openembedded-core.git/meta/recipes-extended/bash/bash_4.3.bb, branch 2015-4 Mirror of openembedded-core bash: separate B and S 2015-01-16T23:06:44+00:00 Robert Yang liezhi.yang@windriver.com 2015-01-13T03:08:51+00:00 f31f86b4c81d409b91feb77a46d362de1ad29b69 It works well now, and bump the PR to avoid: x86_64-poky-linux-ar: shmatch.o: No such file or directory Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
It works well now, and bump the PR to avoid:
x86_64-poky-linux-ar: shmatch.o: No such file or directory

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
bash: update and CVE-2014-6278 fix 2014-10-06T15:02:46+00:00 Mark Hatle mark.hatle@windriver.com 2014-10-06T14:44:54+00:00 a2709547644ae417fbd5435e1372068c7cd5db4c Update both bash 3.2.48 (to 57), and bash 4.3 (to 30) to fix the remaining 'shellshock' security issues, CVE-2014-6278. Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Update both bash 3.2.48 (to 57), and bash 4.3 (to 30) to fix the remaining
'shellshock' security issues, CVE-2014-6278.

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: Upgrade bash to latest patch level to fix CVEs 2014-10-06T14:07:59+00:00 Mark Hatle mark.hatle@windriver.com 2014-10-03T14:51:25+00:00 43deeff0c6b0ea7729d3e5f1887dfd1647dea1da We upgrade bash_4.3 to patch revision 29, and bash_3.2.48 to 56. There are numerous community bug fixes included with this set, but the key items are: bash32-052 CVE-2014-6271 9/24/2014 bash32-053 CVE-2014-7169 9/26/2014 bash32-054 exported function namespace change 9/27/2014 bash32-055 CVE-2014-7186/CVE-2014-7187 10/1/2014 bash32-056 CVE-2014-6277 10/2/2014 bash43-025 CVE-2014-6271 9/24/2014 bash43-026 CVE-2014-7169 9/26/2014 bash43-027 exported function namespace change 9/27/2014 bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014 bash43-029 CVE-2014-6277 10/2/2014 Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
We upgrade bash_4.3 to patch revision 29, and bash_3.2.48 to 56.

There are numerous community bug fixes included with this set, but the key
items are:

bash32-052      CVE-2014-6271                           9/24/2014
bash32-053      CVE-2014-7169                           9/26/2014
bash32-054      exported function namespace change      9/27/2014
bash32-055      CVE-2014-7186/CVE-2014-7187             10/1/2014
bash32-056      CVE-2014-6277                           10/2/2014

bash43-025      CVE-2014-6271                           9/24/2014
bash43-026      CVE-2014-7169                           9/26/2014
bash43-027      exported function namespace change      9/27/2014
bash43-028      CVE-2014-7186/CVE-2014-7187             10/1/2014
bash43-029      CVE-2014-6277                           10/2/2014

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: Fix CVE-2014-7169 2014-09-29T11:13:30+00:00 Khem Raj raj.khem@gmail.com 2014-09-26T20:21:19+00:00 76a2d6b83472995edbe967aed80f0fcbb784b3fc This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment

Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: fix CVE-2014-6271 2014-09-29T11:12:35+00:00 Ross Burton ross.burton@intel.com 2014-09-25T23:05:18+00:00 798d833c9d4bd9ab287fa86b85b4d5f128170ed3 CVE-2014-6271 aka ShellShock. "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment." Signed-off-by: Ross Burton <ross.burton@intel.com> 
CVE-2014-6271 aka ShellShock.

"GNU Bash through 4.3 processes trailing strings after function definitions in
the values of environment variables, which allows remote attackers to execute
arbitrary code via a crafted environment."

Signed-off-by: Ross Burton <ross.burton@intel.com>
bash: upgrade to 4.3 2014-03-05T15:24:05+00:00 Hongxu Jia hongxu.jia@windriver.com 2014-03-03T10:55:57+00:00 31eb09a888729fcfd17d02f2a47375e10e87f79a The bash-4.2-patches is obsolete. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The bash-4.2-patches is obsolete.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>