Skip to content

Patch Upstream Report: Red Hat

Martijn Dekker edited this page Nov 1, 2021 · 14 revisions

Here are the patches from Red Hat and what 93u+m has done with them.


  • Do not evaluate arithmetic expressions from environment variables
    at startup
    Resolves: #1790542

public bug: https://bugzilla.redhat.com/CVE-2019-14868
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-cve-2019-14868.patch
DONE: 593a5a8b


  • Fix a crash due to out of bounds write
    Resolves: #1506344

public bug: https://bugzilla.redhat.com/1506344
patched by: https://bugzilla.redhat.com/attachment.cgi?id=1370722&action=diff
DONE: 1477b5ff


  • Add configuration option to enable signal bubbling for backward
    compatibility
    Resolves: #1454804

public bug: https://bugzilla.redhat.com/1454804
patched by: https://bugzilla.redhat.com/attachment.cgi?id=1317752&action=diff
note: takes an effect only if $_AST_KSH_SIGNAL_BUBBLE is set
ACTUALLY FIXED in: 30aee651


  • Fix a crash during clean up after sourcing multiple files
    Resolves: #1437530

public bug: https://bugzilla.redhat.com/1321443
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-dotdoublefree.patch
DONE: a8f6d6b8


  • Fix a memory leak while creating subshells
    Resolves: #1324990

private bug: https://bugzilla.redhat.com/1324990
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-subshell-leak.patch
DONE: 361fe1fc


  • ksh crashed when disk was full (#1212992)

public bug: https://bugzilla.redhat.com/1212992
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20140801-diskfull.patch
DONE: ceb77b13
REVERTED in b7dde4e7 as it caused bug #281. Further testing showed that this patch is redundant as of commit 970069a6 as that also fixes the login crash on disk full.


  • fix: in a login shell "( cmd & )" does nothing (#1217236)

public bug: https://bugzilla.redhat.com/1217236
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-nohupfork.patch
DONE (differently): e3d7bf1d


  • multibyte character string after $1-9 was not expanded correctly
    (#1256495)

public bug: https://bugzilla.redhat.com/1256495
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-mb-after-argvar.patch
DONE: 4144f404


  • case in a for loop inside a subshell caused syntax error (#1241013)

public bug: https://bugzilla.redhat.com/1241013
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-parserfix.patch
DONE: bd283959


  • fix another occurrence of previous bug (#1247383)
  • do not free constant string trap (#1247383)

public bug: https://bugzilla.redhat.com/1247383
patched by (patch of patch): https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-trapcom.patch
DUPE: 6193c6a3, a5d38b1d


  • prevent null-test optimization in strdup (#1221766)

public bug (not much useful): https://bugzilla.redhat.com/1221766
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-badgcc.patch
DONE: 7afb30e1


  • using trap DEBUG could cause segmentation fault (#1200534)

private bug: https://bugzilla.redhat.com/1200534
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20140801-arraylen.patch
DONE: bb15f7fb


  • ksh could hang when executed in removed directory (#1204111)

public bug: https://bugzilla.redhat.com/1204111
patched by (patch of patch): https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-cdfork.patch
note: triggered by a fix for https://bugzilla.redhat.com/1168611
DUPE: f7c3565f


  • fix segfault when handling a trap (#1117404)

public bug: https://bugzilla.redhat.com/1117404
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-trapcom.patch
DONE: 6193c6a3, a5d38b1d; fixed off-by-one in 3aee10d7


  • closing a file descriptor in a command substitution caused loss of
    the output (#1116072)

public bug: https://bugzilla.redhat.com/1116072
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20140929-safefd.patch
DONE: 045fe6a1


  • combining alarm and IFS caused segfault (#1176670)

public bug: https://bugzilla.redhat.com/1176670
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-alarmifs.patch
DONE: 18b3f4aa, part reverted in f033bb03


  • cd to directory without execution permission can't fail silently
    (#1160923)

private bug: https://bugzilla.redhat.com/1160923
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-noexeccdfix.patch
(on cold ice) new ‘cd’ (#5/5)


