rpms / bash

Clone
Source Code
GIT

#3 Upgrade hyperscale-fb bash to 5.1.8-9.1
Opened 7 days ago by rcolebaugh. Modified 7 days ago
rpms/ rcolebaugh/bash c9s-sig-hyperscale  into  c9s-sig-hyperscale

Merge
file removed
-96 
@@ -1,96 +0,0 @@ 
 

- diff -up bash-4.2/config.h.in.audit bash-4.2/config.h.in
 

- --- bash-4.2/config.h.in.audit	2013-01-31 16:26:16.857698992 +0100
 

- +++ bash-4.2/config.h.in	2013-01-31 16:26:16.876699255 +0100
 

- @@ -1131,6 +1131,14 @@
 

-  

-  /* End additions for lib/intl */
 

-  

- +
 

- +/* Additions for lib/readline */
 

- +
 

- +/* Define if you have <linux/audit.h> and it defines AUDIT_USER_TTY */
 

- +#undef HAVE_DECL_AUDIT_USER_TTY
 

- +
 

- +/* End additions for lib/readline */
 

- +
 

-  #include "config-bot.h"
 

-  

-  #endif /* _CONFIG_H_ */
 

- diff -up bash-4.2/configure.in.audit bash-4.2/configure.in
 

- --- bash-4.2/configure.in.audit	2013-01-31 16:26:16.858699005 +0100
 

- +++ bash-4.2/configure.ac	2013-01-31 16:26:16.877699269 +0100
 

- @@ -888,6 +888,8 @@ BASH_FUNC_DUP2_CLOEXEC_CHECK
 

-  BASH_SYS_PGRP_SYNC
 

-  BASH_SYS_SIGNAL_VINTAGE
 

-  

- +AC_CHECK_DECLS([AUDIT_USER_TTY],,, [[#include <linux/audit.h>]])
 

- +
 

-  dnl checking for the presence of certain library symbols
 

-  BASH_SYS_ERRLIST
 

-  BASH_SYS_SIGLIST
 

- diff -up bash-4.2/lib/readline/readline.c.audit bash-4.2/lib/readline/readline.c
 

- --- bash-4.2/lib/readline/readline.c.audit	2013-01-31 16:26:16.871699185 +0100
 

- +++ bash-4.2/lib/readline/readline.c	2013-01-31 17:24:23.902744860 +0100
 

- @@ -55,6 +55,12 @@
 

-  extern int errno;
 

-  #endif /* !errno */
 

-  

- +#if defined (HAVE_DECL_AUDIT_USER_TTY)
 

- +#  include <sys/socket.h>
 

- +#  include <linux/audit.h>
 

- +#  include <linux/netlink.h>
 

- +#endif
 

- +
 

-  /* System-specific feature definitions and include files. */
 

-  #include "rldefs.h"
 

-  #include "rlmbutil.h"
 

- @@ -301,7 +307,48 @@ rl_set_prompt (prompt)
 

-    rl_visible_prompt_length = rl_expand_prompt (rl_prompt);
 

-    return 0;
 

-  }
 

- -  

- +
 

- +#if defined (HAVE_DECL_AUDIT_USER_TTY)
 

- +/* Report STRING to the audit system. */
 

- +static void
 

- +audit_tty (char *string)
 

- +{
 

- +  struct sockaddr_nl addr;
 

- +  struct msghdr msg;
 

- +  struct nlmsghdr nlm;
 

- +  struct iovec iov[2];
 

- +  size_t size;
 

- +  int fd;
 

- +
 

- +  size = strlen (string) + 1;
 

- +  fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
 

- +  if (fd < 0)
 

- +    return;
 

- +  nlm.nlmsg_len = NLMSG_LENGTH (size);
 

- +  nlm.nlmsg_type = AUDIT_USER_TTY;
 

- +  nlm.nlmsg_flags = NLM_F_REQUEST;
 

- +  nlm.nlmsg_seq = 0;
 

- +  nlm.nlmsg_pid = 0;
 

- +  iov[0].iov_base = &nlm;
 

- +  iov[0].iov_len = sizeof (nlm);
 

- +  iov[1].iov_base = string;
 

- +  iov[1].iov_len = size;
 

- +  addr.nl_family = AF_NETLINK;
 

- +  addr.nl_pad = 0;
 

- +  addr.nl_pid = 0;
 

- +  addr.nl_groups = 0;
 

