diff options
author | Mark Hatle <mark.hatle@windriver.com> | 2014-10-03 09:51:25 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-10-06 15:15:51 +0100 |
commit | 94d2fea672140bcd561dc001da5759a927192b93 (patch) | |
tree | 9518f1a8a088cf149131b0829e3c3f65a99f09a1 /meta/recipes-extended/bash/bash_3.2.48.bb | |
parent | be2cf13961ef89200f691570c9333e8130126ef9 (diff) | |
download | poky-94d2fea672140bcd561dc001da5759a927192b93.tar.gz |
bash: Upgrade bash to latest patch level to fix CVEs
We upgrade bash_4.3 to patch revision 29, and bash_3.2.48 to 56.
There are numerous community bug fixes included with this set, but the key
items are:
bash32-052 CVE-2014-6271 9/24/2014
bash32-053 CVE-2014-7169 9/26/2014
bash32-054 exported function namespace change 9/27/2014
bash32-055 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash32-056 CVE-2014-6277 10/2/2014
bash43-025 CVE-2014-6271 9/24/2014
bash43-026 CVE-2014-7169 9/26/2014
bash43-027 exported function namespace change 9/27/2014
bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash43-029 CVE-2014-6277 10/2/2014
(From OE-Core rev: 43deeff0c6b0ea7729d3e5f1887dfd1647dea1da)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/bash/bash_3.2.48.bb')
-rw-r--r-- | meta/recipes-extended/bash/bash_3.2.48.bb | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb b/meta/recipes-extended/bash/bash_3.2.48.bb index e6a04cd888..77f251409e 100644 --- a/meta/recipes-extended/bash/bash_3.2.48.bb +++ b/meta/recipes-extended/bash/bash_3.2.48.bb | |||
@@ -6,25 +6,35 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fd5d9bcabd8ed5a54a01ce8d183d592a" | |||
6 | PR = "r11" | 6 | PR = "r11" |
7 | 7 | ||
8 | SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \ | 8 | SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \ |
9 | ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-049;apply=yes;striplevel=0;name=patch001 \ | 9 | ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-049;apply=yes;striplevel=0;name=patch049 \ |
10 | ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-050;apply=yes;striplevel=0;name=patch002 \ | 10 | ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-050;apply=yes;striplevel=0;name=patch050 \ |
11 | ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-051;apply=yes;striplevel=0;name=patch003 \ | 11 | ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-051;apply=yes;striplevel=0;name=patch051 \ |
12 | ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-052;apply=yes;striplevel=0;name=patch052 \ | ||
13 | ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-053;apply=yes;striplevel=0;name=patch053 \ | ||
14 | ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-054;apply=yes;striplevel=0;name=patch054 \ | ||
15 | ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-055;apply=yes;striplevel=0;name=patch055 \ | ||
16 | ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-056;apply=yes;striplevel=0;name=patch056 \ | ||
12 | file://mkbuiltins_have_stringize.patch \ | 17 | file://mkbuiltins_have_stringize.patch \ |
13 | file://build-tests.patch \ | 18 | file://build-tests.patch \ |
14 | file://test-output.patch \ | 19 | file://test-output.patch \ |
15 | file://cve-2014-6271.patch;striplevel=0 \ | ||
16 | file://cve-2014-7169.patch \ | ||
17 | file://run-ptest \ | 20 | file://run-ptest \ |
18 | " | 21 | " |
19 | 22 | ||
20 | SRC_URI[tarball.md5sum] = "338dcf975a93640bb3eaa843ca42e3f8" | 23 | SRC_URI[tarball.md5sum] = "338dcf975a93640bb3eaa843ca42e3f8" |
21 | SRC_URI[tarball.sha256sum] = "128d281bd5682ba5f6953122915da71976357d7a76490d266c9173b1d0426348" | 24 | SRC_URI[tarball.sha256sum] = "128d281bd5682ba5f6953122915da71976357d7a76490d266c9173b1d0426348" |
22 | SRC_URI[patch001.md5sum] = "af571a2d164d5abdcae4499e94e8892c" | 25 | SRC_URI[patch049.md5sum] = "af571a2d164d5abdcae4499e94e8892c" |
23 | SRC_URI[patch001.sha256sum] = "b1217ed94bdb95dc878fa5cabbf8a164435eb0d9da23a392198f48566ee34a2f" | 26 | SRC_URI[patch049.sha256sum] = "b1217ed94bdb95dc878fa5cabbf8a164435eb0d9da23a392198f48566ee34a2f" |
24 | SRC_URI[patch002.md5sum] = "8443d4385d73ec835abe401d90591377" | 27 | SRC_URI[patch050.md5sum] = "8443d4385d73ec835abe401d90591377" |
25 | SRC_URI[patch002.sha256sum] = "081bb03c580ecee63ba03b40beb3caf509eca29515b2e8dd3c078503609a1642" | 28 | SRC_URI[patch050.sha256sum] = "081bb03c580ecee63ba03b40beb3caf509eca29515b2e8dd3c078503609a1642" |
26 | SRC_URI[patch003.md5sum] = "15c6653042e9814aa87120098fc7a849" | 29 | SRC_URI[patch051.md5sum] = "15c6653042e9814aa87120098fc7a849" |
27 | SRC_URI[patch003.sha256sum] = "354886097cd95b4def77028f32ee01e2e088d58a98184fede9d3ce9320e218ef" | 30 | SRC_URI[patch051.sha256sum] = "354886097cd95b4def77028f32ee01e2e088d58a98184fede9d3ce9320e218ef" |
28 | 31 | SRC_URI[patch052.md5sum] = "691023a944bbb9003cc92ad462d91fa1" | |
29 | SRC_URI[md5sum] = "338dcf975a93640bb3eaa843ca42e3f8" | 32 | SRC_URI[patch052.sha256sum] = "a0eccf9ceda50871db10d21efdd74b99e35efbd55c970c400eeade012816bb61" |
30 | SRC_URI[sha256sum] = "128d281bd5682ba5f6953122915da71976357d7a76490d266c9173b1d0426348" | 33 | SRC_URI[patch053.md5sum] = "eb97d1c9230a55283d9dac69d3de2e46" |
34 | SRC_URI[patch053.sha256sum] = "fe6f0e96e0b966eaed9fb5e930ca12891f4380f30f9e0a773d200ff2063a864e" | ||
35 | SRC_URI[patch054.md5sum] = "1107744058c43b247f597584b88ba0a6" | ||
36 | SRC_URI[patch054.sha256sum] = "c6dab911e85688c542ce75afc175dbb4e5011de5102758e19a4a80dac1e79359" | ||
37 | SRC_URI[patch055.md5sum] = "05d201176d3499e2dfa4a73d09d42f05" | ||
38 | SRC_URI[patch055.sha256sum] = "c0e816700837942ed548da74e5917f74b70cbbbb10c9f2caf73e8e06a0713d0a" | ||
39 | SRC_URI[patch056.md5sum] = "222eaa3a2c26f54a15aa5e08817a534a" | ||
40 | SRC_URI[patch056.sha256sum] = "063a8d8d74e4407bf07a32b965b8ef6d213a66abdb6af26cc3584a437a56bbb4" | ||