diff --git a/bash-3.2-audit.patch b/bash-3.2-audit.patch deleted file mode 100644 index 48a1751..0000000 --- a/bash-3.2-audit.patch +++ /dev/null @@ -1,96 +0,0 @@ -diff -up bash-4.2/config.h.in.audit bash-4.2/config.h.in ---- bash-4.2/config.h.in.audit 2013-01-31 16:26:16.857698992 +0100 -+++ bash-4.2/config.h.in 2013-01-31 16:26:16.876699255 +0100 -@@ -1131,6 +1131,14 @@ - - /* End additions for lib/intl */ - -+ -+/* Additions for lib/readline */ -+ -+/* Define if you have and it defines AUDIT_USER_TTY */ -+#undef HAVE_DECL_AUDIT_USER_TTY -+ -+/* End additions for lib/readline */ -+ - #include "config-bot.h" - - #endif /* _CONFIG_H_ */ -diff -up bash-4.2/configure.in.audit bash-4.2/configure.in ---- bash-4.2/configure.in.audit 2013-01-31 16:26:16.858699005 +0100 -+++ bash-4.2/configure.ac 2013-01-31 16:26:16.877699269 +0100 -@@ -888,6 +888,8 @@ BASH_FUNC_DUP2_CLOEXEC_CHECK - BASH_SYS_PGRP_SYNC - BASH_SYS_SIGNAL_VINTAGE - -+AC_CHECK_DECLS([AUDIT_USER_TTY],,, [[#include ]]) -+ - dnl checking for the presence of certain library symbols - BASH_SYS_ERRLIST - BASH_SYS_SIGLIST -diff -up bash-4.2/lib/readline/readline.c.audit bash-4.2/lib/readline/readline.c ---- bash-4.2/lib/readline/readline.c.audit 2013-01-31 16:26:16.871699185 +0100 -+++ bash-4.2/lib/readline/readline.c 2013-01-31 17:24:23.902744860 +0100 -@@ -55,6 +55,12 @@ - extern int errno; - #endif /* !errno */ - -+#if defined (HAVE_DECL_AUDIT_USER_TTY) -+# include -+# include -+# include -+#endif -+ - /* System-specific feature definitions and include files. */ - #include "rldefs.h" - #include "rlmbutil.h" -@@ -301,7 +307,48 @@ rl_set_prompt (prompt) - rl_visible_prompt_length = rl_expand_prompt (rl_prompt); - return 0; - } -- -+ -+#if defined (HAVE_DECL_AUDIT_USER_TTY) -+/* Report STRING to the audit system. */ -+static void -+audit_tty (char *string) -+{ -+ struct sockaddr_nl addr; -+ struct msghdr msg; -+ struct nlmsghdr nlm; -+ struct iovec iov[2]; -+ size_t size; -+ int fd; -+ -+ size = strlen (string) + 1; -+ fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT); -+ if (fd < 0) -+ return; -+ nlm.nlmsg_len = NLMSG_LENGTH (size); -+ nlm.nlmsg_type = AUDIT_USER_TTY; -+ nlm.nlmsg_flags = NLM_F_REQUEST; -+ nlm.nlmsg_seq = 0; -+ nlm.nlmsg_pid = 0; -+ iov[0].iov_base = &nlm; -+ iov[0].iov_len = sizeof (nlm); -+ iov[1].iov_base = string; -+ iov[1].iov_len = size; -+ addr.nl_family = AF_NETLINK; -+ addr.nl_pad = 0; -+ addr.nl_pid = 0; -+ addr.nl_groups = 0; -+ msg.msg_name = &addr; -+ msg.msg_namelen = sizeof (addr); -+ msg.msg_iov = iov; -+ msg.msg_iovlen = 2; -+ msg.msg_control = NULL; -+ msg.msg_controllen = 0; -+ msg.msg_flags = 0; -+ (void)sendmsg (fd, &msg, 0); -+ close (fd); -+} -+#endif -+ - /* Read a line of input. Prompt with PROMPT. An empty PROMPT means - none. A return value of NULL means that EOF was encountered. */ - char * diff --git a/bash-4.3-audit.patch b/bash-4.3-audit.patch new file mode 100644 index 0000000..9270403 --- /dev/null +++ b/bash-4.3-audit.patch @@ -0,0 +1,12 @@ +diff --git a/lib/readline/rlconf.h b/lib/readline/rlconf.h +--- a/lib/readline/rlconf.h ++++ b/lib/readline/rlconf.h +@@ -64,7 +64,7 @@ + + /* Define this if you want to enable code that talks to the Linux kernel + tty auditing system. */ +-/* #define ENABLE_TTY_AUDIT_SUPPORT */ ++#define ENABLE_TTY_AUDIT_SUPPORT + + /* Defaults for the various editing mode indicators, inserted at the beginning + of the last (maybe only) line of the prompt if show-mode-in-prompt is on */ diff --git a/bash-5.2-add-newline.patch b/bash-5.2-add-newline.patch new file mode 100644 index 0000000..073374f --- /dev/null +++ b/bash-5.2-add-newline.patch @@ -0,0 +1,12 @@ +diff --git a/lib/readline/rltty.c b/lib/readline/rltty.c +--- a/lib/readline/rltty.c ++++ b/lib/readline/rltty.c +@@ -694,6 +694,8 @@ rl_deprep_terminal (void) + fprintf (rl_outstream, BRACK_PASTE_FINI); + if (_rl_eof_found) + fprintf (rl_outstream, "\n"); ++ else if (_rl_echoing_p == 0) ++ fprintf (rl_outstream, "\n"); + } + + if (_rl_enable_keypad) diff --git a/bash-5.2-pipeline-exec.patch b/bash-5.2-pipeline-exec.patch new file mode 100644 index 0000000..ba14696 --- /dev/null +++ b/bash-5.2-pipeline-exec.patch @@ -0,0 +1,15 @@ +diff --git a/execute_cmd.c b/execute_cmd.c +--- a/execute_cmd.c ++++ b/execute_cmd.c +@@ -5496,11 +5496,7 @@ execute_disk_command (words, redirects, command_line, pipe_in, pipe_out, + { + /* If we're optimizing out the fork (implicit `exec'), decrement the + shell level like `exec' would do. */ +-#if 0 /* TAG: bash-5.2 psmith 10/11/2020 */ + if (nofork && pipe_in == NO_PIPE && pipe_out == NO_PIPE && (subshell_environment & SUBSHELL_PIPE) == 0) +-#else +- if (nofork && pipe_in == NO_PIPE && pipe_out == NO_PIPE) +-#endif + adjust_shell_level (-1); + + maybe_make_export_env (); diff --git a/bash.spec b/bash.spec index 900b025..61b5af0 100644 --- a/bash.spec +++ b/bash.spec @@ -7,7 +7,7 @@ Version: %{baseversion}%{patchleveltag} Name: bash Summary: The GNU Bourne Again shell -Release: 6.%{hyperscale_rel}%{?dist} +Release: 9.%{hyperscale_rel}%{?dist} License: GPLv3+ Url: https://www.gnu.org/software/bash Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz @@ -34,8 +34,6 @@ Patch103: bash-2.05a-interpreter.patch Patch104: bash-2.05b-debuginfo.patch # Pid passed to setpgrp() can not be pid of a zombie process. Patch105: bash-2.05b-pgrp_sync.patch -# Enable audit logs -Patch106: bash-3.2-audit.patch # Source bashrc file when bash is run under ssh. Patch107: bash-3.2-ssh_source_bash.patch # Use makeinfo to generate .texi file @@ -94,6 +92,15 @@ Patch129: bash-5.1-mbrtowc.patch # 2141576 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform Patch130: bash-5.2-check-xform.patch +# Enable audit logs +Patch131: bash-4.3-audit.patch + +# Fix an issue with adding newline in bracketed paste mode +Patch132: bash-5.2-add-newline.patch + +# RHEL-20020 - Fix a performance regression while using large number of environment variables +Patch133: bash-5.2-pipeline-exec.patch + %if 0%{?facebook} Patch0: fb-Configure-bash-to-log-the-commands-to-authpriv.patch Patch12: fb-Add-SSH-session-ID-to-bash-syslog-logging.patch @@ -106,6 +113,7 @@ BuildRequires: autoconf, gettext # Required for bash tests BuildRequires: glibc-all-langpacks BuildRequires: make +BuildRequires: audit-libs-devel Requires: filesystem >= 3 Provides: /bin/sh Provides: /bin/bash @@ -334,6 +342,18 @@ end %{_libdir}/pkgconfig/%{name}.pc %changelog +* Tue Feb 13 2024 Siteshwar Vashisht - 5.1.8-9 +- Fix a performance regression while using large number of environment variables + Resolves: RHEL-20020 + +* Mon Feb 12 2024 Siteshwar Vashisht - 5.1.8-8 +- Fix an issue with adding newline in bracketed paste mode + Resolves: #2168963 + +* Wed Jan 24 2024 Siteshwar Vashisht - 5.1.8-7 +- Restore audit logs in bash-4.3 or newer versions + Resolves: RHEL-22619 + * Wed May 24 2023 Raymond Colebaugh - 5.1.8-6.1 - Add SSH session ID to bash syslog logging - Configure bash to log the commands to authpriv diff --git a/ci.fmf b/ci.fmf new file mode 100644 index 0000000..c5aa0e0 --- /dev/null +++ b/ci.fmf @@ -0,0 +1 @@ +resultsdb-testcase: separate diff --git a/gating.yaml b/gating.yaml index 475371b..e1b5d38 100644 --- a/gating.yaml +++ b/gating.yaml @@ -3,5 +3,4 @@ product_versions: - rhel-9 decision_context: osci_compose_gate rules: - - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} + - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/bash.functional} diff --git a/plans/bash.fmf b/plans/bash.fmf new file mode 100644 index 0000000..4332b39 --- /dev/null +++ b/plans/bash.fmf @@ -0,0 +1,23 @@ +summary: Run internal bash tests +discover: + - name: Internal bash gating tests (dash) + how: fmf + url: git://pkgs.devel.redhat.com/tests/dash + filter: 'tag: CI-Tier-1 & component: bash' + - name: Internal bash gating tests (bash) + how: fmf + url: git://pkgs.devel.redhat.com/tests/bash + filter: 'tag: CI-Tier-1 & component: bash' + - name: Internal bash gating tests (ksh) + how: fmf + url: git://pkgs.devel.redhat.com/tests/ksh + filter: 'tag: CI-Tier-1 & component: bash' + - name: Internal bash gating tests (zsh) + how: fmf + url: git://pkgs.devel.redhat.com/tests/zsh + filter: 'tag: CI-Tier-1 & component: bash' +execute: + how: tmt +adjust: + enabled: false + when: distro == centos-stream or distro == fedora