bash: fix CVE-2014-6271

CVE-2014-6271 aka ShellShock. "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment." Signed-off-by: Ross Burton <ross.burton@intel.com>
author: Ross Burton <ross.burton@intel.com> 2014-09-26 00:05:18 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-09-29 12:12:35 +0100
commit: 798d833c9d4bd9ab287fa86b85b4d5f128170ed3 (patch)
tree: 6855ca3f2cc53f007d5ac4d1972312302ce76821 /meta/recipes-extended/bash/bash_3.2.48.bb
parent: 8521d4d6b73c93ae60cca3d04673cdd02c27446c (diff)
download: openembedded-core-798d833c9d4bd9ab287fa86b85b4d5f128170ed3.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb b/meta/recipes-extended/bash/bash_3.2.48.bb
index fe04b28e7c..5849ed0169 100644
--- a/meta/recipes-extended/bash/bash_3.2.48.bb
+++ b/meta/recipes-extended/bash/bash_3.2.48.bb
@@ -12,6 +12,7 @@ SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \
            file://mkbuiltins_have_stringize.patch \
            file://build-tests.patch \
            file://test-output.patch \
+           file://cve-2014-6271.patch;striplevel=0 \
            file://run-ptest \
           "
author	Ross Burton <ross.burton@intel.com>	2014-09-26 00:05:18 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-09-29 12:12:35 +0100
commit	798d833c9d4bd9ab287fa86b85b4d5f128170ed3 (patch)
tree	6855ca3f2cc53f007d5ac4d1972312302ce76821 /meta/recipes-extended/bash/bash_3.2.48.bb
parent	8521d4d6b73c93ae60cca3d04673cdd02c27446c (diff)
download	openembedded-core-798d833c9d4bd9ab287fa86b85b4d5f128170ed3.tar.gz