| Age | Commit message (Collapse) | Author |
|---|
|
Changelog:
=========
1. New Features in Bash
a. 'bind -x' now supports different bindings for different editing modes and
keymaps.
b. Bash attempts to optimize the number of times it forks when executing
commands in subshells and from 'bash -c'.
c. Here documents and here strings now use pipes for the expanded document if
it's smaller than the pipe buffer size, reverting to temporary files if it's
larger.
d. There are new loadable builtins: mktemp, accept, mkfifo, csv, cut/lcut
e. In posix mode, 'trap -p' now displays signals whose disposition is SIG_DFL
and those that were SIG_IGN when the shell starts.
f. The shell now expands the history number (e.g., in PS1) even if it is not
currently saving commands to the history list.
g. 'read -e' may now be used with arbitrary file descriptors ('read -u N').
h. The 'select' builtin now runs traps if its internal call to the read builtin
is interrupted by a signal.
i. SRANDOM: a new variable that expands to a 32-bit random number that is not
produced by an LCRNG, and uses getrandom/getentropy, falling back to
/dev/urandom or arc4random if available. There is a fallback generator if
none of these are available.
j. shell-transpose-words: a new bindable readline command that uses the same
definition of word as shell-forward-word, etc.
k. The shell now adds default bindings for shell-forward-word,
shell-backward-word, shell-transpose-words, and shell-kill-word.
l. Bash now allows ARGV0 appearing in the initial shell environment to set $0.
m. If 'unset' is executed without option arguments, bash tries to unset a shell
function if a name argument cannot be a shell variable name because it's not
an identifier.
n. The 'test -N' operator uses nanosecond timestamp granularity if it's
available.
o. Bash posix mode now treats assignment statements preceding shell function
definitions the same as in its default mode, since POSIX has changed and
no longer requires those assignments to persist after the function returns
(POSIX interp 654).
p. BASH_REMATCH is no longer readonly.
q. wait: has a new -p VARNAME option, which stores the PID returned by 'wait -n'
or 'wait' without arguments.
r. Sorting the results of pathname expansion now uses byte-by-byte comparisons
if two strings collate equally to impose a total order; the result of a
POSIX interpretation.
s. Bash now allows SIGINT trap handlers to execute recursively.
t. Bash now saves and restores state around setting and unsetting posix mode,
instead of having unsetting posix mode set a known state.
u. Process substitution is now available in posix mode.
v. READLINE_MARK: a new variable available while executing commands bound with
'bind -x', contains the value of the mark.
w. Bash removes SIGCHLD from the set of blocked signals if it's blocked at shell
startup.
x. 'test -v N' can now test whether or not positional parameter N is set.
y. 'local' now honors the '-p' option to display all local variables at the
current context.
z. The '@a' variable transformation now prints attributes for unset array
variables.
aa. The '@A' variable transformation now prints a declare command that sets a
variable's attributes if the variable has attributes but is unset.
bb. 'declare' and 'local' now have a -I option that inherits attributes and
value from a variable with the same name at a previous scope.
cc. When run from a -c command, 'jobs' now reports the status of completed jobs.
dd. New 'U', 'u', and 'L' parameter transformations to convert to uppercase,
convert first character to uppercase, and convert to lowercase,
respectively.
ee. PROMPT_COMMAND: can now be an array variable, each element of which can
contain a command to be executed like a string PROMPT_COMMAND variable.
ff. 'ulimit' has a -R option to report and set the RLIMIT_RTTIME resource.
gg. Associative arrays may be assigned using a list of key-value pairs within
a compound assignment. Compound assignments where the words are not of
the form [key]=value are assumed to be key-value assignments. A missing or
empty key is an error; a missing value is treated as NULL. Assignments may
not mix the two forms.
hh. New 'K' parameter transformation to display associative arrays as key-
value pairs.
ii. Writing history to syslog now handles messages longer than the syslog max
length by writing multiple messages with a sequence number.
jj. SECONDS and RANDOM may now be assigned using arithmetic expressions, since
they are nominally integer variables. LINENO is not an integer variable.
kk. Bash temporarily suppresses the verbose option when running the DEBUG trap
while running a command from the 'fc' builtin.
ll. 'wait -n' now accepts a list of job specifications as arguments and will
wait for the first one in the list to change state.
mm. The associative array implementation can now dynamically increase the
size of the hash table based on insertion patterns.
nn. HISTFILE is now readonly in a restricted shell.
