Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dash for openSUSE:Factory checked in at 2026-06-29 17:30:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dash (Old) and /work/SRC/openSUSE:Factory/.dash.new.11887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dash" Mon Jun 29 17:30:12 2026 rev:33 rq:1362351 version:0.5.13.4 Changes: -------- --- /work/SRC/openSUSE:Factory/dash/dash.changes 2026-02-24 15:37:36.783962860 +0100 +++ /work/SRC/openSUSE:Factory/.dash.new.11887/dash.changes 2026-06-29 17:30:49.670991487 +0200 @@ -1,0 +2,15 @@ +Sun Jun 28 19:42:11 UTC 2026 - Dirk Müller <[email protected]> + +- update to 0.15.3.4 (bsc#1269494, CVE-2026-31323): + * parser: Fix multi-byte output in here-doc with quoted delimiter + * input: Replace stdin_state.canon with bufferable + * input: Fix tee(2) error handling + * Drop multi-byte character in argstr when discard is on + * input: Fix EINTR handling when reading from a pipe + * arith: Fix CVE-2026-31323 INTMAX_MIN / -1 overflow + * parser: Only reject non-word tokens in case pattern + * jobs: Make stoppedjobs trivial if JOBS == 0 +- drop shell-Fix-unsigned-char-promotion-and-truncation.patch + (upstream) + +------------------------------------------------------------------- Old: ---- dash-0.5.13.1.tar.gz shell-Fix-unsigned-char-promotion-and-truncation.patch New: ---- dash-0.5.13.4.tar.gz ----------(Old B)---------- Old: * jobs: Make stoppedjobs trivial if JOBS == 0 - drop shell-Fix-unsigned-char-promotion-and-truncation.patch (upstream) ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dash.spec ++++++ --- /var/tmp/diff_new_pack.4H6uDn/_old 2026-06-29 17:30:51.851065649 +0200 +++ /var/tmp/diff_new_pack.4H6uDn/_new 2026-06-29 17:30:51.871066329 +0200 @@ -18,14 +18,13 @@ Name: dash -Version: 0.5.13.1 +Version: 0.5.13.4 Release: 0 Summary: POSIX-compliant Implementation of /bin/sh License: BSD-3-Clause AND GPL-2.0-or-later Group: System/Shells URL: http://gondor.apana.org.au/~herbert/dash/ Source0: http://gondor.apana.org.au/~herbert/dash/files/%{name}-%{version}.tar.gz -Patch0: shell-Fix-unsigned-char-promotion-and-truncation.patch BuildRequires: pkgconfig BuildRequires: pkgconfig(libedit) ++++++ dash-0.5.13.1.tar.gz -> dash-0.5.13.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/config.h.in new/dash-0.5.13.4/config.h.in --- old/dash-0.5.13.1/config.h.in 2025-10-13 06:49:12.000000000 +0200 +++ new/dash-0.5.13.4/config.h.in 2026-05-09 04:59:33.000000000 +0200 @@ -159,6 +159,9 @@ backward compatibility; new code need not use it. */ #undef STDC_HEADERS +/* Non-zero if memfd_create(3) should be used */ +#undef USE_MEMFD_CREATE + /* Enable extensions on AIX, Interix, z/OS. */ #ifndef _ALL_SOURCE # undef _ALL_SOURCE @@ -251,6 +254,9 @@ #endif +/* Non-zero if tee(2) should be used */ +#undef USE_TEE + /* Version number of package */ #undef VERSION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/configure new/dash-0.5.13.4/configure --- old/dash-0.5.13.1/configure 2025-10-13 06:49:12.000000000 +0200 +++ new/dash-0.5.13.4/configure 2026-05-09 04:59:28.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72 for dash 0.5.13.1. +# Generated by GNU Autoconf 2.72 for dash 0.5.13.4. