summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-extended/bash/bash.inc8
-rw-r--r--meta/recipes-extended/bash/bash/CVE-2019-18276.patch386
-rw-r--r--meta/recipes-extended/bash/bash/build-tests.patch16
-rw-r--r--meta/recipes-extended/bash/bash/use_aclocal.patch59
-rw-r--r--meta/recipes-extended/bash/bash_5.0.bb80
-rw-r--r--meta/recipes-extended/bash/bash_5.1.bb31
6 files changed, 106 insertions, 474 deletions
diff --git a/meta/recipes-extended/bash/bash.inc b/meta/recipes-extended/bash/bash.inc
index 1ebb33bdcd..17d9560475 100644
--- a/meta/recipes-extended/bash/bash.inc
+++ b/meta/recipes-extended/bash/bash.inc
@@ -6,7 +6,7 @@ DEPENDS = "ncurses bison-native virtual/libiconv"
6 6
7inherit autotools gettext texinfo update-alternatives ptest 7inherit autotools gettext texinfo update-alternatives ptest
8 8
9EXTRA_AUTORECONF += "--exclude=autoheader --exclude=aclocal" 9EXTRA_AUTORECONF += "--exclude=autoheader"
10EXTRA_OECONF = "--enable-job-control --without-bash-malloc bash_cv_wexitstatus_offset=8" 10EXTRA_OECONF = "--enable-job-control --without-bash-malloc bash_cv_wexitstatus_offset=8"
11 11
12# If NON_INTERACTIVE_LOGIN_SHELLS is defined, all login shells read the 12# If NON_INTERACTIVE_LOGIN_SHELLS is defined, all login shells read the
@@ -38,6 +38,12 @@ RDEPENDS_${PN}-ptest_append_libc-glibc = " \
38 38
39CACHED_CONFIGUREVARS += "headersdir=${includedir}/${PN}" 39CACHED_CONFIGUREVARS += "headersdir=${includedir}/${PN}"
40 40
41do_configure_prepend () {
42 if [ ! -e ${S}/acinclude.m4 ]; then
43 cat ${S}/aclocal.m4 > ${S}/acinclude.m4
44 fi
45}
46
41do_compile_prepend() { 47do_compile_prepend() {
42 # Remove any leftover .build files. This ensures that bash always has the 48 # Remove any leftover .build files. This ensures that bash always has the
43 # same version number and keeps builds reproducible 49 # same version number and keeps builds reproducible
diff --git a/meta/recipes-extended/bash/bash/CVE-2019-18276.patch b/meta/recipes-extended/bash/bash/CVE-2019-18276.patch
deleted file mode 100644
index 7b2073201e..0000000000
--- a/meta/recipes-extended/bash/bash/CVE-2019-18276.patch
+++ /dev/null
@@ -1,386 +0,0 @@
1From 951bdaad7a18cc0dc1036bba86b18b90874d39ff Mon Sep 17 00:00:00 2001
2From: Chet Ramey <chet.ramey@case.edu>
3Date: Mon, 1 Jul 2019 09:03:53 -0400
4Subject: [PATCH] commit bash-20190628 snapshot
5
6An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11.
7By default, if Bash is run with its effective UID not equal to its real UID,
8it will drop privileges by setting its effective UID to its real UID.
9However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality,
10the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for
11runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore
12regains privileges. However, binaries running with an effective UID of 0 are unaffected.
13
14Get the patch from [1] to fix the issue.
