[OE-core] [PATCH 3/3] bash: Fix CVE-2014-7169
Robert Yang
liezhi.yang at windriver.com
Wed Oct 8 03:53:45 UTC 2014
On 10/02/2014 10:28 PM, Paul Eggleton wrote:
> On Thursday 02 October 2014 13:28:54 Paul Eggleton wrote:
>> On Thursday 02 October 2014 00:07:41 Robert Yang wrote:
>>> From: Khem Raj <raj.khem at gmail.com>
>>>
>>> This is a followup patch to incomplete CVE-2014-6271 fix
>>> code execution via specially-crafted environment
>>>
>>> Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
>>> (From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc)
>>>
>>> Signed-off-by: Khem Raj <raj.khem at gmail.com>
>>> Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
>>> Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
>>> ---
>>>
>>> .../bash/bash-3.2.48/cve-2014-7169.patch | 16
>>> ++++++++++++++++
>>> meta/recipes-extended/bash/bash_3.2.48.bb | 1 +
>>> 2 files changed, 17 insertions(+)
>>> create mode 100644
>>>
>>> meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
>>>
>>> diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
>>> b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch new file mode
>>> 100644
>>> index 0000000..2e734de
>>> --- /dev/null
>>> +++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
>>> @@ -0,0 +1,16 @@
>>> +Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
>>> +
>>> +Upstream-Status: Backport
>>> +Index: bash-3.2.48/parse.y
>>> +===================================================================
>>> +--- bash-3.2.48.orig/parse.y 2008-04-29 18:24:55.000000000 -0700
>>> ++++ bash-3.2.48/parse.y 2014-09-26 13:07:31.956080056 -0700
>>> +@@ -2503,6 +2503,8 @@
>>> + FREE (word_desc_to_read);
>>> + word_desc_to_read = (WORD_DESC *)NULL;
>>> +
>>> ++ eol_ungetc_lookahead = 0;
>>> ++
>>> + last_read_token = '\n';
>>> + token_to_read = '\n';
>>> + }
>>> diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb
>>> b/meta/recipes-extended/bash/bash_3.2.48.bb index 5849ed0..e6a04cd 100644
>>> --- a/meta/recipes-extended/bash/bash_3.2.48.bb
>>> +++ b/meta/recipes-extended/bash/bash_3.2.48.bb
>>> @@ -13,6 +13,7 @@ SRC_URI =
>>> "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \
>>> file://build-tests.patch \
>>>
>>> file://test-output.patch \
>>> file://cve-2014-6271.patch;striplevel=0 \
>>>
>>> + file://cve-2014-7169.patch \
>>>
>>> file://run-ptest \
>>>
>>> "
>>
>> Unfortunately these two only patch the 3.x version of the bash recipe,
>> leaving the 4.x version unpatched.
>
> I have just sent fixes for this.
>
Thank you very much, I just came back from the holiday.
// Robert
> Cheers,
> Paul
>
More information about the Openembedded-core
mailing list