summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r--meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch16
-rw-r--r--meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch16
-rw-r--r--meta/recipes-extended/bash/bash_3.2.48.bb1
-rw-r--r--meta/recipes-extended/bash/bash_4.2.bb1
4 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
new file mode 100644
index 0000000000..2e734de434
--- /dev/null
+++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
@@ -0,0 +1,16 @@
+Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
+
+Upstream-Status: Backport
+Index: bash-3.2.48/parse.y
+===================================================================
+--- bash-3.2.48.orig/parse.y 2008-04-29 18:24:55.000000000 -0700
++++ bash-3.2.48/parse.y 2014-09-26 13:07:31.956080056 -0700
+@@ -2503,6 +2503,8 @@
+ FREE (word_desc_to_read);
+ word_desc_to_read = (WORD_DESC *)NULL;
+
++ eol_ungetc_lookahead = 0;
++
+ last_read_token = '\n';
+ token_to_read = '\n';
+ }
diff --git a/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch
new file mode 100644
index 0000000000..3c69121767
--- /dev/null
+++ b/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch
@@ -0,0 +1,16 @@
+Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
+
+Upstream-Status: Backport
+Index: bash-4.3/parse.y
+===================================================================
+--- bash-4.3.orig/parse.y 2014-09-26 13:10:44.340080056 -0700
++++ bash-4.3/parse.y 2014-09-26 13:11:44.764080056 -0700
+@@ -2953,6 +2953,8 @@
+ FREE (word_desc_to_read);
+ word_desc_to_read = (WORD_DESC *)NULL;
+
++ eol_ungetc_lookahead = 0;
++
+ current_token = '\n'; /* XXX */
+ last_read_token = '\n';
+ token_to_read = '\n';
diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb b/meta/recipes-extended/bash/bash_3.2.48.bb
index cbe1ee6623..8362c27fc1 100644
--- a/meta/recipes-extended/bash/bash_3.2.48.bb
+++ b/meta/recipes-extended/bash/bash_3.2.48.bb
@@ -11,6 +11,7 @@ SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \
${GNU_MIRROR}/bash/bash-3.2-patches/bash32-051;apply=yes;striplevel=0;name=patch003 \
file://mkbuiltins_have_stringize.patch \
file://cve-2014-6271.patch;striplevel=0 \
+ file://cve-2014-7169.patch \
"
SRC_URI[tarball.md5sum] = "338dcf975a93640bb3eaa843ca42e3f8"
diff --git a/meta/recipes-extended/bash/bash_4.2.bb b/meta/recipes-extended/bash/bash_4.2.bb
index 83294b040a..67b1924c85 100644
--- a/meta/recipes-extended/bash/bash_4.2.bb
+++ b/meta/recipes-extended/bash/bash_4.2.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \
file://execute_cmd.patch;striplevel=0 \
file://mkbuiltins_have_stringize.patch \
file://cve-2014-6271.patch;striplevel=0 \
+ file://cve-2014-7169.patch \
file://build-tests.patch \
file://test-output.patch \
file://run-ptest \