From fe831fce7474f034e60da9a3dda74f8cfabda65a Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 25 Sep 2014 18:44:43 -0700
Subject: [PATCH] bash: fix CVE-2014-7169

http://www.openwall.com/lists/oss-security/2014/09/26/1
---
 ...-4.2_p48-r2.ebuild => bash-4.2_p49.ebuild} |  6 +-
 .../app-shells/bash/files/bash-4.2-049.patch  | 60 +++++++++++++++++++
 .../bash/files/bash-eol-pushback.patch        | 11 ----
 3 files changed, 64 insertions(+), 13 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/app-shells/bash/{bash-4.2_p48-r2.ebuild => bash-4.2_p49.ebuild} (98%)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-4.2-049.patch
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-eol-pushback.patch

diff --git a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p48-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p49.ebuild
similarity index 98%
rename from sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p48-r2.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p49.ebuild
index ce52e745e5..6cfb9c6685 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p48-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p49.ebuild
@@ -8,7 +8,8 @@ inherit eutils flag-o-matic toolchain-funcs multilib
 
 # Official patchlevel
 # See ftp://ftp.cwru.edu/pub/bash/bash-4.2-patches/
-PLEVEL=${PV##*_p}
+#PLEVEL=${PV##*_p}
+PLEVEL=48
 MY_PV=${PV/_p*}
 MY_PV=${MY_PV/_/-}
 MY_P=${PN}-${MY_PV}
@@ -84,7 +85,8 @@ src_prepare() {
 	if ! use vanilla ; then
 		epatch "${FILESDIR}"/${PN}-4.2-speed-up-read-N.patch
 	fi
-	epatch "${FILESDIR}"/bash-eol-pushback.patch #523592
+	# proposed new release but not available for download yet
+	epatch "${FILESDIR}"/${PN}-4.2-049.patch
 
 	epatch_user
 }
diff --git a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-4.2-049.patch b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-4.2-049.patch
new file mode 100644
index 0000000000..bbe714e633
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-4.2-049.patch
@@ -0,0 +1,60 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-049
+
+Bug-Reported-by:	Tavis Ormandy <taviso@cmpxchg8b.com>
+Bug-Reference-ID:
+Bug-Reference-URL:	http://twitter.com/taviso/statuses/514887394294652929
+
+Bug-Description:
+
+Under certain circumstances, bash can incorrectly save a lookahead character and
+return it on a subsequent call, even when reading a new line.
+
+Patch (apply with `patch -p0'):
+
+*** a/parse.y	2012-12-31 11:52:57.000000000 -0500
+--- b/parse.y	2014-09-25 16:12:19.000000000 -0400
+***************
+*** 2851,2854 ****
+--- 2851,2856 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+*** a/y.tab.c	2012-12-31 11:53:10.000000000 -0500
+--- b/y.tab.c	2014-09-25 20:23:25.000000000 -0400
+***************
+*** 5163,5166 ****
+--- 5163,5168 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+***************
+*** 8377,8379 ****
+  }
+  #endif /* HANDLE_MULTIBYTE */
+- 
+--- 8379,8380 ----
+*** a/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- b/patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 48
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 49
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-eol-pushback.patch b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-eol-pushback.patch
deleted file mode 100644
index 964b91f51e..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-eol-pushback.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-*** ../bash-20140912/parse.y	2014-08-26 15:09:42.000000000 -0400
---- parse.y	2014-09-24 22:47:28.000000000 -0400
-***************
-*** 2959,2962 ****
---- 2959,2964 ----
-    word_desc_to_read = (WORD_DESC *)NULL;
-  
-+   eol_ungetc_lookahead = 0;
-+ 
-    current_token = '\n';		/* XXX */
-    last_read_token = '\n';