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2023 Free Software Foundation, @@ -601,8 +601,8 @@ # Identity of this package. PACKAGE_NAME='dash' PACKAGE_TARNAME='dash' -PACKAGE_VERSION='0.5.13.1' -PACKAGE_STRING='dash 0.5.13.1' +PACKAGE_VERSION='0.5.13.4' +PACKAGE_STRING='dash 0.5.13.4' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -740,6 +740,8 @@ enable_static enable_fnmatch enable_glob +enable_tee +enable_memfd_create enable_test_workaround with_libedit enable_lineno @@ -1300,7 +1302,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures dash 0.5.13.1 to adapt to many kinds of systems. +'configure' configures dash 0.5.13.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1367,7 +1369,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of dash 0.5.13.1:";; + short | recursive ) echo "Configuration of dash 0.5.13.4:";; esac cat <<\_ACEOF @@ -1384,6 +1386,8 @@ --enable-static Build statical linked program --enable-fnmatch Use fnmatch(3) from libc --enable-glob Use glob(3) from libc + --disable-tee Do not use tee(2) + --disable-memfd-create Do not use memfd_create(3) --enable-test-workaround Guard against faccessat(2) that tells root all files are executable @@ -1470,7 +1474,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -dash configure 0.5.13.1 +dash configure 0.5.13.4 generated by GNU Autoconf 2.72 Copyright (C) 2023 Free Software Foundation, Inc. @@ -1987,7 +1991,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by dash $as_me 0.5.13.1, which was +It was created by dash $as_me 0.5.13.4, which was generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -3462,7 +3466,7 @@ # Define the identity of the package. PACKAGE='dash' - VERSION='0.5.13.1' + VERSION='0.5.13.4' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -5057,6 +5061,18 @@ enableval=$enable_glob; fi +# Check whether --enable-tee was given. +if test ${enable_tee+y} +then : + enableval=$enable_tee; +fi + +# Check whether --enable-memfd_create was given. +if test ${enable_memfd_create+y} +then : + enableval=$enable_memfd_create; +fi + ac_fn_c_check_header_compile "$LINENO" "alloca.h" "ac_cv_header_alloca_h" "$ac_includes_default" @@ -5477,6 +5493,40 @@ fi +if test "$enable_tee" != no; then + + for ac_func in tee +do : + ac_fn_c_check_func "$LINENO" "tee" "ac_cv_func_tee" +if test "x$ac_cv_func_tee" = xyes +then : + printf "%s\n" "#define HAVE_TEE 1" >>confdefs.h + use_tee=yes +fi + +done +fi + +if test "$use_tee" = yes; then + +printf "%s\n" "#define USE_TEE 1" >>confdefs.h + +else + +printf "%s\n" "#define USE_TEE 0" >>confdefs.h + +fi + +if test "$enable_memfd_create" != no; then + +printf "%s\n" "#define USE_MEMFD_CREATE 1" >>confdefs.h + +else + +printf "%s\n" "#define USE_MEMFD_CREATE 0" >>confdefs.h + +fi + ac_fn_c_check_func "$LINENO" "signal" "ac_cv_func_signal" if test "x$ac_cv_func_signal" = xyes then : @@ -6244,7 +6294,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by dash $as_me 0.5.13.1, which was +This file was extended by dash $as_me 0.5.13.4, which was generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6312,7 +6362,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -dash config.status 0.5.13.1 +dash config.status 0.5.13.4 configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/configure.ac new/dash-0.5.13.4/configure.ac --- old/dash-0.5.13.1/configure.ac 2025-10-13 06:46:20.000000000 +0200 +++ new/dash-0.5.13.4/configure.ac 2026-05-09 04:55:05.