Bash-4.4 Official Patch 7
BASH PATCH REPORT
=
Bash-Release: 4.4
Patch-ID: bash44-007
Bug-Reported-by:Jens Heyens
Bug-Reference-ID:
Bug-Reference-URL: https://savannah.gnu.org/support/?109224
Bug-Description:
When performing filename completion, bash dequotes the directory name being
completed, which can result in match failures and potential unwanted
expansion.
Patch (apply with `patch -p0'):
*** ../bash-4.4-patched/bashline.c 2016-08-05 21:44:05.0 -0400
--- bashline.c 2017-01-19 13:15:51.0 -0500
***
*** 143,147
static void restore_directory_hook __P((rl_icppfunc_t));
! static int directory_exists __P((const char *));
static void cleanup_expansion_error __P((void));
--- 144,148
static void restore_directory_hook __P((rl_icppfunc_t));
! static int directory_exists __P((const char *, int));
static void cleanup_expansion_error __P((void));
***
*** 3103,3111
}
! /* Check whether not the (dequoted) version of DIRNAME, with any trailing
slash
!removed, exists. */
static int
! directory_exists (dirname)
const char *dirname;
{
char *new_dirname;
--- 3107,3116
}
! /* Check whether not DIRNAME, with any trailing slash removed, exists. If
!SHOULD_DEQUOTE is non-zero, we dequote the directory name first. */
static int
! directory_exists (dirname, should_dequote)
const char *dirname;
+ int should_dequote;
{
char *new_dirname;
***
*** 3113,3118
struct stat sb;
! /* First, dequote the directory name */
! new_dirname = bash_dequote_filename ((char *)dirname,
rl_completion_quote_character);
dirlen = STRLEN (new_dirname);
if (new_dirname[dirlen - 1] == '/')
--- 3118,3124
struct stat sb;
! /* We save the string and chop the trailing slash because stat/lstat behave
! inconsistently if one is present. */
! new_dirname = should_dequote ? bash_dequote_filename ((char *)dirname,
rl_completion_quote_character) : savestring (dirname);
dirlen = STRLEN (new_dirname);
if (new_dirname[dirlen - 1] == '/')
***
*** 3146,3150
should_expand_dirname = '`';
! if (should_expand_dirname && directory_exists (local_dirname))
should_expand_dirname = 0;
--- 3152,3156
should_expand_dirname = '`';
! if (should_expand_dirname && directory_exists (local_dirname, 0))
should_expand_dirname = 0;
***
*** 3156,3160
global_nounset = unbound_vars_is_error;
unbound_vars_is_error = 0;
! wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_COMPLETE);
/* does the right thing */
unbound_vars_is_error = global_nounset;
if (wl)
--- 3162,3166
global_nounset = unbound_vars_is_error;
unbound_vars_is_error = 0;
! wl = expand_prompt_string (new_dirname, 0,
W_NOCOMSUB|W_NOPROCSUB|W_COMPLETE); /* does the right thing */
unbound_vars_is_error = global_nounset;
if (wl)
***
*** 3245,3249
}
! if (should_expand_dirname && directory_exists (local_dirname))
should_expand_dirname = 0;
--- 3262,3266
}
! if (should_expand_dirname && directory_exists (local_dirname, 1))
should_expand_dirname = 0;
***
*** 3251,3255
{
new_dirname = savestring (local_dirname);
! wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_COMPLETE);
/* does the right thing */
if (wl)
{
--- 3268,3272
{
new_dirname = savestring (local_dirname);
! wl = expand_prompt_string (new_dirname, 0,
W_NOCOMSUB|W_NOPROCSUB|W_COMPLETE); /* does the right thing */
if (wl)
{
*** ../bash-4.4/subst.c 2016-08-30 16:46:38.0 -0400
--- subst.c 2017-01-19 07:09:57.0 -0500
***
*** 9459,9462
--- 9459,9466
if (word->flags & W_COMPLETE)
tword->flags |= W_COMPLETE; /* for command substitutions */
+ if (word->flags & W_NOCOMSUB)
+ tword->flags |= W_NOCOMSUB;
+ if (word->flags & W_NOPROCSUB)
+ tword->flags |= W_NOPROCSUB;
temp = (char *)NULL;
*** ../bash-4.4/patchlevel.h2016-06-22 14:51:03.0 -0400
--- patchlevel.h2016-10-01 11:01:28.0 -0400
***
*** 26,30
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 6
#endif /* _PATCHLEVEL_H_ */
--- 26,30
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 7
#endif /* _PATCHLEVEL_H_ */
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/
Bash-4.4 Official Patch 6
BASH PATCH REPORT
=
Bash-Release: 4.4
Patch-ID: bash44-006
Bug-Reported-by:
Bug-Reference-ID:
Bug-Reference-URL:
Bug-Description:
Out-of-range negative offsets to popd can cause the shell to crash attempting
to free an invalid memory block.
