Skip to content

Patch Upstream Report: Red Hat

Martijn Dekker edited this page Feb 12, 2024 · 14 revisions

Here are the patches from Red Hat and what 93u+m has done with them.


  • Do not evaluate arithmetic expressions from environment variables
    at startup
    Resolves: #1790542

public bug: https://bugzilla.redhat.com/CVE-2019-14868
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-cve-2019-14868.patch
DONE: 593a5a8b


  • Fix a crash due to out of bounds write
    Resolves: #1506344

public bug: https://bugzilla.redhat.com/1506344
patched by: https://bugzilla.redhat.com/attachment.cgi?id=1370722&action=diff
DONE: 1477b5ff


  • Add configuration option to enable signal bubbling for backward
    compatibility
    Resolves: #1454804

public bug: https://bugzilla.redhat.com/1454804
patched by: https://bugzilla.redhat.com/attachment.cgi?id=1317752&action=diff
note: takes an effect only if $_AST_KSH_SIGNAL_BUBBLE is set
ACTUALLY FIXED in: 30aee651


  • Fix a crash during clean up after sourcing multiple files
    Resolves: #1437530

public bug: https://bugzilla.redhat.com/1321443
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-dotdoublefree.patch
DONE: a8f6d6b8


  • Fix a memory leak while creating subshells
    Resolves: #1324990

private bug: https://bugzilla.redhat.com/1324990
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-subshell-leak.patch
DONE: 361fe1fc


  • ksh crashed when disk was full (#1212992)

public bug: https://bugzilla.redhat.com/1212992
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20140801-diskfull.patch
DONE: ceb77b13
REVERTED in b7dde4e7 as it caused bug #281. Further testing showed that this patch is redundant as of commit 970069a6 as that also fixes the login crash on disk full.


  • fix: in a login shell "( cmd & )" does nothing (#1217236)

public bug: https://bugzilla.redhat.com/1217236
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-nohupfork.patch
DONE (differently): e3d7bf1d


  • multibyte character string after $1-9 was not expanded correctly
    (#1256495)

public bug: https://bugzilla.redhat.com/1256495
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-mb-after-argvar.patch
DONE: 4144f404


  • case in a for loop inside a subshell caused syntax error (#1241013)

public bug: https://bugzilla.redhat.com/1241013
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-parserfix.patch
DONE: bd283959


  • fix another occurrence of previous bug (#1247383)
  • do not free constant string trap (#1247383)

public bug: https://bugzilla.redhat.com/1247383
patched by (patch of patch): https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-trapcom.patch
DUPE: 6193c6a3, a5d38b1d


  • prevent null-test optimization in strdup (#1221766)

public bug (not much useful): https://bugzilla.redhat.com/1221766
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-badgcc.patch
DONE: 7afb30e1


  • using trap DEBUG could cause segmentation fault (#1200534)

private bug: https://bugzilla.redhat.com/1200534
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20140801-arraylen.patch
DONE: bb15f7fb


  • ksh could hang when executed in removed directory (#1204111)

public bug: https://bugzilla.redhat.com/1204111
patched by (patch of patch): https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-cdfork.patch
note: triggered by a fix for https://bugzilla.redhat.com/1168611
DUPE: f7c3565f


  • fix segfault when handling a trap (#1117404)

public bug: https://bugzilla.redhat.com/1117404
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-trapcom.patch
DONE: 6193c6a3, a5d38b1d; fixed off-by-one in 3aee10d7


  • closing a file descriptor in a command substitution caused loss of
    the output (#1116072)

public bug: https://bugzilla.redhat.com/1116072
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20140929-safefd.patch
DONE: 045fe6a1


  • combining alarm and IFS caused segfault (#1176670)

public bug: https://bugzilla.redhat.com/1176670
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-alarmifs.patch
DONE: 18b3f4aa, part reverted in f033bb03


  • cd to directory without execution permission can't fail silently
    (#1160923)

private bug: https://bugzilla.redhat.com/1160923
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-noexeccdfix.patch
(on cold ice) new ‘cd’ (#5/5)


  • current directory could differ from PWD (#1168611)

public bug: https://bugzilla.redhat.com/1168611
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-cdfork.patch
DONE: f7c3565f


