| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
- Drop bash-memleak-bug-fix-for-builtin-command-read.patch which has
been accepted since 4.4.17
(From OE-Core rev: ec6da604012b54769db3371a8ed9ac0be4c9d0e6)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 33dadb98c10fdf04d9ed9b6ba57de6257873bcea)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Under musl bash uses its own libintl clone but there are some missing
dependencies so it is possible for pathexp.o to be built whilst libintl.h is
being written, leading to compile errors.
(From OE-Core rev: d58c20fd45f4808cbc1726ec5b46edb1c60b9cf8)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Built in command "read" with "-e" use Readline to obtain the line
in an interactive shell. In this process, a string "rlbuf" is
just allocated without free operation thus cause memory leak.
This patch had been submitted to upstream:
http://lists.gnu.org/archive/html/bug-bash/2017-02/msg00061.html
(From OE-Core rev: a2b278a6eaa9e9b48d858e3be6712267c0122598)
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Rebase patches:
- fix-run-coproc-run-heredoc-run-execscript-run-test-f.patch
- test-output.patch
2. Drop backported patches:
- CVE-2016-9401.patch
- fix-run-intl.patch
3. Add ${PN}-loadable for loadable builtins which is new features in Bash 4.4
4. The 4.4 fixed CVE-2017-5932 and CVE-2016-0634
- https://security-tracker.debian.org/tracker/CVE-2017-5932
- https://security-tracker.debian.org/tracker/CVE-2016-0634
5. The 4.4 installed include header files, fix bash-dev confilicts
with lib32-bash-dev
.....
$ bitbake lib32-core-image-sato-sdk
...
|Error: Transaction check error: file /usr/include/bash/config.h
conflicts between attempted installs
|of lib32-bash-dev-4.4-r0.x86 and bash-dev-4.4-r0.core2_64
......
(From OE-Core rev: 4097694b13cd5f0d68987551c3f9af80c87dc6ae)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
popd in bash might allow local users to bypass the restricted shell
and cause a use-after-free via a crafted address.
Porting patch from <https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/
bash44-006> to solve CVE-2016-9401.
(From OE-Core rev: 6987b317d5ce8dc50a37ebba395aa8424bec358c)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Filter the extra white space in intl.right
When the sub-test unicode2.sub of intl.tests executed, it produced
compact results without extra white space, compared to intl.right,
it failed.
So we need to filter the extra white space in intl.right.
Import this patch for intl.right from bash devel branch:
http://git.savannah.gnu.org/cgit/bash.git/log/?h=devel
Commit is:
85ec0778f9d778e1820fb8c0e3e996f2d1103b45
2. Change intl.right correspond to the unicode3.sub's output
In sub-test unicode3.sub of intl.tests have this:
printf %q "$payload"
The payload variable was assigned by ASCII characters, when using
'%q' format strings, it means print the associated argument shell-quoted.
When the strings contain the non-alpha && non-digit && non-punctuation &&
non-ISO 646 character(7-bit), it would output like this: " $'...', ANSI-C
style quoted string. We can check the bash source code at:
http://git.savannah.gnu.org/cgit/bash.git/tree/builtins/printf.def#n557
http://git.savannah.gnu.org/cgit/bash.git/tree/lib/sh/strtrans.c#n331
So we need to change the intl.right contain the correct output of unicode3.sub.
Import parts of this patch for intl.right from bash devel branch:
http://git.savannah.gnu.org/cgit/bash.git/log/?h=devel
Commit is:
74b8cbb41398b4453d8ba04d0cdd1b25f9dcb9e3
3. Add the sanity check for locales
When run the intl.tests, we need the following locales:
en_US & fr_FR & de_DE
So add the locales check for the intl.tests in run-ptest.
(From OE-Core rev: 640676226bb351420a0a8b2d2a3c120ae42da11e)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 45bc8a2c4bbe252526d5eee2547f8b9e06165e5a)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. redirect the stderr output of the command exec with -l option to
/dev/null.
Because when we run command exec with -l option in builtins.tests,
it is a login shell, so it would read the file /etc/profile, that
file executes the /usr/bin/resize which added by commit:
cc6360f4c4d97e0000f9d3545f381224ee99ce7d
The /usr/bin/resize is produced by busybox that source code resize.c
contains:
fprintf(stderr, ESC"7" ESC"[r" ESC"[999;999H" ESC"[6n");
In the end, it outputs an escape sequence to the stderr, so when we
compare the test output file /tmp/xx with builtins.right, it failed.
we need to redirect the stderr output to the /dev/null to solve the
problem.
2. ensure the target system contains the locales "en_US.UTF-8".
Because when run the run-builtins, it executes the source5.sub file
that contain:
LC_ALL=en_US.UTF-8
such as add the following to the local.conf:
IMAGE_LINGUAS_append = " en-us"
(From OE-Core rev: 5f82f3df7d4a7d6ae9a1ea3b6bc1d620a3d6c329)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add user 'test' to fix the failure of 'the test suite should not
be run as root'(run-execscript and run-test)
Backport test case from git://git.sv.gnu.org/bash.git to fix run-execscript
and run-heredoc
Still failed cases:
FAIL: run-intl
FAIL: run-lastpipe
FAIL: run-trap
YOCTO: 5698
(From OE-Core rev: 1096140cb1d2532ecb38ac5fbbbe13d40fdaf6af)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If srcdir is not set, we get below error while running ptest for bash
on qemu target,
-- snip --
root@qemux86:/usr/lib/bash/ptest# ./run-ptest
/bin/sh: line 0: cd: /home/ajay/Downloads/poky-fido-13.0.0/build/tmp/work/i586-poky-linux/bash/4.3-r1/bash-4.3/tests: No such file or directory
Makefile:879: recipe for target 'runtest' failed
make: *** [runtest] Error 1
root@qemux86:/usr/lib/bash/ptest# vi run-ptest
root@qemux86:/usr/lib/bash/ptest#
-- CUT --
So, set srcdir to current directory, where tests binaries exist.
[YOCTO #8145]
(From OE-Core rev: 00d94314679eb4345b5012389aa6252abe871a76)
Signed-off-by: Ajay M <ajay.gju@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We upgrade bash_4.3 to patch revision 29, and bash_3.2.48 to 56.
There are numerous community bug fixes included with this set, but the key
items are:
bash32-052 CVE-2014-6271 9/24/2014
bash32-053 CVE-2014-7169 9/26/2014
bash32-054 exported function namespace change 9/27/2014
bash32-055 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash32-056 CVE-2014-6277 10/2/2014
bash43-025 CVE-2014-6271 9/24/2014
bash43-026 CVE-2014-7169 9/26/2014
bash43-027 exported function namespace change 9/27/2014
bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash43-029 CVE-2014-6277 10/2/2014
(From OE-Core rev: 43deeff0c6b0ea7729d3e5f1887dfd1647dea1da)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment
Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
(From OE-Core rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-6271 aka ShellShock.
"GNU Bash through 4.3 processes trailing strings after function definitions in
the values of environment variables, which allows remote attackers to execute
arbitrary code via a crafted environment."
(From OE-Core rev: 798d833c9d4bd9ab287fa86b85b4d5f128170ed3)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 3c234df240a11903ef3588a2c078dcbce4ca1719)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
The bash-4.2-patches is obsolete.
(From OE-Core rev: 31eb09a888729fcfd17d02f2a47375e10e87f79a)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
