| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability was found in a way bash expands the $HOSTNAME.
Injecting the hostname with malicious code would cause it to run
each time bash expanded \h in the prompt string.
Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
bash43-047> to solve CVE-2016-0634
CVE: CVE-2016-0634
(From OE-Core rev: 7dd6aa1a4bf6e9fc8a1998cda6ac5397bb5cd5cb)
(From OE-Core rev: a4b37b05140b549960baef49237ce3316e84a041)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
popd in bash might allow local users to bypass the restricted shell
and cause a use-after-free via a crafted address.
Porting patch from <https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/
bash44-006> to solve CVE-2016-9401.
(From OE-Core rev: 6987b317d5ce8dc50a37ebba395aa8424bec358c)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Filter the extra white space in intl.right
When the sub-test unicode2.sub of intl.tests executed, it produced
compact results without extra white space, compared to intl.right,
it failed.
So we need to filter the extra white space in intl.right.
Import this patch for intl.right from bash devel branch:
http://git.savannah.gnu.org/cgit/bash.git/log/?h=devel
Commit is:
85ec0778f9d778e1820fb8c0e3e996f2d1103b45
2. Change intl.right correspond to the unicode3.sub's output
In sub-test unicode3.sub of intl.tests have this:
printf %q "$payload"
The payload variable was assigned by ASCII characters, when using
'%q' format strings, it means print the associated argument shell-quoted.
When the strings contain the non-alpha && non-digit && non-punctuation &&
non-ISO 646 character(7-bit), it would output like this: " $'...', ANSI-C
style quoted string. We can check the bash source code at:
http://git.savannah.gnu.org/cgit/bash.git/tree/builtins/printf.def#n557
http://git.savannah.gnu.org/cgit/bash.git/tree/lib/sh/strtrans.c#n331
So we need to change the intl.right contain the correct output of unicode3.sub.
Import parts of this patch for intl.right from bash devel branch:
http://git.savannah.gnu.org/cgit/bash.git/log/?h=devel
Commit is:
74b8cbb41398b4453d8ba04d0cdd1b25f9dcb9e3
3. Add the sanity check for locales
When run the intl.tests, we need the following locales:
en_US & fr_FR & de_DE
So add the locales check for the intl.tests in run-ptest.
(From OE-Core rev: 640676226bb351420a0a8b2d2a3c120ae42da11e)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 2e12615ca5ab4acf7ec2952b7555054ca88e147d)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 45bc8a2c4bbe252526d5eee2547f8b9e06165e5a)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. redirect the stderr output of the command exec with -l option to
/dev/null.
Because when we run command exec with -l option in builtins.tests,
it is a login shell, so it would read the file /etc/profile, that
file executes the /usr/bin/resize which added by commit:
cc6360f4c4d97e0000f9d3545f381224ee99ce7d
The /usr/bin/resize is produced by busybox that source code resize.c
contains:
fprintf(stderr, ESC"7" ESC"[r" ESC"[999;999H" ESC"[6n");
In the end, it outputs an escape sequence to the stderr, so when we
compare the test output file /tmp/xx with builtins.right, it failed.
we need to redirect the stderr output to the /dev/null to solve the
problem.
2. ensure the target system contains the locales "en_US.UTF-8".
Because when run the run-builtins, it executes the source5.sub file
that contain:
LC_ALL=en_US.UTF-8
such as add the following to the local.conf:
IMAGE_LINGUAS_append = " en-us"
(From OE-Core rev: 5f82f3df7d4a7d6ae9a1ea3b6bc1d620a3d6c329)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add user 'test' to fix the failure of 'the test suite should not
be run as root'(run-execscript and run-test)
Backport test case from git://git.sv.gnu.org/bash.git to fix run-execscript
and run-heredoc
Still failed cases:
FAIL: run-intl
FAIL: run-lastpipe
FAIL: run-trap
YOCTO: 5698
(From OE-Core rev: 1096140cb1d2532ecb38ac5fbbbe13d40fdaf6af)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
Remove patch001 -> patch030 since they are already in source, add
patch031 -> patch039
(From OE-Core rev: 781ec1061306f43265f9d756a89d1b86bd5d19a0)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
