slackware-current/source/a/bash/bash-5.0-patches/bash50-011
Patrick J Volkerding bfb7494122 Fri Aug 30 18:50:32 UTC 2019
a/bash-5.0.011-x86_64-1.txz:  Upgraded.
a/findutils-4.7.0-x86_64-1.txz:  Upgraded.
ap/squashfs-tools-4.4-x86_64-1.txz:  Upgraded.
n/irssi-1.2.2-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  Use after free when receiving duplicate CAP found by Joseph Bisch.
  For more information, see:
    https://irssi.org/security/html/irssi_sa_2019_08
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15717
  (* Security fix *)
x/libvdpau-1.3-x86_64-1.txz:  Upgraded.
2019-08-31 08:59:46 +02:00

59 lines
1.8 KiB
Text

BASH PATCH REPORT
=================
Bash-Release: 5.0
Patch-ID: bash50-011
Bug-Reported-by: Matt Whitlock
Bug-Reference-ID:
Bug-Reference-URL: https://savannah.gnu.org/support/?109671
Bug-Description:
The conditional command did not perform appropriate quoted null character
removal on its arguments, causing syntax errors and attempts to stat
invalid pathnames.
Patch (apply with `patch -p0'):
*** ../bash-5.0-patched/subst.c 2018-12-22 17:43:37.000000000 -0500
--- subst.c 2019-04-14 13:25:41.000000000 -0400
***************
*** 3626,3630 ****
SPECIAL is 2, this is an rhs argument for the =~ operator, and should
be quoted appropriately for regcomp/regexec. The caller is responsible
! for removing the backslashes if the unquoted word is needed later. */
char *
cond_expand_word (w, special)
--- 3642,3648 ----
SPECIAL is 2, this is an rhs argument for the =~ operator, and should
be quoted appropriately for regcomp/regexec. The caller is responsible
! for removing the backslashes if the unquoted word is needed later. In
! any case, since we don't perform word splitting, we need to do quoted
! null character removal. */
char *
cond_expand_word (w, special)
***************
*** 3647,3650 ****
--- 3665,3670 ----
if (special == 0) /* LHS */
{
+ if (l->word)
+ word_list_remove_quoted_nulls (l);
dequote_list (l);
r = string_list (l);
*** ../bash-5.0/patchlevel.h 2016-06-22 14:51:03.000000000 -0400
--- patchlevel.h 2016-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 10
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 11
#endif /* _PATCHLEVEL_H_ */