diff options
author | Khem Raj <raj.khem@gmail.com> | 2014-09-26 13:21:19 -0700 |
---|---|---|
committer | Andreas Oberritter <obi@opendreambox.org> | 2015-02-23 17:15:47 +0100 |
commit | 3994368febc61b87139c634398198101c76ff55e (patch) | |
tree | b81da29ff04850f3d4c392b819db2116f1ad0ac9 /meta | |
parent | 0e17f8aa761c238cd4771abf7491f89313b235b1 (diff) | |
download | openembedded-core-contrib-3994368febc61b87139c634398198101c76ff55e.tar.gz |
bash: Fix CVE-2014-7169
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment
Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 76a2d6b83472995edbe967aed80f0fcbb784b3fc)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-extended/bash/bash/cve-2014-7169.patch | 16 | ||||
-rw-r--r-- | meta/recipes-extended/bash/bash_4.3.bb | 1 |
2 files changed, 17 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash/cve-2014-7169.patch b/meta/recipes-extended/bash/bash/cve-2014-7169.patch new file mode 100644 index 0000000000..3c69121767 --- /dev/null +++ b/meta/recipes-extended/bash/bash/cve-2014-7169.patch @@ -0,0 +1,16 @@ +Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10 + +Upstream-Status: Backport +Index: bash-4.3/parse.y +=================================================================== +--- bash-4.3.orig/parse.y 2014-09-26 13:10:44.340080056 -0700 ++++ bash-4.3/parse.y 2014-09-26 13:11:44.764080056 -0700 +@@ -2953,6 +2953,8 @@ + FREE (word_desc_to_read); + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + current_token = '\n'; /* XXX */ + last_read_token = '\n'; + token_to_read = '\n'; diff --git a/meta/recipes-extended/bash/bash_4.3.bb b/meta/recipes-extended/bash/bash_4.3.bb index febaf338fa..69ddeccd35 100644 --- a/meta/recipes-extended/bash/bash_4.3.bb +++ b/meta/recipes-extended/bash/bash_4.3.bb @@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \ file://build-tests.patch \ file://test-output.patch \ file://cve-2014-6271.patch;striplevel=0 \ + file://cve-2014-7169.patch \ file://run-ptest \ " |