oo. The bash malloc now returns memory that is 16-byte aligned on 64-bit
systems.
pp. If the hash builtin is listing hashed filenames portably, don't print
anything if the table is empty.
qq. GLOBIGNORE now ignores '.' and '..' as a terminal pathname component.
rr. Bash attempts to optimize away forks in the last command in a function body
under appropriate circumstances.
ss. The globbing code now uses fnmatch(3) to check collation elements (if
available) even in cases without multibyte characters.
tt. The 'fg' and 'bg' builtins now return an error in a command substitution
when asked to restart a job inherited from the parent shell.
uu. The shell now attempts to unlink all FIFOs on exit, whether a consuming
process has finished with them or not.
vv. There is a new contributed loadable builtin: asort.
2. New Features in Readline
a. If a second consecutive completion attempt produces matches where the first
did not, treat it as a new completion attempt and insert a match as
appropriate.
b. Bracketed paste mode works in more places: incremental search strings, vi
overstrike mode, character search, and reading numeric arguments.
c. Readline automatically switches to horizontal scrolling if the terminal has
only one line.
d. Unbinding all key sequences bound to a particular readline function now
descends into keymaps for multi-key sequences.
e. rl-clear-display: new bindable command that clears the screen and, if
possible, the scrollback buffer (bound to emacs mode M-C-l by default).
f. New active mark and face feature: when enabled, it will highlight the text
inserted by a bracketed paste (the 'active region') and the text found by
incremental and non-incremental history searches. This is tied to bracketed
paste and can be disabled by turning off bracketed paste.
g. Readline sets the mark in several additional commands.
h. Bracketed paste mode is enabled by default.
i. Readline tries to take advantage of the more regular structure of UTF-8
characters to identify the beginning and end of characters when moving
through the line buffer.
j. The bindable operate-and-get-next command (and its default bindings) are
now part of readline instead of a bash-specific addition.
k. The signal cleanup code now blocks SIGINT while processing after a SIGINT.
(From OE-Core rev: 842edd425e82c983ca0b1a7b733baf41cb689a69)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bash keeps a count of the number of times make was invoked on a directory
and changes the output versioning accordingly. We want deterministic output
so disable this behaviour.
(From OE-Core rev: 13a039e03195a47c750d5901e96fe81cf523481f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is a rare make race that occurs in bash due to the way it constructs
certain headers and a build tool. Restructure the creation to remove
the race.
[YOCTO #14227]
(From OE-Core rev: 6f683cf21630142e82cc37d79f3d797d179d8d12)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 65ccd5fb231b8628374aac5eadae57d8179490ec)
(From OE-Core rev: 713860c05ba9a11a20c3a983dd45fc06f19cddc0)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These files are used by this ptest case
103,108d102
< cat: ../y.tab.c: No such file or directory
< cmp: ../y.tab.c: No such file or directory
< cat: /usr/lib/bash/ptest/config.h: No such file or directory
< cmp: /usr/lib/bash/ptest/config.h: No such file or directory
< cat: /usr/lib/bash/ptest/version.h: No such file or directory
< cmp: /usr/lib/bash/ptest/version.h: No such file or directory
FAIL: run-heredoc
(From OE-Core rev: 0672a3dae14462e590959e966fef22b6e2a2ad09)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
(From OE-Core rev: cc6c7af900ae0196a62b7fa1375c55bbcd8e68b4)
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bash 5.1 enabled bracketed input mode by default, but this causes a lot
of problems with automated testing as it can inject a lot of control
sequences into non-interactive output. Disable it to cleanup the output
an preserve the pre-5.1 behavior
(From OE-Core rev: 6c1cb7e274050f1ccb817b8ee34d0f61f34c95e3)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is a race between two make invocations in 5.1. It has been
reported upstream, in the meantime add a work around patch (which
upstream may yet even apply). The autobuilder found two instances
of this race in a single build.
(From OE-Core rev: 62b8580cea567f2d9b7a900fc4302d6bc5a785b2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We had reproducibility issues where the pipe size appears to vary on some build
hosts between 65535 and 4096. It should be the former on Linux in general so
standarise on that. Easiest way is to pass in CFLAGS.
(From OE-Core rev: 6de2152693c31ee1181e9eacc32b90dd63d4e0a9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[RP: Add aclocal support and patch m4 handling to adapt to OE]
(From OE-Core rev: ab4406dfdbd5e21f6fff0865228ebf5da1274505)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Because the name of CVE patch is wrong, cve-check-tool cannot get the correct CVE result. Rename the patch name.
