From 3e12ae6a03c5b0a07310cda86e141be2a91cc9e9 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= <arekm@maven.pl>
Date: Sun, 28 Sep 2014 09:18:36 +0200
Subject: [PATCH] - up to 4.3.27 (it's effectively the same as our 4.3.26-2)

---
 bash-4.2-cve-2014-7169-1.patch | 155 ---------------------------------
 bash.spec                      |  10 +--
 sources                        |   1 +
 3 files changed, 5 insertions(+), 161 deletions(-)
 delete mode 100644 bash-4.2-cve-2014-7169-1.patch

diff --git a/bash-4.2-cve-2014-7169-1.patch b/bash-4.2-cve-2014-7169-1.patch
deleted file mode 100644
index 77c6616..0000000
--- a/bash-4.2-cve-2014-7169-1.patch
+++ /dev/null
@@ -1,155 +0,0 @@
---- ../bash-4.2-orig/variables.c	2014-09-25 13:07:59.313209541 +0200
-+++ variables.c	2014-09-25 13:15:29.869420719 +0200
-@@ -268,7 +268,7 @@
- static void propagate_temp_var __P((PTR_T));
- static void dispose_temporary_env __P((sh_free_func_t *));     
- 
--static inline char *mk_env_string __P((const char *, const char *));
-+static inline char *mk_env_string __P((const char *, const char *, int));
- static char **make_env_array_from_var_list __P((SHELL_VAR **));
- static char **make_var_export_array __P((VAR_CONTEXT *));
- static char **make_func_export_array __P((void));
-@@ -301,6 +301,14 @@
- #endif
- }
- 
-+/* Prefix and suffix for environment variable names which contain
-+   shell functions. */
-+#define FUNCDEF_PREFIX "BASH_FUNC_"
-+#define FUNCDEF_PREFIX_LEN (strlen (FUNCDEF_PREFIX))
-+#define FUNCDEF_SUFFIX "()"
-+#define FUNCDEF_SUFFIX_LEN (strlen (FUNCDEF_SUFFIX))
-+
-+
- /* Initialize the shell variables from the current environment.
-    If PRIVMODE is nonzero, don't import functions from ENV or
-    parse $SHELLOPTS. */
-@@ -338,36 +346,48 @@
- 
-       /* If exported function, define it now.  Don't import functions from
- 	 the environment in privileged mode. */
--      if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
--	{
--	  string_length = strlen (string);
--	  temp_string = (char *)xmalloc (3 + string_length + char_index);
-+      if (privmode == 0 && read_but_dont_execute == 0
-+	  && STREQN (FUNCDEF_PREFIX, name, FUNCDEF_PREFIX_LEN)
-+	  && STREQ (name + char_index - FUNCDEF_SUFFIX_LEN, FUNCDEF_SUFFIX)
-+	  && STREQN ("() {", string, 4))
-+	{
-+	  size_t name_length
-+	    = char_index - (FUNCDEF_PREFIX_LEN + FUNCDEF_SUFFIX_LEN);
-+	  char *temp_name = name + FUNCDEF_PREFIX_LEN;
-+	  /* Temporarily remove the suffix. */
-+	  temp_name[name_length] = '\0';
- 
--	  strcpy (temp_string, name);
--	  temp_string[char_index] = ' ';
--	  strcpy (temp_string + char_index + 1, string);
-+	  string_length = strlen (string);
-+	  temp_string = (char *)xmalloc (name_length + 1 + string_length + 1);
-+	  memcpy (temp_string, temp_name, name_length);
-+	  temp_string[name_length] = ' ';
-+	  memcpy (temp_string + name_length + 1, string, string_length + 1);
- 
- 	  /* Don't import function names that are invalid identifiers from the
- 	     environment, though we still allow them to be defined as shell
- 	     variables. */
--	  if (legal_identifier (name))
--	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
-+	  if (legal_identifier (temp_name))
-+	    parse_and_execute (temp_string, temp_name,
-+			       SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
- 
--	  if (temp_var = find_function (name))
-+	  if (temp_var = find_function (temp_name))
- 	    {
- 	      VSETATTR (temp_var, (att_exported|att_imported));
- 	      array_needs_making = 1;
- 	    }
- 	  else
- 	    {
- 	      if (temp_var = bind_variable (name, string, 0))
- 		{
- 		  VSETATTR (temp_var, (att_exported | att_imported | att_invisible));
- 		  array_needs_making = 1;
- 		}
- 	      last_command_exit_value = 1;
- 	      report_error (_("error importing function definition for `%s'"), name);
- 	    }
-+
-+	  /* Restore the original suffix. */
-+	  temp_name[name_length] = FUNCDEF_SUFFIX[0];
- 	}
- #if defined (ARRAY_VARS)
- #  if ARRAY_EXPORT
-@@ -2537,7 +2557,7 @@
-   var->context = variable_context;	/* XXX */
- 
-   INVALIDATE_EXPORTSTR (var);
--  var->exportstr = mk_env_string (name, value);
-+  var->exportstr = mk_env_string (name, value, 0);
- 
-   array_needs_making = 1;
- 
-@@ -3388,22 +3408,43 @@
- /*								    */
- /* **************************************************************** */
- 
-+/* Returns the string NAME=VALUE if !FUNCTIONP or if VALUE == NULL (in
-+   which case it is treated as empty).  Otherwise, decorate NAME with
-+   FUNCDEF_PREFIX and FUNCDEF_SUFFIX, and return a string of the form
-+   FUNCDEF_PREFIX NAME FUNCDEF_SUFFIX = VALUE (without spaces).  */
- static inline char *
--mk_env_string (name, value)
-+mk_env_string (name, value, functionp)
-      const char *name, *value;
-+     int functionp;
- {
--  int name_len, value_len;
--  char	*p;
-+  size_t name_len, value_len;
-+  char *p, *q;
- 
-   name_len = strlen (name);
-   value_len = STRLEN (value);
--  p = (char *)xmalloc (2 + name_len + value_len);
--  strcpy (p, name);
--  p[name_len] = '=';
-+  if (functionp && value != NULL)
-+    {
-+      p = (char *)xmalloc (FUNCDEF_PREFIX_LEN + name_len + FUNCDEF_SUFFIX_LEN
-+			   + 1 + value_len + 1);
-+      q = p;
-+      memcpy (q, FUNCDEF_PREFIX, FUNCDEF_PREFIX_LEN);
-+      q += FUNCDEF_PREFIX_LEN;
-+      memcpy (q, name, name_len);
-+      q += name_len;
-+      memcpy (q, FUNCDEF_SUFFIX, FUNCDEF_SUFFIX_LEN);
-+      q += FUNCDEF_SUFFIX_LEN;
-+    }
-+  else
-+    {
-+      p = (char *)xmalloc (name_len + 1 + value_len + 1);
-+      memcpy (p, name, name_len);
-+      q = p + name_len;
-+    }
-+  q[0] = '=';
-   if (value && *value)
--    strcpy (p + name_len + 1, value);
-+    memcpy (q + 1, value, value_len + 1);
-   else
--    p[name_len + 1] = '\0';
-+    q[1] = '\0';
-   return (p);
- }
- 
-@@ -3489,7 +3530,7 @@
- 	  /* Gee, I'd like to get away with not using savestring() if we're
- 	     using the cached exportstr... */
- 	  list[list_index] = USE_EXPORTSTR ? savestring (value)
--					   : mk_env_string (var->name, value);
-+	    : mk_env_string (var->name, value, function_p (var));
- 
- 	  if (USE_EXPORTSTR == 0)
- 	    SAVE_EXPORTSTR (var, list[list_index]);
diff --git a/bash.spec b/bash.spec
index fbc2785..0a2b168 100644
--- a/bash.spec
+++ b/bash.spec
@@ -6,8 +6,8 @@
 