15
16Upstream-Status: Inappropriate [the upstream thinks it doesn't increase the credibility of CVEs in general]
17CVE: CVE-2019-18276
18
19[1] https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaa
20
21Signed-off-by: De Huo <De.Huo@windriver.com>
22Signed-off-by: Kai Kang <kai.kang@windriver.com>
23Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
24---
25 MANIFEST | 2 ++
26 bashline.c | 50 +-------------------------------------------------
27 builtins/help.def | 2 +-
28 config.h.in | 10 +++++++++-
29 configure.ac | 1 +
30 doc/bash.1 | 3 ++-
31 doc/bashref.texi | 3 ++-
32 lib/glob/glob.c | 5 ++++-
33 pathexp.c | 16 ++++++++++++++--
34 shell.c | 8 ++++++++
35 tests/glob.tests | 2 ++
36 tests/glob6.sub | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
37 tests/glob7.sub | 11 +++++++++++
38 14 files changed, 122 insertions(+), 56 deletions(-)
39 create mode 100644 tests/glob6.sub
40 create mode 100644 tests/glob7.sub
41
42diff --git a/MANIFEST b/MANIFEST
43index 03de221..f9ccad7 100644
44--- a/MANIFEST
45+++ b/MANIFEST
46@@ -1037,6 +1037,8 @@ tests/extglob3.tests f
47 tests/extglob3.right f
48 tests/extglob4.sub f
49 tests/extglob5.sub f
50+tests/glob6.sub f
51+tests/glob7.sub f
52 tests/func.tests f
53 tests/func.right f
54 tests/func1.sub f
55diff --git a/bashline.c b/bashline.c
56index 824ea9d..d86b47d 100644
57--- a/bashline.c
58+++ b/bashline.c
59@@ -3718,55 +3718,7 @@ static int
60 completion_glob_pattern (string)
61 char *string;
62 {
63- register int c;
64- char *send;
65- int open;
66-
67- DECLARE_MBSTATE;
68-
69- open = 0;
70- send = string + strlen (string);
71-
72- while (c = *string++)
73- {
74- switch (c)
75- {
76- case '?':
77- case '*':
78- return (1);
79-
80- case '[':
81- open++;
82- continue;
83-
84- case ']':
85- if (open)
86- return (1);
87- continue;
88-
89- case '+':
90- case '@':
91- case '!':
92- if (*string == '(') /*)*/
93- return (1);
94- continue;
95-
96- case '\\':
97- if (*string++ == 0)
98- return (0);
99- }
100-
101- /* Advance one fewer byte than an entire multibyte character to
102- account for the auto-increment in the loop above. */
103-#ifdef HANDLE_MULTIBYTE
104- string--;
105- ADVANCE_CHAR_P (string, send - string);
106- string++;
107-#else
108- ADVANCE_CHAR_P (string, send - string);
109-#endif
110- }
111- return (0);
112+ return (glob_pattern_p (string) == 1);
113 }
114
115 static char *globtext;
116diff --git a/builtins/help.def b/builtins/help.def
117index 006c4b5..92f9b38 100644
118--- a/builtins/help.def
119+++ b/builtins/help.def
120@@ -128,7 +128,7 @@ help_builtin (list)
121
122 /* We should consider making `help bash' do something. */
123
124- if (glob_pattern_p (list->word->word))
125+ if (glob_pattern_p (list->word->word) == 1)
126 {
127 printf ("%s", ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1)));
128 print_word_list (list, ", ");
129diff --git a/config.h.in b/config.h.in
130index 8554aec..ad4b1e8 100644
131--- a/config.h.in
132+++ b/config.h.in
133@@ -1,6 +1,6 @@
134 /* config.h -- Configuration file for bash. */
135
136-/* Copyright (C) 1987-2009,2011-2012 Free Software Foundation, Inc.
137+/* Copyright (C) 1987-2009,2011-2012,2013-2019 Free Software Foundation, Inc.
