openembedded-core.git/meta/recipes-extended/bash, branch daisy Mirror of openembedded-core bash: Fix-for-CVE-2014-6278 2014-10-10T16:56:33+00:00 Catalin Popeanga Catalin.Popeanga@enea.com 2014-10-09T12:25:15+00:00 de596b5f31e837dcd2ce991245eb5548f12d72ae This vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277 See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278 Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com> 
This vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277

See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278

Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
bash: Fix for CVE-2014-6277 2014-10-10T16:56:33+00:00 Catalin Popeanga Catalin.Popeanga@enea.com 2014-10-09T12:24:53+00:00 85961bcf81650992259cebb0ef1f1c6cdef3fefa Follow up bash43-026 to parse properly function definitions in the values of environment variables, to not allow remote attackers to execute arbitrary code or to cause a denial of service. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277 Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com> 
Follow up bash43-026 to parse properly function definitions in the values of environment variables, to not allow remote attackers to execute arbitrary code or to cause a denial of service.

See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277

Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
bash: Fix for CVE-2014-7186 and CVE-2014-7187 2014-10-10T16:56:33+00:00 Catalin Popeanga Catalin.Popeanga@enea.com 2014-10-09T12:24:29+00:00 153d1125659df9e5c09e35a58bd51be184cb13c1 This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 
This is a followup patch to incomplete CVE-2014-6271 fix code execution via
specially-crafted environment

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
bash: Fix for exported function namespace change 2014-10-10T16:56:32+00:00 Catalin Popeanga Catalin.Popeanga@enea.com 2014-10-09T12:23:24+00:00 6c51cc96d03df26d1c10867633e7a10dfbec7c45 This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment This patch changes the encoding bash uses for exported functions to avoid clashes with shell variables and to avoid depending only on an environment variable's contents to determine whether or not to interpret it as a shell function. Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 
This is a followup patch to incomplete CVE-2014-6271 fix code execution via
specially-crafted environment

This patch changes the encoding bash uses for exported functions to avoid
clashes with shell variables and to avoid depending only on an environment
variable's contents to determine whether or not to interpret it as a shell
function.

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
bash: Fix CVE-2014-7169 2014-09-29T11:15:51+00:00 Khem Raj raj.khem@gmail.com 2014-09-26T20:21:19+00:00 e358d20e8ccf1299e8a046e743a31e92546cd239 This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment

Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: fix CVE-2014-6271 2014-09-29T11:15:47+00:00 Ross Burton ross.burton@intel.com 2014-09-25T23:05:18+00:00 eb41d5d4eaee1c810f8e418704c110c2005d0197 CVE-2014-6271 aka ShellShock. "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment." Signed-off-by: Ross Burton <ross.burton@intel.com> 
CVE-2014-6271 aka ShellShock.

"GNU Bash through 4.3 processes trailing strings after function definitions in
the values of environment variables, which allows remote attackers to execute
arbitrary code via a crafted environment."

Signed-off-by: Ross Burton <ross.burton@intel.com>
bash: update build-tests.patch 2014-03-05T15:24:05+00:00 Hongxu Jia hongxu.jia@windriver.com 2014-03-03T10:55:58+00:00 3c234df240a11903ef3588a2c078dcbce4ca1719 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: upgrade to 4.3 2014-03-05T15:24:05+00:00 Hongxu Jia hongxu.jia@windriver.com 2014-03-03T10:55:57+00:00 31eb09a888729fcfd17d02f2a47375e10e87f79a The bash-4.2-patches is obsolete. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The bash-4.2-patches is obsolete.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
autotools-brokensep: Mark recipes with broken separate build dir support 2014-02-28T14:00:21+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2014-02-27T18:01:44+00:00 006b8a7808a58713af16c326dc37d07765334b12 This patch goes through the OE-Core recipes and marks those which use autotools but don't support a separate build directory (${S} != ${B}). A new class, autotools-brokensep is used for this purpose. This doesn't introduce any change in behaviour in its own right. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
This patch goes through the OE-Core recipes and marks those which use autotools
but don't support a separate build directory (${S} != ${B}). A new class,
autotools-brokensep is used for this purpose.

This doesn't introduce any change in behaviour in its own right.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: update HOMEPAGE 2014-01-02T12:47:34+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2013-12-21T23:34:16+00:00 ec7a9dcacce39e922295a7d84b815b01af27a8b8 Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>