diff options
author | Mark Hatle <mark.hatle@windriver.com> | 2014-10-03 09:51:25 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-10-06 15:07:59 +0100 |
commit | 43deeff0c6b0ea7729d3e5f1887dfd1647dea1da (patch) | |
tree | c6a6c513d0a9c064b0a51b52c57589fdaf193de7 /meta/recipes-extended/bash/bash-3.2.48 | |
parent | b2c6a032d6e5deb07e76ed75fcd0931fad6a748c (diff) | |
download | openembedded-core-43deeff0c6b0ea7729d3e5f1887dfd1647dea1da.tar.gz openembedded-core-43deeff0c6b0ea7729d3e5f1887dfd1647dea1da.tar.bz2 openembedded-core-43deeff0c6b0ea7729d3e5f1887dfd1647dea1da.zip |
bash: Upgrade bash to latest patch level to fix CVEs
We upgrade bash_4.3 to patch revision 29, and bash_3.2.48 to 56.
There are numerous community bug fixes included with this set, but the key
items are:
bash32-052 CVE-2014-6271 9/24/2014
bash32-053 CVE-2014-7169 9/26/2014
bash32-054 exported function namespace change 9/27/2014
bash32-055 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash32-056 CVE-2014-6277 10/2/2014
bash43-025 CVE-2014-6271 9/24/2014
bash43-026 CVE-2014-7169 9/26/2014
bash43-027 exported function namespace change 9/27/2014
bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash43-029 CVE-2014-6277 10/2/2014
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/bash/bash-3.2.48')
-rw-r--r-- | meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch | 77 | ||||
-rw-r--r-- | meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch | 16 |
2 files changed, 0 insertions, 93 deletions
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch deleted file mode 100644 index 7226ffb665..0000000000 --- a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch +++ /dev/null @@ -1,77 +0,0 @@ -Fix CVE-2014-6271, aka ShellShock. - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -*** ../bash-3.2.51/builtins/common.h 2006-03-06 09:38:44.000000000 -0500 ---- builtins/common.h 2014-09-16 19:08:02.000000000 -0400 -*************** -*** 34,37 **** ---- 34,39 ---- - - /* Flags for describe_command, shared between type.def and command.def */ -+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ -+ #define SEVAL_ONECMD 0x100 /* only allow a single command */ - #define CDESC_ALL 0x001 /* type -a */ - #define CDESC_SHORTDESC 0x002 /* command -V */ -*** ../bash-3.2.51/builtins/evalstring.c 2008-11-15 17:47:04.000000000 -0500 ---- builtins/evalstring.c 2014-09-16 19:08:02.000000000 -0400 -*************** -*** 235,238 **** ---- 235,246 ---- - struct fd_bitmap *bitmap; - -+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) -+ { -+ internal_warning ("%s: ignoring function definition attempt", from_file); -+ should_jump_to_top_level = 0; -+ last_result = last_command_exit_value = EX_BADUSAGE; -+ break; -+ } -+ - bitmap = new_fd_bitmap (FD_BITMAP_SIZE); - begin_unwind_frame ("pe_dispose"); -*************** -*** 292,295 **** ---- 300,306 ---- - dispose_fd_bitmap (bitmap); - discard_unwind_frame ("pe_dispose"); -+ -+ if (flags & SEVAL_ONECMD) -+ break; - } - } -*** ../bash-3.2.51/variables.c 2008-11-15 17:15:06.000000000 -0500 ---- variables.c 2014-09-16 19:10:39.000000000 -0400 -*************** -*** 319,328 **** - strcpy (temp_string + char_index + 1, string); - -! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); -! -! /* Ancient backwards compatibility. Old versions of bash exported -! functions like name()=() {...} */ -! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') -! name[char_index - 2] = '\0'; - - if (temp_var = find_function (name)) ---- 319,326 ---- - strcpy (temp_string + char_index + 1, string); - -! /* Don't import function names that are invalid identifiers from the -! environment. */ -! if (legal_identifier (name)) -! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); - - if (temp_var = find_function (name)) -*************** -*** 333,340 **** - else - report_error (_("error importing function definition for `%s'"), name); -- -- /* ( */ -- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') -- name[char_index - 2] = '('; /* ) */ - } - #if defined (ARRAY_VARS) ---- 331,334 ---- diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch deleted file mode 100644 index 2e734de434..0000000000 --- a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch +++ /dev/null @@ -1,16 +0,0 @@ -Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10 - -Upstream-Status: Backport -Index: bash-3.2.48/parse.y -=================================================================== ---- bash-3.2.48.orig/parse.y 2008-04-29 18:24:55.000000000 -0700 -+++ bash-3.2.48/parse.y 2014-09-26 13:07:31.956080056 -0700 -@@ -2503,6 +2503,8 @@ - FREE (word_desc_to_read); - word_desc_to_read = (WORD_DESC *)NULL; - -+ eol_ungetc_lookahead = 0; -+ - last_read_token = '\n'; - token_to_read = '\n'; - } |