 # NOTE: when updating patchleve, do not forget to update 'sources' file!
 %define		ver		4.3
-%define		patchlevel	26
-%define		rel		2
+%define		patchlevel	27
+%define		rel		1
 Summary:	GNU Bourne Again Shell (bash)
 Summary(fr.UTF-8):	Le shell Bourne Again de GNU
 Summary(pl.UTF-8):	Powłoka GNU Bourne Again Shell (bash)
@@ -36,9 +36,8 @@ Patch9:		%{name}-backup_history.patch
 Patch10:	%{name}-act_like_sh.patch
 Patch11:	%{name}-elinks_cont.patch
 Patch12:	%{name}-pl.po-update.patch
-# http://www.openwall.com/lists/oss-security/2014/09/25/13 ; patches from FC
-Patch13:	bash-4.2-cve-2014-7169-1.patch
-Patch14:	bash-4.2-cve-2014-7169-2.patch
+# from FC
+Patch13:	bash-4.2-cve-2014-7169-2.patch
 %patchset_source -f https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-%03g 1 %{patchlevel}
 URL:		http://www.gnu.org/software/bash/
 BuildRequires:	autoconf
@@ -198,7 +197,6 @@ tym pakiecie jest wersja basha skonsolidowana statycznie.
 %patch11 -p1
 %patch12 -p1
 %patch13 -p0
-%patch14 -p0
 
 sed -i -e 's#/usr/bin/printf#/bin/printf#g' tests/intl2.sub
 
diff --git a/sources b/sources
index d2c2464..7e0de84 100644
--- a/sources
+++ b/sources
@@ -24,3 +24,4 @@ b3cb0d80fd0c47728264405cbb3b23c7  bash43-023
 b5ea5600942acceb4b6f07313d2de74e  bash43-024
 193c06f578d38ffdbaebae9c51a7551f  bash43-025
 922578e2be7ed03729454e92ee8d3f3a  bash43-026
+8ff6948b16f2db5c29b1b9ae1085bbe7  bash43-027
-- 
2.44.0