138
139 This file is part of GNU Bash, the Bourne Again SHell.
140
141@@ -807,6 +807,14 @@
142 #undef HAVE_SETREGID
143 #undef HAVE_DECL_SETREGID
144
145+/* Define if you have the setregid function. */
146+#undef HAVE_SETRESGID
147+#undef HAVE_DECL_SETRESGID
148+
149+/* Define if you have the setresuid function. */
150+#undef HAVE_SETRESUID
151+#undef HAVE_DECL_SETRESUID
152+
153 /* Define if you have the setvbuf function. */
154 #undef HAVE_SETVBUF
155
156diff --git a/configure.ac b/configure.ac
157index 52b4cdb..549adef 100644
158--- a/configure.ac
159+++ b/configure.ac
160@@ -810,6 +810,7 @@ AC_CHECK_DECLS([confstr])
161 AC_CHECK_DECLS([printf])
162 AC_CHECK_DECLS([sbrk])
163 AC_CHECK_DECLS([setregid])
164+AC_CHECK_DECLS[(setresuid, setresgid])
165 AC_CHECK_DECLS([strcpy])
166 AC_CHECK_DECLS([strsignal])
167
168diff --git a/doc/bash.1 b/doc/bash.1
169index e6cd08d..9e58a0b 100644
170--- a/doc/bash.1
171+++ b/doc/bash.1
172@@ -4681,7 +4681,8 @@ above).
173 .PD
174 .SH "SIMPLE COMMAND EXPANSION"
175 When a simple command is executed, the shell performs the following
176-expansions, assignments, and redirections, from left to right.
177+expansions, assignments, and redirections, from left to right, in
178+the following order.
179 .IP 1.
180 The words that the parser has marked as variable assignments (those
181 preceding the command name) and redirections are saved for later
182diff --git a/doc/bashref.texi b/doc/bashref.texi
183index d33cd57..3065126 100644
184--- a/doc/bashref.texi
185+++ b/doc/bashref.texi
186@@ -2964,7 +2964,8 @@ is not specified. If the file does not exist, it is created.
187 @cindex command expansion
188
189 When a simple command is executed, the shell performs the following
190-expansions, assignments, and redirections, from left to right.
191+expansions, assignments, and redirections, from left to right, in
192+the following order.
193
194 @enumerate
195 @item
196diff --git a/lib/glob/glob.c b/lib/glob/glob.c
197index 398253b..2eaa33e 100644
198--- a/lib/glob/glob.c
199+++ b/lib/glob/glob.c
200@@ -607,6 +607,7 @@ glob_vector (pat, dir, flags)
201 register unsigned int i;
202 int mflags; /* Flags passed to strmatch (). */
203 int pflags; /* flags passed to sh_makepath () */
204+ int hasglob; /* return value from glob_pattern_p */
205 int nalloca;
206 struct globval *firstmalloc, *tmplink;
207 char *convfn;
208@@ -648,10 +649,12 @@ glob_vector (pat, dir, flags)
209 patlen = (pat && *pat) ? strlen (pat) : 0;
210
211 /* If the filename pattern (PAT) does not contain any globbing characters,
212+ or contains a pattern with only backslash escapes (hasglob == 2),
213 we can dispense with reading the directory, and just see if there is
214 a filename `DIR/PAT'. If there is, and we can access it, just make the
215 vector to return and bail immediately. */
216- if (skip == 0 && glob_pattern_p (pat) == 0)
217+ hasglob = 0;
218+ if (skip == 0 && (hasglob = glob_pattern_p (pat)) == 0 || hasglob == 2)
219 {
220 int dirlen;
221 struct stat finfo;
222diff --git a/pathexp.c b/pathexp.c
223index c1bf2d8..e6c5392 100644
224--- a/pathexp.c
225+++ b/pathexp.c
226@@ -58,7 +58,10 @@ int extended_glob = EXTGLOB_DEFAULT;
227 /* Control enabling special handling of `**' */
228 int glob_star = 0;
229
230-/* Return nonzero if STRING has any unquoted special globbing chars in it. */
231+/* Return nonzero if STRING has any unquoted special globbing chars in it.
