by readline because it is a special
character to the shell.
This patch introduces two things:
1. A new shell option, `direxpand', which, if set, attempts to emulate the
bash-4.1 behavior of expanding words to full pathnames during
completion;
2. A set of heuristics that reduce the number of times special characters
such as `$' are quoted when the directory name is not expanded.
Patch (apply with `patch -p0'):
diff -NrC 2 ../bash-4.2-patched/bashline.c ./bashline.c
*** ../bash-4.2-patched/bashline.c 2011-01-16 15:32:47.000000000 -0500
--- ./bashline.c 2012-05-07 16:27:18.000000000 -0400
***************
*** 122,125 ****
--- 122,128 ----
static int bash_push_line __P((void));
+ static rl_icppfunc_t *save_directory_hook __P((void));
+ static void reset_directory_hook __P((rl_icppfunc_t *));
+
static void cleanup_expansion_error __P((void));
static void maybe_make_readline_line __P((char *));
***************
*** 244,251 ****
--- 247,261 ----
int dircomplete_spelling = 0;
+ /* Expand directory names during word/filename completion. */
+ int dircomplete_expand = 0;
+ int dircomplete_expand_relpath = 0;
+
static char *bash_completer_word_break_characters = " \t\n\"'@><=;|&(:";
static char *bash_nohostname_word_break_characters = " \t\n\"'><=;|&(:";
/* )) */
+ static const char *default_filename_quote_characters = " \t\n\\\"'@<>=;|&()#$`?*[!:{~"; /*}*/
+ static char *custom_filename_quote_characters = 0;
+
static rl_hook_func_t *old_rl_startup_hook = (rl_hook_func_t *)NULL;
***************
*** 502,506 ****
/* Tell the completer that we might want to follow symbolic links or
do other expansion on directory names. */
! rl_directory_rewrite_hook = bash_directory_completion_hook;
rl_filename_rewrite_hook = bash_filename_rewrite_hook;
--- 512,516 ----
/* Tell the completer that we might want to follow symbolic links or
do other expansion on directory names. */
! set_directory_hook ();
rl_filename_rewrite_hook = bash_filename_rewrite_hook;
***************
*** 530,534 ****
/* characters that need to be quoted when appearing in filenames. */
! rl_filename_quote_characters = " \t\n\\\"'@<>=;|&()#$`?*[!:{~"; /*}*/
rl_filename_quoting_function = bash_quote_filename;
--- 540,544 ----
/* characters that need to be quoted when appearing in filenames. */
! rl_filename_quote_characters = default_filename_quote_characters;
rl_filename_quoting_function = bash_quote_filename;
***************
*** 565,570 ****
rl_attempted_completion_function = attempt_shell_completion;
rl_completion_entry_function = NULL;
- rl_directory_rewrite_hook = bash_directory_completion_hook;
rl_ignore_some_completions_function = filename_completion_ignore;
}
--- 575,582 ----
rl_attempted_completion_function = attempt_shell_completion;
rl_completion_entry_function = NULL;
rl_ignore_some_completions_function = filename_completion_ignore;
+ rl_filename_quote_characters = default_filename_quote_characters;
+
+ set_directory_hook ();
}
***************
*** 1280,1283 ****
--- 1292,1298 ----
rl_ignore_some_completions_function = filename_completion_ignore;
+ rl_filename_quote_characters = default_filename_quote_characters;
+ set_directory_hook ();
+
/* Determine if this could be a command word. It is if it appears at
the start of the line (ignoring preceding whitespace), or if it
***************
*** 1592,1595 ****
--- 1607,1616 ----
else
{
+ if (dircomplete_expand && dot_or_dotdot (filename_hint))
+ {
+ dircomplete_expand = 0;
+ set_directory_hook ();
+ dircomplete_expand = 1;
+ }
mapping_over = 4;
goto inner;
***************
*** 1792,1795 ****
--- 1813,1819 ----
inner:
val = rl_filename_completion_function (filename_hint, istate);
+ if (mapping_over == 4 && dircomplete_expand)
+ set_directory_hook ();
+
istate = 1;
***************
*** 2694,2697 ****
--- 2718,2767 ----
}
+ /* Functions to save and restore the appropriate directory hook */
+ /* This is not static so the shopt code can call it */
+ void
+ set_directory_hook ()
+ {
+ if (dircomplete_expand)
+ {
+ rl_directory_completion_hook = bash_directory_completion_hook;
+ rl_directory_rewrite_hook = (rl_icppfunc_t *)0;
+ }
+ else
+ {
+ rl_directory_rewrite_hook = bash_directory_completion_hook;
+ rl_directory_completion_hook = (rl_icppfunc_t *)0;
+ }
+ }
+
+ static rl_icppfunc_t *
+ save_directory_hook ()
+ {
+ rl_icppfunc_t *ret;
+
+ if (dircomplete_expand)
+ {
+ ret = rl_directory_completion_hook;
+ rl_directory_completion_hook = (rl_icppfunc_t *)NULL;
+ }
+ else
+ {
+ ret = rl_directory_rewrite_hook;
+ rl_directory_rewrite_hook = (rl_icppfunc_t *)NULL;
+ }
+
+ return ret;
+ }
+
+ static void
+ restore_directory_hook (hookf)
+ rl_icppfunc_t *hookf;
+ {
+ if (dircomplete_expand)
+ rl_directory_completion_hook = hookf;
+ else
+ rl_directory_rewrite_hook = hookf;
+ }
+
/* Handle symbolic link references and other directory name
expansions while hacking completion. This should return 1 if it modifies
***************
*** 2703,2720 ****
{
char *local_dirname, *new_dirname, *t;
! int return_value, should_expand_dirname;
WORD_LIST *wl;
struct stat sb;
! return_value = should_expand_dirname = 0;
local_dirname = *dirname;
! if (mbschr (local_dirname, '$'))
! should_expand_dirname = 1;
else
{
t = mbschr (local_dirname, '`');
if (t && unclosed_pair (local_dirname, strlen (local_dirname), "`") == 0)
! should_expand_dirname = 1;
}
--- 2773,2801 ----
{
char *local_dirname, *new_dirname, *t;
! int return_value, should_expand_dirname, nextch, closer;
WORD_LIST *wl;
struct stat sb;
! return_value = should_expand_dirname = nextch = closer = 0;
local_dirname = *dirname;
! if (t = mbschr (local_dirname, '$'))
! {
! should_expand_dirname = '$';
! nextch = t[1];
! /* Deliberately does not handle the deprecated $[...] arithmetic
! expansion syntax */
! if (nextch == '(')
! closer = ')';
! else if (nextch == '{')
! closer = '}';
! else
! nextch = 0;
! }
else
{
t = mbschr (local_dirname, '`');
if (t && unclosed_pair (local_dirname, strlen (local_dirname), "`") == 0)
! should_expand_dirname = '`';
}
***************
*** 2740,2743 ****
--- 2821,2841 ----
dispose_words (wl);
local_dirname = *dirname;
+ /* XXX - change rl_filename_quote_characters here based on
+ should_expand_dirname/nextch/closer. This is the only place
+ custom_filename_quote_characters is modified. */
+ if (rl_filename_quote_characters && *rl_filename_quote_characters)
+ {
+ int i, j, c;
+ i = strlen (default_filename_quote_characters);
+ custom_filename_quote_characters = xrealloc (custom_filename_quote_characters, i+1);
+ for (i = j = 0; c = default_filename_quote_characters[i]; i++)
+ {
+ if (c == should_expand_dirname || c == nextch || c == closer)
+ continue;
+ custom_filename_quote_characters[j++] = c;
+ }
+ custom_filename_quote_characters[j] = '\0';
+ rl_filename_quote_characters = custom_filename_quote_characters;
+ }
}
else
***************
*** 2759,2762 ****
--- 2857,2871 ----
}
+ /* no_symbolic_links == 0 -> use (default) logical view of the file system.
+ local_dirname[0] == '.' && local_dirname[1] == '/' means files in the
+ current directory (./).
+ local_dirname[0] == '.' && local_dirname[1] == 0 means relative pathnames
+ in the current directory (e.g., lib/sh).
