Ubuntu Pastebin

Paste from jak at Tue, 22 Nov 2016 23:05:37 +0000

Download as text 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
diff -Nru bash-4.3/debian/changelog bash-4.3/debian/changelog
--- bash-4.3/debian/changelog	2016-11-15 11:05:45.000000000 +0100
+++ bash-4.3/debian/changelog	2016-11-22 23:55:42.000000000 +0100
@@ -1,3 +1,12 @@
+bash (4.3-7ubuntu1.7) trusty-proposed; urgency=medium
+
+  * Fix format-security bug: ngettext() passed to printf() as format string:
+    - builtins/help.def:130:7: error: format not a string literal and no
+       format arguments [-Werror=format-security]
+    LP: #NNNNNNN
+
+ -- Julian Andres Klode <juliank@ubuntu.com>  Tue, 22 Nov 2016 23:55:42 +0100
+
 bash (4.3-7ubuntu1.6) trusty-proposed; urgency=medium
 
   * When the readline `revert-all-at-newline' option is set, pressing newline
diff -Nru bash-4.3/debian/patches/help-format-security.diff bash-4.3/debian/patches/help-format-security.diff
--- bash-4.3/debian/patches/help-format-security.diff	1970-01-01 01:00:00.000000000 +0100
+++ bash-4.3/debian/patches/help-format-security.diff	2016-11-22 23:55:42.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Do not pass ngettext() as first argument to printf()
+ Fix format-security bug: ngettext() passed to printf() as format string:
+ - builtins/help.def:130:7: error: format not a string literal and no
+   format arguments [-Werror=format-security]
+Author: Julian Andres Klode <juliank@ubuntu.com>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Last-Update: 2016-11-22
+
+--- bash-4.3.orig/builtins/help.def
++++ bash-4.3/builtins/help.def
+@@ -127,7 +127,7 @@ help_builtin (list)
+ 
+   if (glob_pattern_p (list->word->word))
+     {
+-      printf (ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1)));
++      printf ("%s", ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1)));
+       print_word_list (list, ", ");
+       printf ("'\n\n");
+     }
diff -Nru bash-4.3/debian/patches/series bash-4.3/debian/patches/series
--- bash-4.3/debian/patches/series	2016-11-15 10:41:12.000000000 +0100
+++ bash-4.3/debian/patches/series	2016-11-22 23:55:42.000000000 +0100
@@ -37,3 +37,4 @@
 CVE-2014-6277.diff
 CVE-2014-6278.diff
 bash-readline-revert.diff -p1
+help-format-security.diff
Download as text