- +  msg.msg_name = &addr;
 

- +  msg.msg_namelen = sizeof (addr);
 

- +  msg.msg_iov = iov;
 

- +  msg.msg_iovlen = 2;
 

- +  msg.msg_control = NULL;
 

- +  msg.msg_controllen = 0;
 

- +  msg.msg_flags = 0;
 

- +  (void)sendmsg (fd, &msg, 0);
 

- +  close (fd);
 

- +}
 

- +#endif
 

- +
 

-  /* Read a line of input.  Prompt with PROMPT.  An empty PROMPT means
 

-     none.  A return value of NULL means that EOF was encountered. */
 

-  char *

file added
+12 
@@ -0,0 +1,12 @@ 
 

+ diff --git a/lib/readline/rlconf.h b/lib/readline/rlconf.h
 

+ --- a/lib/readline/rlconf.h
 

+ +++ b/lib/readline/rlconf.h
 

+ @@ -64,7 +64,7 @@
 

+  

+  /* Define this if you want to enable code that talks to the Linux kernel
 

+     tty auditing system. */
 

+ -/* #define ENABLE_TTY_AUDIT_SUPPORT */
 

+ +#define ENABLE_TTY_AUDIT_SUPPORT
 

+  

+  /* Defaults for the various editing mode indicators, inserted at the beginning
 

+     of the last (maybe only) line of the prompt if show-mode-in-prompt is on */

file added
+12 
@@ -0,0 +1,12 @@ 
 

+ diff --git a/lib/readline/rltty.c b/lib/readline/rltty.c
 

+ --- a/lib/readline/rltty.c
 

+ +++ b/lib/readline/rltty.c
 

+ @@ -694,6 +694,8 @@ rl_deprep_terminal (void)
 

+        fprintf (rl_outstream, BRACK_PASTE_FINI);
 

+        if (_rl_eof_found)
 

+   	fprintf (rl_outstream, "\n");
 

+ +      else if (_rl_echoing_p == 0)
 

+ + 	fprintf (rl_outstream, "\n");
 

+      }
 

+  

+    if (_rl_enable_keypad)

file added
+15 
@@ -0,0 +1,15 @@ 
 

+ diff --git a/execute_cmd.c b/execute_cmd.c
 

+ --- a/execute_cmd.c
 

+ +++ b/execute_cmd.c
 

+ @@ -5496,11 +5496,7 @@ execute_disk_command (words, redirects, command_line, pipe_in, pipe_out,
 

+      {
 

+        /* If we're optimizing out the fork (implicit `exec'), decrement the
 

+  	 shell level like `exec' would do. */
 

+ -#if 0 /* TAG: bash-5.2 psmith 10/11/2020 */
 

+        if (nofork && pipe_in == NO_PIPE && pipe_out == NO_PIPE && (subshell_environment & SUBSHELL_PIPE) == 0)
 

+ -#else
 

+ -      if (nofork && pipe_in == NO_PIPE && pipe_out == NO_PIPE)
 

+ -#endif
 

+  	adjust_shell_level (-1);
 

+  

+        maybe_make_export_env ();

file modified
+37 -3 
@@ -1,12 +1,13 @@ 
 

  #% define beta_tag rc2
 

  %define patchleveltag .8
 

  %define baseversion 5.1
 

+ %define hyperscale_rel 1
 

  %bcond_without tests
 

  

  Version: %{baseversion}%{patchleveltag}
 

  Name: bash
 

  Summary: The GNU Bourne Again shell
 

- Release: 6%{?dist}
 

+ Release: 9.%{hyperscale_rel}%{?dist}
 

  License: GPLv3+
 

  Url: https://www.gnu.org/software/bash
 

  Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
 
@@ -33,8 +34,6 @@ 
 

  Patch104: bash-2.05b-debuginfo.patch
 

  # Pid passed to setpgrp() can not be pid of a zombie process.
 

  Patch105: bash-2.05b-pgrp_sync.patch
 

- # Enable audit logs
 

- Patch106: bash-3.2-audit.patch
 

  # Source bashrc file when bash is run under ssh.
 

  Patch107: bash-3.2-ssh_source_bash.patch
 

  # Use makeinfo to generate .texi file
 
@@ -93,6 +92,20 @@ 
 

  # 2141576 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform
 

  Patch130: bash-5.2-check-xform.patch
 

  