+ XXX - should we do spelling correction on these? */
+
+ /* This is test as it was in bash-4.2: skip relative pathnames in current
+ directory. Change test to
+ (local_dirname[0] != '.' || (local_dirname[1] && local_dirname[1] != '/'))
+ if we want to skip paths beginning with ./ also. */
if (no_symbolic_links == 0 && (local_dirname[0] != '.' || local_dirname[1]))
{
***************
*** 2764,2767 ****
--- 2873,2885 ----
int len1, len2;
+ /* If we have a relative path
+ (local_dirname[0] != '/' && local_dirname[0] != '.')
+ that is canonical after appending it to the current directory, then
+ temp1 = temp2+'/'
+ That is,
+ strcmp (temp1, temp2) == 0
+ after adding a slash to temp2 below. It should be safe to not
+ change those.
+ */
t = get_working_directory ("symlink-hook");
temp1 = make_absolute (local_dirname, t);
***************
*** 2798,2802 ****
}
}
! return_value |= STREQ (local_dirname, temp2) == 0;
free (local_dirname);
*dirname = temp2;
--- 2916,2928 ----
}
}
!
! /* dircomplete_expand_relpath == 0 means we want to leave relative
! pathnames that are unchanged by canonicalization alone.
! *local_dirname != '/' && *local_dirname != '.' == relative pathname
! (consistent with general.c:absolute_pathname())
! temp1 == temp2 (after appending a slash to temp2) means the pathname
! is not changed by canonicalization as described above. */
! if (dircomplete_expand_relpath || ((local_dirname[0] != '/' && local_dirname[0] != '.') && STREQ (temp1, temp2) == 0))
! return_value |= STREQ (local_dirname, temp2) == 0;
free (local_dirname);
*dirname = temp2;
***************
*** 3003,3012 ****
orig_func = rl_completion_entry_function;
orig_attempt_func = rl_attempted_completion_function;
- orig_dir_func = rl_directory_rewrite_hook;
orig_ignore_func = rl_ignore_some_completions_function;
orig_rl_completer_word_break_characters = rl_completer_word_break_characters;
rl_completion_entry_function = rl_filename_completion_function;
rl_attempted_completion_function = (rl_completion_func_t *)NULL;
- rl_directory_rewrite_hook = (rl_icppfunc_t *)NULL;
rl_ignore_some_completions_function = filename_completion_ignore;
rl_completer_word_break_characters = " \t\n\"\'";
--- 3129,3139 ----
orig_func = rl_completion_entry_function;
orig_attempt_func = rl_attempted_completion_function;
orig_ignore_func = rl_ignore_some_completions_function;
orig_rl_completer_word_break_characters = rl_completer_word_break_characters;
+
+ orig_dir_func = save_directory_hook ();
+
rl_completion_entry_function = rl_filename_completion_function;
rl_attempted_completion_function = (rl_completion_func_t *)NULL;
rl_ignore_some_completions_function = filename_completion_ignore;
rl_completer_word_break_characters = " \t\n\"\'";
***************
*** 3016,3023 ****
rl_completion_entry_function = orig_func;
rl_attempted_completion_function = orig_attempt_func;
- rl_directory_rewrite_hook = orig_dir_func;
rl_ignore_some_completions_function = orig_ignore_func;
rl_completer_word_break_characters = orig_rl_completer_word_break_characters;
return r;
}
--- 3143,3151 ----
rl_completion_entry_function = orig_func;
rl_attempted_completion_function = orig_attempt_func;
rl_ignore_some_completions_function = orig_ignore_func;
rl_completer_word_break_characters = orig_rl_completer_word_break_characters;
+ restore_directory_hook (orig_dir_func);
+
return r;
}
diff -NrC 2 ../bash-4.2-patched/bashline.h ./bashline.h
*** ../bash-4.2-patched/bashline.h 2009-01-04 14:32:22.000000000 -0500
--- ./bashline.h 2012-05-07 16:27:18.000000000 -0400
***************
*** 34,41 ****
--- 34,46 ----
extern int bash_re_edit __P((char *));
+ extern void bashline_set_event_hook __P((void));
+ extern void bashline_reset_event_hook __P((void));
+
extern int bind_keyseq_to_unix_command __P((char *));
extern char **bash_default_completion __P((const char *, int, int, int, int));