232+ This is supposed to be called when pathname expansion is performed, so
233+ it implements the rules in Posix 2.13.3, specifically that an unquoted
234+ slash cannot appear in a bracket expression. */
235 int
236 unquoted_glob_pattern_p (string)
237 register char *string;
238@@ -85,10 +88,14 @@ unquoted_glob_pattern_p (string)
239 continue;
240
241 case ']':
242- if (open)
243+ if (open) /* XXX - if --open == 0? */
244 return (1);
245 continue;
246
247+ case '/':
248+ if (open)
249+ open = 0;
250+
251 case '+':
252 case '@':
253 case '!':
254@@ -106,6 +113,11 @@ unquoted_glob_pattern_p (string)
255 string++;
256 continue;
257 }
258+ else if (open && *string == '/')
259+ {
260+ string++; /* quoted slashes in bracket expressions are ok */
261+ continue;
262+ }
263 else if (*string == 0)
264 return (0);
265
266diff --git a/shell.c b/shell.c
267index a2b2a55..6adabc8 100644
268--- a/shell.c
269+++ b/shell.c
270@@ -1293,7 +1293,11 @@ disable_priv_mode ()
271 {
272 int e;
273
274+#if HAVE_DECL_SETRESUID
275+ if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
276+#else
277 if (setuid (current_user.uid) < 0)
278+#endif
279 {
280 e = errno;
281 sys_error (_("cannot set uid to %d: effective uid %d"), current_user.uid, current_user.euid);
282@@ -1302,7 +1306,11 @@ disable_priv_mode ()
283 exit (e);
284 #endif
285 }
286+#if HAVE_DECL_SETRESGID
287+ if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
288+#else
289 if (setgid (current_user.gid) < 0)
290+#endif
291 sys_error (_("cannot set gid to %d: effective gid %d"), current_user.gid, current_user.egid);
292
293 current_user.euid = current_user.uid;
294diff --git a/tests/glob.tests b/tests/glob.tests
295index 01913bb..fb012f7 100644
296--- a/tests/glob.tests
297+++ b/tests/glob.tests
298@@ -12,6 +12,8 @@ ${THIS_SH} ./glob1.sub
299 ${THIS_SH} ./glob2.sub
300 ${THIS_SH} ./glob3.sub
301 ${THIS_SH} ./glob4.sub
302+${THIS_SH} ./glob6.sub
303+${THIS_SH} ./glob7.sub
304
305 MYDIR=$PWD # save where we are
306
307diff --git a/tests/glob6.sub b/tests/glob6.sub
308new file mode 100644
309index 0000000..b099811
310--- /dev/null
311+++ b/tests/glob6.sub
312@@ -0,0 +1,54 @@
313+# tests of the backslash-in-glob-patterns discussion on the austin-group ML
314+
315+: ${TMPDIR:=/var/tmp}
316+
317+ORIG=$PWD
318+GLOBDIR=$TMPDIR/bash-glob-$$
319+mkdir $GLOBDIR && cd $GLOBDIR
320+
321+# does the pattern matcher allow backslashes as escape characters and remove
322+# them as part of matching?
323+touch abcdefg
324+pat='ab\cd*'
325+printf '<%s>\n' $pat
326+pat='\.'
327+printf '<%s>\n' $pat
328+rm abcdefg
329+
330+# how about when escaping pattern characters?
331+touch '*abc.c'
332+a='\**.c'
333+printf '%s\n' $a
334+rm -f '*abc.c'
335+
336+# how about when making the distinction between readable and searchable path
337+# components?
338+mkdir -m a=x searchable
339+mkdir -m a=r readable
340+
341+p='searchable/\.'
342+printf "%s\n" $p
343+
344+p='searchable/\./.'
345+printf "%s\n" $p
346+
347+p='readable/\.'
348+printf "%s\n" $p
349+
350+p='readable/\./.'
351+printf "%s\n" $p
352+
353+printf "%s\n" 'searchable/\.'
354+printf "%s\n" 'readable/\.'
355+
356+echo */.
357+
358+p='*/\.'
359+echo $p
360+
361+echo */'.'