Patch (apply with `patch -p0'):
*** ../bash-4.4-patched/builtins/pushd.def 2016-01-25 13:31:49.0
-0500
--- builtins/pushd.def 2016-10-28 10:46:49.0 -0400
***
*** 366,370
}
! if (which > directory_list_offset || (directory_list_offset == 0 && which
== 0))
{
pushd_error (directory_list_offset, which_word ? which_word : "");
--- 366,370
}
! if (which > directory_list_offset || (which < -directory_list_offset) ||
(directory_list_offset == 0 && which == 0))
{
pushd_error (directory_list_offset, which_word ? which_word : "");
***
*** 388,391
--- 388,396
of the list into place. */
i = (direction == '+') ? directory_list_offset - which : which;
+ if (i < 0 || i > directory_list_offset)
+ {
+ pushd_error (directory_list_offset, which_word ? which_word : "");
+ return (EXECUTION_FAILURE);
+ }
free (pushd_directory_list[i]);
directory_list_offset--;
*** ../bash-4.4/patchlevel.h2016-06-22 14:51:03.0 -0400
--- patchlevel.h2016-10-01 11:01:28.0 -0400
***
*** 26,30
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 5
#endif /* _PATCHLEVEL_H_ */
--- 26,30
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 6
#endif /* _PATCHLEVEL_H_ */
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/
Bash-4.4 Official Patch 8
BASH PATCH REPORT
=
Bash-Release: 4.4
Patch-ID: bash44-008
Bug-Reported-by:Koichi MURASE
Bug-Reference-ID:
Bug-Reference-URL:
http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00050.html
Bug-Description:
Under certain circumstances, bash will evaluate arithmetic expressions as
part of reading an expression token even when evaluation is suppressed. This
happens while evaluating a conditional expression and skipping over the
failed branch of the expression.
Patch (apply with `patch -p0'):
*** ../bash-4.4-patched/expr.c 2015-10-11 14:46:36.0 -0400
--- expr.c 2016-11-08 11:55:46.0 -0500
***
*** 579,585
if (curtok == QUES) /* found conditional expr */
{
- readtok ();
- if (curtok == 0 || curtok == COL)
- evalerror (_("expression expected"));
if (cval == 0)
{
--- 579,582
***
*** 588,591
--- 585,592
}
+ readtok ();
+ if (curtok == 0 || curtok == COL)
+ evalerror (_("expression expected"));
+
val1 = EXP_HIGHEST ();
***
*** 594,600
if (curtok != COL)
evalerror (_("`:' expected for conditional expression"));
! readtok ();
! if (curtok == 0)
! evalerror (_("expression expected"));
set_noeval = 0;
if (cval)
--- 595,599
if (curtok != COL)
evalerror (_("`:' expected for conditional expression"));
!
set_noeval = 0;
if (cval)
***
*** 604,608
--- 603,611
}
+ readtok ();
+ if (curtok == 0)
+ evalerror (_("expression expected"));
val2 = expcond ();
+
if (set_noeval)
noeval--;
*** ../bash-4.4/patchlevel.h2016-06-22 14:51:03.0 -0400
--- patchlevel.h2016-10-01 11:01:28.0 -0400
***
*** 26,30
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 7
#endif /* _PATCHLEVEL_H_ */
--- 26,30
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 8
#endif /* _PATCHLEVEL_H_ */
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/
Bash-4.4 Official Patch 10
BASH PATCH REPORT
=
Bash-Release: 4.4
Patch-ID: bash44-010
Bug-Reported-by:Clark Wang
Bug-Reference-ID:
Bug-Reference-URL:
http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00104.html
Bug-Description:
Depending on compiler optimizations and behavior, the `read' builtin may not
save partial input when a timeout occurs.
Patch (apply with `patch -p0'):
*** ../bash-4.4-patched/builtins/read.def 2016-05-16 14:24:56.0
-0400
--- builtins/read.def 2016-11-25 12:37:56.0 -0500
***
*** 182,186
{
register char *varname;
! int size, i, nr, pass_next, saw_escape, eof, opt, retval, code, print_ps2;
int input_is_tty, input_is_pipe, unbuffered_read, skip_ctlesc, skip_ctlnul;
int raw, edit, nchars, silent, have_timeout, ignore_delim, fd, lastsig,
t_errno;
--- 182,187
{
register char *varname;
! int size, nr, pass_next, saw_escape, eof, opt, retval, code, print_ps2;
! volatile int i;
int input_is_tty, input_is_pipe, unbuffered_read, skip_ctlesc, skip_ctlnul;
int raw, edit, nchars, silent, have_timeout, ignore_delim, fd, lastsig,
t_errno;
*** ../bash-4.4/patchlevel.h2016-06-22 14:51:03.0 -0400
--- patchlevel.h2016-10-01 11:01:28.0 -0400
***
*** 26,30
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 9
#endif /* _PATCHLEVEL_H_ */
--- 26,30
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 10
#endif /* _PATCHLEVEL_H_ */
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/
Bash-4.4 Official Patch 9
BASH PATCH REPORT
=
Bash-Release: 4.4
Patch-ID: bash44-009
Bug-Reported-by:Hong Cho
Bug-Reference-ID:
Bug-Reference-URL:
http://lists.gnu.org/archive/html/bug-bash/2016-12/msg00043.html
Bug-Description:
There is a race condition in add_history() that can be triggered by a fatal
signal arriving between the time the history length is updated and the time
the history list update is completed. A later attempt to reference an
invalid history entry can cause a crash.
