diff options
| author | Gustavo Zacarias <gustavo@zacarias.com.ar> | 2014-10-03 13:25:42 -0300 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@free-electrons.com> | 2014-10-03 20:54:45 +0200 |
| commit | 7e18438a70057bbec5ccf2009f262be153047e9a (patch) | |
| tree | ffb6973e22a50ac7e5d23c86258e5bc31354fc2c /package/bash/bash-003-patchlevel29.patch | |
| parent | d1fd43185babe29c6e22fd85461f763e0c0534f5 (diff) | |
| download | buildroot-7e18438a70057bbec5ccf2009f262be153047e9a.tar.gz buildroot-7e18438a70057bbec5ccf2009f262be153047e9a.zip | |
bash: add more security patches
Apply new patches for a buffer overflow fix (pl28) and an invalid memory
access (pl29).
Rename combined patchlevel patch to be more graphic about the range.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'package/bash/bash-003-patchlevel29.patch')
| -rw-r--r-- | package/bash/bash-003-patchlevel29.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/package/bash/bash-003-patchlevel29.patch b/package/bash/bash-003-patchlevel29.patch new file mode 100644 index 0000000000..63aad73ef0 --- /dev/null +++ b/package/bash/bash-003-patchlevel29.patch @@ -0,0 +1,64 @@ +http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-028 with +a slight tweak for the patch prefix. + +Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> + + BASH PATCH REPORT + ================= + +Bash-Release: 4.3 +Patch-ID: bash43-029 + +Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx> +Bug-Reference-ID: +Bug-Reference-URL: + +Bug-Description: + +When bash is parsing a function definition that contains a here-document +delimited by end-of-file (or end-of-string), it leaves the closing delimiter +uninitialized. This can result in an invalid memory access when the parsed +function is later copied. + +Patch (apply with `patch -p0'): + +*** a/make_cmd.c 2011-12-16 08:08:01.000000000 -0500 +--- b/make_cmd.c 2014-10-02 11:24:23.000000000 -0400 +*************** +*** 693,696 **** +--- 693,697 ---- + temp->redirector = source; + temp->redirectee = dest_and_filename; ++ temp->here_doc_eof = 0; + temp->instruction = instruction; + temp->flags = 0; +*** a/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400 +--- b/copy_cmd.c 2014-10-02 11:24:23.000000000 -0400 +*************** +*** 127,131 **** + case r_reading_until: + case r_deblank_reading_until: +! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof); + /*FALLTHROUGH*/ + case r_reading_string: +--- 127,131 ---- + case r_reading_until: + case r_deblank_reading_until: +! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0; + /*FALLTHROUGH*/ + case r_reading_string: +*** a/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 +--- b/patchlevel.h 2014-03-20 20:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 28 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 29 + + #endif /* _PATCHLEVEL_H_ */ |
