bash: fix CVE-2014-7169

http://www.openwall.com/lists/oss-security/2014/09/26/1
2025-08-20 05:51:18 +02:00 · 2014-09-25 18:44:43 -07:00 · 2014-09-25 18:44:43 -07:00 · fe831fce74
commit fe831fce74
parent d7389284cd
3 changed files with 64 additions and 13 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p48-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p48-r2.ebuild
@ -8,7 +8,8 @@ inherit eutils flag-o-matic toolchain-funcs multilib

 # Official patchlevel
 # See ftp://ftp.cwru.edu/pub/bash/bash-4.2-patches/
-PLEVEL=${PV##*_p}
+#PLEVEL=${PV##*_p}
+PLEVEL=48
 MY_PV=${PV/_p*}
 MY_PV=${MY_PV/_/-}
 MY_P=${PN}-${MY_PV}
@ -84,7 +85,8 @@ src_prepare() {
 	if ! use vanilla ; then
 		epatch "${FILESDIR}"/${PN}-4.2-speed-up-read-N.patch
 	fi
-	epatch "${FILESDIR}"/bash-eol-pushback.patch #523592
+	# proposed new release but not available for download yet
+	epatch "${FILESDIR}"/${PN}-4.2-049.patch

 	epatch_user
 }
--- a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-4.2-049.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-4.2-049.patch
@ -0,0 +1,60 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-049
+
+Bug-Reported-by:	Tavis Ormandy <taviso@cmpxchg8b.com>
+Bug-Reference-ID:
+Bug-Reference-URL:	http://twitter.com/taviso/statuses/514887394294652929
+
+Bug-Description:
+
+Under certain circumstances, bash can incorrectly save a lookahead character and
+return it on a subsequent call, even when reading a new line.
+
+Patch (apply with `patch -p0'):
+
+*** a/parse.y	2012-12-31 11:52:57.000000000 -0500
+--- b/parse.y	2014-09-25 16:12:19.000000000 -0400
+***************
+*** 2851,2854 ****
+--- 2851,2856 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
+   eol_ungetc_lookahead = 0;
+ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+*** a/y.tab.c	2012-12-31 11:53:10.000000000 -0500
+--- b/y.tab.c	2014-09-25 20:23:25.000000000 -0400
+***************
+*** 5163,5166 ****
+--- 5163,5168 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
+   eol_ungetc_lookahead = 0;
+ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+***************
+*** 8377,8379 ****
+  }
+  #endif /* HANDLE_MULTIBYTE */
+- 
+--- 8379,8380 ----
+*** a/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- b/patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 48
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 49
+  
+  #endif /* _PATCHLEVEL_H_ */
--- a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-eol-pushback.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/files/bash-eol-pushback.patch
@ -1,11 +0,0 @@
-*** ../bash-20140912/parse.y	2014-08-26 15:09:42.000000000 -0400
--- parse.y	2014-09-24 22:47:28.000000000 -0400
-***************
-*** 2959,2962 ****
--- 2959,2964 ----
-    word_desc_to_read = (WORD_DESC *)NULL;
-  
-+   eol_ungetc_lookahead = 0;
-+ 
-    current_token = '\n';		/* XXX */
-    last_read_token = '\n';