1 |
polynomial-c 14/09/24 14:01:55 |
2 |
|
3 |
Added: bash-4.3-funcdef-import.patch |
4 |
bash-3.1-funcdef-import.patch |
5 |
Log: |
6 |
Security bump (bug #523592). Fixed environment handling command injection (CVE-2014-6271) |
7 |
|
8 |
(Portage version: 2.2.13/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 app-shells/bash/files/bash-4.3-funcdef-import.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-4.3-funcdef-import.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-4.3-funcdef-import.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: bash-4.3-funcdef-import.patch |
17 |
=================================================================== |
18 |
*** ../bash-4.3-patched/builtins/common.h 2013-07-08 16:54:47.000000000 -0400 |
19 |
--- builtins/common.h 2014-09-12 14:25:47.000000000 -0400 |
20 |
*************** |
21 |
*** 34,37 **** |
22 |
--- 49,54 ---- |
23 |
#define SEVAL_PARSEONLY 0x020 |
24 |
#define SEVAL_NOLONGJMP 0x040 |
25 |
+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ |
26 |
+ #define SEVAL_ONECMD 0x100 /* only allow a single command */ |
27 |
|
28 |
/* Flags for describe_command, shared between type.def and command.def */ |
29 |
*** ../bash-4.3-patched/builtins/evalstring.c 2014-02-11 09:42:10.000000000 -0500 |
30 |
--- builtins/evalstring.c 2014-09-14 14:15:13.000000000 -0400 |
31 |
*************** |
32 |
*** 309,312 **** |
33 |
--- 313,324 ---- |
34 |
struct fd_bitmap *bitmap; |
35 |
|
36 |
+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) |
37 |
+ { |
38 |
+ internal_warning ("%s: ignoring function definition attempt", from_file); |
39 |
+ should_jump_to_top_level = 0; |
40 |
+ last_result = last_command_exit_value = EX_BADUSAGE; |
41 |
+ break; |
42 |
+ } |
43 |
+ |
44 |
bitmap = new_fd_bitmap (FD_BITMAP_SIZE); |
45 |
begin_unwind_frame ("pe_dispose"); |
46 |
*************** |
47 |
*** 369,372 **** |
48 |
--- 381,387 ---- |
49 |
dispose_fd_bitmap (bitmap); |
50 |
discard_unwind_frame ("pe_dispose"); |
51 |
+ |
52 |
+ if (flags & SEVAL_ONECMD) |
53 |
+ break; |
54 |
} |
55 |
} |
56 |
*** ../bash-4.3-patched/variables.c 2014-05-15 08:26:50.000000000 -0400 |
57 |
--- variables.c 2014-09-14 14:23:35.000000000 -0400 |
58 |
*************** |
59 |
*** 359,369 **** |
60 |
strcpy (temp_string + char_index + 1, string); |
61 |
|
62 |
! if (posixly_correct == 0 || legal_identifier (name)) |
63 |
! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); |
64 |
! |
65 |
! /* Ancient backwards compatibility. Old versions of bash exported |
66 |
! functions like name()=() {...} */ |
67 |
! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') |
68 |
! name[char_index - 2] = '\0'; |
69 |
|
70 |
if (temp_var = find_function (name)) |
71 |
--- 364,372 ---- |
72 |
strcpy (temp_string + char_index + 1, string); |
73 |
|
74 |
! /* Don't import function names that are invalid identifiers from the |
75 |
! environment, though we still allow them to be defined as shell |
76 |
! variables. */ |
77 |
! if (legal_identifier (name)) |
78 |
! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); |
79 |
|
80 |
if (temp_var = find_function (name)) |
81 |
*************** |
82 |
*** 382,389 **** |
83 |
report_error (_("error importing function definition for `%s'"), name); |
84 |
} |
85 |
- |
86 |
- /* ( */ |
87 |
- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') |
88 |
- name[char_index - 2] = '('; /* ) */ |
89 |
} |
90 |
#if defined (ARRAY_VARS) |
91 |
--- 385,388 ---- |
92 |
*** ../bash-4.3-patched/subst.c 2014-08-11 11:16:35.000000000 -0400 |
93 |
--- subst.c 2014-09-12 15:31:04.000000000 -0400 |
94 |
*************** |
95 |
*** 8048,8052 **** |
96 |
