Bug#1006504: bullseye-pu: package bash/5.1-6~deb11u1
Control: tags -1 - moreinfo
Control: retitle -1 bullseye-pu: package bash/5.1-2+deb11u1
Hi Julien
On Sat, Mar 19, 2022 at 10:02:54PM +0100, Salvatore Bonaccorso wrote:
> Hi Julien,
>
> On Sat, Mar 19, 2022 at 06:36:16PM +0100, Julien Cristau wrote:
> > Control: tag -1 moreinfo
> >
> > On Sat, Feb 26, 2022 at 03:25:09PM +0100, Salvatore Bonaccorso wrote:
> > > There was a request in #1003012 to fix an issue in bash corrupting
> > > multibyte characters in command substitutions.
> > >
> > > While looking at it I'm proposing here instead of only picking the 014
> > > patch, to pick up all the changes done since from the bullseye release
> > > on top and so proposing a rebuilding of 5.1-6 which was expoed in
> > > testing for awhile now. Only change reverted would be the bump of
> > > standards version but still including the drop of the pre-wheezy
> > > preinst for the "dash-as-sh"-transition.
> > >
> > > Attached is the resulting debdiff as proposed with the rebuild.
> > >
> > > Matthias, Stable release managers what do you think on the update?
> > >
> > I'm unconvinced. Dropping the preinst seems way out of scope for a
> > stable update, as for the other changes it's unclear to me what their
> > impact/risk is.
>
> This is why I hoped to see what Matthias thinks. The alternative
> would clearly be to only cherry pick the fix for #1003012 and do
> 5.1-2+deb11u1 with it.
Okay attached the alternative, and only cherry-pick the 014 patch
upstream to address #1003012. Would that be acceptable instead?
Regards,
Salvatore
diff -Nru bash-5.1/debian/changelog bash-5.1/debian/changelog
--- bash-5.1/debian/changelog 2021-01-03 10:44:50.000000000 +0100
+++ bash-5.1/debian/changelog 2022-03-27 20:40:30.000000000 +0200
@@ -1,3 +1,10 @@
+bash (5.1-2+deb11u1) bullseye; urgency=medium
+
+ * Non-maintainer upload.
+ * 1-byte buffer overflow read in subst.c read_comsub (Closes: #1003012)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sun, 27 Mar 2022 20:40:30 +0200
+
bash (5.1-2) unstable; urgency=medium
* Apply upstream patches 001 - 004.
diff -Nru bash-5.1/debian/patches/bash51-014.diff bash-5.1/debian/patches/bash51-014.diff
--- bash-5.1/debian/patches/bash51-014.diff 1970-01-01 01:00:00.000000000 +0100
+++ bash-5.1/debian/patches/bash51-014.diff 2022-03-27 20:40:30.000000000 +0200
@@ -0,0 +1,26 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 5.1
+Patch-ID: bash51-014
+
+Bug-Reported-by: platon7pronko@gmail.com
+Bug-Reference-ID:
+Bug-Reference-URL: https://savannah.gnu.org/patch/?10035
+
+Bug-Description:
+
+Bash may produce corrupted input if a multibyte character spans a 512-byte
+boundary while reading the output of a command substitution.
+
+--- a/subst.c
++++ b/subst.c
+@@ -6242,7 +6242,7 @@ read_comsub (fd, quoted, flags, rflag)
+ /* read a multibyte character from buf */
+ /* punt on the hard case for now */
+ memset (&ps, '\0', sizeof (mbstate_t));
+- mblen = mbrtowc (&wc, bufp-1, bufn+1, &ps);
++ mblen = mbrtowc (&wc, bufp-1, bufn, &ps);
+ if (MB_INVALIDCH (mblen) || mblen == 0 || mblen == 1)
+ istring[istring_index++] = c;
+ else
diff -Nru bash-5.1/debian/patches/series bash-5.1/debian/patches/series
--- bash-5.1/debian/patches/series 2021-01-03 10:43:05.000000000 +0100
+++ bash-5.1/debian/patches/series 2022-03-27 20:40:30.000000000 +0200
@@ -2,6 +2,7 @@
bash51-002.diff
bash51-003.diff
bash51-004.diff
+bash51-014.diff
bashbug-editor.diff
deb-bash-config.diff
deb-examples.diff
Reply to: