- Update from version 5.2 with patches 1 to 21 to 5.2 with patches 1 to 26
- Update of rootfile not required
- Changelog
Patch 26
The custom color prefix that readline uses to color possible completions
must have a leading `.'.
Patch 25
Make sure a subshell checks for and handles any terminating signals before
exiting (which might have arrived after the command completed) so the parent
and any EXIT trap will see the correct value for $?.
Patch 24
Fix bug where associative array compound assignment would not expand tildes
in values.
Patch 23
Running `local -' multiple times in a shell function would overwrite the
original saved set of options.
Patch 22
It's possible for readline to try to zero out a line that's not null-
terminated, leading to a memory fault.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update the patches to include patches 16 to 21
- Update of rootfile not required
- Changelog
patch 21: fix for expanding command substitutions in a word expansion in a
here-document
patch 20: allow time reserved word as first token in command substitution
patch 19: fix case where background job set the terminal process group
patch 18: fix for returning unknown tokens to the bison parser
patch 17: fix for optimizing forks when using the . builtin in a subshell
patch 16: fix for a crash if one of the expressions in an arithmetic for command
expands to NULL
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 5.2 patches 1-9 to 5.2 patches 1-15
- Update of rootfile not required
- Changelog
bash52-015
There are several cases where bash is too aggressive when optimizing out forks
in subshells. For example, `eval' and traps should never be optimized.
bash52-014
Bash defers processing additional terminating signals when running the
EXIT trap while exiting due to a terminating signal. This patch allows the
new terminating signal to kill the shell immediately.
bash52-013
Bash can leak memory when referencing a non-existent associative array
element.
bash52-012
When running in bash compatibility mode, nested command substitutions can
leave the `extglob' option enabled.
bash52-011
Using timeouts and readline editing with the `read' builtin (read -e -t) can
leave the readline timeout enabled, potentially resulting in an erroneous
timeout on the next call.
bash52-010
Bash-5.2 checks the first 128 characters of an executable file that execve()
refuses to execute to see whether it's a binary file before trying to
execute it as a shell script. This defeats some previously-supported use
cases like "self-executing" jar files or "self-uncompressing" scripts.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 5.1.16 to version 5.2 plus patches 1 to 9
- Update of rootfile
- Changelog
This is a terse description of the new features added to bash-5.2 since
the release of bash-5.1. As always, the manual page (doc/bash.1) is
the place to look for complete descriptions.
1. New Features in Bash
a. The bash malloc returns memory that is aligned on 16-byte boundaries.
b. There is a new internal timer framework used for read builtin timeouts.
c. Rewrote the command substitution parsing code to call the parser recursively
and rebuild the command string from the parsed command. This allows better
syntax checking and catches errors much earlier. Along with this, if
command substitution parsing completes with here-documents remaining to be
read, the shell prints a warning message and reads the here-document bodies
from the current input stream.
d. The `ulimit' builtin now treats an operand remaining after all of the options
and arguments are parsed as an argument to the last command specified by
an option. This is for POSIX compatibility.
e. Here-document parsing now handles $'...' and $"..." quoting when reading the
here-document body.
f. The `shell-expand-line' and `history-and-alias-expand-line' bindable readline
commands now understand $'...' and $"..." quoting.
g. There is a new `spell-correct-word' bindable readline command to perform
spelling correction on the current word.
h. The `unset' builtin now attempts to treat arguments as array subscripts
without parsing or expanding the subscript, even when `assoc_expand_once'
is not set.
i. There is a default value for $BASH_LOADABLES_PATH in config-top.h.
j. Associative array assignment and certain instances of referencing (e.g.,
`test -v' now allow `@' and `*' to be used as keys.
k. Bash attempts to expand indexed array subscripts only once when executing
shell constructs and word expansions.
l. The `unset' builtin allows a subscript of `@' or `*' to unset a key with
that value for associative arrays instead of unsetting the entire array
(which you can still do with `unset arrayname'). For indexed arrays, it
removes all elements of the array without unsetting it (like `A=()').
m. Additional builtins (printf/test/read/wait) do a better job of not
parsing array subscripts if array_expand_once is set.
n. New READLINE_ARGUMENT variable set to numeric argument for readline commands
defined using `bind -x'.
o. The new `varredir_close' shell option causes bash to automatically close
file descriptors opened with {var}<fn and other styles of varassign
redirection unless they're arguments to the `exec' builtin.
p. The `$0' special parameter is now set to the name of the script when running
any (non-interactive) startup files such as $BASH_ENV.
q. The `enable' builtin tries to load a loadable builtin using the default
search path if `enable name' (without any options) attempts to enable a
non-existent builtin.
r. The `printf' builtin has a new format specifier: %Q. This acts like %q but
applies any specified precision to the original unquoted argument, then
quotes and outputs the result.
s. The new `noexpand_translations' option controls whether or not the translated
output of $"..." is single-quoted.
