openembedded-core.git/meta/recipes-extended/bash/bash-3.2.48, branch 2016-10 Mirror of openembedded-core bash: fix string format errors when enabling security flags 2016-07-20T09:24:53+00:00 Ross Burton ross.burton@intel.com 2016-07-14T09:21:51+00:00 293d90d757d0d1e292c90cb0e9c576faf911ffcc If security_flags.inc is included then bash 3.2.48 fails to build: | ../bash-3.2.48/print_cmd.c:1152:3: error: format not a string literal and no format arguments [-Werror=format-security] | cprintf (indentation_string); Backport a patch from upstream to solve this. Signed-off-by: Ross Burton <ross.burton@intel.com> 
If security_flags.inc is included then bash 3.2.48 fails to build:

| ../bash-3.2.48/print_cmd.c:1152:3: error: format not a string literal and no format arguments [-Werror=format-security]
|    cprintf (indentation_string);

Backport a patch from upstream to solve this.

Signed-off-by: Ross Burton <ross.burton@intel.com>
bash: ensure LDFLAGS is passed when building ptest 2016-07-20T09:24:53+00:00 Ross Burton ross.burton@intel.com 2016-07-14T09:07:17+00:00 71794837b477a78e2f5408348e269f58f9b1ec7e Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Ross Burton <ross.burton@intel.com>
bash_3.2.48: dont include target CFLAGS in host LDFLAGS 2015-08-09T22:14:31+00:00 Andre McCurdy armccurdy@gmail.com 2015-07-15T08:16:39+00:00 7a8ec63f38f7a387e01343fbb971b75a66e0f851 Building the host tool 'mkbuiltins' will fail if the target CFLAGS contains an option which isn't supported by the host's gcc. To prevent the issue, define LDFLAGS_FOR_BUILD based on CFLAGS_FOR_BUILD instead of CFLAGS. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Building the host tool 'mkbuiltins' will fail if the target CFLAGS
contains an option which isn't supported by the host's gcc. To prevent
the issue, define LDFLAGS_FOR_BUILD based on CFLAGS_FOR_BUILD instead
of CFLAGS.

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: Upgrade bash to latest patch level to fix CVEs 2014-10-06T14:07:59+00:00 Mark Hatle mark.hatle@windriver.com 2014-10-03T14:51:25+00:00 43deeff0c6b0ea7729d3e5f1887dfd1647dea1da We upgrade bash_4.3 to patch revision 29, and bash_3.2.48 to 56. There are numerous community bug fixes included with this set, but the key items are: bash32-052 CVE-2014-6271 9/24/2014 bash32-053 CVE-2014-7169 9/26/2014 bash32-054 exported function namespace change 9/27/2014 bash32-055 CVE-2014-7186/CVE-2014-7187 10/1/2014 bash32-056 CVE-2014-6277 10/2/2014 bash43-025 CVE-2014-6271 9/24/2014 bash43-026 CVE-2014-7169 9/26/2014 bash43-027 exported function namespace change 9/27/2014 bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014 bash43-029 CVE-2014-6277 10/2/2014 Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
We upgrade bash_4.3 to patch revision 29, and bash_3.2.48 to 56.

There are numerous community bug fixes included with this set, but the key
items are:

bash32-052      CVE-2014-6271                           9/24/2014
bash32-053      CVE-2014-7169                           9/26/2014
bash32-054      exported function namespace change      9/27/2014
bash32-055      CVE-2014-7186/CVE-2014-7187             10/1/2014
bash32-056      CVE-2014-6277                           10/2/2014

bash43-025      CVE-2014-6271                           9/24/2014
bash43-026      CVE-2014-7169                           9/26/2014
bash43-027      exported function namespace change      9/27/2014
bash43-028      CVE-2014-7186/CVE-2014-7187             10/1/2014
bash43-029      CVE-2014-6277                           10/2/2014

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: Fix CVE-2014-7169 2014-09-29T11:13:30+00:00 Khem Raj raj.khem@gmail.com 2014-09-26T20:21:19+00:00 76a2d6b83472995edbe967aed80f0fcbb784b3fc This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment

Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: fix CVE-2014-6271 2014-09-29T11:12:35+00:00 Ross Burton ross.burton@intel.com 2014-09-25T23:05:18+00:00 798d833c9d4bd9ab287fa86b85b4d5f128170ed3 CVE-2014-6271 aka ShellShock. "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment." Signed-off-by: Ross Burton <ross.burton@intel.com> 
CVE-2014-6271 aka ShellShock.

"GNU Bash through 4.3 processes trailing strings after function definitions in
the values of environment variables, which allows remote attackers to execute
arbitrary code via a crafted environment."

Signed-off-by: Ross Burton <ross.burton@intel.com>
bash: Add ptest 2013-07-26T06:44:27+00:00 Muhammad Shakeel muhammad_shakeel@mentor.com 2013-07-05T07:23:18+00:00 d054da760deda0c965619372209b50f8db964e1c ptest support was already added for v4.2 but for the distros using GPLv2 version of bash (3.2.48) this update is required. Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> 
ptest support was already added for v4.2 but for the distros
using GPLv2 version of bash (3.2.48) this update is required.

Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
bash: fix mkbuiltins build failure 2013-01-09T12:36:22+00:00 Saul Wold sgw@linux.intel.com 2013-01-08T22:39:50+00:00 d00acdbfa7d10804ff832009888c441fda51e412 Same patch for non-gplv3 version: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=1fd9a16d2a4594a4e9179dc7353ac51ce32eb712 [YOCTO #3646] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Same patch for non-gplv3 version:

http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=1fd9a16d2a4594a4e9179dc7353ac51ce32eb712

[YOCTO #3646]

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>