(From OE-Core rev: 422f9af7d0f7de7a2e933154853e7a281f98ab93)
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
An issue was discovered in disable_priv_mode in shell.c in GNU Bash
through 5.0 patch 11. By default, if Bash is run with its effective UID
not equal to its real UID, it will drop privileges by setting its
effective UID to its real UID. However, it does so incorrectly. On Linux
and other systems that support "saved UID" functionality, the saved UID
is not dropped. An attacker with command execution in the shell can use
"enable -f" for runtime loading of a new builtin, which can be a shared
object that calls setuid() and therefore regains privileges. However,
binaries running with an effective UID of 0 are unaffected.
Get the patch from [1] to fix the issue.
[1] https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaa
(From OE-Core rev: 6f01acae9c279e0a580f46d1ba4c015caa3f8c2c)
Signed-off-by: De Huo <De.Huo@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
patch 17 :-
https://ftp.gnu.org/gnu/bash/bash-5.0-patches/bash50-017
There were cases where patch 16 reaped process substitution file
descriptors (or FIFOs) and processes to early. This is a better
fix for the problem that bash50-016 attempted to solve.
path 18 :-
https://ftp.gnu.org/gnu/bash/bash-5.0-patches/bash50-018
In certain cases, bash does not perform quoted null removal on
patterns that are used as part of word expansions such as
${parameter##pattern}, so empty patterns are treated as non-empty.
(From OE-Core rev: 08f8580b1ad2a478538f6974e79cb79e726b6efa)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 10907c6ea3665e0cacb05e7120c8726ed5790a3c)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 61c3449b87e5d627134a580bb5298338f389beb1)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For ptest only RDEPENDS is needed, and packaging glibc-locale
slowed down builds with ptest disabled.
(From OE-Core rev: 53f61ca73e69508bff6ea75da666d6873b5384f5)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bash has an internal "build number" that it tracks and automatically
increments ever time a given builds is made from the same sandbox.
However, this can make builds non-reproducible in the event that a build
directory is reused multiple times.
Remove the .build files after every build if reproducible builds have
been requested which will reset the build build number for the next
build.
(From OE-Core rev: 9754be5c22de877bd53226908d03d2eef5751808)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The execscript test in bash fails when run with ptest-runner calling
'su', with the error:
bash: cannot set terminal process group (16036): Inappropriate ioctl for device
Even with ptest-runner fixed to make a child process use the right
process group, 'su' still results in the warning above. Use 'setpriv'
instead. 'runuser' was considered and works but depends on pam so it's
ruled out.
Now that all bash tests are run as a user, the patch:
fix-run-coproc-run-heredoc-run-execscript-run-test-f.patch
can be removed. Also to create the account 'bashtest' in the
'run-ptest' script the bash-ptest must depend on 'shadow'. Also,
in 'run-ptest', ensure that the bash ptests are owned by the 'bashtest' user.
Add 'sed' as a dependency for ptests since tests/exp8.sub runs:
var=$'x\001y\177z'
declare -p var | sed -n l
and that results in:
sed.busybox: ""
sed.sed: declare -- var="x\001y\177z"$
This appears to be a feature that busybox sed has not implemented.
With this series of changes, bash-ptest for qemux86-64 passes
79 of 81 tests. The remaining failures are:
1. run-read:
# cat tests/read6.sub
# test read with a timeout of 0 -- input polling
# sleep with fractional seconds argument is not universal
echo abcde | { sleep 0.25 2>/dev/null ; read -t 0; }
echo $?
read -t 0 < $0
echo $?
read -t 0
echo $? <-- returns 1, when 0 is expected.
I can reproduce this on my workstation but only when using ptest-runner
and initially logging into the console as root. That's a little odd and
seems like I need to continue to improve ptest-runner.
2. run-trap:
# cat tests/trap3.sub
PS4='+[$LINENO] '
trap 'echo trap: $LINENO' ERR
set -x
echo 1
echo 2
echo 3 | cat | false <--- error
echo 4
This is a scheduler behaviour difference between the common case
on a workstation and the common case in qemu. The test case does
warn about the completion order not being deterministic so I plan
to ignore it.
>From tests/run-trap:
UNIX versions number signals and schedule processes differently.
If output differing only in line numbers is produced, please
do not consider this a test failure.
Still, it's notable and slightly odd that the common case output
is different.
