slackware-current/source/a/bash/bash-5.2-patches/bash52-013

			     BASH PATCH REPORT
			     =================

Bash-Release:	5.2
Patch-ID:	bash52-013

Bug-Reported-by:	Ralf Oehler <Ralf@Oehler-Privat.de>
Bug-Reference-ID:	<20221120140252.2fc6489b@bilbo>
Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-bash/2022-11/msg00082.html

Bug-Description:

Bash can leak memory when referencing a non-existent associative array
element.

Patch (apply with `patch -p0'):

*** ../bash-5.2-patched/subst.c	2022-11-05 17:27:48.000000000 -0400
--- subst.c	2022-11-21 14:42:59.000000000 -0500
***************
*** 7498,7503 ****
  		    : quote_escapes (temp);
  	  rflags |= W_ARRAYIND;
- 	  if (estatep)
- 	    *estatep = es;	/* structure copy */
  	}
        /* Note that array[*] and array[@] expanded to a quoted null string by
--- 7508,7511 ----
***************
*** 7508,7512 ****
  	rflags |= W_HASQUOTEDNULL;
  
!       if (estatep == 0)
  	flush_eltstate (&es);
      }
--- 7516,7522 ----
  	rflags |= W_HASQUOTEDNULL;
  
!       if (estatep)
! 	*estatep = es;	/* structure copy */
!       else
  	flush_eltstate (&es);
      }
*** ../bash-5.2/patchlevel.h	2020-06-22 14:51:03.000000000 -0400
--- patchlevel.h	2020-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 12
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 13
  
  #endif /* _PATCHLEVEL_H_ */
Wed Dec 14 21:19:34 UTC 2022 a/bash-5.2.015-x86_64-1.txz: Upgraded. a/tcsh-6.24.06-x86_64-1.txz: Upgraded. ap/inxi-3.3.24_1-noarch-1.txz: Upgraded. ap/nano-7.1-x86_64-1.txz: Upgraded. d/git-2.39.0-x86_64-1.txz: Upgraded. d/rust-1.65.0-x86_64-1.txz: Upgraded. d/strace-6.1-x86_64-1.txz: Upgraded. kde/krita-5.1.4-x86_64-1.txz: Upgraded. l/imagemagick-7.1.0_54-x86_64-1.txz: Upgraded. l/nodejs-19.3.0-x86_64-1.txz: Upgraded. l/pcre2-10.42-x86_64-1.txz: Upgraded. n/iproute2-6.1.0-x86_64-1.txz: Upgraded. x/makedepend-1.0.8-x86_64-1.txz: Upgraded. x/xhost-1.0.9-x86_64-1.txz: Upgraded. x/xorg-server-21.1.5-x86_64-1.txz: Upgraded. This release fixes 6 recently reported security vulnerabilities in various extensions. For more information, see: https://lists.x.org/archives/xorg-announce/2022-December/003302.html https://www.cve.org/CVERecord?id=CVE-2022-46340 https://www.cve.org/CVERecord?id=CVE-2022-46341 https://www.cve.org/CVERecord?id=CVE-2022-46342 https://www.cve.org/CVERecord?id=CVE-2022-46343 https://www.cve.org/CVERecord?id=CVE-2022-46344 https://www.cve.org/CVERecord?id=CVE-2022-4283 (* Security fix ) x/xorg-server-xephyr-21.1.5-x86_64-1.txz: Upgraded. x/xorg-server-xnest-21.1.5-x86_64-1.txz: Upgraded. x/xorg-server-xvfb-21.1.5-x86_64-1.txz: Upgraded. x/xorg-server-xwayland-22.1.6-x86_64-1.txz: Upgraded. This release fixes 6 recently reported security vulnerabilities in various extensions. For more information, see: https://lists.x.org/archives/xorg-announce/2022-December/003302.html https://www.cve.org/CVERecord?id=CVE-2022-46340 https://www.cve.org/CVERecord?id=CVE-2022-46341 https://www.cve.org/CVERecord?id=CVE-2022-46342 https://www.cve.org/CVERecord?id=CVE-2022-46343 https://www.cve.org/CVERecord?id=CVE-2022-46344 https://www.cve.org/CVERecord?id=CVE-2022-4283 ( Security fix ) xap/mozilla-thunderbird-102.6.0-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/ https://www.cve.org/CVERecord?id=CVE-2022-46880 https://www.cve.org/CVERecord?id=CVE-2022-46872 https://www.cve.org/CVERecord?id=CVE-2022-46881 https://www.cve.org/CVERecord?id=CVE-2022-46874 https://www.cve.org/CVERecord?id=CVE-2022-46875 https://www.cve.org/CVERecord?id=CVE-2022-46882 https://www.cve.org/CVERecord?id=CVE-2022-46878 ( Security fix *) xap/xscreensaver-6.06-x86_64-1.txz: Upgraded. testing/packages/mozilla-firefox-108.0-x86_64-1.txz: Upgraded. Starting this out in /testing for now, since I've been trying for 2 days to get it to compile on 32-bit with no luck. It ends up failing with a bunch of errors like this: ld.lld: error: undefined hidden symbol: tabs_4d51_TabsStore_sync Any help getting this to build on 32-bit would be greatly appreciated. I've tried most of ponce's bag of tricks already. :-) 2022-12-14 22:19:34 +01:00			`BASH PATCH REPORT`
			`=================`

			`Bash-Release: 5.2`
			`Patch-ID: bash52-013`

			`Bug-Reported-by: Ralf Oehler <Ralf@Oehler-Privat.de>`
			`Bug-Reference-ID: <20221120140252.2fc6489b@bilbo>`
			`Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-11/msg00082.html`

			`Bug-Description:`

			`Bash can leak memory when referencing a non-existent associative array`
			`element.`

			Patch (apply with `patch -p0'):

			`*** ../bash-5.2-patched/subst.c 2022-11-05 17:27:48.000000000 -0400`
			`--- subst.c 2022-11-21 14:42:59.000000000 -0500`
			`***************`
			`* 7498,7503 **`
			`: quote_escapes (temp);`
			`rflags \|= W_ARRAYIND;`
			`- if (estatep)`
			`- estatep = es; / structure copy */`
			`}`
			`/* Note that array[*] and array[@] expanded to a quoted null string by`
			`--- 7508,7511 ----`
			`***************`
			`* 7508,7512 **`
			`rflags \|= W_HASQUOTEDNULL;`

			`! if (estatep == 0)`
			`flush_eltstate (&es);`
			`}`
			`--- 7516,7522 ----`
			`rflags \|= W_HASQUOTEDNULL;`

			`! if (estatep)`
			`! estatep = es; / structure copy */`
			`! else`
			`flush_eltstate (&es);`
			`}`
			`*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400`
			`--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400`
			`***************`
			`* 26,30 **`
			`looks for to find the patch level (for the sccs version string). */`

			`! #define PATCHLEVEL 12`

			`#endif /* _PATCHLEVEL_H_ */`
			`--- 26,30 ----`
			`looks for to find the patch level (for the sccs version string). */`

			`! #define PATCHLEVEL 13`

			`#endif /* _PATCHLEVEL_H_ */`