[OE-core] CVE-2016-0634 -- bash prompt expanding $HOSTNAME patch for krogoth

Sona Sarmadi sona.sarmadi at enea.com
Mon Oct 10 09:49:22 UTC 2016 

Hi Armin,

I am trying to backport the following patch to bash in krogoth:
https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-047

Reference to CVE assignment: http://openwall.com/lists/oss-security/2016/09/16/8

The patch can be applied with: `patch -p0'

"patch -p0 < ~/security-patches/CVE-2016-0634.patch

poky/build-qemuppc/tmp/work/ppc7400-enea-linux/bash/4.3.30-r0/bash-4.3.30# patch -p0 < CVE-2016-0634.patch
patching file parse.y
Hunk #1 succeeded at 5257 (offset -2 lines).
Hunk #2 succeeded at 5405 (offset -2 lines).
Hunk #3 succeeded at 5499 (offset -2 lines).
patching file y.tab.c
Hunk #1 succeeded at 7569 (offset -2 lines).
Hunk #2 succeeded at 7717 (offset -2 lines).
Hunk #3 succeeded at 7811 (offset -2 lines).
root at sestofb10:/media/data/fb/hopo/6.0/poky/build-qemuppc/tmp/work/ppc7400-enea-linux/bash/4.3.30-r0/bash-4.3.30#<mailto:root at sestofb10:/media/data/fb/hopo/6.0/poky/build-qemuppc/tmp/work/ppc7400-enea-linux/bash/4.3.30-r0/bash-4.3.30#>

But when I add it to the bash recipe and run bitbake I get error (I guess patch -p1 does not work). Do you know how can I solve this issue?
ERROR: bash-4.3.30-r0 do_patch: Command Error: 'quilt --quiltrc /data/fb/hopo/6.0/poky/build-qemuppc/tmp/sysroots/x86_64-linux/etc/quiltrc push' exited with 1  Output:
Applying patch CVE-2016-0634.patch
can't find file to patch at input line 25
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|Bash-Release:  4.3
|Patch-ID:      bash43-047
|
|Bug-Reported-by:       Bernd Dietzel
|Bug-Reference-ID:
|Bug-Reference-URL:     https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
|
|Bug-Description:
|
|Bash performs word expansions on the prompt strings after the special
|escape sequences are expanded.  If a malicious user can modify the system
|hostname or change the name of the bash executable and coerce a user into
|executing it, and the new name contains word expansions (including
|command substitution), bash will expand them in prompt strings containing
|the \h or \H and \s escape sequences, respectively.
|
|Patch (apply with `patch -p0')
|
|CVE:  CVE-2016-0634
|Upstream-Status: Backport
|Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
|
|*** ../bash-4.3-patched/parse.y        2015-08-13 15:11:54.000000000 -0400
|--- parse.y    2016-03-07 15:44:14.000000000 -0500
--------------------------
No file to patch.  Skipping patch.
3 out of 3 hunks ignored
can't find file to patch at input line 82
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|*** ../bash-4.3-patched/y.tab.c        2015-08-13 15:11:54.000000000 -0400
|--- y.tab.c    2016-03-07 15:44:14.000000000 -0500
--------------------------


Thanks
//Sona


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20161010/9681cdc7/attachment-0002.html>

More information about the Openembedded-core mailing list