1 files changed, 99 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6278.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6278.patch
new file mode 100644
index 0000000000..e51ce05bb5
--- /dev/null
+++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6278.patch
@@ -0,0 +1,99 @@
+bash: Fix CVE-2014-6278 (shellshock)
+ 
+Upstream-status: backport
+ 
+Downloaded from: 
+ftp://ftp.gnu.org/pub/bash/bash-3.2-patches/bash32-057
+Author: Chet Ramey <chet.ramey@case.edu>
+Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
+                             BASH PATCH REPORT
+                             =================
+Bash-Release: 3.2
+Patch-ID: bash32-057
+Bug-Reported-by:        Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+Bug-Description:
+A combination of nested command substitutions and function importing from
+the environment can cause bash to execute code appearing in the environment
+variable value following the function definition.
+--- a/builtins/evalstring.c     2014-09-16 19:08:02.000000000 -0400
+++ b/builtins/evalstring.c     2014-10-04 15:58:35.000000000 -0400
+@@ -44,4 +44,5 @@
+ #include "../redir.h"
+ #include "../trap.h"
+#include "../bashintl.h"
+ 
+ #if defined (HISTORY)
+@@ -235,10 +236,23 @@
+              struct fd_bitmap *bitmap;
+ 
+-             if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+             if (flags & SEVAL_FUNCDEF)
+                {
+-                 internal_warning ("%s: ignoring function definition attempt", from_file);
+-                 should_jump_to_top_level = 0;
+-                 last_result = last_command_exit_value = EX_BADUSAGE;
+-                 break;
+                 char *x;
+
+                 /* If the command parses to something other than a straight
+                    function definition, or if we have not consumed the entire
+                    string, or if the parser has transformed the function
+                    name (as parsing will if it begins or ends with shell
+                    whitespace, for example), reject the attempt */
+                 if (command->type != cm_function_def ||
+                     ((x = parser_remaining_input ()) && *x) ||
+                     (STREQ (from_file, command->value.Function_def->name->word) == 0))
+                   {
+                     internal_warning (_("%s: ignoring function definition attempt"), from_file);
+                     should_jump_to_top_level = 0;
+                     last_result = last_command_exit_value = EX_BADUSAGE;
+                     reset_parser ();
+                     break;
+                   }
+                }
+ 
+@@ -302,5 +316,8 @@
+ 
+              if (flags & SEVAL_ONECMD)
+-               break;
+               {
+                 reset_parser ();
+                 break;
+               }
+            }
+        }
+--- a/parse.y   2014-09-30 19:43:22.000000000 -0400
+++ b/parse.y   2014-10-04 15:58:35.000000000 -0400
+@@ -2125,4 +2125,14 @@
+ }
+ 
+char *
+parser_remaining_input ()
+{
+  if (shell_input_line == 0)
+    return 0;
+  if (shell_input_line_index < 0 || shell_input_line_index >= shell_input_line_len)
+    return '\0';       /* XXX */
+  return (shell_input_line + shell_input_line_index);
+}
+
+ #ifdef INCLUDE_UNUSED
+ /* Back the input pointer up by one, effectively `ungetting' a character. */
+--- a/shell.h   2008-04-28 22:00:24.000000000 -0400
+++ b/shell.h   2014-10-04 15:58:35.000000000 -0400
+@@ -161,4 +161,6 @@
+ 
+ /* Let's try declaring these here. */
+extern char *parser_remaining_input __P((void));
+
+ extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
+ extern void restore_parser_state __P((sh_parser_state_t *));

diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6278.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6278.patch new file mode 100644 index 0000000000..e51ce05bb5 --- /dev/null +++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6278.patch
@@ -0,0 +1,99 @@
	1	bash: Fix CVE-2014-6278 (shellshock)
	2
	3	Upstream-status: backport
	4
	5	Downloaded from:
	6	ftp://ftp.gnu.org/pub/bash/bash-3.2-patches/bash32-057
	7
	8	Author: Chet Ramey <chet.ramey@case.edu>
	9	Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
	10
	11	BASH PATCH REPORT
	12	=================
	13
	14	Bash-Release: 3.2
	15	Patch-ID: bash32-057
	16
	17	Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
	18	Bug-Reference-ID:
	19	Bug-Reference-URL:
	20
	21	Bug-Description:
	22
	23	A combination of nested command substitutions and function importing from
	24	the environment can cause bash to execute code appearing in the environment
	25	variable value following the function definition.
	26
	27	--- a/builtins/evalstring.c 2014-09-16 19:08:02.000000000 -0400
	28	+++ b/builtins/evalstring.c 2014-10-04 15:58:35.000000000 -0400
	29	@@ -44,4 +44,5 @@
	30	#include "../redir.h"
	31	#include "../trap.h"
	32	+#include "../bashintl.h"
	33
	34	#if defined (HISTORY)
	35	@@ -235,10 +236,23 @@
	36	struct fd_bitmap *bitmap;
	37
	38	- if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
	39	+ if (flags & SEVAL_FUNCDEF)
	40	{
	41	- internal_warning ("%s: ignoring function definition attempt", from_file);
	42	- should_jump_to_top_level = 0;
	43	- last_result = last_command_exit_value = EX_BADUSAGE;
	44	- break;
	45	+ char *x;
	46	+
	47	+ /* If the command parses to something other than a straight
	48	+ function definition, or if we have not consumed the entire
	49	+ string, or if the parser has transformed the function
	50	+ name (as parsing will if it begins or ends with shell
	51	+ whitespace, for example), reject the attempt */
	52	+ if (command->type != cm_function_def \|\|
	53	+ ((x = parser_remaining_input ()) && *x) \|\|
	54	+ (STREQ (from_file, command->value.Function_def->name->word) == 0))
	55	+ {
	56	+ internal_warning (_("%s: ignoring function definition attempt"), from_file);
	57	+ should_jump_to_top_level = 0;
	58	+ last_result = last_command_exit_value = EX_BADUSAGE;
	59	+ reset_parser ();
	60	+ break;
	61	+ }
	62	}
	63
	64	@@ -302,5 +316,8 @@
	65
	66	if (flags & SEVAL_ONECMD)
	67	- break;
	68	+ {
	69	+ reset_parser ();
	70	+ break;
	71	+ }
	72	}
	73	}
	74	--- a/parse.y 2014-09-30 19:43:22.000000000 -0400
	75	+++ b/parse.y 2014-10-04 15:58:35.000000000 -0400
	76	@@ -2125,4 +2125,14 @@
	77	}
	78
	79	+char *
	80	+parser_remaining_input ()
	81	+{
	82	+ if (shell_input_line == 0)
	83	+ return 0;
	84	+ if (shell_input_line_index < 0 \|\| shell_input_line_index >= shell_input_line_len)
	85	+ return '\0'; /* XXX */
	86	+ return (shell_input_line + shell_input_line_index);
	87	+}
	88	+
	89	#ifdef INCLUDE_UNUSED
	90	/* Back the input pointer up by one, effectively `ungetting' a character. */
	91	--- a/shell.h 2008-04-28 22:00:24.000000000 -0400
	92	+++ b/shell.h 2014-10-04 15:58:35.000000000 -0400
	93	@@ -161,4 +161,6 @@
	94
	95	/* Let's try declaring these here. */
	96	+extern char *parser_remaining_input __P((void));
	97	+
	98	extern sh_parser_state_t save_parser_state __P((sh_parser_state_t ));
	99	extern void restore_parser_state __P((sh_parser_state_t *));