+ # Enable audit logs
 

+ Patch131: bash-4.3-audit.patch
 

+ 

+ # Fix an issue with adding newline in bracketed paste mode
 

+ Patch132: bash-5.2-add-newline.patch
 

+ 

+ # RHEL-20020 - Fix a performance regression while using large number of environment variables
 

+ Patch133: bash-5.2-pipeline-exec.patch
 

+ 

+ %if 0%{?facebook}
 

+ Patch0: fb-Configure-bash-to-log-the-commands-to-authpriv.patch
 

+ Patch12: fb-Add-SSH-session-ID-to-bash-syslog-logging.patch
 

+ %endif
 

+ 

  BuildRequires:  gcc
 

  BuildRequires: texinfo bison
 

  BuildRequires: ncurses-devel
 
@@ -100,6 +113,7 @@ 
 

  # Required for bash tests
 

  BuildRequires: glibc-all-langpacks
 

  BuildRequires: make
 

+ BuildRequires: audit-libs-devel
 

  Requires: filesystem >= 3
 

  Provides: /bin/sh
 

  Provides: /bin/bash
 
@@ -140,7 +154,11 @@ 
 

  # Recycles pids is neccessary. When bash's last fork's pid was X
 

  # and new fork's pid is also X, bash has to wait for this same pid.
 

  # Without Recycles pids bash will not wait.
 

+ %if 0%{?facebook}
 

+ MFLAGS="CPPFLAGS=-D_GNU_SOURCE -DRECYCLES_PIDS -DDEFAULT_PATH_VALUE='\"/usr/local/bin:/usr/bin\"' `getconf LFS_CFLAGS` -DSYSLOG_HISTORY"
 

+ %else
 

  MFLAGS="CPPFLAGS=-D_GNU_SOURCE -DRECYCLES_PIDS -DDEFAULT_PATH_VALUE='\"/usr/local/bin:/usr/bin\"' `getconf LFS_CFLAGS` -DSYSLOG_HISTORY -DSYSLOG_SHOPT=0"
 

+ %endif
 

  

  # work around missing deps in Makefiles
 

  make "$MFLAGS" version.h
 
@@ -324,6 +342,22 @@ 
 

  %{_libdir}/pkgconfig/%{name}.pc
 

  

  %changelog
 

+ * Tue Feb 13 2024 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-9
 

+ - Fix a performance regression while using large number of environment variables
 

+   Resolves: RHEL-20020
 

+ 

+ * Mon Feb 12 2024 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-8
 

+ - Fix an issue with adding newline in bracketed paste mode
 

+   Resolves: #2168963
 

+ 

+ * Wed Jan 24 2024 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-7
 

+ - Restore audit logs in bash-4.3 or newer versions
 

+   Resolves: RHEL-22619
 

+ 

+ * Wed May 24 2023 Raymond Colebaugh <raymondcolebaugh@gmail.com> - 5.1.8-6.1
 

+ - Add SSH session ID to bash syslog logging
 

+ - Configure bash to log the commands to authpriv
 

+ 

  * Tue Nov 22 2022 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-6
 

  - Add a null check in parameter_brace_transform() function
 

    Resolves: CVE-2022-3715

file added
+1 
@@ -0,0 +1,1 @@ 
 

+ resultsdb-testcase: separate

file added
+79 
@@ -0,0 +1,79 @@ 
 

+ Index: b/bashhist.c
 

+ ===================================================================
 

+ --- a/bashhist.c
 

+ +++ b/bashhist.c
 

+ @@ -266,6 +266,44 @@ bash_history_inhibit_expansion (string, i)
 

+  }
 

+  #endif
 

+  

+ +#if defined (SYSLOG_HISTORY)
 

+ +#define SESSION_ID_MAXLEN 100
 

+ +
 

+ +static char *session_id = NULL;
 

+ +
 

+ +static void
 

+ +bash_initialize_session_id ()
 

+ +{
 

+ +  const char *env_var = get_string_value ("LOG_SESSION_ID");
 

+ +  if (!env_var) {
 

+ +    session_id = "";
 

+ +    return;
 

+ +  }
 

+ +  const int env_var_len = strlen(env_var);
 

+ +  if (env_var_len == 0) {
 

+ +    session_id = "";
 

+ +    return;
 

+ +  }
 

+ +  const int size = env_var_len < SESSION_ID_MAXLEN ? (env_var_len + 1) : SESSION_ID_MAXLEN;
 

+ +  char *trunc = (char *)malloc (size);
 

