Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ksh for openSUSE:Factory checked in
at 2024-08-09 16:14:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ksh (Old)
and /work/SRC/openSUSE:Factory/.ksh.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ksh"
Fri Aug 9 16:14:57 2024 rev:117 rq:1192627 version:93vu
Changes:
--------
--- /work/SRC/openSUSE:Factory/ksh/ksh.changes 2024-05-14 13:40:47.903918269
+0200
+++ /work/SRC/openSUSE:Factory/.ksh.new.7232/ksh.changes 2024-08-09
16:15:31.333080895 +0200
@@ -1,0 +2,8 @@
+Thu Aug 1 14:04:27 CEST 2024 - m...@suse.de
+
+- fix segfault in variable substitution [bsc#1129288]
+ new patch: ksh93-putval.dif
+- fix untrusted environment execution [bsc#1160796] [CVE-2019-14868]
+ new patch: ksh93-untrustedenv.dif
+
+-------------------------------------------------------------------
New:
----
ksh93-putval.dif
ksh93-untrustedenv.dif
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ksh.spec ++++++
--- /var/tmp/diff_new_pack.18NJu9/_old 2024-08-09 16:15:34.241202280 +0200
+++ /var/tmp/diff_new_pack.18NJu9/_new 2024-08-09 16:15:34.241202280 +0200
@@ -153,6 +153,8 @@
Patch55: ksh93-spawnlock.dif
Patch56: ksh93-filedefined.dif
Patch57: ksh93-no-sysctl.dif
+Patch58: ksh93-putval.dif
+Patch59: ksh93-untrustedenv.dif
Patch62: ksh-locale.patch
Patch63: cpp.patch
@@ -265,6 +267,8 @@
%patch -P 55
%patch -P 56
%patch -P 57
+%patch -P 58
+%patch -P 59
%patch -P 63 -p 1
++++++ ksh93-putval.dif ++++++
--- ./src/cmd/ksh93/sh/name.c.orig 2019-04-04 14:28:17.044667686 +0000
+++ ./src/cmd/ksh93/sh/name.c 2019-04-04 14:28:32.472629455 +0000
@@ -1986,8 +1986,11 @@ void nv_putval(register Namval_t *np, co
up->cp = cp;
if(sp)
{
+ size_t splen = strlen(sp);
int c = cp[dot+append];
- memmove(cp+append,sp,dot);
+ memmove(cp+append,sp,dot>splen?splen:dot);
+ if (dot>splen)
+ memset(cp+append+splen,0,dot-splen);
cp[dot+append] = c;
if(nv_isattr(np, NV_RJUST) && nv_isattr(np, NV_ZFILL))
rightjust(cp,size,'0');
++++++ ksh93-untrustedenv.dif ++++++
--- src/cmd/ksh93/sh/arith.c.orig
+++ src/cmd/ksh93/sh/arith.c
@@ -513,21 +513,34 @@ Sfdouble_t sh_strnum(register const char *str, char**
ptr, int mode)
char base=(shp->inarith?0:10), *last;
if(*str==0)
{
- if(ptr)
- *ptr = (char*)str;
- return(0);
- }
- errno = 0;
- d = strtonll(str,&last,&base,-1);
- if(*last || errno)
- {
- if(!last || *last!='.' || last[1]!='.')
- d = strval(shp,str,&last,arith,mode);
- if(!ptr && *last && mode>0)
- errormsg(SH_DICT,ERROR_exit(1),e_lexbadchar,*last,str);
+ d = 0.0;
+ last = (char*)str;
+ } else {
+ errno = 0;
+ d = strtonll(str,&last,&base,-1);
+ if (*last && !shp->inarith && sh_isstate(SH_INIT)) {
+ // This call is to handle "base#value" literals if
we're importing untrusted env vars.
+ errno = 0;
+ d = strtonll(str, &last, NULL, -1);
+ }
+
+ if(*last || errno)
+ {
+ if (sh_isstate(SH_INIT)) {
+ // Initializing means importing untrusted env
vars. Since the string does not appear
+ // to be a recognized numeric literal give up.
We can't safely call strval() since
+ // that allows arbitrary expressions which
would create a security vulnerability.
+ d = 0.0;
+ } else {
+ if(!last || *last!='.' || last[1]!='.')
+ d = strval(shp,str,&last,arith,mode);
+ if(!ptr && *last && mode>0)
+
errormsg(SH_DICT,ERROR_exit(1),e_lexbadchar,*last,str);
+ }
+ } else if (!d && *str=='-') {
+ d = -0.0;
+ }
}
- else if (!d && *str=='-')
- d = -0.0;
if(ptr)
*ptr = last;
return(d);
