diff options
| author | Mark Hatle <mark.hatle@windriver.com> | 2014-10-03 09:51:25 -0500 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-10-06 15:15:51 +0100 |
| commit | 94d2fea672140bcd561dc001da5759a927192b93 (patch) | |
| tree | 9518f1a8a088cf149131b0829e3c3f65a99f09a1 /meta/recipes-extended/bash/bash-3.2.48 | |
| parent | be2cf13961ef89200f691570c9333e8130126ef9 (diff) | |
| download | poky-94d2fea672140bcd561dc001da5759a927192b93.tar.gz | |
bash: Upgrade bash to latest patch level to fix CVEs
We upgrade bash_4.3 to patch revision 29, and bash_3.2.48 to 56.
There are numerous community bug fixes included with this set, but the key
items are:
bash32-052 CVE-2014-6271 9/24/2014
bash32-053 CVE-2014-7169 9/26/2014
bash32-054 exported function namespace change 9/27/2014
bash32-055 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash32-056 CVE-2014-6277 10/2/2014
bash43-025 CVE-2014-6271 9/24/2014
bash43-026 CVE-2014-7169 9/26/2014
bash43-027 exported function namespace change 9/27/2014
bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash43-029 CVE-2014-6277 10/2/2014
(From OE-Core rev: 43deeff0c6b0ea7729d3e5f1887dfd1647dea1da)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/bash/bash-3.2.48')
| -rw-r--r-- | meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch | 77 | ||||
| -rw-r--r-- | meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch | 16 |
2 files changed, 0 insertions, 93 deletions
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch deleted file mode 100644 index 7226ffb665..0000000000 --- a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch +++ /dev/null | |||
| @@ -1,77 +0,0 @@ | |||
| 1 | Fix CVE-2014-6271, aka ShellShock. | ||
| 2 | |||
| 3 | Upstream-Status: Backport | ||
| 4 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
| 5 | |||
| 6 | *** ../bash-3.2.51/builtins/common.h 2006-03-06 09:38:44.000000000 -0500 | ||
| 7 | --- builtins/common.h 2014-09-16 19:08:02.000000000 -0400 | ||
| 8 | *************** | ||
| 9 | *** 34,37 **** | ||
| 10 | --- 34,39 ---- | ||
| 11 | |||
| 12 | /* Flags for describe_command, shared between type.def and command.def */ | ||
| 13 | + #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ | ||
| 14 | + #define SEVAL_ONECMD 0x100 /* only allow a single command */ | ||
| 15 | #define CDESC_ALL 0x001 /* type -a */ | ||
| 16 | #define CDESC_SHORTDESC 0x002 /* command -V */ | ||
| 17 | *** ../bash-3.2.51/builtins/evalstring.c 2008-11-15 17:47:04.000000000 -0500 | ||
| 18 | --- builtins/evalstring.c 2014-09-16 19:08:02.000000000 -0400 | ||
| 19 | *************** | ||
| 20 | *** 235,238 **** | ||
| 21 | --- 235,246 ---- | ||
| 22 | struct fd_bitmap *bitmap; | ||
| 23 | |||
| 24 | + if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) | ||
| 25 | + { | ||
| 26 | + internal_warning ("%s: ignoring function definition attempt", from_file); | ||
| 27 | + should_jump_to_top_level = 0; | ||
| 28 | + last_result = last_command_exit_value = EX_BADUSAGE; | ||
| 29 | + break; | ||
| 30 | + } | ||
| 31 | + | ||
| 32 | bitmap = new_fd_bitmap (FD_BITMAP_SIZE); | ||
| 33 | begin_unwind_frame ("pe_dispose"); | ||
| 34 | *************** | ||
| 35 | *** 292,295 **** | ||
| 36 | --- 300,306 ---- | ||
| 37 | dispose_fd_bitmap (bitmap); | ||
| 38 | discard_unwind_frame ("pe_dispose"); | ||
| 39 | + | ||
| 40 | + if (flags & SEVAL_ONECMD) | ||
| 41 | + break; | ||
| 42 | } | ||
| 43 | } | ||
| 44 | *** ../bash-3.2.51/variables.c 2008-11-15 17:15:06.000000000 -0500 | ||
| 45 | --- variables.c 2014-09-16 19:10:39.000000000 -0400 | ||
| 46 | *************** | ||
| 47 | *** 319,328 **** | ||
| 48 | strcpy (temp_string + char_index + 1, string); | ||
| 49 | |||
| 50 | ! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); | ||
| 51 | ! | ||
| 52 | ! /* Ancient backwards compatibility. Old versions of bash exported | ||
| 53 | ! functions like name()=() {...} */ | ||
| 54 | ! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') | ||
| 55 | ! name[char_index - 2] = '\0'; | ||
| 56 | |||
| 57 | if (temp_var = find_function (name)) | ||
| 58 | --- 319,326 ---- | ||
| 59 | strcpy (temp_string + char_index + 1, string); | ||
| 60 | |||
| 61 | ! /* Don't import function names that are invalid identifiers from the | ||
| 62 | ! environment. */ | ||
| 63 | ! if (legal_identifier (name)) | ||
| 64 | ! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); | ||
| 65 | |||
| 66 | if (temp_var = find_function (name)) | ||
| 67 | *************** | ||
| 68 | *** 333,340 **** | ||
| 69 | else | ||
| 70 | report_error (_("error importing function definition for `%s'"), name); | ||
| 71 | - | ||
| 72 | - /* ( */ | ||
| 73 | - if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') | ||
| 74 | - name[char_index - 2] = '('; /* ) */ | ||
| 75 | } | ||
| 76 | #if defined (ARRAY_VARS) | ||
| 77 | --- 331,334 ---- | ||
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch deleted file mode 100644 index 2e734de434..0000000000 --- a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch +++ /dev/null | |||
| @@ -1,16 +0,0 @@ | |||
| 1 | Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10 | ||
| 2 | |||
| 3 | Upstream-Status: Backport | ||
| 4 | Index: bash-3.2.48/parse.y | ||
| 5 | =================================================================== | ||
| 6 | --- bash-3.2.48.orig/parse.y 2008-04-29 18:24:55.000000000 -0700 | ||
| 7 | +++ bash-3.2.48/parse.y 2014-09-26 13:07:31.956080056 -0700 | ||
| 8 | @@ -2503,6 +2503,8 @@ | ||
| 9 | FREE (word_desc_to_read); | ||
| 10 | word_desc_to_read = (WORD_DESC *)NULL; | ||
| 11 | |||
| 12 | + eol_ungetc_lookahead = 0; | ||
| 13 | + | ||
| 14 | last_read_token = '\n'; | ||
| 15 | token_to_read = '\n'; | ||
| 16 | } | ||