bash: Upgrade bash to latest patch level to fix CVEs

We upgrade bash_4.3 to patch revision 29, and bash_3.2.48 to 56. There are numerous community bug fixes included with this set, but the key items are: bash32-052 CVE-2014-6271 9/24/2014 bash32-053 CVE-2014-7169 9/26/2014 bash32-054 exported function namespace change 9/27/2014 bash32-055 CVE-2014-7186/CVE-2014-7187 10/1/2014 bash32-056 CVE-2014-6277 10/2/2014 bash43-025 CVE-2014-6271 9/24/2014 bash43-026 CVE-2014-7169 9/26/2014 bash43-027 exported function namespace change 9/27/2014 bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014 bash43-029 CVE-2014-6277 10/2/2014 (From OE-Core rev: 43deeff0c6b0ea7729d3e5f1887dfd1647dea1da) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Mark Hatle <mark.hatle@windriver.com> 2014-10-03 09:51:25 -0500
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-10-06 15:15:51 +0100
commit: 94d2fea672140bcd561dc001da5759a927192b93 (patch)
tree: 9518f1a8a088cf149131b0829e3c3f65a99f09a1 /meta/recipes-extended/bash/bash
parent: be2cf13961ef89200f691570c9333e8130126ef9 (diff)
download: poky-94d2fea672140bcd561dc001da5759a927192b93.tar.gz
2 files changed, 0 insertions, 130 deletions
diff --git a/meta/recipes-extended/bash/bash/cve-2014-6271.patch b/meta/recipes-extended/bash/bash/cve-2014-6271.patch
deleted file mode 100644
index d33a5c8f47..0000000000
--- a/meta/recipes-extended/bash/bash/cve-2014-6271.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-Fix CVE-2014-6271, aka ShellShock.  This is the upstream 4.3 patchlevel 25, minus the hunk to
-set the patch level.
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-                             BASH PATCH REPORT
-                             =================
-Bash-Release:   4.3
-Patch-ID:       bash43-025
-Bug-Reported-by:        Stephane Chazelas <stephane.chazelas@gmail.com>
-Bug-Reference-ID:
-Bug-Reference-URL:
-Bug-Description:
-Under certain circumstances, bash will execute user code while processing the
-environment for exported function definitions.
-Patch (apply with `patch -p0'):
-*** ../bash-4.3-patched/builtins/common.h       2013-07-08 16:54:47.000000000 -0400
--- builtins/common.h   2014-09-12 14:25:47.000000000 -0400
-***************
-*** 34,37 ****
--- 49,54 ----
-  #define SEVAL_PARSEONLY       0x020
-  #define SEVAL_NOLONGJMP 0x040
-+ #define SEVAL_FUNCDEF 0x080           /* only allow function definitions */
-+ #define SEVAL_ONECMD  0x100           /* only allow a single command */
-  
-  /* Flags for describe_command, shared between type.def and command.def */
-*** ../bash-4.3-patched/builtins/evalstring.c   2014-02-11 09:42:10.000000000 -0500
--- builtins/evalstring.c       2014-09-14 14:15:13.000000000 -0400
-***************
-*** 309,312 ****
--- 313,324 ----
-              struct fd_bitmap *bitmap;
-  
-+             if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
-+               {
-+                 internal_warning ("%s: ignoring function definition attempt", from_file);
-+                 should_jump_to_top_level = 0;
-+                 last_result = last_command_exit_value = EX_BADUSAGE;
-+                 break;
-+               }
-+ 
-              bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
-              begin_unwind_frame ("pe_dispose");
-***************
-*** 369,372 ****
--- 381,387 ----
-              dispose_fd_bitmap (bitmap);
-              discard_unwind_frame ("pe_dispose");
-+ 
-+             if (flags & SEVAL_ONECMD)
-+               break;
-            }
-        }
-*** ../bash-4.3-patched/variables.c     2014-05-15 08:26:50.000000000 -0400
--- variables.c 2014-09-14 14:23:35.000000000 -0400
-***************
-*** 359,369 ****
-          strcpy (temp_string + char_index + 1, string);
-  
-!         if (posixly_correct == 0 || legal_identifier (name))
-!           parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
-! 
