This is a maintenance release that bundles all the previously added
patches, which have therefore been deleted.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
- Update from 5.1.012 to 5.1.016
- Update of rootfile not required
- Changelog
Patch 013 - Bash did not always perform tilde expansion following an unquoted colon on
the rhs of an assignment statement in posix mode.
Patch 014 - Bash may produce corrupted input if a multibyte character spans a 512-byte
boundary while reading the output of a command substitution.
Patch 015 - There are some characters (e.g., cyrillic) that can't be displayed using
certain single-byte encodings (e.g., cp1251) because the negative signed
int is interpreted as EOF and not displayed.
Patch 016 - Multiple `!' tokens should toggle negation of an expression in a [[
conditional command, instead of simply negating the expression.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update main file from 5.1 to 5.1.8 (includes patches 1 to 8)
- Remove patches 1 to 4
- Changelog - Patches 1 to 4 from the previous IPFire version together with patches 5 to
8 are now included into bash-5.1.8 followed by application of patches 9 to 12
Patch 12
There is a possible race condition that arises when a child process receives
a signal trapped by the parent before it can reset the signal dispositions.
The child process is not supposed to trap the signal in this circumstance.
Patch 11
When reading a compound assignment, and running it through the parser to
split it into words, we need to save and restore any alias we're currently
expanding.
Patch 10
If `wait -n' is interrupted by a trapped signal other than SIGINT, it does
not completely clean up state, and that can prevent subsequent calls to
`wait -n' from working correctly.
Patch 9
The bash malloc implementation of malloc_usable_size() does not follow the
specification. This can cause library functions that use it to overwrite
memory bounds checking.
Patch 8
Process substitution FIFOs opened by child processes as targets of redirections
were not removed appropriately, leaving remnants in the file system.
Patch 7
The code to check readline versions in an inputrc file had the sense of the
comparisons reversed.
Patch 6
Make sure child processes forked to run command substitutions are in the
proper process group.
Patch 5
Fix two memory leaks when assigning arrays using compound assignment syntax.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
This also moves existing patches into their applications' directory
within ~/src/patches/, if already existant.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 5.0 with patch 18 to 5.1 wih patch 4
- Remove old bash50 patches
- Update rootfiles
- Add new bash51 patches
- Installed updated version in a vm testbed system
All bash commands that were run, executed correctly
Script created to redirect output to a file and ran correctly
- Changelog
1. New Features in bash-5.1 since release of bash-5.0
a. `bind -x' now supports different bindings for different editing modes and
keymaps.
b. Bash attempts to optimize the number of times it forks when executing
commands in subshells and from `bash -c'.
c. Here documents and here strings now use pipes for the expanded document if
it's smaller than the pipe buffer size, reverting to temporary files if it's
larger.
d. There are new loadable builtins: mktemp, accept, mkfifo, csv, cut/lcut
e. In posix mode, `trap -p' now displays signals whose disposition is SIG_DFL
and those that were SIG_IGN when the shell starts.
f. The shell now expands the history number (e.g., in PS1) even if it is not
currently saving commands to the history list.
g. `read -e' may now be used with arbitrary file descriptors (`read -u N').
h. The `select' builtin now runs traps if its internal call to the read builtin
is interrupted by a signal.
i. SRANDOM: a new variable that expands to a 32-bit random number that is not
produced by an LCRNG, and uses getrandom/getentropy, falling back to
/dev/urandom or arc4random if available. There is a fallback generator if
none of these are available.
j. shell-transpose-words: a new bindable readline command that uses the same
definition of word as shell-forward-word, etc.
k. The shell now adds default bindings for shell-forward-word,
shell-backward-word, shell-transpose-words, and shell-kill-word.
l. Bash now allows ARGV0 appearing in the initial shell environment to set $0.
m. If `unset' is executed without option arguments, bash tries to unset a shell
function if a name argument cannot be a shell variable name because it's not
an identifier.
n. The `test -N' operator uses nanosecond timestamp granularity if it's
available.
