deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/bash/bash44-010.patch
Peter Korsgaard 54a9495123 bash: add upstream security fixes to patch level 12 
Fixes CVE-2017-5932 - Shell code execution on tab completion of specially
crafted files. For details, see the report:

https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf

We unfortunately cannot easily download these because of the file names (not
ending in patch) and patch format (p0), so convert to p1 format and include
in package/bash with the following script:

for i in 06 07 08 09 10 11 12; do
	cat > bash44-0$i.patch << EOF
>From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

EOF
	curl https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i | \
		sed -e 's|^\*\*\* \.\./|*** |' -e 's|^--- |--- b/|' >> bash44-0$i.patch
done

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-08 09:46:13 +01:00

54 lines
1.7 KiB
Diff
Raw Blame History

From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-010
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BASH PATCH REPORT
=================
Bash-Release: 4.4
Patch-ID: bash44-010
Bug-Reported-by: Clark Wang <dearvoid@gmail.com>
Bug-Reference-ID: <CADv8-og092RvvUUHy46=BPKChCXw5g=GOOqgN0V3f4a3TpLebQ@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00104.html
Bug-Description:
Depending on compiler optimizations and behavior, the `read' builtin may not
save partial input when a timeout occurs.
Patch (apply with `patch -p0'):
*** bash-4.4-patched/builtins/read.def 2016-05-16 14:24:56.000000000 -0400
--- b/builtins/read.def 2016-11-25 12:37:56.000000000 -0500
***************
*** 182,186 ****
{
register char *varname;
! int size, i, nr, pass_next, saw_escape, eof, opt, retval, code, print_ps2;
int input_is_tty, input_is_pipe, unbuffered_read, skip_ctlesc, skip_ctlnul;
int raw, edit, nchars, silent, have_timeout, ignore_delim, fd, lastsig, t_errno;
--- b/182,187 ----
{
register char *varname;
! int size, nr, pass_next, saw_escape, eof, opt, retval, code, print_ps2;
! volatile int i;
int input_is_tty, input_is_pipe, unbuffered_read, skip_ctlesc, skip_ctlnul;
int raw, edit, nchars, silent, have_timeout, ignore_delim, fd, lastsig, t_errno;
*** bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400
--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 9
#endif /* _PATCHLEVEL_H_ */
--- b/26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 10
#endif /* _PATCHLEVEL_H_ */
Reference in a new issue View git blame Copy permalink