-!         /* Ancient backwards compatibility.  Old versions of bash exported
-!            functions like name()=() {...} */
-!         if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
-!           name[char_index - 2] = '\0';
-  
-          if (temp_var = find_function (name))
--- 364,372 ----
-          strcpy (temp_string + char_index + 1, string);
-  
-!         /* Don't import function names that are invalid identifiers from the
-!            environment, though we still allow them to be defined as shell
-!            variables. */
-!         if (legal_identifier (name))
-!           parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
-  
-          if (temp_var = find_function (name))
-***************
-*** 382,389 ****
-              report_error (_("error importing function definition for `%s'"), name);
-            }
- 
-         /* ( */
-         if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
-           name[char_index - 2] = '(';         /* ) */
-        }
-  #if defined (ARRAY_VARS)
--- 385,388 ----
-*** ../bash-4.3-patched/subst.c 2014-08-11 11:16:35.000000000 -0400
--- subst.c     2014-09-12 15:31:04.000000000 -0400
-***************
-*** 8048,8052 ****
-          goto return0;
-        }
-!       else if (var = find_variable_last_nameref (temp1))
-        {
-          temp = nameref_cell (var);
--- 8118,8124 ----
-          goto return0;
-        }
-!       else if (var && (invisible_p (var) || var_isset (var) == 0))
-!       temp = (char *)NULL;
-!       else if ((var = find_variable_last_nameref (temp1)) && var_isset (var) && invisible_p (var) == 0)
-        {
-          temp = nameref_cell (var);
diff --git a/meta/recipes-extended/bash/bash/cve-2014-7169.patch b/meta/recipes-extended/bash/bash/cve-2014-7169.patch
deleted file mode 100644
index 3c69121767..0000000000
--- a/meta/recipes-extended/bash/bash/cve-2014-7169.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
-Upstream-Status: Backport
-Index: bash-4.3/parse.y
-===================================================================
--- bash-4.3.orig/parse.y       2014-09-26 13:10:44.340080056 -0700
-+++ bash-4.3/parse.y    2014-09-26 13:11:44.764080056 -0700
-@@ -2953,6 +2953,8 @@
-   FREE (word_desc_to_read);
-   word_desc_to_read = (WORD_DESC *)NULL;
- 
-+  eol_ungetc_lookahead = 0;
-+
-   current_token = '\n';                /* XXX */
-   last_read_token = '\n';
-   token_to_read = '\n';
author	Mark Hatle <mark.hatle@windriver.com>	2014-10-03 09:51:25 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-10-06 15:15:51 +0100
commit	94d2fea672140bcd561dc001da5759a927192b93 (patch)
tree	9518f1a8a088cf149131b0829e3c3f65a99f09a1 /meta/recipes-extended/bash/bash
parent	be2cf13961ef89200f691570c9333e8130126ef9 (diff)
download	poky-94d2fea672140bcd561dc001da5759a927192b93.tar.gz

diff --git a/meta/recipes-extended/bash/bash/cve-2014-6271.patch b/meta/recipes-extended/bash/bash/cve-2014-6271.patch deleted file mode 100644 index d33a5c8f47..0000000000 --- a/meta/recipes-extended/bash/bash/cve-2014-6271.patch +++ /dev/null
@@ -1,114 +0,0 @@
1	Fix CVE-2014-6271, aka ShellShock. This is the upstream 4.3 patchlevel 25, minus the hunk to
2	set the patch level.
3
4	Upstream-Status: Backport
5	Signed-off-by: Ross Burton <ross.burton@intel.com>
6
7	BASH PATCH REPORT
8	=================
9
10	Bash-Release: 4.3
11	Patch-ID: bash43-025
12
13	Bug-Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
14	Bug-Reference-ID:
15	Bug-Reference-URL:
16
17	Bug-Description:
18
19	Under certain circumstances, bash will execute user code while processing the
20	environment for exported function definitions.
