From d3b9fc42cadf308da7fab21c338cca55aa778ae7 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Tue, 20 Oct 2015 16:34:01 -0400 Subject: app-shells/bash: backport /dev/fd fix to older versions #431850 --- app-shells/bash/bash-2.05b_p13.ebuild | 1 + app-shells/bash/bash-3.0_p22.ebuild | 1 + app-shells/bash/bash-3.1_p23.ebuild | 1 + app-shells/bash/bash-3.2_p57.ebuild | 1 + app-shells/bash/bash-4.0_p44.ebuild | 1 + app-shells/bash/bash-4.1_p17.ebuild | 1 + .../files/bash-3.1-dev-fd-buffer-overflow.patch | 16 ++++++++ .../files/bash-4.2-dev-fd-buffer-overflow.patch | 46 ++++++++++++++++++++++ 8 files changed, 68 insertions(+) create mode 100644 app-shells/bash/files/bash-3.1-dev-fd-buffer-overflow.patch create mode 100644 app-shells/bash/files/bash-4.2-dev-fd-buffer-overflow.patch (limited to 'app-shells/bash') diff --git a/app-shells/bash/bash-2.05b_p13.ebuild b/app-shells/bash/bash-2.05b_p13.ebuild index 7e69f0f1e75e..56d5bcd6c655 100644 --- a/app-shells/bash/bash-2.05b_p13.ebuild +++ b/app-shells/bash/bash-2.05b_p13.ebuild @@ -73,6 +73,7 @@ src_prepare() { epatch "${FILESDIR}"/${PN}-2.05b-parallel-build.patch #41002 epatch "${FILESDIR}"/${PN}-2.05b-jobs.patch epatch "${FILESDIR}"/${PN}-2.05b-fix-job-warning.patch + epatch "${FILESDIR}"/${PN}-3.1-dev-fd-buffer-overflow.patch #431850 epatch_user } diff --git a/app-shells/bash/bash-3.0_p22.ebuild b/app-shells/bash/bash-3.0_p22.ebuild index b8d8fe7284c4..33a50c8c1bed 100644 --- a/app-shells/bash/bash-3.0_p22.ebuild +++ b/app-shells/bash/bash-3.0_p22.ebuild @@ -81,6 +81,7 @@ src_prepare() { epatch "${FILESDIR}"/${PN}-3.0-trap-fg-signals.patch epatch "${FILESDIR}"/${PN}-3.0-pgrp-pipe-fix.patch #92349 epatch "${FILESDIR}"/${PN}-3.0-strnlen.patch + epatch "${FILESDIR}"/${PN}-3.1-dev-fd-buffer-overflow.patch #431850 epatch_user } diff --git a/app-shells/bash/bash-3.1_p23.ebuild b/app-shells/bash/bash-3.1_p23.ebuild index 95ef23b64f9a..d984d0d0575a 100644 --- a/app-shells/bash/bash-3.1_p23.ebuild +++ b/app-shells/bash/bash-3.1_p23.ebuild @@ -73,6 +73,7 @@ src_prepare() { epatch "${FILESDIR}"/${PN}-3.0-trap-fg-signals.patch epatch "${FILESDIR}"/${PN}-3.1-fix-dash-login-shell.patch #118257 epatch "${FILESDIR}"/${PN}-3.1-dev-fd-test-as-user.patch #131875 + epatch "${FILESDIR}"/${PN}-3.1-dev-fd-buffer-overflow.patch #431850 epatch_user } diff --git a/app-shells/bash/bash-3.2_p57.ebuild b/app-shells/bash/bash-3.2_p57.ebuild index 1d373c7d321e..511e7b22cdf6 100644 --- a/app-shells/bash/bash-3.2_p57.ebuild +++ b/app-shells/bash/bash-3.2_p57.ebuild @@ -75,6 +75,7 @@ src_prepare() { epatch "${FILESDIR}"/${PN}-3.2-ulimit.patch epatch "${FILESDIR}"/${PN}-3.0-trap-fg-signals.patch epatch "${FILESDIR}"/${PN}-3.2-dev-fd-test-as-user.patch #131875 + epatch "${FILESDIR}"/${PN}-4.2-dev-fd-buffer-overflow.patch #431850 epatch_user } diff --git a/app-shells/bash/bash-4.0_p44.ebuild b/app-shells/bash/bash-4.0_p44.ebuild index 543ea45b6124..2d8a80e01941 100644 --- a/app-shells/bash/bash-4.0_p44.ebuild +++ b/app-shells/bash/bash-4.0_p44.ebuild @@ -72,6 +72,7 @@ src_prepare() { epatch "${FILESDIR}"/${PN}-4.0-ldflags-for-build.patch #211947 epatch "${FILESDIR}"/${PN}-4.0-negative-return.patch epatch "${FILESDIR}"/${PN}-4.0-parallel-build.patch #267613 + epatch "${FILESDIR}"/${PN}-4.2-dev-fd-buffer-overflow.patch #431850 sed -i '/\.o: .