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT([dash],[0.5.13.1]) +AC_INIT([dash],[0.5.13.4]) AM_INIT_AUTOMAKE([foreign subdir-objects]) AC_CONFIG_SRCDIR([src/main.c]) @@ -40,6 +40,9 @@ AC_ARG_ENABLE(fnmatch, AS_HELP_STRING(--enable-fnmatch, \ [Use fnmatch(3) from libc])) AC_ARG_ENABLE(glob, AS_HELP_STRING(--enable-glob, [Use glob(3) from libc])) +AC_ARG_ENABLE(tee, AS_HELP_STRING(--disable-tee, [Do not use tee(2)])) +AC_ARG_ENABLE(memfd_create, AS_HELP_STRING(--disable-memfd-create, + [Do not use memfd_create(3)])) dnl Checks for libraries. @@ -131,6 +134,24 @@ AC_CHECK_FUNCS(glob) fi +if test "$enable_tee" != no; then + AC_CHECK_FUNCS(tee, use_tee=yes) +fi + +if test "$use_tee" = yes; then + AC_DEFINE([USE_TEE], [1], [Non-zero if tee(2) should be used]) +else + AC_DEFINE([USE_TEE], [0], [Non-zero if tee(2) should be used]) +fi + +if test "$enable_memfd_create" != no; then + AC_DEFINE([USE_MEMFD_CREATE], [1], + [Non-zero if memfd_create(3) should be used]) +else + AC_DEFINE([USE_MEMFD_CREATE], [0], + [Non-zero if memfd_create(3) should be used]) +fi + dnl Check for klibc signal. AC_CHECK_FUNC(signal) if test "$ac_cv_func_signal" != yes; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/src/arith_yacc.c new/dash-0.5.13.4/src/arith_yacc.c --- old/dash-0.5.13.1/src/arith_yacc.c 2024-04-27 12:40:48.000000000 +0200 +++ new/dash-0.5.13.4/src/arith_yacc.c 2026-04-18 05:07:16.000000000 +0200 @@ -98,8 +98,8 @@ default: case ARITH_REM: case ARITH_DIV: - if (!b) - yyerror("division by zero"); + if (!b || (a == INTMAX_MIN && b == -1)) + yyerror("division error"); return op == ARITH_REM ? a % b : a / b; case ARITH_MUL: return a * b; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/src/expand.c new/dash-0.5.13.4/src/expand.c --- old/dash-0.5.13.1/src/expand.c 2025-10-06 05:00:31.000000000 +0200 +++ new/dash-0.5.13.4/src/expand.c 2026-05-09 04:54:18.000000000 +0200 @@ -379,7 +379,8 @@ if (c == CTLESC) startloc += ml; p += mb & 0xff; - expdest = stnputs(p, ml, expdest); + if (!(flag & EXP_DISCARD)) + expdest = stnputs(p, ml, expdest); p += mb >> 8; break; case CTLESC: @@ -961,13 +962,15 @@ if (likely(!(flags & (expq >> 3 | expq >> 4 | expq >> 8) & (QUOTES_ESC | EXP_MBCHAR)))) { while (len >= 8) { - uint64_t x = *(uint64_t *)(p + count); + uint64_t x; + + memcpy(&x, p + count, sizeof(x)); if ((x | (x - 0x0101010101010101)) & 0x8080808080808080) break; - *(uint64_t *)(q + count) = x; + memcpy(q + count, &x, sizeof(x)); count += 8; len -= 8; @@ -1335,7 +1338,7 @@ unsigned char b[8]; } x; - x.qw = *(uint64_t *)p; + memcpy(&x.qw, p, sizeof(x.qw)); if ((x.qw & 0x8080808080808080)) break; @@ -1914,7 +1917,7 @@ if (c == '?' || c == '[') c = CTLESC; for (;;) { - if (c != CTLESC) { + if (c != (char)CTLESC) { /* Stop should be null-terminated * as it is passed as a string to * strpbrk(3). @@ -1985,7 +1988,7 @@ p++; if (*p == (char)CTLESC) p++; - else if (*p == CTLMBCHAR) { + else if (*p == (char)CTLMBCHAR) { mbp = mbnext(p); p += mbp & 0xff; p += mbp >> 8; @@ -2126,7 +2129,8 @@ tail = 0; } - q = mempcpy(q, p, ml); + memmove(q, p, ml); + q += ml; p += ml + tail; goto setnesc; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/src/input.c