Hello community, here is the log from the commit of package bash for openSUSE:12.2 checked in at 2012-07-31 14:03:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2/bash (Old) and /work/SRC/openSUSE:12.2/.bash.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bash", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:12.2/bash/bash.changes 2012-06-26 17:45:05.000000000 +0200 +++ /work/SRC/openSUSE:12.2/.bash.new/bash.changes 2012-07-31 14:03:31.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Jul 11 06:36:05 UTC 2012 - [email protected] + +- Avoid possible buffer overflow when expanding the /dev/fd prefix + with e.g. the test builtin (bnc#770795) + +------------------------------------------------------------------- New: ---- bash42-033-bnc770795.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bash.spec ++++++ --- /var/tmp/diff_new_pack.9yoQu2/_old 2012-07-31 14:03:52.000000000 +0200 +++ /var/tmp/diff_new_pack.9yoQu2/_new 2012-07-31 14:03:52.000000000 +0200 @@ -81,6 +81,7 @@ Patch24: readline-6.2-metamode.patch Patch25: readline-6.2-endpw.dif Patch30: readline-6.2-destdir.patch +Patch33: bash42-033-bnc770795.patch Patch40: bash-4.1-bash.bashrc.dif Patch42: audit-patch Patch46: man2html-no-timestamp.patch @@ -288,6 +289,7 @@ %patch23 -p0 -b .conf %patch24 -p0 -b .metamode #%patch25 -p0 -b .endpw +%patch33 -p0 -b .033 %patch40 -p0 -b .bashrc %patch42 -p1 -b .audit %patch46 -p0 -b .notimestamp ++++++ bash42-033-bnc770795.patch ++++++ BASH PATCH REPORT ================= Bash-Release: 4.2 Patch-ID: bash42-033 Bug-Reported-by: David Leverton <[email protected]> Bug-Reference-ID: <[email protected]> Bug-Reference-URL: Bug-Description: Bash uses a static buffer when expanding the /dev/fd prefix for the test and conditional commands, among other uses, when it should use a dynamic buffer to avoid buffer overflow. Patch (apply with `patch -p0'): *** ../bash-4.2-patched/lib/sh/eaccess.c 2011-01-08 20:50:10.000000000 -0500 --- lib/sh/eaccess.c 2012-06-04 21:06:43.000000000 -0400 *************** *** 83,86 **** --- 83,88 ---- struct stat *finfo; { + static char *pbuf = 0; + if (*path == '\0') { *************** *** 107,111 **** On most systems, with the notable exception of linux, this is effectively a no-op. */ ! char pbuf[32]; strcpy (pbuf, DEV_FD_PREFIX); strcat (pbuf, path + 8); --- 109,113 ---- On most systems, with the notable exception of linux, this is effectively a no-op. */ ! pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8)); strcpy (pbuf, DEV_FD_PREFIX); strcat (pbuf, path + 8); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
