54a9495123
Fixes CVE-2017-5932 - Shell code execution on tab completion of specially crafted files. For details, see the report: https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf We unfortunately cannot easily download these because of the file names (not ending in patch) and patch format (p0), so convert to p1 format and include in package/bash with the following script: for i in 06 07 08 09 10 11 12; do cat > bash44-0$i.patch << EOF >From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i Signed-off-by: Peter Korsgaard <peter@korsgaard.com> EOF curl https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i | \ sed -e 's|^\*\*\* \.\./|*** |' -e 's|^--- |--- b/|' >> bash44-0$i.patch done Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
89 lines
2.3 KiB
Diff
89 lines
2.3 KiB
Diff
From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-008
|
|
|
|
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
|
|
BASH PATCH REPORT
|
|
=================
|
|
|
|
Bash-Release: 4.4
|
|
Patch-ID: bash44-008
|
|
|
|
Bug-Reported-by: Koichi MURASE <myoga.murase@gmail.com>
|
|
Bug-Reference-ID: <CAFLRLk-V+1AeQ2k=pY7ih6V+MfQ_w8EF3YWL2E+wmLfgKBtzXA@mail.gmail.com>
|
|
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00050.html
|
|
|
|
Bug-Description:
|
|
|
|
Under certain circumstances, bash will evaluate arithmetic expressions as
|
|
part of reading an expression token even when evaluation is suppressed. This
|
|
happens while evaluating a conditional expression and skipping over the
|
|
failed branch of the expression.
|
|
|
|
Patch (apply with `patch -p0'):
|
|
|
|
*** bash-4.4-patched/expr.c 2015-10-11 14:46:36.000000000 -0400
|
|
--- b/expr.c 2016-11-08 11:55:46.000000000 -0500
|
|
***************
|
|
*** 579,585 ****
|
|
if (curtok == QUES) /* found conditional expr */
|
|
{
|
|
- readtok ();
|
|
- if (curtok == 0 || curtok == COL)
|
|
- evalerror (_("expression expected"));
|
|
if (cval == 0)
|
|
{
|
|
--- b/579,582 ----
|
|
***************
|
|
*** 588,591 ****
|
|
--- b/585,592 ----
|
|
}
|
|
|
|
+ readtok ();
|
|
+ if (curtok == 0 || curtok == COL)
|
|
+ evalerror (_("expression expected"));
|
|
+
|
|
val1 = EXP_HIGHEST ();
|
|
|
|
***************
|
|
*** 594,600 ****
|
|
if (curtok != COL)
|
|
evalerror (_("`:' expected for conditional expression"));
|
|
! readtok ();
|
|
! if (curtok == 0)
|
|
! evalerror (_("expression expected"));
|
|
set_noeval = 0;
|
|
if (cval)
|
|
--- b/595,599 ----
|
|
if (curtok != COL)
|
|
evalerror (_("`:' expected for conditional expression"));
|
|
!
|
|
set_noeval = 0;
|
|
if (cval)
|
|
***************
|
|
*** 604,608 ****
|
|
--- b/603,611 ----
|
|
}
|
|
|
|
+ readtok ();
|
|
+ if (curtok == 0)
|
|
+ evalerror (_("expression expected"));
|
|
val2 = expcond ();
|
|
+
|
|
if (set_noeval)
|
|
noeval--;
|
|
*** bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400
|
|
--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400
|
|
***************
|
|
*** 26,30 ****
|
|
looks for to find the patch level (for the sccs version string). */
|
|
|
|
! #define PATCHLEVEL 7
|
|
|
|
#endif /* _PATCHLEVEL_H_ */
|
|
--- b/26,30 ----
|
|
looks for to find the patch level (for the sccs version string). */
|
|
|
|
! #define PATCHLEVEL 8
|
|
|
|
#endif /* _PATCHLEVEL_H_ */
|