bash: Fix CVE-2014-7169

This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Khem Raj <raj.khem@gmail.com> 2014-09-26 13:21:19 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-09-29 12:13:30 +0100
commit: 76a2d6b83472995edbe967aed80f0fcbb784b3fc (patch)
tree: f12077f8cd897c77af6c92e030eb9933d804a89a /meta/recipes-extended/bash/bash/cve-2014-7169.patch
parent: ed3e7d4a584d836887d798e0f30339808d09804f (diff)
download: openembedded-core-76a2d6b83472995edbe967aed80f0fcbb784b3fc.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash/cve-2014-7169.patch b/meta/recipes-extended/bash/bash/cve-2014-7169.patch
new file mode 100644
index 0000000000..3c69121767
--- /dev/null
+++ b/meta/recipes-extended/bash/bash/cve-2014-7169.patch
@@ -0,0 +1,16 @@
+Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
+
+Upstream-Status: Backport
+Index: bash-4.3/parse.y
+===================================================================
+--- bash-4.3.orig/parse.y	2014-09-26 13:10:44.340080056 -0700
++++ bash-4.3/parse.y	2014-09-26 13:11:44.764080056 -0700
+@@ -2953,6 +2953,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
++  eol_ungetc_lookahead = 0;
++
+   current_token = '\n';		/* XXX */
+   last_read_token = '\n';
+   token_to_read = '\n';
author	Khem Raj <raj.khem@gmail.com>	2014-09-26 13:21:19 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-09-29 12:13:30 +0100
commit	76a2d6b83472995edbe967aed80f0fcbb784b3fc (patch)
tree	f12077f8cd897c77af6c92e030eb9933d804a89a /meta/recipes-extended/bash/bash/cve-2014-7169.patch
parent	ed3e7d4a584d836887d798e0f30339808d09804f (diff)
download	openembedded-core-76a2d6b83472995edbe967aed80f0fcbb784b3fc.tar.gz