(From OE-Core rev: 81e3f01867cf114b728ab5a417c29426c9bf8122)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Makefile used for bash-ptest can pick up the path to the uninative
loader through BUILD_LDFLAGS. This includes the full path to the
uninative loader, which is not reproducible. Replace it with /bin/false.
It doesn't appear as if these native programs are used in the test
suites and if there are likely to be other problems related to building
them using the BUILD_* flags.
(From OE-Core rev: 1208ff934a2bb6378aa8b219345110a0d56bf767)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
new-exp ptest fails as it expects non-root user.
>From the failed ptest log:
< new-exp.tests: the test suite should not be run as root
628c627
< argv[1] = <host(2)[5.0]# >
---
> argv[1] = <host(2)[5.0]$ >
FAIL: run-new-exp
Many of the ptests declare that they should not be run as root
and a few fail since the expected result strings are for a
user shell.
When ptests are run as bash_user (non-root) the glob test
fails with error:
run-glob-test
59,60d58
< touch: cannot touch 'a?': Permission denied
< touch: cannot touch 'aa': Permission denied
So ensure that the bash/ptest/tests directory is owned by the
bash_user while the tests are being run and return it to root
owner afterwards.
(From OE-Core rev: c125609886b36048cfde6e694eee7fb47f197241)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Randy Macleod <randy.macleod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
glob-test failed beacuse it could not convert big5hkscs
encoding to perform comparison.
(From OE-Core rev: 8e147863c4c0fdc22da92e2e5e35502906eac916)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Randy Macleod <randy.macleod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
One of the ptests failed for internationalization.
>From the failed ptest log:
run-intl
fr_FR.ISO8859-1: Error Encoding U+00000080 to [ "$'\200'" != "\\u0080" ]
(125 similar errors related to same encoding)
The test was unable to convert iso8859-1 encoding to perform comparison.
(From OE-Core rev: ec1849d7a5964bef53462b9d4763e22433f9d246)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Randy Macleod <randy.macleod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bash's ptest needs glibc-utils (for locale), some extra locales for various tests
it uses options busybox doesn't support for some tools, hence coreutils and also runs
perl for some tests.
(From OE-Core rev: 7ce6f69e56ef7ccc0187722cd78728a6505073b7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Rebase build-tests.patch and execute_cmd.patch to 5.0
- Drop 0001-help-fix-printf-format-security-warning.patch
and pathexp-dep.patch, upstream has fixed them in commit
[d233b48 bash-5.0 distribution sources and documentation]
(From OE-Core rev: db044235e72a1519a081c4f6541f7d7cfe70d49f)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Apply point release patches from upstream which includes a fix for
indefinitely spinning process and a zombie by a simple $() statement
in a long running script.
(From OE-Core rev: eb39670fb2fe9735a1a0434c63b64ec66599f850)
Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
enabled
with thumb and debug enabled bash gets stuck forever when building for qemuarm.
bash/4.4.18-r0/build/builtins$ arm-webos-linux-gnueabi-gcc -march=armv5te -mthumb -fstack-protector-strong --sysroot=bash/4.4.18-r0/recipe-sysroot -c -DHAVE_CONFIG_H -DSHELL -I. -I.. -I../../bash-4.4.18 -I../../bash-4.4.18/include -I../../bash-4.4.18/lib -I../../bash-4.4.18/builtins -O -fno-omit-frame-pointer -g -DNON_INTERACTIVE_LOGIN_SHELLS read.c
when -mthumb, -fstack-protector-strong, -fno-omit-frame-pointer appear
together, removing one of them is enough for successful build.
similar to:
http://lists.openembedded.org/pipermail/openembedded-core/2018-May/150654.html
but in this case the build gets stuck instead of failure
(From OE-Core rev: ae41e1f263d20d5d83b2a7ca95dc955840d793e1)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In Linux,8 bits of the return code and 8 bits of the number of
the killing signal are mixed into a single value on the exit code,
so the exit status offset should be 8. But the autoconf checker
can not determine it while cross compiling, and then it is set to
the default value 0, which will cause generating the wrong exit
code if program exit with an error code.
(From OE-Core rev: e2dea46607a24620d6d2c250efc9b2e95bfd5ad8)
Signed-off-by: Rui Wang <rui.wang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Drop bash-memleak-bug-fix-for-builtin-command-read.patch which has
been accepted since 4.4.17
(From OE-Core rev: ec6da604012b54769db3371a8ed9ac0be4c9d0e6)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 33dadb98c10fdf04d9ed9b6ba57de6257873bcea)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1.Upgrade bash from 4.4 to 4.4.12.
