From 59e7817b6e1d1dd90668083cf34f1650a84430c0 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Thu, 2 Oct 2014 11:32:39 +0100 Subject: bash: Fix CVE-2014-7169 This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed (From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc) Signed-off-by: Khem Raj Signed-off-by: Richard Purdie Signed-off-by: Robert Yang Signed-off-by: Paul Eggleton --- .../bash/bash-3.2.48/cve-2014-7169.patch | 16 ++++++++++++++++ meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch | 16 ++++++++++++++++ meta/recipes-extended/bash/bash_3.2.48.bb | 1 + meta/recipes-extended/bash/bash_4.2.bb | 1 + 4 files changed, 34 insertions(+) create mode 100644 meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch create mode 100644 meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch (limited to 'meta') diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch new file mode 100644 index 0000000000..2e734de434 --- /dev/null +++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch @@ -0,0 +1,16 @@ +Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10 + +Upstream-Status: Backport +Index: bash-3.2.48/parse.y +=================================================================== +--- bash-3.2.48.orig/parse.y 2008-04-29 18:24:55.000000000 -0700 ++++ bash-3.2.48/parse.y 2014-09-26 13:07:31.956080056 -0700 +@@ -2503,6 +2503,8 @@ + FREE (word_desc_to_read); + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + last_read_token = '\n'; + token_to_read = '\n'; + } diff --git a/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch new file mode 100644 index 0000000000..3c69121767 --- /dev/null +++ b/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch @@ -0,0 +1,16 @@ +Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10 + +Upstream-Status: Backport +Index: bash-4.3/parse.y +=================================================================== +--- bash-4.3.orig/parse.y 2014-09-26 13:10:44.340080056 -0700 ++++ bash-4.3/parse.y 2014-09-26 13:11:44.764080056 -0700 +@@ -2953,6 +2953,8 @@ + FREE (word_desc_to_read); + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + current_token = '\n'; /* XXX */ + last_read_token = '\n'; + token_to_read = '\n'; diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb b/meta/recipes-extended/bash/bash_3.2.48.bb index cbe1ee6623..8362c27fc1 100644 --- a/meta/recipes-extended/bash/bash_3.2.48.bb +++ b/meta/recipes-extended/bash/bash_3.2.48.bb @@ -11,6 +11,7 @@ SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \ ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-051;apply=yes;striplevel=0;name=patch003 \ file://mkbuiltins_have_stringize.patch \ file://cve-2014-6271.patch;striplevel=0 \ + file://cve-2014-7169.patch \ " SRC_URI[tarball.md5sum] = "338dcf975a93640bb3eaa843ca42e3f8" diff --git a/meta/recipes-extended/bash/bash_4.2.bb b/meta/recipes-extended/bash/bash_4.2.bb index 83294b040a..67b1924c85 100644 --- a/meta/recipes-extended/bash/bash_4.2.bb +++ b/meta/recipes-extended/bash/bash_4.2.bb @@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \ file://execute_cmd.patch;striplevel=0 \ file://mkbuiltins_have_stringize.patch \ file://cve-2014-6271.patch;striplevel=0 \ + file://cve-2014-7169.patch \ file://build-tests.patch \ file://test-output.patch \ file://run-ptest \ -- cgit 1.2.3-korg