362+
363+rmdir searchable readable
364+
365+cd $ORIG
366+rmdir $GLOBDIR
367diff --git a/tests/glob7.sub b/tests/glob7.sub
368new file mode 100644
369index 0000000..0212b8e
370--- /dev/null
371+++ b/tests/glob7.sub
372@@ -0,0 +1,11 @@
373+# according to Posix 2.13.3, a slash in a bracket expression renders that
374+# bracket expression invalid
375+shopt -s nullglob
376+
377+echo 1: [qwe/qwe]
378+echo 2: [qwe/
379+echo 3: [qwe/]
380+
381+echo 4: [qwe\/qwe]
382+echo 5: [qwe\/
383+echo 6: [qwe\/]
384--
3851.9.1
386
diff --git a/meta/recipes-extended/bash/bash/build-tests.patch b/meta/recipes-extended/bash/bash/build-tests.patch
index 5f2dae94a1..ea38bace9b 100644
--- a/meta/recipes-extended/bash/bash/build-tests.patch
+++ b/meta/recipes-extended/bash/bash/build-tests.patch
@@ -1,19 +1,24 @@
1Add 'ptest' target to Makefile, to run tests without checking dependencies. 1From 318b762837c2ad25319caeaf0320eff613b64daf Mon Sep 17 00:00:00 2001
2From: Anders Roxell <anders.roxell@enea.com>
3Date: Wed, 19 Dec 2012 17:18:31 +0100
4Subject: [PATCH] Add 'ptest' target to Makefile, to run tests without checking
5 dependencies.
2 6
3Upstream-Status: Pending 7Upstream-Status: Pending
4Signed-off-by: Anders Roxell <anders.roxell@enea.com> 8Signed-off-by: Anders Roxell <anders.roxell@enea.com>
5 9
6Rebase to 5.0 10Rebase to 5.0
7Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> 11Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
12
8--- 13---
9 Makefile.in | 24 +++++++++++++++++++----- 14 Makefile.in | 24 +++++++++++++++++++-----
10 1 file changed, 19 insertions(+), 5 deletions(-) 15 1 file changed, 19 insertions(+), 5 deletions(-)
11 16
12diff --git a/Makefile.in b/Makefile.in 17diff --git a/Makefile.in b/Makefile.in
13index 5fcb44b..de1c255 100644 18index bc97049..937ce39 100644
14--- a/Makefile.in 19--- a/Makefile.in
15+++ b/Makefile.in 20+++ b/Makefile.in
16@@ -932,20 +932,34 @@ maybe-clean: 21@@ -943,20 +943,34 @@ maybe-clean:
17 fi 22 fi
18 23
19 recho$(EXEEXT): $(SUPPORT_SRC)recho.c 24 recho$(EXEEXT): $(SUPPORT_SRC)recho.c
@@ -51,8 +56,5 @@ index 5fcb44b..de1c255 100644
51+ 56+
52+runtest: 57+runtest:
53 @( cd $(srcdir)/tests && \ 58 @( cd $(srcdir)/tests && \
54 PATH=$(BUILD_DIR)/tests:$$PATH THIS_SH=$(THIS_SH) $(SHELL) ${TESTSCRIPT} ) 59 BUILD_DIR=$(BUILD_DIR) PATH=$(BUILD_DIR)/tests:$$PATH THIS_SH=$(THIS_SH) $(SHELL) ${TESTSCRIPT} )
55 60
56--
572.7.4
58
diff --git a/meta/recipes-extended/bash/bash/use_aclocal.patch b/meta/recipes-extended/bash/bash/use_aclocal.patch
new file mode 100644
index 0000000000..bebaa08bfe
--- /dev/null
+++ b/meta/recipes-extended/bash/bash/use_aclocal.patch
@@ -0,0 +1,59 @@
1Including m4 files directly like this confuses autotools.bbclass, remove
2the references and rely upon aclocal to collect the m4 files together
3as needed instead making it work like other autotools based projects.