21
22	Patch (apply with `patch -p0'):
23
24	*** ../bash-4.3-patched/builtins/common.h 2013-07-08 16:54:47.000000000 -0400
25	--- builtins/common.h 2014-09-12 14:25:47.000000000 -0400
26	***************
27	* 34,37 **
28	--- 49,54 ----
29	#define SEVAL_PARSEONLY 0x020
30	#define SEVAL_NOLONGJMP 0x040
31	+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */
32	+ #define SEVAL_ONECMD 0x100 /* only allow a single command */
33
34	/* Flags for describe_command, shared between type.def and command.def */
35	*** ../bash-4.3-patched/builtins/evalstring.c 2014-02-11 09:42:10.000000000 -0500
36	--- builtins/evalstring.c 2014-09-14 14:15:13.000000000 -0400
37	***************
38	* 309,312 **
39	--- 313,324 ----
40	struct fd_bitmap *bitmap;
41
42	+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
43	+ {
44	+ internal_warning ("%s: ignoring function definition attempt", from_file);
45	+ should_jump_to_top_level = 0;
46	+ last_result = last_command_exit_value = EX_BADUSAGE;
47	+ break;
48	+ }
49	+
50	bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
51	begin_unwind_frame ("pe_dispose");
52	***************
53	* 369,372 **
54	--- 381,387 ----
55	dispose_fd_bitmap (bitmap);
56	discard_unwind_frame ("pe_dispose");
57	+
58	+ if (flags & SEVAL_ONECMD)
59	+ break;
60	}
61	}
62	*** ../bash-4.3-patched/variables.c 2014-05-15 08:26:50.000000000 -0400
63	--- variables.c 2014-09-14 14:23:35.000000000 -0400
64	***************
65	* 359,369 **
66	strcpy (temp_string + char_index + 1, string);
67
68	! if (posixly_correct == 0 \|\| legal_identifier (name))
69	! parse_and_execute (temp_string, name, SEVAL_NONINT\|SEVAL_NOHIST);
70	!
71	! /* Ancient backwards compatibility. Old versions of bash exported
72	! functions like name()=() {...} */
73	! if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
74	! name[char_index - 2] = '\0';
75
76	if (temp_var = find_function (name))
77	--- 364,372 ----
78	strcpy (temp_string + char_index + 1, string);
79
80	! /* Don't import function names that are invalid identifiers from the
81	! environment, though we still allow them to be defined as shell
82	! variables. */
83	! if (legal_identifier (name))
84	! parse_and_execute (temp_string, name, SEVAL_NONINT\|SEVAL_NOHIST\|SEVAL_FUNCDEF\|SEVAL_ONECMD);
85
86	if (temp_var = find_function (name))
87	***************
88	* 382,389 **
89	report_error (_("error importing function definition for `%s'"), name);
90	}
91	-
92	- /* ( */
93	- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
94	- name[char_index - 2] = '('; /* ) */
95	}
96	#if defined (ARRAY_VARS)
97	--- 385,388 ----
98	*** ../bash-4.3-patched/subst.c 2014-08-11 11:16:35.000000000 -0400
99	--- subst.c 2014-09-12 15:31:04.000000000 -0400
100	***************
101	* 8048,8052 **
102	goto return0;
103	}
104	! else if (var = find_variable_last_nameref (temp1))
105	{
106	temp = nameref_cell (var);
107	--- 8118,8124 ----
108	goto return0;
109	}
110	! else if (var && (invisible_p (var) \|\| var_isset (var) == 0))
111	! temp = (char *)NULL;
112	! else if ((var = find_variable_last_nameref (temp1)) && var_isset (var) && invisible_p (var) == 0)
113	{
114	temp = nameref_cell (var);


diff --git a/meta/recipes-extended/bash/bash/cve-2014-7169.patch b/meta/recipes-extended/bash/bash/cve-2014-7169.patch deleted file mode 100644 index 3c69121767..0000000000 --- a/meta/recipes-extended/bash/bash/cve-2014-7169.patch +++ /dev/null
@@ -1,16 +0,0 @@
1	Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
2
3	Upstream-Status: Backport
4	Index: bash-4.3/parse.y
5	===================================================================
6	--- bash-4.3.orig/parse.y 2014-09-26 13:10:44.340080056 -0700
7	+++ bash-4.3/parse.y 2014-09-26 13:11:44.764080056 -0700
8	@@ -2953,6 +2953,8 @@
9	FREE (word_desc_to_read);
10	word_desc_to_read = (WORD_DESC *)NULL;
11
12	+ eol_ungetc_lookahead = 0;
13	+
14	current_token = '\n'; /* XXX */
15	last_read_token = '\n';
16	token_to_read = '\n';