1 files changed, 77 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch
new file mode 100644
index 0000000000..7226ffb665
--- /dev/null
+++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch
@@ -0,0 +1,77 @@
+Fix CVE-2014-6271, aka ShellShock.
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+*** ../bash-3.2.51/builtins/common.h    2006-03-06 09:38:44.000000000 -0500
+--- builtins/common.h   2014-09-16 19:08:02.000000000 -0400
+***************
+*** 34,37 ****
+--- 34,39 ----
+  
+  /* Flags for describe_command, shared between type.def and command.def */
+ #define SEVAL_FUNCDEF 0x080           /* only allow function definitions */
+ #define SEVAL_ONECMD  0x100           /* only allow a single command */
+  #define CDESC_ALL             0x001   /* type -a */
+  #define CDESC_SHORTDESC               0x002   /* command -V */
+*** ../bash-3.2.51/builtins/evalstring.c        2008-11-15 17:47:04.000000000 -0500
+--- builtins/evalstring.c       2014-09-16 19:08:02.000000000 -0400
+***************
+*** 235,238 ****
+--- 235,246 ----
+              struct fd_bitmap *bitmap;
+  
+             if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+               {
+                 internal_warning ("%s: ignoring function definition attempt", from_file);
+                 should_jump_to_top_level = 0;
+                 last_result = last_command_exit_value = EX_BADUSAGE;
+                 break;
+               }
+ 
+              bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+              begin_unwind_frame ("pe_dispose");
+***************
+*** 292,295 ****
+--- 300,306 ----
+              dispose_fd_bitmap (bitmap);
+              discard_unwind_frame ("pe_dispose");
+ 
+             if (flags & SEVAL_ONECMD)
+               break;
+            }
+        }
+*** ../bash-3.2.51/variables.c  2008-11-15 17:15:06.000000000 -0500
+--- variables.c 2014-09-16 19:10:39.000000000 -0400
+***************
+*** 319,328 ****
+          strcpy (temp_string + char_index + 1, string);
+  
+!         parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
+! 
+!         /* Ancient backwards compatibility.  Old versions of bash exported
+!            functions like name()=() {...} */
+!         if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
+!           name[char_index - 2] = '\0';
+  
+          if (temp_var = find_function (name))
+--- 319,326 ----
+          strcpy (temp_string + char_index + 1, string);
+  
+!         /* Don't import function names that are invalid identifiers from the
+!            environment. */
+!         if (legal_identifier (name))
+!           parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+  
+          if (temp_var = find_function (name))
+***************
+*** 333,340 ****
+          else
+            report_error (_("error importing function definition for `%s'"), name);
+- 
+-         /* ( */
+-         if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+-           name[char_index - 2] = '(';         /* ) */
+        }
+  #if defined (ARRAY_VARS)
+--- 331,334 ----

diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch new file mode 100644 index 0000000000..7226ffb665 --- /dev/null +++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch
@@ -0,0 +1,77 @@
	1	Fix CVE-2014-6271, aka ShellShock.
	2
	3	Upstream-Status: Backport
	4	Signed-off-by: Ross Burton <ross.burton@intel.com>
	5
	6	*** ../bash-3.2.51/builtins/common.h 2006-03-06 09:38:44.000000000 -0500
	7	--- builtins/common.h 2014-09-16 19:08:02.000000000 -0400
	8	***************
	9	* 34,37 **
	10	--- 34,39 ----
	11
	12	/* Flags for describe_command, shared between type.def and command.def */
	13	+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */
	14	+ #define SEVAL_ONECMD 0x100 /* only allow a single command */
	15	#define CDESC_ALL 0x001 /* type -a */
	16	#define CDESC_SHORTDESC 0x002 /* command -V */
	17	*** ../bash-3.2.51/builtins/evalstring.c 2008-11-15 17:47:04.000000000 -0500
	18	--- builtins/evalstring.c 2014-09-16 19:08:02.000000000 -0400
	19	***************
	20	* 235,238 **
	21	--- 235,246 ----
	22	struct fd_bitmap *bitmap;
	23
	24	+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
	25	+ {
	26	+ internal_warning ("%s: ignoring function definition attempt", from_file);
	27	+ should_jump_to_top_level = 0;
	28	+ last_result = last_command_exit_value = EX_BADUSAGE;
	29	+ break;
	30	+ }
	31	+
	32	bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
	33	begin_unwind_frame ("pe_dispose");
	34	***************
	35	* 292,295 **
	36	--- 300,306 ----
	37	dispose_fd_bitmap (bitmap);
	38	discard_unwind_frame ("pe_dispose");
	39	+
	40	+ if (flags & SEVAL_ONECMD)
	41	+ break;
	42	}
	43	}
	44	*** ../bash-3.2.51/variables.c 2008-11-15 17:15:06.000000000 -0500
	45	--- variables.c 2014-09-16 19:10:39.000000000 -0400
	46	***************
	47	* 319,328 **
	48	strcpy (temp_string + char_index + 1, string);
	49
	50	! parse_and_execute (temp_string, name, SEVAL_NONINT\|SEVAL_NOHIST);
	51	!
	52	! /* Ancient backwards compatibility. Old versions of bash exported
	53	! functions like name()=() {...} */
	54	! if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
	55	! name[char_index - 2] = '\0';
	56
	57	if (temp_var = find_function (name))
	58	--- 319,326 ----
	59	strcpy (temp_string + char_index + 1, string);
	60
	61	! /* Don't import function names that are invalid identifiers from the
	62	! environment. */
	63	! if (legal_identifier (name))
	64	! parse_and_execute (temp_string, name, SEVAL_NONINT\|SEVAL_NOHIST\|SEVAL_FUNCDEF\|SEVAL_ONECMD);
	65
	66	if (temp_var = find_function (name))
	67	***************
	68	* 333,340 **
	69	else
	70	report_error (_("error importing function definition for `%s'"), name);
	71	-
	72	- /* ( */
	73	- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
	74	- name[char_index - 2] = '('; /* ) */
	75	}
	76	#if defined (ARRAY_VARS)
	77	--- 331,334 ----