From a5761697c9fbe8b670edc812231f44364ce64c33 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 31 2020 09:34:17 +0000
Subject: import bash-4.2.46-34.el7


---

diff --git a/SOURCES/bash-4.4-cve-2019-9924.patch b/SOURCES/bash-4.4-cve-2019-9924.patch
new file mode 100644
index 0000000..217b3d4
--- /dev/null
+++ b/SOURCES/bash-4.4-cve-2019-9924.patch
@@ -0,0 +1,32 @@
+diff --git a/variables.c b/variables.c
+--- a/variables.c
++++ b/variables.c
+@@ -1578,6 +1578,28 @@ assign_hashcmd (self, value, ind, key)
+      arrayind_t ind;
+      char *key;
+ {
++#if defined (RESTRICTED_SHELL)
++  char *full_path;
++
++  if (restricted)
++    {
++      if (strchr (value, '/'))
++	{
++	  sh_restricted (value);
++	  return (SHELL_VAR *)NULL;
++	}
++      /* If we are changing the hash table in a restricted shell, make sure the
++	 target pathname can be found using a $PATH search. */
++      full_path = find_user_command (value);
++      if (full_path == 0 || *full_path == 0 || executable_file (full_path) == 0)
++	{
++	  sh_notfound (value);
++	  free (full_path);
++	  return ((SHELL_VAR *)NULL);
++	}
++      free (full_path);
++    }
++#endif
+   phash_insert (key, value, 0, 0);
+   return (build_hashcmd (self));
+ }
diff --git a/SPECS/bash.spec b/SPECS/bash.spec
index 2720263..b6ff67b 100644
--- a/SPECS/bash.spec
+++ b/SPECS/bash.spec
@@ -6,7 +6,7 @@
 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 33%{?dist}
+Release: 34%{?dist}
 Group: System Environment/Shells
 License: GPLv3+
 Url: http://www.gnu.org/software/bash
@@ -204,6 +204,9 @@ Patch155: bash-5.0-syslog-history.patch
 #1573901 - RFE: (security) support bracketed paste mode
 Patch156: bash-4.4-bracketed-paste.patch
 
+#1693181 - CVE-2019-9924 bash: BASH_CMD is writable in restricted bash shells
+Patch157: bash-4.4-cve-2019-9924.patch
+
 BuildRequires: texinfo bison
 BuildRequires: ncurses-devel
 BuildRequires: autoconf, gettext
@@ -338,6 +341,7 @@ This package contains documentation files for %{name}.
 %patch154 -p1 -b .append-slash
 %patch155 -p1 -b .syslog-history
 %patch156 -p1 -b .bracketed-paste
+%patch157 -p1 -b .cve-2019-9924
 
 echo %{version} > _distribution
 echo %{release} > _patchlevel
@@ -530,6 +534,10 @@ end
 #%doc doc/*.ps doc/*.0 doc/*.html doc/article.txt
 
 %changelog
+* Fri Aug 16 2019 Siteshwar Vashisht <svashisht@redhat.com> - 4.2.46-34
+- BASH_CMD should not be writable in restricted shell
+  Resolves: #1693181
+
 * Thu Mar 07 2019 Siteshwar Vashisht <svashisht@redhat.com> - 4.2.46-33
 - Add support for bracketed paste mode
   Resolves: #1573901