t. There is a new parameter transformation operator: @k. This is like @K, but
expands the result to separate words after word splitting.
u. There is an alternate array implementation, selectable at `configure' time,
that optimizes access speed over memory use (use the new configure
--enable-alt-array-implementation option).
v. If an [N]<&WORD- or [N]>&WORD- redirection has WORD expand to the empty
string, treat the redirection as [N]<&- or [N]>&- and close file descriptor
N (default 0).
w. Invalid parameter transformation operators are now invalid word expansions,
and so cause fatal errors in non-interactive shells.
x. New shell option: patsub_replacement. When enabled, a `&' in the replacement
string of the pattern substitution expansion is replaced by the portion of
the string that matched the pattern. Backslash will escape the `&' and
insert a literal `&'.
y. `command -p' no longer looks in the hash table for the specified command.
z. The new `--enable-translatable-strings' option to `configure' allows $"..."
support to be compiled in or out.
aa. The new `globskipdots' shell option forces pathname expansion never to
return `.' or `..' unless explicitly matched. It is enabled by default.
bb. Array references using `@' and `*' that are the value of nameref variables
(declare -n ref='v[@]' ; echo $ref) no longer cause the shell to exit if
set -u is enabled and the array (v) is unset.
cc. There is a new bindable readline command name:
`vi-edit-and-execute-command'.
dd. In posix mode, the `printf' builtin checks for the `L' length modifier and
uses long double for floating point conversion specifiers if it's present,
double otherwise.
ee. The `globbing' completion code now takes the `globstar' option into account.
ff. `suspend -f' now forces the shell to suspend even if job control is not
currently enabled.
gg. Since there is no `declare -' equivalent of `local -', make sure to use
`local -' in the output of `local -p'.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This is a maintenance release that bundles all the previously added
patches, which have therefore been deleted.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
- Update from 5.1.012 to 5.1.016
- Update of rootfile not required
- Changelog
Patch 013 - Bash did not always perform tilde expansion following an unquoted colon on
the rhs of an assignment statement in posix mode.
Patch 014 - Bash may produce corrupted input if a multibyte character spans a 512-byte
boundary while reading the output of a command substitution.
Patch 015 - There are some characters (e.g., cyrillic) that can't be displayed using
certain single-byte encodings (e.g., cp1251) because the negative signed
int is interpreted as EOF and not displayed.
Patch 016 - Multiple `!' tokens should toggle negation of an expression in a [[
conditional command, instead of simply negating the expression.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update main file from 5.1 to 5.1.8 (includes patches 1 to 8)
- Remove patches 1 to 4
- Changelog - Patches 1 to 4 from the previous IPFire version together with patches 5 to
8 are now included into bash-5.1.8 followed by application of patches 9 to 12
Patch 12
There is a possible race condition that arises when a child process receives
a signal trapped by the parent before it can reset the signal dispositions.
The child process is not supposed to trap the signal in this circumstance.
Patch 11
When reading a compound assignment, and running it through the parser to
split it into words, we need to save and restore any alias we're currently
expanding.
Patch 10
If `wait -n' is interrupted by a trapped signal other than SIGINT, it does
not completely clean up state, and that can prevent subsequent calls to
`wait -n' from working correctly.
Patch 9
The bash malloc implementation of malloc_usable_size() does not follow the
specification. This can cause library functions that use it to overwrite
memory bounds checking.
Patch 8
Process substitution FIFOs opened by child processes as targets of redirections
were not removed appropriately, leaving remnants in the file system.
Patch 7
The code to check readline versions in an inputrc file had the sense of the
comparisons reversed.
Patch 6
Make sure child processes forked to run command substitutions are in the
proper process group.
Patch 5
Fix two memory leaks when assigning arrays using compound assignment syntax.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
This also moves existing patches into their applications' directory
within ~/src/patches/, if already existant.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 5.0 with patch 18 to 5.1 wih patch 4
- Remove old bash50 patches
- Update rootfiles
- Add new bash51 patches
- Installed updated version in a vm testbed system
All bash commands that were run, executed correctly
Script created to redirect output to a file and ran correctly
- Changelog
1. New Features in bash-5.1 since release of bash-5.0
a. `bind -x' now supports different bindings for different editing modes and
keymaps.
b. Bash attempts to optimize the number of times it forks when executing
commands in subshells and from `bash -c'.
c. Here documents and here strings now use pipes for the expanded document if
it's smaller than the pipe buffer size, reverting to temporary files if it's
larger.
d. There are new loadable builtins: mktemp, accept, mkfifo, csv, cut/lcut
e. In posix mode, `trap -p' now displays signals whose disposition is SIG_DFL
and those that were SIG_IGN when the shell starts.
f. The shell now expands the history number (e.g., in PS1) even if it is not
currently saving commands to the history list.
g. `read -e' may now be used with arbitrary file descriptors (`read -u N').
