[OE-core] CVE-2016-0634 -- bash prompt expanding $HOSTNAME patch for krogoth
Sona Sarmadi
sona.sarmadi at enea.com
Mon Oct 10 09:49:22 UTC 2016
Hi Armin,
I am trying to backport the following patch to bash in krogoth:
https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-047
Reference to CVE assignment: http://openwall.com/lists/oss-security/2016/09/16/8
The patch can be applied with: `patch -p0'
"patch -p0 < ~/security-patches/CVE-2016-0634.patch
poky/build-qemuppc/tmp/work/ppc7400-enea-linux/bash/4.3.30-r0/bash-4.3.30# patch -p0 < CVE-2016-0634.patch
patching file parse.y
Hunk #1 succeeded at 5257 (offset -2 lines).
Hunk #2 succeeded at 5405 (offset -2 lines).
Hunk #3 succeeded at 5499 (offset -2 lines).
patching file y.tab.c
Hunk #1 succeeded at 7569 (offset -2 lines).
Hunk #2 succeeded at 7717 (offset -2 lines).
Hunk #3 succeeded at 7811 (offset -2 lines).
root at sestofb10:/media/data/fb/hopo/6.0/poky/build-qemuppc/tmp/work/ppc7400-enea-linux/bash/4.3.30-r0/bash-4.3.30#<mailto:root at sestofb10:/media/data/fb/hopo/6.0/poky/build-qemuppc/tmp/work/ppc7400-enea-linux/bash/4.3.30-r0/bash-4.3.30#>
But when I add it to the bash recipe and run bitbake I get error (I guess patch -p1 does not work). Do you know how can I solve this issue?
ERROR: bash-4.3.30-r0 do_patch: Command Error: 'quilt --quiltrc /data/fb/hopo/6.0/poky/build-qemuppc/tmp/sysroots/x86_64-linux/etc/quiltrc push' exited with 1 Output:
Applying patch CVE-2016-0634.patch
can't find file to patch at input line 25
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|Bash-Release: 4.3
|Patch-ID: bash43-047
|
|Bug-Reported-by: Bernd Dietzel
|Bug-Reference-ID:
|Bug-Reference-URL: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
|
|Bug-Description:
|
|Bash performs word expansions on the prompt strings after the special
|escape sequences are expanded. If a malicious user can modify the system
|hostname or change the name of the bash executable and coerce a user into
|executing it, and the new name contains word expansions (including
|command substitution), bash will expand them in prompt strings containing
|the \h or \H and \s escape sequences, respectively.
|
|Patch (apply with `patch -p0')
|
|CVE: CVE-2016-0634
|Upstream-Status: Backport
|Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
|
|*** ../bash-4.3-patched/parse.y 2015-08-13 15:11:54.000000000 -0400
|--- parse.y 2016-03-07 15:44:14.000000000 -0500
--------------------------
No file to patch. Skipping patch.
3 out of 3 hunks ignored
can't find file to patch at input line 82
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|*** ../bash-4.3-patched/y.tab.c 2015-08-13 15:11:54.000000000 -0400
|--- y.tab.c 2016-03-07 15:44:14.000000000 -0500
--------------------------
Thanks
//Sona
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20161010/9681cdc7/attachment-0002.html>
More information about the Openembedded-core
mailing list