bash: 4.3.30 -> 4.4

1. Rebase patches: - fix-run-coproc-run-heredoc-run-execscript-run-test-f.patch - test-output.patch 2. Drop backported patches: - CVE-2016-9401.patch - fix-run-intl.patch 3. Add ${PN}-loadable for loadable builtins which is new features in Bash 4.4 4. The 4.4 fixed CVE-2017-5932 and CVE-2016-0634 - https://security-tracker.debian.org/tracker/CVE-2017-5932 - https://security-tracker.debian.org/tracker/CVE-2016-0634 5. The 4.4 installed include header files, fix bash-dev confilicts with lib32-bash-dev ..... $ bitbake lib32-core-image-sato-sdk ... |Error: Transaction check error: file /usr/include/bash/config.h conflicts between attempted installs |of lib32-bash-dev-4.4-r0.x86 and bash-dev-4.4-r0.core2_64 ...... (From OE-Core rev: 4097694b13cd5f0d68987551c3f9af80c87dc6ae) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hongxu Jia <hongxu.jia@windriver.com> 2017-08-18 03:31:51 -0400
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-08-18 23:46:37 +0100
commit: 0390b0975e24158755e41060646eb4c4fe367a1e (patch)
tree: 2f05e26cadc5d267262658a2c60bd2256112efb3 /meta/recipes-extended/bash/bash/CVE-2016-9401.patch
parent: 0bd2dd08e3daf284a6bb7757651af8d40393aec2 (diff)
download: poky-0390b0975e24158755e41060646eb4c4fe367a1e.tar.gz
1 files changed, 0 insertions, 50 deletions
diff --git a/meta/recipes-extended/bash/bash/CVE-2016-9401.patch b/meta/recipes-extended/bash/bash/CVE-2016-9401.patch
deleted file mode 100644
index 28c927743c..0000000000
--- a/meta/recipes-extended/bash/bash/CVE-2016-9401.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From fa741771ed47b30547be63b5b5dbfb51977aca12 Mon Sep 17 00:00:00 2001
-From: Chet Ramey <chet.ramey@case.edu>
-Date: Fri, 20 Jan 2017 11:47:31 -0500
-Subject: [PATCH] Bash-4.4 patch 6
-Bug-Reference-URL:
-https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00116.html
-Reference to upstream patch:
-https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/bash44-006
-Bug-Description:
-Out-of-range negative offsets to popd can cause the shell to crash attempting
-to free an invalid memory block.
-Upstream-Status: Backport
-CVE: CVE-2016-9401
-Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
- builtins/pushd.def | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-diff --git a/builtins/pushd.def b/builtins/pushd.def
-index 9c6548f..8a13bae 100644
--- a/builtins/pushd.def
-+++ b/builtins/pushd.def
-@@ -359,7 +359,7 @@ popd_builtin (list)
-        break;
-     }
- 
-  if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
-+  if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
-     {
-       pushd_error (directory_list_offset, which_word ? which_word : "");
-       return (EXECUTION_FAILURE);
-@@ -381,6 +381,11 @@ popd_builtin (list)
-         remove that directory from the list and shift the remainder
-         of the list into place. */
-       i = (direction == '+') ? directory_list_offset - which : which;
-+      if (i < 0 || i > directory_list_offset)
-+       {
-+         pushd_error (directory_list_offset, which_word ? which_word : "");
-+         return (EXECUTION_FAILURE);
-+       }
-       free (pushd_directory_list[i]);
-       directory_list_offset--;
- 
-- 
-1.9.1
author	Hongxu Jia <hongxu.jia@windriver.com>	2017-08-18 03:31:51 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-08-18 23:46:37 +0100
commit	0390b0975e24158755e41060646eb4c4fe367a1e (patch)
tree	2f05e26cadc5d267262658a2c60bd2256112efb3 /meta/recipes-extended/bash/bash/CVE-2016-9401.patch
parent	0bd2dd08e3daf284a6bb7757651af8d40393aec2 (diff)
download	poky-0390b0975e24158755e41060646eb4c4fe367a1e.tar.gz

diff --git a/meta/recipes-extended/bash/bash/CVE-2016-9401.patch b/meta/recipes-extended/bash/bash/CVE-2016-9401.patch deleted file mode 100644 index 28c927743c..0000000000 --- a/meta/recipes-extended/bash/bash/CVE-2016-9401.patch +++ /dev/null
@@ -1,50 +0,0 @@
1	From fa741771ed47b30547be63b5b5dbfb51977aca12 Mon Sep 17 00:00:00 2001
2	From: Chet Ramey <chet.ramey@case.edu>
3	Date: Fri, 20 Jan 2017 11:47:31 -0500
4	Subject: [PATCH] Bash-4.4 patch 6
5
6	Bug-Reference-URL:
7	https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00116.html
8
9	Reference to upstream patch:
10	https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/bash44-006
11
12	Bug-Description:
13	Out-of-range negative offsets to popd can cause the shell to crash attempting
14	to free an invalid memory block.
15
16	Upstream-Status: Backport
17	CVE: CVE-2016-9401
18	Signed-off-by: Li Zhou <li.zhou@windriver.com>
19	---
20	builtins/pushd.def \| 7 ++++++-
21	1 file changed, 6 insertions(+), 1 deletion(-)
22
23	diff --git a/builtins/pushd.def b/builtins/pushd.def
24	index 9c6548f..8a13bae 100644
25	--- a/builtins/pushd.def
26	+++ b/builtins/pushd.def
27	@@ -359,7 +359,7 @@ popd_builtin (list)
28	break;
29	}
30
31	- if (which > directory_list_offset \|\| (directory_list_offset == 0 && which == 0))
32	+ if (which > directory_list_offset \|\| (which < -directory_list_offset) \|\| (directory_list_offset == 0 && which == 0))
33	{
34	pushd_error (directory_list_offset, which_word ? which_word : "");
35	return (EXECUTION_FAILURE);
36	@@ -381,6 +381,11 @@ popd_builtin (list)
37	remove that directory from the list and shift the remainder
38	of the list into place. */
39	i = (direction == '+') ? directory_list_offset - which : which;
40	+ if (i < 0 \|\| i > directory_list_offset)
41	+ {
42	+ pushd_error (directory_list_offset, which_word ? which_word : "");
43	+ return (EXECUTION_FAILURE);
44	+ }
45	free (pushd_directory_list[i]);
46	directory_list_offset--;
47
48	--
49	1.9.1
50