h. The `select' builtin now runs traps if its internal call to the read builtin
is interrupted by a signal.
i. SRANDOM: a new variable that expands to a 32-bit random number that is not
produced by an LCRNG, and uses getrandom/getentropy, falling back to
/dev/urandom or arc4random if available. There is a fallback generator if
none of these are available.
j. shell-transpose-words: a new bindable readline command that uses the same
definition of word as shell-forward-word, etc.
k. The shell now adds default bindings for shell-forward-word,
shell-backward-word, shell-transpose-words, and shell-kill-word.
l. Bash now allows ARGV0 appearing in the initial shell environment to set $0.
m. If `unset' is executed without option arguments, bash tries to unset a shell
function if a name argument cannot be a shell variable name because it's not
an identifier.
n. The `test -N' operator uses nanosecond timestamp granularity if it's
available.
o. Bash posix mode now treats assignment statements preceding shell function
definitions the same as in its default mode, since POSIX has changed and
no longer requires those assignments to persist after the function returns
(POSIX interp 654).
p. BASH_REMATCH is no longer readonly.
q. wait: has a new -p VARNAME option, which stores the PID returned by `wait -n'
or `wait' without arguments.
r. Sorting the results of pathname expansion now uses byte-by-byte comparisons
if two strings collate equally to impose a total order; the result of a
POSIX interpretation.
s. Bash now allows SIGINT trap handlers to execute recursively.
t. Bash now saves and restores state around setting and unsetting posix mode,
instead of having unsetting posix mode set a known state.
u. Process substitution is now available in posix mode.
v. READLINE_MARK: a new variable available while executing commands bound with
`bind -x', contains the value of the mark.
w. Bash removes SIGCHLD from the set of blocked signals if it's blocked at shell
startup.
x. `test -v N' can now test whether or not positional parameter N is set.
y. `local' now honors the `-p' option to display all local variables at the
current context.
z. The `@a' variable transformation now prints attributes for unset array
variables.
aa. The `@A' variable transformation now prints a declare command that sets a
variable's attributes if the variable has attributes but is unset.
bb. `declare' and `local' now have a -I option that inherits attributes and
value from a variable with the same name at a previous scope.
cc. When run from a -c command, `jobs' now reports the status of completed jobs.
dd. New `U', `u', and `L' parameter transformations to convert to uppercase,
convert first character to uppercase, and convert to lowercase,
respectively.
ee. PROMPT_COMMAND: can now be an array variable, each element of which can
contain a command to be executed like a string PROMPT_COMMAND variable.
ff. `ulimit' has a -R option to report and set the RLIMIT_RTTIME resource.
gg. Associative arrays may be assigned using a list of key-value pairs within
a compound assignment. Compound assignments where the words are not of
the form [key]=value are assumed to be key-value assignments. A missing or
empty key is an error; a missing value is treated as NULL. Assignments may
not mix the two forms.
hh. New `K' parameter transformation to display associative arrays as key-
value pairs.
ii. Writing history to syslog now handles messages longer than the syslog max
length by writing multiple messages with a sequence number.
jj. SECONDS and RANDOM may now be assigned using arithmetic expressions, since
they are nominally integer variables. LINENO is not an integer variable.
kk. Bash temporarily suppresses the verbose option when running the DEBUG trap
while running a command from the `fc' builtin.
ll. `wait -n' now accepts a list of job specifications as arguments and will
wait for the first one in the list to change state.
mm. The associative array implementation can now dynamically increase the
size of the hash table based on insertion patterns.
nn. HISTFILE is now readonly in a restricted shell.
oo. The bash malloc now returns memory that is 16-byte aligned on 64-bit
systems.
pp. If the hash builtin is listing hashed filenames portably, don't print
anything if the table is empty.
qq. GLOBIGNORE now ignores `.' and `..' as a terminal pathname component.
rr. Bash attempts to optimize away forks in the last command in a function body
under appropriate circumstances.
ss. The globbing code now uses fnmatch(3) to check collation elements (if
available) even in cases without multibyte characters.
tt. The `fg' and `bg' builtins now return an error in a command substitution
when asked to restart a job inherited from the parent shell.
uu. The shell now attempts to unlink all FIFOs on exit, whether a consuming
process has finished with them or not.
vv. There is a new contributed loadable builtin: asort.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Those fix some unintentional behaviour regarding autocompletion I
stumbled across the other day. While there seems nothing security
relevant in this, it irons out a few bugs.
The full and up-to-date list of all Bash 5.0 patches can be obtained
from https://ftp.gnu.org/gnu/bash/bash-5.0-patches/ .
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This will allow us to run multiple builds on the same
system at the same time (or at least have them on disk).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.
Server. Habe damit schon begonnen. Bisher aber leider nur die Pakete von
A bis B einschliesslich. Ich hoffe da macht jemand anderes weiter.
Hinzu sind die Pakete, deren Mirrors ausgefallen sind, schon umgezogen.
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@131 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