o. Bash posix mode now treats assignment statements preceding shell function
definitions the same as in its default mode, since POSIX has changed and
no longer requires those assignments to persist after the function returns
(POSIX interp 654).
p. BASH_REMATCH is no longer readonly.
q. wait: has a new -p VARNAME option, which stores the PID returned by `wait -n'
or `wait' without arguments.
r. Sorting the results of pathname expansion now uses byte-by-byte comparisons
if two strings collate equally to impose a total order; the result of a
POSIX interpretation.
s. Bash now allows SIGINT trap handlers to execute recursively.
t. Bash now saves and restores state around setting and unsetting posix mode,
instead of having unsetting posix mode set a known state.
u. Process substitution is now available in posix mode.
v. READLINE_MARK: a new variable available while executing commands bound with
`bind -x', contains the value of the mark.
w. Bash removes SIGCHLD from the set of blocked signals if it's blocked at shell
startup.
x. `test -v N' can now test whether or not positional parameter N is set.
y. `local' now honors the `-p' option to display all local variables at the
current context.
z. The `@a' variable transformation now prints attributes for unset array
variables.
aa. The `@A' variable transformation now prints a declare command that sets a
variable's attributes if the variable has attributes but is unset.
bb. `declare' and `local' now have a -I option that inherits attributes and
value from a variable with the same name at a previous scope.
cc. When run from a -c command, `jobs' now reports the status of completed jobs.
dd. New `U', `u', and `L' parameter transformations to convert to uppercase,
convert first character to uppercase, and convert to lowercase,
respectively.
ee. PROMPT_COMMAND: can now be an array variable, each element of which can
contain a command to be executed like a string PROMPT_COMMAND variable.
ff. `ulimit' has a -R option to report and set the RLIMIT_RTTIME resource.
gg. Associative arrays may be assigned using a list of key-value pairs within
a compound assignment. Compound assignments where the words are not of
the form [key]=value are assumed to be key-value assignments. A missing or
empty key is an error; a missing value is treated as NULL. Assignments may
not mix the two forms.
hh. New `K' parameter transformation to display associative arrays as key-
value pairs.
ii. Writing history to syslog now handles messages longer than the syslog max
length by writing multiple messages with a sequence number.
jj. SECONDS and RANDOM may now be assigned using arithmetic expressions, since
they are nominally integer variables. LINENO is not an integer variable.
kk. Bash temporarily suppresses the verbose option when running the DEBUG trap
while running a command from the `fc' builtin.
ll. `wait -n' now accepts a list of job specifications as arguments and will
wait for the first one in the list to change state.
mm. The associative array implementation can now dynamically increase the
size of the hash table based on insertion patterns.
nn. HISTFILE is now readonly in a restricted shell.
oo. The bash malloc now returns memory that is 16-byte aligned on 64-bit
systems.
pp. If the hash builtin is listing hashed filenames portably, don't print
anything if the table is empty.
qq. GLOBIGNORE now ignores `.' and `..' as a terminal pathname component.
rr. Bash attempts to optimize away forks in the last command in a function body
under appropriate circumstances.
ss. The globbing code now uses fnmatch(3) to check collation elements (if
available) even in cases without multibyte characters.
tt. The `fg' and `bg' builtins now return an error in a command substitution
when asked to restart a job inherited from the parent shell.
uu. The shell now attempts to unlink all FIFOs on exit, whether a consuming
process has finished with them or not.
vv. There is a new contributed loadable builtin: asort.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Those fix some unintentional behaviour regarding autocompletion I
stumbled across the other day. While there seems nothing security
relevant in this, it irons out a few bugs.
The full and up-to-date list of all Bash 5.0 patches can be obtained
from https://ftp.gnu.org/gnu/bash/bash-5.0-patches/ .
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This will allow us to run multiple builds on the same
system at the same time (or at least have them on disk).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.
Server. Habe damit schon begonnen. Bisher aber leider nur die Pakete von
A bis B einschliesslich. Ich hoffe da macht jemand anderes weiter.
Hinzu sind die Pakete, deren Mirrors ausgefallen sind, schon umgezogen.
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@131 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