2.Delete bash44-001, bash44-002, bash44-003, bash44-004, bash44-005, bash44-006, bash44-007,bash44-008, bash44-009, bash44-0010, bash44-0011, bash44-0012, since it is integrated upstream.
(From OE-Core rev: 0b7a1a52e4640bb1f8a6fbe00db175df1356ebe1)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
meta/conf/distro/include/tclibc-glibc.inc weakly assigns PREFERRED_PROVIDER
for virtual/libc-locale to glibc-locale, but allows adjusting it if needed.
Hence, bash should not depend on glibc-locale directly, but instead use this
virtual/libc-locale variable.
(From OE-Core rev: 6454c610eb6565360d29334f5f19845758dbf2c6)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Under musl bash uses its own libintl clone but there are some missing
dependencies so it is possible for pathexp.o to be built whilst libintl.h is
being written, leading to compile errors.
(From OE-Core rev: d58c20fd45f4808cbc1726ec5b46edb1c60b9cf8)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bash hand-maintains their aclocal.m4, so stop autoreconf from invoking aclocal
and overwriting it. This means we can remove the kludge to copy aclocal.m4 to
acinclude.m4.
(From OE-Core rev: 57fe9f61dd4c43f8267b831c1b177ad67010d78c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 2820a2c530018f59895fb57770caa8511d31afd4)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bash-ptest fails several tests. This patch fixes:
FAIL: run-intl
The test used to fail because of missing locales (fr_FR, de_DE)
[YOCTO #12145]
(From OE-Core rev: 70e544452b6825686f06484d994936ded677825f)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove all host build references from the following bash packages:
bash-ptest, bash-bashbug, bash-dev, bash-loadable.
[YOCTO #11918]
(From OE-Core rev: 26a29d85648b68bb1d2badd59de76f850054e059)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Built in command "read" with "-e" use Readline to obtain the line
in an interactive shell. In this process, a string "rlbuf" is
just allocated without free operation thus cause memory leak.
This patch had been submitted to upstream:
http://lists.gnu.org/archive/html/bug-bash/2017-02/msg00061.html
(From OE-Core rev: a2b278a6eaa9e9b48d858e3be6712267c0122598)
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. Rebase patches:
- fix-run-coproc-run-heredoc-run-execscript-run-test-f.patch
- test-output.patch
2. Drop backported patches:
- CVE-2016-9401.patch
- fix-run-intl.patch
3. Add ${PN}-loadable for loadable builtins which is new features in Bash 4.4
4. The 4.4 fixed CVE-2017-5932 and CVE-2016-0634
- https://security-tracker.debian.org/tracker/CVE-2017-5932
- https://security-tracker.debian.org/tracker/CVE-2016-0634
5. The 4.4 installed include header files, fix bash-dev confilicts
with lib32-bash-dev
.....
$ bitbake lib32-core-image-sato-sdk
...
|Error: Transaction check error: file /usr/include/bash/config.h
conflicts between attempted installs
|of lib32-bash-dev-4.4-r0.x86 and bash-dev-4.4-r0.core2_64
......
(From OE-Core rev: 4097694b13cd5f0d68987551c3f9af80c87dc6ae)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Most of shell scripts refer to '#!/bin/{sh,bash}' inside the script. But when
'usrmege' feature is enabled this path will be /usr/bin/{sh, bash}.
so to satisify build dependency add '/bin/{sh,bash}' to its providers list.
(From OE-Core rev: 4759408677a4e60c5fa7131afcb5bc184cf2f90a)
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A vulnerability was found in a way bash expands the $HOSTNAME.
Injecting the hostname with malicious code would cause it to run
each time bash expanded \h in the prompt string.
Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
bash43-047> to solve CVE-2016-0634
CVE: CVE-2016-0634
(From OE-Core rev: 7dd6aa1a4bf6e9fc8a1998cda6ac5397bb5cd5cb)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It's a machine-specific script, which is causing conflicts
when multiple versions of bash are installed in multilib setting,
and it also does not really make sense for embedded systems anyway.
(From OE-Core rev: dbe57bd0aec855c81b03850367b3b483f622c328)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These are recipes where the upstream has moved to GPLv3 and these old
versions are the last ones under the GPLv2 license.
There are several reasons for making this move. There is a different
quality of service with these recipes in that they don't get security
fixes and upstream no longer care about them, in fact they're actively
hostile against people using old versions. The recipes tend to need a
different kind of maintenance to work with changes in the wider ecosystem
and there needs to be isolation between changes made in the v3 versions
and those in the v2 versions.
