diff options
| author |   Mark Hatle <mark.hatle@windriver.com> | 2014-10-03 09:51:25 -0500 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-10-06 15:07:59 +0100 |
| commit | 43deeff0c6b0ea7729d3e5f1887dfd1647dea1da (patch) | |
| tree | c6a6c513d0a9c064b0a51b52c57589fdaf193de7 /meta/recipes-extended/bash/bash | |
| parent | b2c6a032d6e5deb07e76ed75fcd0931fad6a748c (diff) | |
| download | openembedded-core-43deeff0c6b0ea7729d3e5f1887dfd1647dea1da.tar.gz | |
bash: Upgrade bash to latest patch level to fix CVEs
We upgrade bash_4.3 to patch revision 29, and bash_3.2.48 to 56.
There are numerous community bug fixes included with this set, but the key
items are:
bash32-052 CVE-2014-6271 9/24/2014
bash32-053 CVE-2014-7169 9/26/2014
bash32-054 exported function namespace change 9/27/2014
bash32-055 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash32-056 CVE-2014-6277 10/2/2014
bash43-025 CVE-2014-6271 9/24/2014
bash43-026 CVE-2014-7169 9/26/2014
bash43-027 exported function namespace change 9/27/2014
bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash43-029 CVE-2014-6277 10/2/2014
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/bash/bash')
| -rw-r--r-- | meta/recipes-extended/bash/bash/cve-2014-6271.patch | 114 | ||||
| -rw-r--r-- | meta/recipes-extended/bash/bash/cve-2014-7169.patch | 16 |
2 files changed, 0 insertions, 130 deletions
diff --git a/meta/recipes-extended/bash/bash/cve-2014-6271.patch b/meta/recipes-extended/bash/bash/cve-2014-6271.patch deleted file mode 100644 index d33a5c8f47..0000000000 --- a/meta/recipes-extended/bash/bash/cve-2014-6271.patch +++ /dev/null @@ -1,114 +0,0 @@ -Fix CVE-2014-6271, aka ShellShock. This is the upstream 4.3 patchlevel 25, minus the hunk to -set the patch level. - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-025 - -Bug-Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com> -Bug-Reference-ID: -Bug-Reference-URL: - -Bug-Description: - -Under certain circumstances, bash will execute user code while processing the -environment for exported function definitions. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3-patched/builtins/common.h 2013-07-08 16:54:47.000000000 -0400 ---- builtins/common.h 2014-09-12 14:25:47.000000000 -0400 -*************** -*** 34,37 **** ---- 49,54 ---- - #define SEVAL_PARSEONLY 0x020 - #define SEVAL_NOLONGJMP 0x040 -+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ -+ #define SEVAL_ONECMD 0x100 /* only allow a single command */ - - /* Flags for describe_command, shared between type.def and command.def */ -*** ../bash-4.3-patched/builtins/evalstring.c 2014-02-11 09:42:10.000000000 -0500 ---- builtins/evalstring.c 2014-09-14 14:15:13.000000000 -0400 -*************** -*** 309,312 **** ---- 313,324 ---- - struct fd_bitmap *bitmap; - -+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) -+ { -+ internal_warning ("%s: ignoring function definition attempt", from_file); -+ should_jump_to_top_level = 0; -+ last_result = last_command_exit_value = EX_BADUSAGE; -+ break; -+ } -+ - bitmap = new_fd_bitmap (FD_BITMAP_SIZE); - begin_unwind_frame ("pe_dispose"); -*************** -*** 369,372 **** ---- 381,387 ---- - dispose_fd_bitmap (bitmap); - discard_unwind_frame ("pe_dispose"); -+ -+ if (flags & SEVAL_ONECMD) -+ break; - } - } -*** ../bash-4.3-patched/variables.c 2014-05-15 08:26:50.000000000 -0400 ---- variables.c 2014-09-14 14:23:35.000000000 -0400 -*************** -*** 359,369 **** - strcpy (temp_string + char_index + 1, string); - -! if (posixly_correct == 0 || legal_identifier (name)) -! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); -! -! /* Ancient backwards compatibility. Old versions of bash exported -! functions like name()=() {...} */ -! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') -! name[char_index - 2] = '\0'; - - if (temp_var = find_function (name)) ---- 364,372 ---- - strcpy (temp_string + char_index + 1, string); - -! /* Don't import function names that are invalid identifiers from the -! environment, though we still allow them to be defined as shell -! variables. */ -! if (legal_identifier (name)) -! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); - - if (temp_var = find_function (name)) -*************** -*** 382,389 **** - report_error (_("error importing function definition for `%s'"), name); - } -- -- /* ( */ -- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') -- name[char_index - 2] = '('; /* ) */ - } - #if defined (ARRAY_VARS) ---- 385,388 ---- -*** ../bash-4.3-patched/subst.c 2014-08-11 11:16:35.000000000 -0400 ---- subst.c 2014-09-12 15:31:04.000000000 -0400 -*************** -*** 8048,8052 **** - goto return0; - } -! else if (var = find_variable_last_nameref (temp1)) - { - temp = nameref_cell (var); ---- 8118,8124 ---- - goto return0; - } -! else if (var && (invisible_p (var) || var_isset (var) == 0)) -! temp = (char *)NULL; -! else if ((var = find_variable_last_nameref (temp1)) && var_isset (var) && invisible_p (var) == 0) - { - temp = nameref_cell (var); diff --git a/meta/recipes-extended/bash/bash/cve-2014-7169.patch b/meta/recipes-extended/bash/bash/cve-2014-7169.patch deleted file mode 100644 index 3c69121767..0000000000 --- a/meta/recipes-extended/bash/bash/cve-2014-7169.patch +++ /dev/null @@ -1,16 +0,0 @@ -Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10 - -Upstream-Status: Backport -Index: bash-4.3/parse.y -=================================================================== ---- bash-4.3.orig/parse.y 2014-09-26 13:10:44.340080056 -0700 -+++ bash-4.3/parse.y 2014-09-26 13:11:44.764080056 -0700 -@@ -2953,6 +2953,8 @@ - FREE (word_desc_to_read); - word_desc_to_read = (WORD_DESC *)NULL; - -+ eol_ungetc_lookahead = 0; -+ - current_token = '\n'; /* XXX */ - last_read_token = '\n'; - token_to_read = '\n'; |