new/dash-0.5.13.4/src/input.c --- old/dash-0.5.13.1/src/input.c 2025-09-23 13:07:58.000000000 +0200 +++ new/dash-0.5.13.4/src/input.c 2026-05-09 04:54:18.000000000 +0200 @@ -64,11 +64,10 @@ MKINIT struct stdin_state { - tcflag_t canon; off_t seekable; - struct termios tios; int pip[2]; int pending; + tcflag_t bufferable; }; MKINIT struct parsefile basepf; /* top level input file */ @@ -79,8 +78,6 @@ int whichprompt; /* 1 == PS1, 2 == PS2 */ int stdin_istty = -1; -MKINIT void input_init(void); - STATIC void pushfile(void); static void popstring(void); static int preadfd(void); @@ -135,12 +132,17 @@ void input_init(void) { struct stdin_state *st = &stdin_state; + struct termios tios; int istty; - istty = tcgetattr(0, &st->tios) + 1; - st->seekable = istty ? 0 : lseek(0, 0, SEEK_CUR) + 1; - st->canon = istty ? st->tios.c_lflag & ICANON : 0; + istty = tcgetattr(0, &tios) + 1; stdin_istty = istty; + if (istty) + st->bufferable = tios.c_lflag & ICANON; + else { + st->seekable = lseek(0, 0, SEEK_CUR) + 1; + st->bufferable = !!st->seekable; + } } static bool stdin_bufferable(void) @@ -150,7 +152,7 @@ if (stdin_istty < 0) input_init(); - return st->canon || st->seekable; + return st->bufferable; } static void flush_tee(void *buf, int nr, int pending) @@ -168,13 +170,8 @@ { int err; - if (stdin_istty) - return 0; - if (!stdin_state.pip[0]) { - err = pipe(stdin_state.pip); - if (err < 0) - return err; + sh_pipe(stdin_state.pip, 0); if (stdin_state.pip[0] < 10) stdin_state.pip[0] = savefd(stdin_state.pip[0], stdin_state.pip[0]); @@ -185,7 +182,12 @@ flush_tee(buf, nr, stdin_state.pending); - err = tee(0, stdin_state.pip[1], nr, 0); + if (USE_TEE) + err = tee(0, stdin_state.pip[1], nr, 0); + else { + errno = EINVAL; + err = -1; + } stdin_state.pending = err; return err; } @@ -273,6 +275,7 @@ { char *buf = parsefile->buf; int fd = parsefile->fd; + bool use_tee; int unget; int pnr; int nr; @@ -292,6 +295,12 @@ if (!IS_DEFINED_SMALL && !nr) return nr; + use_tee = likely(!fd) && +#ifndef SMALL + !el && +#endif + !stdin_bufferable(); + pnr = nr; retry: nr = pnr; @@ -323,16 +332,17 @@ } #endif - if (!fd && !stdin_bufferable()) { + if (likely(use_tee)) { nr = stdin_tee(buf, nr); - fd = stdin_state.pip[0]; - if (nr <= 0) { - fd = 0; - nr = 1; + if (nr >= 0) + fd = stdin_state.pip[0]; + else if (errno == EINVAL) { + use_tee = false; + nr = pnr = 1; } } - if (nr >= 0) + if (nr > 0) nr = read(fd, buf, nr); if (nr < 0) { @@ -386,6 +396,7 @@ again: nr = q - parsefile->nextc; + input_set_lleft(parsefile, nr); more = preadfd(); q = parsefile->nextc + nr; if (more <= 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/src/input.h new/dash-0.5.13.4/src/input.h --- old/dash-0.5.13.1/src/input.h 2025-09-23 13:07:58.000000000 +0200 +++ new/dash-0.5.13.4/src/input.h 2026-03-14 10:17:51.000000000 +0100 @@ -119,6 +119,7 @@ void popallfiles(void); void flush_input(void); void reset_input(void); +void input_init(void); static inline int input_get_lleft(struct parsefile *pf) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/src/jobs.c new/dash-0.5.13.4/src/jobs.c --- old/dash-0.5.13.1/src/jobs.c 2025-09-23 13:07:58.000000000 +0200 +++ new/dash-0.5.13.4/src/jobs.c 2026-03-21 09:56:03.000000000 +0100 @@ -919,6 +919,9 @@ if (lvforked) return; + if (!jp) + return; + freejob(jp); if (issimplecmd(n, JOBSCMD->name)) @@ -1234,6 +1237,8 @@ int retval; retval = 0; + if (!JOBS) + goto out; if (job_warning) goto out; jp = curjob; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/src/miscbltin.c new/dash-0.5.13.4/src/miscbltin.c --- old/dash-0.5.13.1/src/miscbltin.c 2025-09-23 13:07:58.000000000 +0200 +++ new/dash-0.5.13.4/src/miscbltin.c 2026-03-21 09:56:03.000000000 +0100 @@ -274,7 +274,10 @@ } if (!positions) positions = 0111; /* default is a */ - if (!strchr("=+-", op = *ap)) + op = *ap; + if (!op) + goto error; + if (!strchr("=+-", op)) break; ap++; new_val = 0; @@ -314,6 +317,7 @@ break; } if (*ap) { +error: sh_error("Illegal mode: %s", *argptr); return 1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/src/options.c new/dash-0.5.13.4/src/options.c --- old/dash-0.5.13.1/src/options.c 2025-09-23 13:07:58.000000000 +0200 +++ new/dash-0.5.13.4/src/options.c 2026-03-14 10:17:51.000000000 +0100 @@ -138,8 +138,11 @@ sh_error("-c requires an argument"); sflag = 1; } - if (iflag == 2 && sflag == 1 && stdin_istty && isatty(2)) - iflag = 1; + if (iflag == 2 && sflag == 1) { + input_init(); + if (stdin_istty && isatty(2)) + iflag = 1; + } if (mflag == 2) mflag = iflag; for (i = 0; i < NOPTS; i++) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/src/parser.c new/dash-0.5.13.4/src/parser.c --- old/dash-0.5.13.1/src/parser.c 2025-09-23 13:07:58.000000000 +0200 +++ new/dash-0.5.13.4/src/parser.c 2026-05-09 04:54:18.000000000 +0200 @@ -442,6 +442,8 @@ cp->type = NCLIST; app = &cp->nclist.pattern; for (;;) { + if (lasttoken < TWORD) + synexpect(TWORD); *app = ap = (union node *)stalloc(sizeof (struct narg)); ap->type = NARG; ap->narg.text = wordtext; @@ -996,9 +998,13 @@ STATIC int readtoken1(int firstc, char const *syntax, char *eofmark, int striptabs) { - struct synstack synbase = { .syntax = syntax }; + struct synstack synbase = { + .dblquote = syntax == DQSYNTAX, + .syntax = syntax, + }; int chkeofmark = checkkwd & CHKEOFMARK; struct synstack *synstack = &synbase; + bool sqheredoc = syntax == SQSYNTAX; struct nodelist *bqlist = NULL; int dollarsq = 0; int c = firstc; @@ -1007,9 +1013,6 @@ size_t len; char *out; - if (syntax == DQSYNTAX) - synstack->dblquote = 1; - STARTSTACKSTR(out); loop: { /* for each line, until end of word */ #if ATTY @@ -1033,7 +1036,8 @@ out); fieldsplitting = synstack->syntax == BASESYNTAX && !synstack->varnest ? 4 : 0; - ml = getmbc(c, out, fieldsplitting); + ml = getmbc(c, out, fieldsplitting | + (sqheredoc ? 2 : 0)); if (ml == 1) { if (out == stackblock()) return TBLANK; @@ -1240,7 +1244,7 @@ markloc = out - (char *)stackblock(); for (p = eofmark; STPUTC(c, out), *p; p++) { - if (c != *p) + if (c != (signed char)*p) goto more_heredoc; c = pgetc(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dash-0.5.13.1/src/redir.c new/dash-0.5.13.4/src/redir.c --- old/dash-0.5.13.1/src/redir.c 2025-09-23 13:07:58.000000000 +0200 +++ new/dash-0.5.13.4/src/redir.c 2026-03-14 10:21:34.000000000 +0100 @@ -331,7 +331,7 @@ int sh_pipe(int pip[2], int memfd) { if (memfd) { - pip[0] = memfd_create("dash", 0); + pip[0] = USE_MEMFD_CREATE ? memfd_create("dash", 0) : -1; if (pip[0] >= 0) { pip[1] = sh_dup2(pip[0], -1, pip[0]); return 1;
