Mailinglist Archive: opensuse-updates (96 mails)

< Previous Next >
openSUSE-RU-2013:1271-1: bash: Several fixes
openSUSE Recommended Update: bash: Several fixes
______________________________________________________________________________

Announcement ID: openSUSE-RU-2013:1271-1
Rating: low
References: #382214 #763591 #793536 #804551 #806628 #820149
#828877
Affected Products:
openSUSE 12.2
______________________________________________________________________________

An update that has 7 recommended fixes can now be installed.

Description:

This update fixes the following issues with bash:
- bnc#804551: Force version update to factory
+ Removed 2 patches as they are part of the official
patch set
+ Add 5 patches:
* config-guess-sub-update.patch
* readline-6.2-msgdynamic.patch
* readline-6.2-xmalloc.dif
* bnc#828877: bash-4.2-winch.dif
* audit-rl-patch
- Reintroduce patch bash-4.2-winch.dif to solve bnc#828877
accordingly to the test and upstream
- Add bash-4.2-strcpy.patch from upstream mailing list to
patch collection tar ball to avoid when using \w in the
prompt and changing the directory outside of HOME the a
strcpy work on overlapping memory areas.
- add a conflict between readline5 and readline6-32bit
- bnc#820149: Do not restart the sighandler after a trap is
reset
- Add patch from upstream mailing list to speed up array
handling
- Add patch from upstream mailing list to avoid fdleaks
- Use lsdiff to determine the depth of the leading slashes
in a patch file
- Disable workaround for bnc#382214 due bnc#806628.
- Update bash 4.2 to patch level 45
+ When SIGCHLD is trapped, and a SIGCHLD trap handler
runs when a pending `read -t' invocation times out and
generates SIGALRM, bash can crash with a segmentation
fault.
+ When converting a multibyte string to a wide character
string as part of pattern matching, bash does not
handle the end of the string correctly, causing the
search for the NUL to go beyond the end of the string
and reference random memory. Depending on the contents
of that memory, bash can produce errors or crash.
+ The gt;n- and <n- redirections, which move one file
descriptor to another, leave the file descriptor closed
when applied to builtins or compound commands.
- Use screen to provide a controlling terminal for running
the test suite
- config-guess-sub-update.patch: Update config.guess/sub
for aarch64
- Fix check for negated warning switch
- Avoid autoconf on older products
- Apply audit patch variant to readline as well as we use a
shared libreadline
- Avoid bash-devel on older products as older GNU make do
not have a realpath builtin
- bnc#793536: Do not trigger the export of COLUMNS or LINES
due enforced checkwinsize
- Update bash 4.2 to patch level 42
+ Missing I/O errors if output redirection applied to
builtin commands when the file descriptor was closed
+ Process substitution incorrectly inherited a flag that
inhibited using the temporary environment for variable
lookups if it was providing the filename to a
redirection.
+ Compilation failed after specifying the `minimal
config' option
- Update bash 4.2 to patch level 39
+ Official fix for the last crash fix
+ Avoid variable expansion in arithmetic expressions when
evaluation is being suppressed
- Do not mix xmalloc/xfree of libreadline and bash by
making the libreadline version weak symbols instead of
private symbols
- Add patch from upstream mailing list to avoids crash
- Update bash 4.2 to patch level 37
+ Attempting to redo (using `.') the vi editing mode
`cc', `dd', or `yy' commands leads to an infinite loop.
- Do not mask internal _rl symbols as internal as there are
many tools out there which uses them (gdb as an example)
- libreadlib: try to avoid to bind references of the
symbols rl_instream and rl_outstream
- libreadlib: make private symbols really private
- Increase buffer for libreadline messsages if required
- Include stdio.h in libreadline header files to get the
declaration of FILES correct.
- Update bash 4.2 to patch level 36
+ Patch 25: When used in a shell function, `declare -g -a
array=(compound assignment)' creates a local variable
instead of a global one.
+ Patch 26: The `lastpipe' option does not behave
correctly on machines where the open file limit is less
than 256.
+ Patch 27: When the `extglob' shell option is enabled,
pattern substitution does not work correctly in the
presence of multibyte characters.
+ Patch 28: When using a word expansion for which the
right hand side is evaluated, certain expansions of
quoted null strings include spurious ^? characters.
+ Patch 29: Bash-4.2 tries to leave completed directory
names as the user typed them, without expanding them to
a full pathname. One effect of this is that shell
variables used in pathnames being completed (e.g.,
$HOME) are left unchanged, but the `$' is quoted by
readline because it is a special character to the shell.
+ Patch 30: When attempting to glob strings in a
multibyte locale, and those strings contain invalid
multibyte characters that cause mbsnrtowcs to return 0,
the globbing code loops infinitely.
+ Patch 31: A change between bash-4.1 and bash-4.2 to
prevent the readline input hook from being called too
frequently had the side effect of causing delays when
reading pasted input on systems such as Mac OS X. This
patch fixes those delays while retaining the bash-4.2
behavior.
+ Patch 32: Bash-4.2 has problems with DEL characters in
the expanded value of variables used in the same quoted
string as variables that expand to nothing.
+ Patch 33: Bash uses a static buffer when expanding the
/dev/fd prefix for the test and conditional commands,
among other uses, when it should use a dynamic buffer
to avoid buffer overflow.
+ Patch 34: In bash-4.2, the history code would
inappropriately add a semicolon to multi-line compound
array assignments when adding them to the history.
+ Patch 35: When given a number of lines to read,
`mapfile -n lines' reads one too many.
+ Patch 36: Bash-4.2 produces incorrect word splitting
results when expanding double-quoted $@ in the same
string as and adjacent to other variable expansions.
The $@ should be split, the other expansions should not.
- bnc#763591: Add patch to avoid double free or corruption
due expanding number sequence with huge numbers. Patch
will go upstream.


Patch Instructions:

To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-612

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

bash-4.2-51.13.1
bash-debuginfo-4.2-51.13.1
bash-debugsource-4.2-51.13.1
bash-devel-4.2-51.13.1
bash-loadables-4.2-51.13.1
bash-loadables-debuginfo-4.2-51.13.1
libreadline6-6.2-51.13.1
libreadline6-debuginfo-6.2-51.13.1
readline-devel-6.2-51.13.1

- openSUSE 12.2 (x86_64):

bash-debuginfo-32bit-4.2-51.13.1
libreadline6-32bit-6.2-51.13.1
libreadline6-debuginfo-32bit-6.2-51.13.1
readline-devel-32bit-6.2-51.13.1

- openSUSE 12.2 (noarch):

bash-doc-4.2-51.13.1
bash-lang-4.2-51.13.1
readline-doc-6.2-51.13.1


References:

https://bugzilla.novell.com/382214
https://bugzilla.novell.com/763591
https://bugzilla.novell.com/793536
https://bugzilla.novell.com/804551
https://bugzilla.novell.com/806628
https://bugzilla.novell.com/820149
https://bugzilla.novell.com/828877


< Previous Next >
This Thread
  • No further messages