  • declaration of a two dimensional associative array could add an
    extra 0 element (#1173668)

public bug: https://bugzilla.redhat.com/1173668
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-emptyarrayinit.patch
DONE: 02a14ff9


  • exporting fixed with variable corrupted its data (#1188377)

public bug: https://bugzilla.redhat.com/1188377
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-xufix.patch
DONE: fdb9781e, improved in: 95fe07d8, 0e4c4d61


  • fixes memory leak on unset of associative array (#1189294)

public bug: https://bugzilla.redhat.com/1189294
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-assoc-unset-leak.patch
DONE: e70925ce


  • do not inherit invalid variables during shell initializaton (#1147645)

public bug: https://bugzilla.redhat.com/1147645
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-oldenvinit.patch
DONE: 960a1a99


  • ksh hangs when command substitution containing pipe fills out the
    pipe buffer (#1138751)

public bug: https://bugzilla.redhat.com/1138751
patched by (patch of patch): https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/
DUPE: 4ce486a7; regress test added: 95225e1e; superseded: 42becab6


  • the last patch was not applied correctly (#1116508)
  • return code from a function could be wrong (#1116508)

public bug: https://bugzilla.redhat.com/1116508
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-retfix.patch
DONE: 7e6bbf85


  • cd builtin could break IO redirection (#1133582)

public bug: https://bugzilla.redhat.com/1133582
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20130613-cdfix4.patch
(on cold ice) new ‘cd’ (#4/5)


  • job locking mechanism did not survive compiler optimization (#1112306)

public bug: https://bugzilla.redhat.com/1112306
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-locking.patch
DONE better in: c258a04f


  • wrong return code from a pipe in command substitution (#1117316)

public bug: https://bugzilla.redhat.com/1117316
patched by (patch of patch): https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-crash.patch
DUPE: ce68e1be


  • do not crash when unsetting running function from another one
    (#1105138)

private bug: https://bugzilla.redhat.com/1105138
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-fununset.patch
DONE (better): b7932e87, c382cea1


  • should report an error when trying to cd into directory without
    execution bit (#1102627)

public bug: https://bugzilla.redhat.com/1102627
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-cdfix3.patch
(on cold ice) new ‘cd’ (#3/5)


  • do not resend signal on termination (#1075635)

public bug: https://bugzilla.redhat.com/1075635
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-sufix.patch
DONE: 352e68da


  • fix argv rewrite (#1047506)

private bug: https://bugzilla.redhat.com/1047506
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-argvfix.patch
DONE (better): cefe087d, 159fb9ee


  • fix brace expansion on/off (#1078698)

private bug: https://bugzilla.redhat.com/1078698
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20140301-fikspand.patch
DONE: a14d17c0


  • fix incorrect rounding of numbers 0.5 < |x| <1.0 in printf (#1070350)

private bug: https://bugzilla.redhat.com/1070350
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-roundit.patch
DONE much better by hyenias: d7c90ead


  • fix parser errors related to the end of the here-document marker
    (#1036931)

private bug: https://bugzilla.redhat.com/1036931
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-heresub.patch
DONE: 6e515f1d


  • ksh hangs when command substitution fills out the pipe buffer
    (#1062296)

private bug: https://bugzilla.redhat.com/1062296
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20140415-hokaido.patch
DONE: 4ce486a7; superseded: 42becab6


  • using typeset -l with a restricted variable caused segmentation
    fault (#1083713)

private bug: https://bugzilla.redhat.com/1083713
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-tpstl.patch
DONE: 3654ee73


  • ksh stopped on read when monitor mode was enabled (#1023109)

public bug: https://bugzilla.redhat.com/1023109
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-mtty.patch
NOT APPLIED. Martijn says: I can’t reproduce this bug (on any ksh version), and the fix looks dodgy.
It falls back to getpid() to set a process group ID. Should that not be getpgrp()?


  • monitor mode was documented incorrectly (#1019334)

public bug: https://bugzilla.redhat.com/1019334
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-manfix4.patch
REJECTED: The original documentation is correct and the patch is wrong.