*shell\.h/s:$: pathnames.h:' Makefile.in #267613 epatch_user diff --git a/app-shells/bash/bash-4.1_p17.ebuild b/app-shells/bash/bash-4.1_p17.ebuild index 3bc12cbf36af..ad19cf367709 100644 --- a/app-shells/bash/bash-4.1_p17.ebuild +++ b/app-shells/bash/bash-4.1_p17.ebuild @@ -68,6 +68,7 @@ src_prepare() { epatch "${FILESDIR}"/${PN}-4.1-fbsd-eaccess.patch #303411 sed -i '1i#define NEED_FPURGE_DECL' execute_cmd.c # needs fpurge() decl epatch "${FILESDIR}"/${PN}-4.1-parallel-build.patch + epatch "${FILESDIR}"/${PN}-4.2-dev-fd-buffer-overflow.patch #431850 epatch_user } diff --git a/app-shells/bash/files/bash-3.1-dev-fd-buffer-overflow.patch b/app-shells/bash/files/bash-3.1-dev-fd-buffer-overflow.patch new file mode 100644 index 000000000000..9d08856e5b00 --- /dev/null +++ b/app-shells/bash/files/bash-3.1-dev-fd-buffer-overflow.patch @@ -0,0 +1,16 @@ +https://bugs.gentoo.org/431850 + +this is a backport of the upstream bash42-033 patch for bash 3.1/3.0/2.05 + +--- a/test.c ++++ b/test.c +@@ -194,7 +194,8 @@ + trailing slash. Make sure /dev/fd/xx really uses DEV_FD_PREFIX/xx. + On most systems, with the notable exception of linux, this is + effectively a no-op. */ +- char pbuf[32]; ++ static char *pbuf = 0; ++ pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8)); + strcpy (pbuf, DEV_FD_PREFIX); + strcat (pbuf, path + 8); + return (stat (pbuf, finfo)); diff --git a/app-shells/bash/files/bash-4.2-dev-fd-buffer-overflow.patch b/app-shells/bash/files/bash-4.2-dev-fd-buffer-overflow.patch new file mode 100644 index 000000000000..bef960ab980c --- /dev/null +++ b/app-shells/bash/files/bash-4.2-dev-fd-buffer-overflow.patch @@ -0,0 +1,46 @@ +https://bugs.gentoo.org/431850 + +this is a minor tweak to the upstream patch to also apply to bash 4.1/4.0/3.2 + + BASH PATCH REPORT + ================= + +Bash-Release: 4.2 +Patch-ID: bash42-033 + +Bug-Reported-by: David Leverton +Bug-Reference-ID: <4FCCE737.1060603@googlemail.com> +Bug-Reference-URL: + +Bug-Description: + +Bash uses a static buffer when expanding the /dev/fd prefix for the test +and conditional commands, among other uses, when it should use a dynamic +buffer to avoid buffer overflow. + +Patch (apply with `patch -p0'): + +*** ../bash-4.2-patched/lib/sh/eaccess.c 2011-01-08 20:50:10.000000000 -0500 +--- lib/sh/eaccess.c 2012-06-04 21:06:43.000000000 -0400 +*************** +*** 83,86 **** +--- 83,88 ---- + struct stat *finfo; + { ++ static char *pbuf = 0; ++ + if (*path == '\0') + { +*************** +*** 107,111 **** + On most systems, with the notable exception of linux, this is + effectively a no-op. */ +! char pbuf[32]; + strcpy (pbuf, DEV_FD_PREFIX); + strcat (pbuf, path + 8); +--- 109,113 ---- + On most systems, with the notable exception of linux, this is + effectively a no-op. */ +! pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8)); + strcpy (pbuf, DEV_FD_PREFIX); + strcat (pbuf, path + 8); -- cgit v1.2.3-65-gdbad