8add5064c3
Bump bash to version 4.2 patchlevel 37. Fixes CVE-2012-3410. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
53 lines
1.8 KiB
Diff
53 lines
1.8 KiB
Diff
BASH PATCH REPORT
|
|
=================
|
|
|
|
Bash-Release: 4.2
|
|
Patch-ID: bash42-028
|
|
|
|
Bug-Reported-by: Mark Edgar <medgar123@gmail.com>
|
|
Bug-Reference-ID: <CABHMh_3d+ZgO_zaEtYXPwK4P7tC0ghZ4g=Ue_TRpsEMf5YDsqw@mail.gmail.com>
|
|
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-03/msg00109.html
|
|
|
|
Bug-Description:
|
|
|
|
When using a word expansion for which the right hand side is evaluated,
|
|
certain expansions of quoted null strings include spurious ^? characters.
|
|
|
|
Patch (apply with `patch -p0'):
|
|
|
|
*** ../bash-4.2-patched/subst.c 2012-03-11 17:35:13.000000000 -0400
|
|
--- ./subst.c 2012-03-20 19:30:13.000000000 -0400
|
|
***************
|
|
*** 5810,5813 ****
|
|
--- 5810,5823 ----
|
|
if (qdollaratp && ((hasdol && quoted) || l->next))
|
|
*qdollaratp = 1;
|
|
+ /* If we have a quoted null result (QUOTED_NULL(temp)) and the word is
|
|
+ a quoted null (l->next == 0 && QUOTED_NULL(l->word->word)), the
|
|
+ flags indicate it (l->word->flags & W_HASQUOTEDNULL), and the
|
|
+ expansion is quoted (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
|
|
+ (which is more paranoia than anything else), we need to return the
|
|
+ quoted null string and set the flags to indicate it. */
|
|
+ if (l->next == 0 && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)) && QUOTED_NULL(temp) && QUOTED_NULL(l->word->word) && (l->word->flags & W_HASQUOTEDNULL))
|
|
+ {
|
|
+ w->flags |= W_HASQUOTEDNULL;
|
|
+ }
|
|
dispose_words (l);
|
|
}
|
|
|
|
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
|
|
--- ./patchlevel.h Thu Feb 24 21:41:34 2011
|
|
***************
|
|
*** 26,30 ****
|
|
looks for to find the patch level (for the sccs version string). */
|
|
|
|
! #define PATCHLEVEL 27
|
|
|
|
#endif /* _PATCHLEVEL_H_ */
|
|
--- 26,30 ----
|
|
looks for to find the patch level (for the sccs version string). */
|
|
|
|
! #define PATCHLEVEL 28
|
|
|
|
#endif /* _PATCHLEVEL_H_ */
|