bash: Fix CVE-2014-7169

This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed (From OE-Core rev: e358d20e8ccf1299e8a046e743a31e92546cd239) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Khem Raj <raj.khem@gmail.com> 2014-09-26 13:21:19 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-09-29 12:16:38 +0100
commit: 9fee4d138bbb66da8ec92ee86c9d7420721693d5 (patch)
tree: 3370f50e27bb8da2e81ca5397e01d115af47e4e8
parent: 87e924e37706655f9679f559ad23877572e95ce9 (diff)
download: poky-9fee4d138bbb66da8ec92ee86c9d7420721693d5.tar.gz
4 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
new file mode 100644
index 0000000000..2e734de434
--- /dev/null
+++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
@@ -0,0 +1,16 @@
+Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
+Upstream-Status: Backport
+Index: bash-3.2.48/parse.y
+===================================================================
+--- bash-3.2.48.orig/parse.y    2008-04-29 18:24:55.000000000 -0700
+++ bash-3.2.48/parse.y 2014-09-26 13:07:31.956080056 -0700
+@@ -2503,6 +2503,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
+  eol_ungetc_lookahead = 0;
+
+   last_read_token = '\n';
+   token_to_read = '\n';
+ }
diff --git a/meta/recipes-extended/bash/bash/cve-2014-7169.patch b/meta/recipes-extended/bash/bash/cve-2014-7169.patch
new file mode 100644
index 0000000000..3c69121767
--- /dev/null
+++ b/meta/recipes-extended/bash/bash/cve-2014-7169.patch
@@ -0,0 +1,16 @@
+Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
+Upstream-Status: Backport
+Index: bash-4.3/parse.y
+===================================================================
+--- bash-4.3.orig/parse.y       2014-09-26 13:10:44.340080056 -0700
+++ bash-4.3/parse.y    2014-09-26 13:11:44.764080056 -0700
+@@ -2953,6 +2953,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
+  eol_ungetc_lookahead = 0;
+
+   current_token = '\n';                /* XXX */
+   last_read_token = '\n';
+   token_to_read = '\n';
diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb b/meta/recipes-extended/bash/bash_3.2.48.bb
index 5849ed0169..e6a04cd888 100644
--- a/meta/recipes-extended/bash/bash_3.2.48.bb
+++ b/meta/recipes-extended/bash/bash_3.2.48.bb
@@ -13,6 +13,7 @@ SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \
           file://build-tests.patch \
           file://test-output.patch \
           file://cve-2014-6271.patch;striplevel=0 \
+           file://cve-2014-7169.patch \
           file://run-ptest \
          "
diff --git a/meta/recipes-extended/bash/bash_4.3.bb b/meta/recipes-extended/bash/bash_4.3.bb
index febaf338fa..69ddeccd35 100644
--- a/meta/recipes-extended/bash/bash_4.3.bb
+++ b/meta/recipes-extended/bash/bash_4.3.bb
@@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \
           file://build-tests.patch \
           file://test-output.patch \
           file://cve-2014-6271.patch;striplevel=0 \
+           file://cve-2014-7169.patch \
           file://run-ptest \
           "
author	Khem Raj <raj.khem@gmail.com>	2014-09-26 13:21:19 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-09-29 12:16:38 +0100
commit	9fee4d138bbb66da8ec92ee86c9d7420721693d5 (patch)
tree	3370f50e27bb8da2e81ca5397e01d115af47e4e8
parent	87e924e37706655f9679f559ad23877572e95ce9 (diff)
download	poky-9fee4d138bbb66da8ec92ee86c9d7420721693d5.tar.gz

diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch new file mode 100644 index 0000000000..2e734de434 --- /dev/null +++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
@@ -0,0 +1,16 @@
		1	Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
		2
		3	Upstream-Status: Backport
		4	Index: bash-3.2.48/parse.y
		5	===================================================================
		6	--- bash-3.2.48.orig/parse.y 2008-04-29 18:24:55.000000000 -0700
		7	+++ bash-3.2.48/parse.y 2014-09-26 13:07:31.956080056 -0700
		8	@@ -2503,6 +2503,8 @@
		9	FREE (word_desc_to_read);
		10	word_desc_to_read = (WORD_DESC *)NULL;
		11
		12	+ eol_ungetc_lookahead = 0;
		13	+
		14	last_read_token = '\n';
		15	token_to_read = '\n';
		16	}


diff --git a/meta/recipes-extended/bash/bash/cve-2014-7169.patch b/meta/recipes-extended/bash/bash/cve-2014-7169.patch new file mode 100644 index 0000000000..3c69121767 --- /dev/null +++ b/meta/recipes-extended/bash/bash/cve-2014-7169.patch
@@ -0,0 +1,16 @@
		1	Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
		2
		3	Upstream-Status: Backport
		4	Index: bash-4.3/parse.y
		5	===================================================================
		6	--- bash-4.3.orig/parse.y 2014-09-26 13:10:44.340080056 -0700
		7	+++ bash-4.3/parse.y 2014-09-26 13:11:44.764080056 -0700
		8	@@ -2953,6 +2953,8 @@
		9	FREE (word_desc_to_read);
		10	word_desc_to_read = (WORD_DESC *)NULL;
		11
		12	+ eol_ungetc_lookahead = 0;
		13	+
		14	current_token = '\n'; /* XXX */
		15	last_read_token = '\n';
		16	token_to_read = '\n';


diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb b/meta/recipes-extended/bash/bash_3.2.48.bb index 5849ed0169..e6a04cd888 100644 --- a/meta/recipes-extended/bash/bash_3.2.48.bb +++ b/meta/recipes-extended/bash/bash_3.2.48.bb
@@ -13,6 +13,7 @@ SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \
13	file://build-tests.patch \	13	file://build-tests.patch \
14	file://test-output.patch \	14	file://test-output.patch \
15	file://cve-2014-6271.patch;striplevel=0 \	15	file://cve-2014-6271.patch;striplevel=0 \
		16	file://cve-2014-7169.patch \
16	file://run-ptest \	17	file://run-ptest \
17	"	18	"
18		19


diff --git a/meta/recipes-extended/bash/bash_4.3.bb b/meta/recipes-extended/bash/bash_4.3.bb index febaf338fa..69ddeccd35 100644 --- a/meta/recipes-extended/bash/bash_4.3.bb +++ b/meta/recipes-extended/bash/bash_4.3.bb
@@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \
10	file://build-tests.patch \	10	file://build-tests.patch \
11	file://test-output.patch \	11	file://test-output.patch \
12	file://cve-2014-6271.patch;striplevel=0 \	12	file://cve-2014-6271.patch;striplevel=0 \
		13	file://cve-2014-7169.patch \
13	file://run-ptest \	14	file://run-ptest \
14	"	15	"
15		16