goto return0; |
97 |
} |
98 |
! else if (var = find_variable_last_nameref (temp1)) |
99 |
{ |
100 |
temp = nameref_cell (var); |
101 |
--- 8118,8124 ---- |
102 |
goto return0; |
103 |
} |
104 |
! else if (var && (invisible_p (var) || var_isset (var) == 0)) |
105 |
! temp = (char *)NULL; |
106 |
! else if ((var = find_variable_last_nameref (temp1)) && var_isset (var) && invisible_p (var) == 0) |
107 |
{ |
108 |
temp = nameref_cell (var); |
109 |
|
110 |
|
111 |
|
112 |
|
113 |
1.1 app-shells/bash/files/bash-3.1-funcdef-import.patch |
114 |
|
115 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-3.1-funcdef-import.patch?rev=1.1&view=markup |
116 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-3.1-funcdef-import.patch?rev=1.1&content-type=text/plain |
117 |
|
118 |
Index: bash-3.1-funcdef-import.patch |
119 |
=================================================================== |
120 |
*** ../bash-3.1.17/builtins/common.h 2004-09-09 13:21:08.000000000 -0400 |
121 |
--- builtins/common.h 2014-09-16 22:00:02.000000000 -0400 |
122 |
*************** |
123 |
*** 34,37 **** |
124 |
--- 34,39 ---- |
125 |
|
126 |
/* Flags for describe_command, shared between type.def and command.def */ |
127 |
+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ |
128 |
+ #define SEVAL_ONECMD 0x100 /* only allow a single command */ |
129 |
#define CDESC_ALL 0x001 /* type -a */ |
130 |
#define CDESC_SHORTDESC 0x002 /* command -V */ |
131 |
*** ../bash-3.1.17/builtins/evalstring.c 2005-10-30 18:28:24.000000000 -0500 |
132 |
--- builtins/evalstring.c 2014-09-16 22:00:02.000000000 -0400 |
133 |
*************** |
134 |
*** 224,227 **** |
135 |
--- 224,235 ---- |
136 |
struct fd_bitmap *bitmap; |
137 |
|
138 |
+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) |
139 |
+ { |
140 |
+ internal_warning ("%s: ignoring function definition attempt", from_file); |
141 |
+ should_jump_to_top_level = 0; |
142 |
+ last_result = last_command_exit_value = EX_BADUSAGE; |
143 |
+ break; |
144 |
+ } |
145 |
+ |
146 |
bitmap = new_fd_bitmap (FD_BITMAP_SIZE); |
147 |
begin_unwind_frame ("pe_dispose"); |
148 |
*************** |
149 |
*** 279,282 **** |
150 |
--- 287,293 ---- |
151 |
dispose_fd_bitmap (bitmap); |
152 |
discard_unwind_frame ("pe_dispose"); |
153 |
+ |
154 |
+ if (flags & SEVAL_ONECMD) |
155 |
+ break; |
156 |
} |
157 |
} |
158 |
*** ../bash-3.1.17/variables.c 2006-03-10 16:56:29.000000000 -0500 |
159 |
--- variables.c 2014-09-16 22:00:02.000000000 -0400 |
160 |
*************** |
161 |
*** 311,320 **** |
162 |
strcpy (temp_string + char_index + 1, string); |
163 |
|
164 |
! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); |
165 |
! |
166 |
! /* Ancient backwards compatibility. Old versions of bash exported |
167 |
! functions like name()=() {...} */ |
168 |
! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') |
169 |
! name[char_index - 2] = '\0'; |
170 |
|
171 |
if (temp_var = find_function (name)) |
172 |
--- 311,318 ---- |
173 |
strcpy (temp_string + char_index + 1, string); |
174 |
|
175 |
! /* Don't import function names that are invalid identifiers from the |
176 |
! environment. */ |
177 |
! if (legal_identifier (name)) |
178 |
! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); |
179 |
|
180 |
if (temp_var = find_function (name)) |
181 |
*************** |
182 |
*** 325,332 **** |
183 |
else |
184 |
report_error (_("error importing function definition for `%s'"), name); |
185 |
- |
186 |
- /* ( */ |
187 |
- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') |
188 |
- name[char_index - 2] = '('; /* ) */ |
189 |
} |
190 |
#if defined (ARRAY_VARS) |
191 |
--- 323,326 ---- |