+ void set_directory_hook __P((void));
+
/* Used by programmable completion code. */
extern char *command_word_completion_function __P((const char *, int));
diff -NrC 2 ../bash-4.2-patched/builtins/shopt.def ./builtins/shopt.def
*** ../bash-4.2-patched/builtins/shopt.def 2010-07-02 22:42:44.000000000 -0400
--- ./builtins/shopt.def 2012-05-07 16:27:18.000000000 -0400
***************
*** 62,65 ****
--- 62,69 ----
#include "bashgetopt.h"
+ #if defined (READLINE)
+ # include "../bashline.h"
+ #endif
+
#if defined (HISTORY)
# include "../bashhist.h"
***************
*** 95,99 ****
extern int no_empty_command_completion;
extern int force_fignore;
! extern int dircomplete_spelling;
extern int enable_hostname_completion __P((int));
--- 99,103 ----
extern int no_empty_command_completion;
extern int force_fignore;
! extern int dircomplete_spelling, dircomplete_expand;
extern int enable_hostname_completion __P((int));
***************
*** 122,125 ****
--- 126,133 ----
#endif
+ #if defined (READLINE)
+ static int shopt_set_complete_direxpand __P((char *, int));
+ #endif
+
static int shopt_login_shell;
static int shopt_compat31;
***************
*** 151,154 ****
--- 159,163 ----
{ "compat41", &shopt_compat41, set_compatibility_level },
#if defined (READLINE)
+ { "direxpand", &dircomplete_expand, shopt_set_complete_direxpand },
{ "dirspell", &dircomplete_spelling, (shopt_set_func_t *)NULL },
#endif
***************
*** 536,539 ****
--- 545,559 ----
}
+ #if defined (READLINE)
+ static int
+ shopt_set_complete_direxpand (option_name, mode)
+ char *option_name;
+ int mode;
+ {
+ set_directory_hook ();
+ return 0;
+ }
+ #endif
+
#if defined (RESTRICTED_SHELL)
/* Don't allow the value of restricted_shell to be modified. */
Binary files ../bash-4.2-patched/doc/._bashref.pdf and ./doc/._bashref.pdf differ
diff -NrC 2 ../bash-4.2-patched/doc/bash.1 ./doc/bash.1
*** ../bash-4.2-patched/doc/bash.1 2011-01-16 15:31:39.000000000 -0500
--- ./doc/bash.1 2012-05-07 16:27:18.000000000 -0400
***************
*** 8949,8952 ****
--- 8949,8962 ----
The default bash behavior remains as in previous versions.
.TP 8
+ .B direxpand
+ If set,
+ .B bash
+ replaces directory names with the results of word expansion when performing
+ filename completion. This changes the contents of the readline editing
+ buffer.
+ If not set,
+ .B bash
+ attempts to preserve what the user typed.
+ .TP 8
.B dirspell
If set,
diff -NrC 2 ../bash-4.2-patched/doc/bashref.texi ./doc/bashref.texi
*** ../bash-4.2-patched/doc/bashref.texi 2011-01-16 15:31:57.000000000 -0500
--- ./doc/bashref.texi 2012-05-07 16:27:18.000000000 -0400
***************
*** 4536,4539 ****
--- 4536,4546 ----
The default Bash behavior remains as in previous versions.
+ @item direxpand
+ If set, Bash
+ replaces directory names with the results of word expansion when performing
+ filename completion. This changes the contents of the readline editing
+ buffer.
+ If not set, Bash attempts to preserve what the user typed.
+
@item dirspell
If set, Bash
diff -NrC 2 ../bash-4.2-patched/tests/shopt.right ./tests/shopt.right
*** ../bash-4.2-patched/tests/shopt.right 2010-07-02 23:36:30.000000000 -0400
--- ./tests/shopt.right 2012-05-07 16:27:18.000000000 -0400
***************
*** 13,16 ****
--- 13,17 ----
shopt -u compat40
shopt -u compat41
+ shopt -u direxpand
shopt -u dirspell
shopt -u dotglob
***************
*** 69,72 ****
--- 70,74 ----
shopt -u compat40
shopt -u compat41
+ shopt -u direxpand
shopt -u dirspell
shopt -u dotglob
***************
*** 102,105 ****
--- 104,108 ----
compat40 off
compat41 off
+ direxpand off
dirspell off
dotglob off
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- ./patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 28
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 29
#endif /* _PATCHLEVEL_H_ */