+ +  strncpy (trunc, env_var, size - 1);
 

+ +  trunc[size - 1] = '\0';
 

+ +  session_id = trunc;
 

+ +}
 

+ +
 

+ +static const char *
 

+ +bash_get_session_id () {
 

+ +  if (!session_id) bash_initialize_session_id ();
 

+ +  return session_id;
 

+ +}
 

+ +
 

+ +static void
 

+ +bash_cleanup_session_id () {
 

+ +  if (session_id && *session_id) free(session_id);
 

+ +  session_id = NULL;
 

+ +}
 

+ +#endif
 

+ +
 

+  void
 

+  bash_initialize_history ()
 

+  {
 

+ @@ -275,6 +313,9 @@ bash_initialize_history ()
 

+    history_inhibit_expansion_function = bash_history_inhibit_expansion;
 

+    sv_histchars ("histchars");
 

+  #endif
 

+ +#if defined (SYSLOG_HISTORY)
 

+ +  bash_initialize_session_id ();
 

+ +#endif
 

+  }
 

+  

+  void
 

+ @@ -509,6 +550,9 @@ maybe_save_shell_history ()
 

+  	  sv_histsize ("HISTFILESIZE");
 

+  	}
 

+      }
 

+ +#if defined (SYSLOG_HISTORY)
 

+ +  bash_cleanup_session_id ();
 

+ +#endif
 

+    return (result);
 

+  }
 

+  

+ @@ -879,7 +879,8 @@ bash_syslog_history (line)
 

+        first = 0;
 

+      }
 

+  

+ -  hdrlen = snprintf (loghdr, sizeof(loghdr), "HISTORY: PID=%d UID=%d", getpid(), current_user.uid);
 

+ +  const char *user_name = current_user.user_name ?: "";
 

+ +  hdrlen = snprintf (loghdr, sizeof(loghdr), "HISTORY: PID=%d UID=%d USER=%s LOG_SESSION_ID=%s", getpid(), current_user.uid, user_name, bash_get_session_id());
 

+    msglen = strlen (line);
 

+  

+    if ((msglen + hdrlen + 1) < SYSLOG_MAXLEN)

file added
+16 
@@ -0,0 +1,16 @@ 
 

+ Index: b/config-top.h
 

+ ===================================================================
 

+ --- a/config-top.h
 

+ +++ b/config-top.h
 

+ @@ -117,9 +117,9 @@
 

+  

+  /* Define if you want each line saved to the history list in bashhist.c:
 

+     bash_add_history() to be sent to syslog(). */
 

+ -/* #define SYSLOG_HISTORY */
 

+ +#define SYSLOG_HISTORY
 

+  #if defined (SYSLOG_HISTORY)
 

+ -#  define SYSLOG_FACILITY LOG_USER
 

+ +#  define SYSLOG_FACILITY LOG_AUTHPRIV
 

+  #  define SYSLOG_LEVEL LOG_INFO
 

+  #  define OPENLOG_OPTS LOG_PID
 

+  #endif

file modified
+1 -2 
@@ -3,5 +3,4 @@ 
 

    - rhel-9
 

  decision_context: osci_compose_gate
 

  rules:
 

-   - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
 

-   - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
 

+   - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/bash.functional}

file added
+23 
@@ -0,0 +1,23 @@ 
 

+ summary: Run internal bash tests
 

+ discover:
 

+     - name: Internal bash gating tests (dash)
 

+       how: fmf
 

+       url: git://pkgs.devel.redhat.com/tests/dash
 

+       filter: 'tag: CI-Tier-1 & component: bash'
 

+     - name: Internal bash gating tests (bash)
 

+       how: fmf
 

+       url: git://pkgs.devel.redhat.com/tests/bash
 

+       filter: 'tag: CI-Tier-1 & component: bash'
 

+     - name: Internal bash gating tests (ksh)
 

+       how: fmf
 

+       url: git://pkgs.devel.redhat.com/tests/ksh
 

+       filter: 'tag: CI-Tier-1 & component: bash'
 

+     - name: Internal bash gating tests (zsh)
 

+       how: fmf
 

+       url: git://pkgs.devel.redhat.com/tests/zsh
 

+       filter: 'tag: CI-Tier-1 & component: bash'
 

+ execute:
 

+     how: tmt
 

+ adjust:
 

+     enabled: false
 

+     when: distro == centos-stream or distro == fedora

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation