Control: tags -1 - moreinfo Control: retitle -1 bullseye-pu: package bash/5.1-2+deb11u1
Hi Julien On Sat, Mar 19, 2022 at 10:02:54PM +0100, Salvatore Bonaccorso wrote: > Hi Julien, > > On Sat, Mar 19, 2022 at 06:36:16PM +0100, Julien Cristau wrote: > > Control: tag -1 moreinfo > > > > On Sat, Feb 26, 2022 at 03:25:09PM +0100, Salvatore Bonaccorso wrote: > > > There was a request in #1003012 to fix an issue in bash corrupting > > > multibyte characters in command substitutions. > > > > > > While looking at it I'm proposing here instead of only picking the 014 > > > patch, to pick up all the changes done since from the bullseye release > > > on top and so proposing a rebuilding of 5.1-6 which was expoed in > > > testing for awhile now. Only change reverted would be the bump of > > > standards version but still including the drop of the pre-wheezy > > > preinst for the "dash-as-sh"-transition. > > > > > > Attached is the resulting debdiff as proposed with the rebuild. > > > > > > Matthias, Stable release managers what do you think on the update? > > > > > I'm unconvinced. Dropping the preinst seems way out of scope for a > > stable update, as for the other changes it's unclear to me what their > > impact/risk is. > > This is why I hoped to see what Matthias thinks. The alternative > would clearly be to only cherry pick the fix for #1003012 and do > 5.1-2+deb11u1 with it. Okay attached the alternative, and only cherry-pick the 014 patch upstream to address #1003012. Would that be acceptable instead? Regards, Salvatore
diff -Nru bash-5.1/debian/changelog bash-5.1/debian/changelog --- bash-5.1/debian/changelog 2021-01-03 10:44:50.000000000 +0100 +++ bash-5.1/debian/changelog 2022-03-27 20:40:30.000000000 +0200 @@ -1,3 +1,10 @@ +bash (5.1-2+deb11u1) bullseye; urgency=medium + + * Non-maintainer upload. + * 1-byte buffer overflow read in subst.c read_comsub (Closes: #1003012) + + -- Salvatore Bonaccorso <car...@debian.org> Sun, 27 Mar 2022 20:40:30 +0200 + bash (5.1-2) unstable; urgency=medium * Apply upstream patches 001 - 004. diff -Nru bash-5.1/debian/patches/bash51-014.diff bash-5.1/debian/patches/bash51-014.diff --- bash-5.1/debian/patches/bash51-014.diff 1970-01-01 01:00:00.000000000 +0100 +++ bash-5.1/debian/patches/bash51-014.diff 2022-03-27 20:40:30.000000000 +0200 @@ -0,0 +1,26 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.1 +Patch-ID: bash51-014 + +Bug-Reported-by: platon7pro...@gmail.com +Bug-Reference-ID: +Bug-Reference-URL: https://savannah.gnu.org/patch/?10035 + +Bug-Description: + +Bash may produce corrupted input if a multibyte character spans a 512-byte +boundary while reading the output of a command substitution. + +--- a/subst.c ++++ b/subst.c +@@ -6242,7 +6242,7 @@ read_comsub (fd, quoted, flags, rflag) + /* read a multibyte character from buf */ + /* punt on the hard case for now */ + memset (&ps, '\0', sizeof (mbstate_t)); +- mblen = mbrtowc (&wc, bufp-1, bufn+1, &ps); ++ mblen = mbrtowc (&wc, bufp-1, bufn, &ps); + if (MB_INVALIDCH (mblen) || mblen == 0 || mblen == 1) + istring[istring_index++] = c; + else diff -Nru bash-5.1/debian/patches/series bash-5.1/debian/patches/series --- bash-5.1/debian/patches/series 2021-01-03 10:43:05.000000000 +0100 +++ bash-5.1/debian/patches/series 2022-03-27 20:40:30.000000000 +0200 @@ -2,6 +2,7 @@ bash51-002.diff bash51-003.diff bash51-004.diff +bash51-014.diff bashbug-editor.diff deb-bash-config.diff deb-examples.diff