4
5Upstream-Status: Inappropriate [OE configuration specific]
6RP 2021/1/20
7
8Index: bash-5.1/configure.ac
9===================================================================
10--- bash-5.1.orig/configure.ac
11+++ bash-5.1/configure.ac
12@@ -688,47 +688,6 @@ if test x$SIZE = x; then
13 fi
14 AC_SUBST(SIZE)
15
16-m4_include([m4/stat-time.m4])
17-m4_include([m4/timespec.m4])
18-
19-dnl include files for gettext
20-
21-m4_include([m4/codeset.m4])
22-m4_include([m4/extern-inline.m4])
23-m4_include([m4/fcntl-o.m4])
24-m4_include([m4/gettext.m4])
25-m4_include([m4/glibc2.m4])
26-m4_include([m4/glibc21.m4])
27-m4_include([m4/host-cpu-c-abi.m4])
28-m4_include([m4/iconv.m4])
29-m4_include([m4/intdiv0.m4])
30-m4_include([m4/intl.m4])
31-m4_include([m4/intlmacosx.m4])
32-m4_include([m4/intl-thread-locale.m4])
33-m4_include([m4/intmax.m4])
34-m4_include([m4/inttypes-pri.m4])
35-m4_include([m4/inttypes.m4])
36-m4_include([m4/inttypes_h.m4])
37-m4_include([m4/lcmessage.m4])
38-m4_include([m4/lib-ld.m4])
39-m4_include([m4/lib-link.m4])
40-m4_include([m4/lib-prefix.m4])
41-m4_include([m4/lock.m4])
42-m4_include([m4/nls.m4])
43-m4_include([m4/po.m4])
44-m4_include([m4/printf-posix.m4])
45-m4_include([m4/progtest.m4])
46-m4_include([m4/pthread_rwlock_rdlock.m4])
47-m4_include([m4/size_max.m4])
48-m4_include([m4/stdint_h.m4])
49-m4_include([m4/threadlib.m4])
50-m4_include([m4/uintmax_t.m4])
51-m4_include([m4/ulonglong.m4])
52-m4_include([m4/visibility.m4])
53-m4_include([m4/wchar_t.m4])
54-m4_include([m4/wint_t.m4])
55-m4_include([m4/xsize.m4])
56-
57 dnl Turn on any extensions available in the GNU C library.
58 AC_DEFINE(_GNU_SOURCE, 1)
59
diff --git a/meta/recipes-extended/bash/bash_5.0.bb b/meta/recipes-extended/bash/bash_5.0.bb
deleted file mode 100644
index 53e05869ce..0000000000
--- a/meta/recipes-extended/bash/bash_5.0.bb
+++ /dev/null
@@ -1,80 +0,0 @@
1require bash.inc
2
3# GPLv2+ (< 4.0), GPLv3+ (>= 4.0)
4LICENSE = "GPLv3+"
5LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
6
7SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \
8 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-001;apply=yes;striplevel=0;name=patch001 \
9 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-002;apply=yes;striplevel=0;name=patch002 \
10 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-003;apply=yes;striplevel=0;name=patch003 \
11 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-004;apply=yes;striplevel=0;name=patch004 \
12 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-005;apply=yes;striplevel=0;name=patch005 \
13 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-006;apply=yes;striplevel=0;name=patch006 \
14 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-007;apply=yes;striplevel=0;name=patch007 \
15 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-008;apply=yes;striplevel=0;name=patch008 \
16 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-009;apply=yes;striplevel=0;name=patch009 \
17 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-010;apply=yes;striplevel=0;name=patch010 \
