From 34cce063e29382c31a2be58dd3b8b29053820d90 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Oct 30 2018 05:15:39 +0000
Subject: import ksh-20120801-139.el7


---

diff --git a/SOURCES/ksh-20120801-nv_open-memcmp.patch b/SOURCES/ksh-20120801-nv_open-memcmp.patch
new file mode 100644
index 0000000..93b7e15
--- /dev/null
+++ b/SOURCES/ksh-20120801-nv_open-memcmp.patch
@@ -0,0 +1,12 @@
+diff --git a/src/cmd/ksh93/sh/name.c b/src/cmd/ksh93/sh/name.c
+--- a/src/cmd/ksh93/sh/name.c
++++ b/src/cmd/ksh93/sh/name.c
+@@ -1425,7 +1425,7 @@ Namval_t *nv_open(const char *name, Dt_t *root, int flags)
+ 	{
+ 		if(xp->root!=root)
+ 			continue;
+-		if(*name==*xp->name && xp->namespace==shp->namespace && (flags&(NV_ARRAY|NV_NOSCOPE))==xp->flags && memcmp(xp->name,name,xp->len)==0 && (name[xp->len]==0 || name[xp->len]=='=' || name[xp->len]=='+'))
++		if(*name==*xp->name && xp->namespace==shp->namespace && (flags&(NV_ARRAY|NV_NOSCOPE))==xp->flags && strncmp(xp->name,name,xp->len)==0 && (name[xp->len]==0 || name[xp->len]=='=' || name[xp->len]=='+'))
+ 		{
+ 			sh_stats(STAT_NVHITS);
+ 			np = xp->np;
diff --git a/SOURCES/ksh-20120801-validate-fd.patch b/SOURCES/ksh-20120801-validate-fd.patch
new file mode 100644
index 0000000..a0bc7d2
--- /dev/null
+++ b/SOURCES/ksh-20120801-validate-fd.patch
@@ -0,0 +1,11 @@
+diff --git a/src/cmd/ksh93/sh/xec.c b/src/cmd/ksh93/sh/xec.c
+--- a/src/cmd/ksh93/sh/xec.c
++++ b/src/cmd/ksh93/sh/xec.c
+@@ -122,6 +122,7 @@ int iousepipe(Shell_t *shp)
+ 		return(1);
+ 	}
+ 	subpipe[2] = sh_fcntl(fd,F_dupfd_cloexec,10);
++ 	sh_iovalidfd(shp,subpipe[2]);
+ 	shp->fdstatus[subpipe[2]] = shp->fdstatus[1];
+ 	while(close(fd)<0 && errno==EINTR)
+ 		errno = err;
diff --git a/SPECS/ksh.spec b/SPECS/ksh.spec
index 6bbe3b6..e328571 100644
--- a/SPECS/ksh.spec
+++ b/SPECS/ksh.spec
@@ -8,7 +8,7 @@ Group:        System Environment/Shells
 #CPL everywhere else (for KSH itself)
 License:      EPL
 Version:      20120801
-Release:      137%{?dist}
+Release:      139%{?dist}
 Source0:      http://www.research.att.com/~gsf/download/tgz/ast-ksh.%{releasedate}.tgz
 Source1:      http://www.research.att.com/~gsf/download/tgz/INIT.%{releasedate}.tgz
 Source2:      kshcomp.conf
@@ -186,6 +186,12 @@ Patch76: ksh-20120801-jobwait-sigstop.patch
 # rhbz#1484937
 Patch77: ksh-20120801-signal-bubbling.patch
 
+# rhbz#1506347
+Patch78: ksh-20120801-validate-fd.patch
+
+# rhbz#1546749
+Patch79: ksh-20120801-nv_open-memcmp.patch
+
 BuildRoot:    %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Conflicts:    pdksh
 Requires: coreutils, diffutils, chkconfig
@@ -262,6 +268,8 @@ with "sh" (the Bourne Shell).
 %patch75 -p1 -b .kia-warning
 %patch76 -p1 -b .jobwait-sigstop
 %patch77 -p1 -b .signal-bubbling
+%patch78 -p1 -b .validate-fd
+%patch79 -p1 -b .nv_open-memcmp
 
 #/dev/fd test does not work because of mock
 sed -i 's|ls /dev/fd|ls /proc/self/fd|' src/cmd/ksh93/features/options
@@ -387,6 +395,14 @@ fi
     rm -rf $RPM_BUILD_ROOT
 
 %changelog
+* Mon May 28 2018 Siteshwar Vashisht <svashisht@redhat.com> - 20120801-139
+- Fix a crash caused by memcmp()
+  Resolves: #1546749
+
+* Tue May 22 2018 Siteshwar Vashisht <svashisht@redhat.com> - 20120801-138
+- Fix a crash due to out of bounds write
+  Resolves: #1506347
+
 * Fri Feb 16 2018 Kamil Dudka <kdudka@redhat.com> - 20120801-137
 - Increase the release number by 100 to make sure it stays higher than in RHEL-6
   Related: #1484937