diff options
author | Khem Raj <raj.khem@gmail.com> | 2014-09-26 13:21:19 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-09-29 12:16:38 +0100 |
commit | 9fee4d138bbb66da8ec92ee86c9d7420721693d5 (patch) | |
tree | 3370f50e27bb8da2e81ca5397e01d115af47e4e8 | |
parent | 87e924e37706655f9679f559ad23877572e95ce9 (diff) | |
download | poky-9fee4d138bbb66da8ec92ee86c9d7420721693d5.tar.gz |
bash: Fix CVE-2014-7169
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment
Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
(From OE-Core rev: e358d20e8ccf1299e8a046e743a31e92546cd239)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch | 16 | ||||
-rw-r--r-- | meta/recipes-extended/bash/bash/cve-2014-7169.patch | 16 | ||||
-rw-r--r-- | meta/recipes-extended/bash/bash_3.2.48.bb | 1 | ||||
-rw-r--r-- | meta/recipes-extended/bash/bash_4.3.bb | 1 |
4 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch new file mode 100644 index 0000000000..2e734de434 --- /dev/null +++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch | |||
@@ -0,0 +1,16 @@ | |||
1 | Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | Index: bash-3.2.48/parse.y | ||
5 | =================================================================== | ||
6 | --- bash-3.2.48.orig/parse.y 2008-04-29 18:24:55.000000000 -0700 | ||
7 | +++ bash-3.2.48/parse.y 2014-09-26 13:07:31.956080056 -0700 | ||
8 | @@ -2503,6 +2503,8 @@ | ||
9 | FREE (word_desc_to_read); | ||
10 | word_desc_to_read = (WORD_DESC *)NULL; | ||
11 | |||
12 | + eol_ungetc_lookahead = 0; | ||
13 | + | ||
14 | last_read_token = '\n'; | ||
15 | token_to_read = '\n'; | ||
16 | } | ||
diff --git a/meta/recipes-extended/bash/bash/cve-2014-7169.patch b/meta/recipes-extended/bash/bash/cve-2014-7169.patch new file mode 100644 index 0000000000..3c69121767 --- /dev/null +++ b/meta/recipes-extended/bash/bash/cve-2014-7169.patch | |||
@@ -0,0 +1,16 @@ | |||
1 | Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | Index: bash-4.3/parse.y | ||
5 | =================================================================== | ||
6 | --- bash-4.3.orig/parse.y 2014-09-26 13:10:44.340080056 -0700 | ||
7 | +++ bash-4.3/parse.y 2014-09-26 13:11:44.764080056 -0700 | ||
8 | @@ -2953,6 +2953,8 @@ | ||
9 | FREE (word_desc_to_read); | ||
10 | word_desc_to_read = (WORD_DESC *)NULL; | ||
11 | |||
12 | + eol_ungetc_lookahead = 0; | ||
13 | + | ||
14 | current_token = '\n'; /* XXX */ | ||
15 | last_read_token = '\n'; | ||
16 | token_to_read = '\n'; | ||
diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb b/meta/recipes-extended/bash/bash_3.2.48.bb index 5849ed0169..e6a04cd888 100644 --- a/meta/recipes-extended/bash/bash_3.2.48.bb +++ b/meta/recipes-extended/bash/bash_3.2.48.bb | |||
@@ -13,6 +13,7 @@ SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \ | |||
13 | file://build-tests.patch \ | 13 | file://build-tests.patch \ |
14 | file://test-output.patch \ | 14 | file://test-output.patch \ |
15 | file://cve-2014-6271.patch;striplevel=0 \ | 15 | file://cve-2014-6271.patch;striplevel=0 \ |
16 | file://cve-2014-7169.patch \ | ||
16 | file://run-ptest \ | 17 | file://run-ptest \ |
17 | " | 18 | " |
18 | 19 | ||
diff --git a/meta/recipes-extended/bash/bash_4.3.bb b/meta/recipes-extended/bash/bash_4.3.bb index febaf338fa..69ddeccd35 100644 --- a/meta/recipes-extended/bash/bash_4.3.bb +++ b/meta/recipes-extended/bash/bash_4.3.bb | |||
@@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \ | |||
10 | file://build-tests.patch \ | 10 | file://build-tests.patch \ |
11 | file://test-output.patch \ | 11 | file://test-output.patch \ |
12 | file://cve-2014-6271.patch;striplevel=0 \ | 12 | file://cve-2014-6271.patch;striplevel=0 \ |
13 | file://cve-2014-7169.patch \ | ||
13 | file://run-ptest \ | 14 | file://run-ptest \ |
14 | " | 15 | " |
15 | 16 | ||