There are probably better ways to handle a "non-GPLv3" system but right
now having these in OE-Core makes them look like a first class citizen
when I believe they have potential for a variety of undesireable issues.
Moving them into a separate layer makes their different needs clearer, it
also makes it clear how many of these there are. Some are probably not
needed (e.g. mc), I also wonder whether some are useful (e.g. gmp)
since most things that use them are GPLv3 only already. Someone could
now more clearly see how to streamline the list of recipes here.
I'm proposing we mmove to this separate layer for 2.3 with its future
maintinership and testing to be determined in 2.4 and beyond.
(From OE-Core rev: 19b7e950346fb1dde6505c45236eba6cd9b33b4b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
popd in bash might allow local users to bypass the restricted shell
and cause a use-after-free via a crafted address.
Porting patch from <https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/
bash44-006> to solve CVE-2016-9401.
(From OE-Core rev: 6987b317d5ce8dc50a37ebba395aa8424bec358c)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Busybox may offer a bash applet. If enabled, the alternatives mechanism
avoids breaking logins if bash gets deinstalled while /bin/bash is configured
as a login shell.
(From OE-Core rev: cf0fd8bff79a12b6eec45145ef168ebf5afebdcc)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make sure the recipe version matches what we're
actually shipping, so that tools like cve-check
can do the right thing.
Rather than fetching version 3.2.48 and applying all
patches up to and including version 3.2.57, we just
fetch the latter in the first place.
(From OE-Core rev: 614ac87f2832c5359f371439559be88d6106cd6b)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Acked-by: Sylvain Lemieux <slemieux@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. Filter the extra white space in intl.right
When the sub-test unicode2.sub of intl.tests executed, it produced
compact results without extra white space, compared to intl.right,
it failed.
So we need to filter the extra white space in intl.right.
Import this patch for intl.right from bash devel branch:
http://git.savannah.gnu.org/cgit/bash.git/log/?h=devel
Commit is:
85ec0778f9d778e1820fb8c0e3e996f2d1103b45
2. Change intl.right correspond to the unicode3.sub's output
In sub-test unicode3.sub of intl.tests have this:
printf %q "$payload"
The payload variable was assigned by ASCII characters, when using
'%q' format strings, it means print the associated argument shell-quoted.
When the strings contain the non-alpha && non-digit && non-punctuation &&
non-ISO 646 character(7-bit), it would output like this: " $'...', ANSI-C
style quoted string. We can check the bash source code at:
http://git.savannah.gnu.org/cgit/bash.git/tree/builtins/printf.def#n557
http://git.savannah.gnu.org/cgit/bash.git/tree/lib/sh/strtrans.c#n331
So we need to change the intl.right contain the correct output of unicode3.sub.
Import parts of this patch for intl.right from bash devel branch:
http://git.savannah.gnu.org/cgit/bash.git/log/?h=devel
Commit is:
74b8cbb41398b4453d8ba04d0cdd1b25f9dcb9e3
3. Add the sanity check for locales
When run the intl.tests, we need the following locales:
en_US & fr_FR & de_DE
So add the locales check for the intl.tests in run-ptest.
(From OE-Core rev: 640676226bb351420a0a8b2d2a3c120ae42da11e)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 2e12615ca5ab4acf7ec2952b7555054ca88e147d)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 45bc8a2c4bbe252526d5eee2547f8b9e06165e5a)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If security_flags.inc is included then bash 3.2.48 fails to build:
| ../bash-3.2.48/print_cmd.c:1152:3: error: format not a string literal and no format arguments [-Werror=format-security]
| cprintf (indentation_string);
Backport a patch from upstream to solve this.
(From OE-Core rev: 293d90d757d0d1e292c90cb0e9c576faf911ffcc)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
wangmy
Richard Purdie
Alexander Kanavin
Khem Raj
Dorinda
Joshua Watt
zangrc
De Huo
Chee Yang Lee
Adrian Bunk
Randy MacLeod
Sakib Sajal
Hongxu Jia
Jeroen Hofstee
Martin Jansa
Rui Wang
Ross Burton
Huang Qiyu
Denys Dmytriyenko
Juro Bystricky
Zhang Xiao
Amarnath Valluri
Zhixiong Chi
Alexander Kanavin
Li Zhou
Andreas Oberritter
André Draszik
Dengke Du