18 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-011;apply=yes;striplevel=0;name=patch011 \
19 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-012;apply=yes;striplevel=0;name=patch012 \
20 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-013;apply=yes;striplevel=0;name=patch013 \
21 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-014;apply=yes;striplevel=0;name=patch014 \
22 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-015;apply=yes;striplevel=0;name=patch015 \
23 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-016;apply=yes;striplevel=0;name=patch016 \
24 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-017;apply=yes;striplevel=0;name=patch017 \
25 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-018;apply=yes;striplevel=0;name=patch018 \
26 file://execute_cmd.patch \
27 file://mkbuiltins_have_stringize.patch \
28 file://build-tests.patch \
29 file://test-output.patch \
30 file://run-ptest \
31 file://run-bash-ptests \
32 file://fix-run-builtins.patch \
33 file://CVE-2019-18276.patch \
34 "
35
36SRC_URI[tarball.md5sum] = "2b44b47b905be16f45709648f671820b"
37SRC_URI[tarball.sha256sum] = "b4a80f2ac66170b2913efbfb9f2594f1f76c7b1afd11f799e22035d63077fb4d"
38
39SRC_URI[patch001.md5sum] = "b026862ab596a5883bb4f0d1077a3819"
40SRC_URI[patch001.sha256sum] = "f2fe9e1f0faddf14ab9bfa88d450a75e5d028fedafad23b88716bd657c737289"
41SRC_URI[patch002.md5sum] = "2f4a7787365790ae57f36b311701ea7e"
42SRC_URI[patch002.sha256sum] = "87e87d3542e598799adb3e7e01c8165bc743e136a400ed0de015845f7ff68707"
43SRC_URI[patch003.md5sum] = "af7f2dd93fd5429fb5e9a642ff74f87d"
44SRC_URI[patch003.sha256sum] = "4eebcdc37b13793a232c5f2f498a5fcbf7da0ecb3da2059391c096db620ec85b"
45SRC_URI[patch004.md5sum] = "b60545b273bfa4e00a760f2c648bed9c"
46SRC_URI[patch004.sha256sum] = "14447ad832add8ecfafdce5384badd933697b559c4688d6b9e3d36ff36c62f08"
47SRC_URI[patch005.md5sum] = "875a0bedf48b74e453e3997c84b5d8a4"
48SRC_URI[patch005.sha256sum] = "5bf54dd9bd2c211d2bfb34a49e2c741f2ed5e338767e9ce9f4d41254bf9f8276"
49SRC_URI[patch006.md5sum] = "4a8ee95adb72c3aba03d9e8c9f96ece6"
50SRC_URI[patch006.sha256sum] = "d68529a6ff201b6ff5915318ab12fc16b8a0ebb77fda3308303fcc1e13398420"
51SRC_URI[patch007.md5sum] = "411560d81fde2dc5b17b83c3f3b58c6f"
52SRC_URI[patch007.sha256sum] = "17b41e7ee3673d8887dd25992417a398677533ab8827938aa41fad70df19af9b"
53SRC_URI[patch008.md5sum] = "dd7cf7a784d1838822cad8d419315991"
54SRC_URI[patch008.sha256sum] = "eec64588622a82a5029b2776e218a75a3640bef4953f09d6ee1f4199670ad7e3"
55SRC_URI[patch009.md5sum] = "c1b3e937cd6dccbb7fd772f32812a0da"
56SRC_URI[patch009.sha256sum] = "ed3ca21767303fc3de93934aa524c2e920787c506b601cc40a4897d4b094d903"
57SRC_URI[patch010.md5sum] = "19b41e73b03602d0e261c471b53e670c"
58SRC_URI[patch010.sha256sum] = "d6fbc325f0b5dc54ddbe8ee43020bced8bd589ddffea59d128db14b2e52a8a11"
59SRC_URI[patch011.md5sum] = "414339330a3634137081a97f2c8615a8"
60SRC_URI[patch011.sha256sum] = "2c4de332b91eaf797abbbd6c79709690b5cbd48b12e8dfe748096dbd7bf474ea"
61SRC_URI[patch012.md5sum] = "1870268f62b907221b078ad109e1fa94"