  • fix segfault in job list code (#825520)

private bug: https://bugzilla.redhat.com/825520
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-crash.patch
DONE: ce68e1be


  • reading a file via command substitution did not work when any of stdin,
    stdout or stderr were closed (#1066589)

private bug: https://bugzilla.redhat.com/1066589
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-filecomsubst.patch
DONE: fe6d0903, improved by 7444fc7c


  • fix memory leak (#1036470)

private bug: https://bugzilla.redhat.com/1036470
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-memlik3.patch
DONE: 461a1aeb


  • use different fix for last bug
  • standard error output could get misdirected (#1036802)

private bug: https://bugzilla.redhat.com/1036802
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-fd2lost.patch
DONE: 970069a6


  • ksh sometimes wrote wrong byte sequence to terminal when vi editing
    mode was used (#1016611)

patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-nomulti.patch
reproducer used by QE:

ksh-20120801-9.el6:    

$ set -o vi    
$ strace -ttfFv -p $$ 2>&1 | grep -m 1 '\\0\\n' &    
[1] 9740    
$    
12:53:45.485903 write(2, "\0\n", 2) = 2    
$    
[1] + Done strace -ttfFv -p $$ 2>&1 | grep -m 1 '\\0\\n' &    
$    

=> FAILED    
-----------    
ksh-20120801-10.el6:    

$ set -o vi    
$ strace -ttfFv -p $$ 2>&1 | grep -m 1 '\\0\\n' &    
[1] 9761    
$    
$    
$    
$    

=> PASSED    

REJECTED. Cannot reproduce on CentOS. I’m not going to disable -o multiline by default.


  • ctrl-c during read did not kill job group (#960034)

private bug: https://bugzilla.redhat.com/960034
patched by (patch of patch): https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-kshmfix.patch
(DUPE) DONE: 7e5fd3e9

This patch introduced a bug that caused interactive ksh to exit on Ctrl+C if SIGINT is ignored. This was worked around with a kludge in 55dc80ce. Later, I figured out that the kludge was only needed because the Red Hat patch failed to delete the siglongjmp() call after the killpg(), which causes incorrect behaviour if SIGINT is ignored. Properly fixed at last in 14aaf914.


  • fix errors in man page (#1007816)

public bug: https://bugzilla.redhat.com/891503
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20100621-manfix3.patch
DONE (differently) in 778b3da7


  • fix command substitution in pipelines (#994241)

private bug: https://bugzilla.redhat.com/994251
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-macro.patch
[Martijn says: This patch doesn’t fix this bug shown in 994251 - it causes it! What it fixes is a bug with command substitutions in here-documents. This bug is actually fixed by ksh-20120801-fd2lost.patch which in the .spec is associated with rhbz#1048272 (which is still closed to me).]
DONE: 970069a6


  • fix license tag

spec-file only change (no-op for upstream)


  • fix another memory leak (#982142)
  • fix two memory leaks (#982142)

private bug: https://bugzilla.redhat.com/982142
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-mlikfiks.patch
DONE: fe20311f, 0d3bedd6


  • assignment to right justified variables did not work correctly (#903750)

private bug: https://bugzilla.redhat.com/903750
DONE: 73038247 (regress test only)


  • fix overflow in subshell loop (#858263)

private bug: https://bugzilla.redhat.com/858263
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20130628-longer.patch
DONE: 05ac1dbb (modified, extended with stack fix)


  • set default editing mode to emacs (#761551)

public bug: https://bugzilla.redhat.com/761551
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/dotkshrc#_8
NOT APPLIED (just .kshrc, is irrelevant)


  • ksh -m did not turn monitor mode on (#960034)

private bug: https://bugzilla.redhat.com/960034
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-kshmfix.patch
DONE: 7e5fd3e9

This patch introduced a bug that caused interactive ksh to exit on Ctrl+C if SIGINT is ignored. This was worked around with a kludge in 55dc80ce. Later, I figured out that the kludge was only needed because the Red Hat patch failed to delete the siglongjmp() call after the killpg(), which causes incorrect behaviour if SIGINT is ignored. Properly fixed at last in 14aaf914.


  • prevent fork bomb triggered by SIGTSTP (#922851)

public bug: https://bugzilla.redhat.com/922851
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-forkbomb.patch
DONE: 66c955bc


  • updated to 20120801, fixes (#840568)

private bug: https://bugzilla.redhat.com/840568
related patches:


  • fix several memory leaks (#921455)

private bug: https://bugzilla.redhat.com/921455
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-memlik.patch
DONE: 05683ec7

Clone this wiki locally