summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Eggleton <paul.eggleton@linux.intel.com>2014-10-02 15:27:26 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-10-02 16:39:42 +0100
commit5881ef9299fcfe3ca983f95614abb22ce14ab082 (patch)
treeb2ba23d1a3cba2dd0560a8adbd206c6c25981f88
parent51477e3c54cccf27b65d071dd310732d36072357 (diff)
downloadpoky-5881ef9299fcfe3ca983f95614abb22ce14ab082.tar.gz
bash: add missing patch for CVE-2014-6271 to 4.2 recipe
The bash_4.2 recipe was missed when the fix was backported to the dora branch. Patch based on the one from OE-Core master rev 798d833c9d4bd9ab287fa86b85b4d5f128170ed3 by Ross Burton <ross.burton@intel.com>, with the content replaced from the appropriate upstream patch. (From OE-Core rev: 74d45affd5cda2e388d42db3322b4a0d5aff07e8) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-extended/bash/bash-4.2/cve-2014-6271.patch95
-rw-r--r--meta/recipes-extended/bash/bash_4.2.bb1
2 files changed, 96 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-4.2/cve-2014-6271.patch b/meta/recipes-extended/bash/bash-4.2/cve-2014-6271.patch
new file mode 100644
index 0000000000..20530adf6c
--- /dev/null
+++ b/meta/recipes-extended/bash/bash-4.2/cve-2014-6271.patch
@@ -0,0 +1,95 @@
1Fix CVE-2014-6271, aka ShellShock. This is the upstream 4.2 patchlevel 48, minus the hunk to
2set the patch level.
3
4Upstream-Status: Backport
5Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
6
7 BASH PATCH REPORT
8 =================
9
10Bash-Release: 4.2
11Patch-ID: bash42-048
12
13Bug-Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
14Bug-Reference-ID:
15Bug-Reference-URL:
16
17Bug-Description:
18
19Under certain circumstances, bash will execute user code while processing the
20environment for exported function definitions.
21
22Patch (apply with `patch -p0'):
23
24*** ../bash-4.2.47/builtins/common.h 2010-05-30 18:31:51.000000000 -0400
25--- builtins/common.h 2014-09-16 19:35:45.000000000 -0400
26***************
27*** 36,39 ****
28--- 36,41 ----
29
30 /* Flags for describe_command, shared between type.def and command.def */
31+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */
32+ #define SEVAL_ONECMD 0x100 /* only allow a single command */
33 #define CDESC_ALL 0x001 /* type -a */
34 #define CDESC_SHORTDESC 0x002 /* command -V */
35*** ../bash-4.2.47/builtins/evalstring.c 2010-11-23 08:22:15.000000000 -0500
36--- builtins/evalstring.c 2014-09-16 19:35:45.000000000 -0400
37***************
38*** 262,265 ****
39--- 262,273 ----
40 struct fd_bitmap *bitmap;
41
42+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
43+ {
44+ internal_warning ("%s: ignoring function definition attempt", from_file);
45+ should_jump_to_top_level = 0;
46+ last_result = last_command_exit_value = EX_BADUSAGE;
47+ break;
48+ }
49+
50 bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
51 begin_unwind_frame ("pe_dispose");
52***************
53*** 322,325 ****
54--- 330,336 ----
55 dispose_fd_bitmap (bitmap);
56 discard_unwind_frame ("pe_dispose");
57+
58+ if (flags & SEVAL_ONECMD)
59+ break;
60 }
61 }
62*** ../bash-4.2.47/variables.c 2011-03-01 16:15:20.000000000 -0500
63--- variables.c 2014-09-16 19:35:45.000000000 -0400
64***************
65*** 348,357 ****
66 strcpy (temp_string + char_index + 1, string);
67
68! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
69!
70! /* Ancient backwards compatibility. Old versions of bash exported
71! functions like name()=() {...} */
72! if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
73! name[char_index - 2] = '\0';
74
75 if (temp_var = find_function (name))
76--- 348,355 ----
77 strcpy (temp_string + char_index + 1, string);
78
79! /* Don't import function names that are invalid identifiers from the
80! environment. */
81! if (legal_identifier (name))
82! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
83
84 if (temp_var = find_function (name))
85***************
86*** 362,369 ****
87 else
88 report_error (_("error importing function definition for `%s'"), name);
89-
90- /* ( */
91- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
92- name[char_index - 2] = '('; /* ) */
93 }
94 #if defined (ARRAY_VARS)
95--- 360,363 ----
diff --git a/meta/recipes-extended/bash/bash_4.2.bb b/meta/recipes-extended/bash/bash_4.2.bb
index fefe7b799d..cb95445fc8 100644
--- a/meta/recipes-extended/bash/bash_4.2.bb
+++ b/meta/recipes-extended/bash/bash_4.2.bb
@@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \
21 file://mkbuiltins_have_stringize.patch \ 21 file://mkbuiltins_have_stringize.patch \
22 file://build-tests.patch \ 22 file://build-tests.patch \
23 file://test-output.patch \ 23 file://test-output.patch \
24 file://cve-2014-6271.patch;striplevel=0 \
24 file://run-ptest \ 25 file://run-ptest \
25 " 26 "
26 27