62SRC_URI[patch012.sha256sum] = "2943ee19688018296f2a04dbfe30b7138b889700efa8ff1c0524af271e0ee233"
63SRC_URI[patch013.md5sum] = "40d923af4b952b01983ed4c889ae2653"
64SRC_URI[patch013.sha256sum] = "f5d7178d8da30799e01b83a0802018d913d6aa972dd2ddad3b927f3f3eb7099a"
65SRC_URI[patch014.md5sum] = "57857b22053c8167677e5e5ac5c6669b"
66SRC_URI[patch014.sha256sum] = "5d6eee6514ee6e22a87bba8d22be0a8621a0ae119246f1c5a9a35db1f72af589"
67SRC_URI[patch015.md5sum] = "c4c6ea23d09a74eaa9385438e48fdf02"
68SRC_URI[patch015.sha256sum] = "a517df2dda93b26d5cbf00effefea93e3a4ccd6652f152f4109170544ebfa05e"
69SRC_URI[patch016.md5sum] = "a682ed6fa2c2e7a7c3ba6bdeada07fb5"
70SRC_URI[patch016.sha256sum] = "ffd1d7a54a99fa7f5b1825e4f7e95d8c8876bc2ca151f150e751d429c650b06d"
71SRC_URI[patch017.md5sum] = "d9dcaa1d8e7a24850449a1aac43a12a9"
72SRC_URI[patch017.sha256sum] = "4cf3b9fafb8a66d411dd5fc9120032533a4012df1dc6ee024c7833373e2ddc31"
73SRC_URI[patch018.md5sum] = "a64d950d5de72ae590455b13e6afefcb"
74SRC_URI[patch018.sha256sum] = "7c314e375a105a6642e8ed44f3808b9def89d15f7492fe2029a21ba9c0de81d3"
75
76
77DEBUG_OPTIMIZATION_append_armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}"
78DEBUG_OPTIMIZATION_append_armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}"
79
80BBCLASSEXTEND = "nativesdk"
diff --git a/meta/recipes-extended/bash/bash_5.1.bb b/meta/recipes-extended/bash/bash_5.1.bb
new file mode 100644
index 0000000000..25b8a7ff73
--- /dev/null
+++ b/meta/recipes-extended/bash/bash_5.1.bb
@@ -0,0 +1,31 @@
1require bash.inc
2
3# GPLv2+ (< 4.0), GPLv3+ (>= 4.0)
4LICENSE = "GPLv3+"
5LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
6
7SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \
8 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash51-001;apply=yes;striplevel=0;name=patch001 \
9 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash51-002;apply=yes;striplevel=0;name=patch002 \
10 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash51-003;apply=yes;striplevel=0;name=patch003 \
11 ${GNU_MIRROR}/bash/bash-${PV}-patches/bash51-004;apply=yes;striplevel=0;name=patch004 \
12 file://execute_cmd.patch \
13 file://mkbuiltins_have_stringize.patch \
14 file://build-tests.patch \
15 file://test-output.patch \
16 file://run-ptest \
17 file://run-bash-ptests \
18 file://fix-run-builtins.patch \
19 file://use_aclocal.patch \
20 "
21
22SRC_URI[tarball.sha256sum] = "cc012bc860406dcf42f64431bcd3d2fa7560c02915a601aba9cd597a39329baa"
23SRC_URI[patch001.sha256sum] = "ebb07b3dbadd98598f078125d0ae0d699295978a5cdaef6282fe19adef45b5fa"
24SRC_URI[patch002.sha256sum] = "15ea6121a801e48e658ceee712ea9b88d4ded022046a6147550790caf04f5dbe"
25SRC_URI[patch003.sha256sum] = "22f2cc262f056b22966281babf4b0a2f84cb7dd2223422e5dcd013c3dcbab6b1"
26SRC_URI[patch004.sha256sum] = "9aaeb65664ef0d28c0067e47ba5652b518298b3b92d33327d84b98b28d873c86"
27
28DEBUG_OPTIMIZATION_append_armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}"
29DEBUG_OPTIMIZATION_append_armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}"
30
31BBCLASSEXTEND = "nativesdk"