  • current directory could differ from PWD (#1168611)

public bug: https://bugzilla.redhat.com/1168611
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-cdfork.patch
DONE: f7c3565f


  • declaration of a two dimensional associative array could add an
    extra 0 element (#1173668)

public bug: https://bugzilla.redhat.com/1173668
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-emptyarrayinit.patch
DONE: 02a14ff9


  • exporting fixed with variable corrupted its data (#1188377)

public bug: https://bugzilla.redhat.com/1188377
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-xufix.patch
DONE: fdb9781e, improved in: 95fe07d8, 0e4c4d61


  • fixes memory leak on unset of associative array (#1189294)

public bug: https://bugzilla.redhat.com/1189294
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-assoc-unset-leak.patch
DONE: e70925ce


  • do not inherit invalid variables during shell initializaton (#1147645)

public bug: https://bugzilla.redhat.com/1147645
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-oldenvinit.patch
DONE: 960a1a99


  • ksh hangs when command substitution containing pipe fills out the
    pipe buffer (#1138751)

public bug: https://bugzilla.redhat.com/1138751
patched by (patch of patch): https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/
DUPE: 4ce486a7; regress test added: 95225e1e; superseded: 42becab6


  • the last patch was not applied correctly (#1116508)
  • return code from a function could be wrong (#1116508)

public bug: https://bugzilla.redhat.com/1116508
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-retfix.patch
DONE: 7e6bbf85


  • cd builtin could break IO redirection (#1133582)

public bug: https://bugzilla.redhat.com/1133582
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20130613-cdfix4.patch
(on cold ice) new ‘cd’ (#4/5)


  • job locking mechanism did not survive compiler optimization (#1112306)

public bug: https://bugzilla.redhat.com/1112306
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-locking.patch
DONE better in: c258a04f


  • wrong return code from a pipe in command substitution (#1117316)

public bug: https://bugzilla.redhat.com/1117316
patched by (patch of patch): https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-crash.patch
DUPE: ce68e1be


  • do not crash when unsetting running function from another one
    (#1105138)

private bug: https://bugzilla.redhat.com/1105138
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-fununset.patch
DONE (better): b7932e87, c382cea1


  • should report an error when trying to cd into directory without
    execution bit (#1102627)

public bug: https://bugzilla.redhat.com/1102627
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-cdfix3.patch
(on cold ice) new ‘cd’ (#3/5)


  • do not resend signal on termination (#1075635)

public bug: https://bugzilla.redhat.com/1075635
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-sufix.patch
DONE: 352e68da


  • fix argv rewrite (#1047506)

private bug: https://bugzilla.redhat.com/1047506
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-argvfix.patch
DONE (better): cefe087d, 159fb9ee


  • fix brace expansion on/off (#1078698)

private bug: https://bugzilla.redhat.com/1078698
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20140301-fikspand.patch
DONE: a14d17c0


  • fix incorrect rounding of numbers 0.5 < |x| <1.0 in printf (#1070350)

private bug: https://bugzilla.redhat.com/1070350
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-roundit.patch
DONE much better by hyenias: d7c90ead


  • fix parser errors related to the end of the here-document marker
    (#1036931)

private bug: https://bugzilla.redhat.com/1036931
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-heresub.patch
DONE: 6e515f1d


  • ksh hangs when command substitution fills out the pipe buffer
    (#1062296)

private bug: https://bugzilla.redhat.com/1062296
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20140415-hokaido.patch
DONE: 4ce486a7; superseded: 42becab6


  • using typeset -l with a restricted variable caused segmentation
    fault (#1083713)

private bug: https://bugzilla.redhat.com/1083713
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-tpstl.patch
DONE: 3654ee73


  • ksh stopped on read when monitor mode was enabled (#1023109)

public bug: https://bugzilla.redhat.com/1023109
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-mtty.patch
NOT APPLIED. Martijn says: I can’t reproduce this bug (on any ksh version), and the fix looks dodgy.
It falls back to getpid() to set a process group ID. Should that not be getpgrp()?