Patch (apply with `patch -p0'):
*** ../bash-4.4-patched/lib/readline/history.c 2016-11-11 13:42:49.0
-0500
--- lib/readline/history.c 2016-12-05 10:37:51.0 -0500
***
*** 280,283
--- 280,284
{
HIST_ENTRY *temp;
+ int new_length;
if (history_stifled && (history_length == history_max_entries))
***
*** 296,306
/* Copy the rest of the entries, moving down one slot. Copy includes
trailing NULL. */
- #if 0
- for (i = 0; i < history_length; i++)
- the_history[i] = the_history[i + 1];
- #else
memmove (the_history, the_history + 1, history_length * sizeof
(HIST_ENTRY *));
- #endif
history_base++;
}
--- 297,303
/* Copy the rest of the entries, moving down one slot. Copy includes
trailing NULL. */
memmove (the_history, the_history + 1, history_length * sizeof
(HIST_ENTRY *));
+ new_length = history_length;
history_base++;
}
***
*** 316,320
history_size = DEFAULT_HISTORY_INITIAL_SIZE;
the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof
(HIST_ENTRY *));
! history_length = 1;
}
else
--- 313,317
history_size = DEFAULT_HISTORY_INITIAL_SIZE;
the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof
(HIST_ENTRY *));
! new_length = 1;
}
else
***
*** 326,330
xrealloc (the_history, history_size * sizeof (HIST_ENTRY *));
}
! history_length++;
}
}
--- 323,327
xrealloc (the_history, history_size * sizeof (HIST_ENTRY *));
}
! new_length = history_length + 1;
}
}
***
*** 332,337
temp = alloc_history_entry ((char *)string, hist_inittime ());
! the_history[history_length] = (HIST_ENTRY *)NULL;
! the_history[history_length - 1] = temp;
}
--- 329,335
temp = alloc_history_entry ((char *)string, hist_inittime ());
! the_history[new_length] = (HIST_ENTRY *)NULL;
! the_history[new_length - 1] = temp;
! history_length = new_length;
}
*** ../bash-4.4/patchlevel.h2016-06-22 14:51:03.0 -0400
--- patchlevel.h2016-10-01 11:01:28.0 -0400
***
*** 26,30
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 8
#endif /* _PATCHLEVEL_H_ */
--- 26,30
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 9
#endif /* _PATCHLEVEL_H_ */
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/
Bash-4.4 Official Patch 11
BASH PATCH REPORT = Bash-Release: 4.4 Patch-ID: bash44-011 Bug-Reported-by:Russell King Bug-Reference-ID: Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2017-01/msg0.html Bug-Description: Subshells begun to run command and process substitutions may attempt to set the terminal's process group to an incorrect value if they receive a fatal signal. This depends on the behavior of the process that starts the shell. Patch (apply with `patch -p0'): *** ../bash-4.4-patched/sig.c 2016-02-11 15:02:45.0 -0500 --- sig.c 2017-01-04 09:09:47.0 -0500 *** *** 586,590 if (sig == SIGHUP && (interactive || (subshell_environment & (SUBSHELL_COMSUB|SUBSHELL_PROCSUB hangup_all_jobs (); ! end_job_control (); #endif /* JOB_CONTROL */ --- 571,576 if (sig == SIGHUP && (interactive || (subshell_environment & (SUBSHELL_COMSUB|SUBSHELL_PROCSUB hangup_all_jobs (); ! if ((subshell_environment & (SUBSHELL_COMSUB|SUBSHELL_PROCSUB)) == 0) ! end_job_control (); #endif /* JOB_CONTROL */ *** ../bash-4.4/patchlevel.h2016-06-22 14:51:03.0 -0400 --- patchlevel.h2016-10-01 11:01:28.0 -0400 *** *** 26,30 looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 10 #endif /* _PATCHLEVEL_H_ */ --- 26,30 looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 11 #endif /* _PATCHLEVEL_H_ */ -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/