  • monitor mode was documented incorrectly (#1019334)

public bug: https://bugzilla.redhat.com/1019334
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-manfix4.patch
REJECTED: The original documentation is correct and the patch is wrong.


  • fix segfault in job list code (#825520)

private bug: https://bugzilla.redhat.com/825520
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-crash.patch
DONE: ce68e1be


  • reading a file via command substitution did not work when any of stdin,
    stdout or stderr were closed (#1066589)

private bug: https://bugzilla.redhat.com/1066589
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-filecomsubst.patch
DONE: fe6d0903, improved by 7444fc7c


  • fix memory leak (#1036470)

private bug: https://bugzilla.redhat.com/1036470
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-memlik3.patch
DONE: 461a1aeb


  • use different fix for last bug
  • standard error output could get misdirected (#1036802)

private bug: https://bugzilla.redhat.com/1036802
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-fd2lost.patch
DONE: 970069a6


  • ksh sometimes wrote wrong byte sequence to terminal when vi editing
    mode was used (#1016611)

patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-nomulti.patch
reproducer used by QE:

ksh-20120801-9.el6:    

$ set -o vi    
$ strace -ttfFv -p $$ 2>&1 | grep -m 1 '\\0\\n' &    
[1] 9740    
$    
12:53:45.485903 write(2, "\0\n", 2) = 2    
$    
[1] + Done strace -ttfFv -p $$ 2>&1 | grep -m 1 '\\0\\n' &    
$    

=> FAILED    
-----------    
ksh-20120801-10.el6:    

$ set -o vi    
$ strace -ttfFv -p $$ 2>&1 | grep -m 1 '\\0\\n' &    
[1] 9761    
$    
$    
$    
$    

=> PASSED    

REJECTED. Cannot reproduce on CentOS. I’m not going to disable -o multiline by default.


  • ctrl-c during read did not kill job group (#960034)

private bug: https://bugzilla.redhat.com/960034
patched by (patch of patch): https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-kshmfix.patch
(DUPE) DONE: 7e5fd3e9


  • fix errors in man page (#1007816)

public bug: https://bugzilla.redhat.com/891503
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20100621-manfix3.patch
DONE (differently) in 778b3da7


  • fix command substitution in pipelines (#994241)

private bug: https://bugzilla.redhat.com/994251
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-macro.patch
[Martijn says: This patch doesn’t fix this bug shown in 994251 - it causes it! What it fixes is a bug with command substitutions in here-documents. This bug is actually fixed by ksh-20120801-fd2lost.patch which in the .spec is associated with rhbz#1048272 (which is still closed to me).]
DONE: 970069a6


  • fix license tag

spec-file only change (no-op for upstream)


  • fix another memory leak (#982142)
  • fix two memory leaks (#982142)

private bug: https://bugzilla.redhat.com/982142
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-mlikfiks.patch
DONE: fe20311f, 0d3bedd6


  • assignment to right justified variables did not work correctly (#903750)

private bug: https://bugzilla.redhat.com/903750
DONE: 73038247 (regress test only)


  • fix overflow in subshell loop (#858263)

private bug: https://bugzilla.redhat.com/858263
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20130628-longer.patch
DONE: 05ac1dbb (modified, extended with stack fix)


  • set default editing mode to emacs (#761551)

public bug: https://bugzilla.redhat.com/761551
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/dotkshrc#_8
NOT APPLIED (just .kshrc, is irrelevant)


  • ksh -m did not turn monitor mode on (#960034)

private bug: https://bugzilla.redhat.com/960034
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-kshmfix.patch
DONE: 7e5fd3e9


  • prevent fork bomb triggered by SIGTSTP (#922851)

public bug: https://bugzilla.redhat.com/922851
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-forkbomb.patch
DONE: 66c955bc


  • updated to 20120801, fixes (#840568)

private bug: https://bugzilla.redhat.com/840568
related patches:


  • fix several memory leaks (#921455)

private bug: https://bugzilla.redhat.com/921455
patched by: https://src.fedoraproject.org/rpms/ksh/blob/642af4d6/f/ksh-20120801-memlik.patch
DONE: 05683ec7

Clone this wiki locally