diff options
author | Vlad Glagolev | 2014-10-03 14:08:14 +0400 |
---|---|---|
committer | Vlad Glagolev | 2014-10-03 14:08:14 +0400 |
commit | a161fe690b36fdf5296ccacfac811c5854779944 (patch) | |
tree | b6a398e82c1556394e9d72deab4b12c464677c20 | |
parent | caf9f92689aa052392236ad8ffd2c2601fd90d28 (diff) |
bash: => 4.3.29 [security]
-rwxr-xr-x | shell-term-fm/bash/DETAILS | 4 | ||||
-rw-r--r-- | shell-term-fm/bash/HISTORY | 5 | ||||
-rw-r--r-- | shell-term-fm/bash/patches/bash43-029 | 59 |
3 files changed, 66 insertions, 2 deletions
diff --git a/shell-term-fm/bash/DETAILS b/shell-term-fm/bash/DETAILS index c26644b755..9ff6b91679 100755 --- a/shell-term-fm/bash/DETAILS +++ b/shell-term-fm/bash/DETAILS @@ -1,7 +1,7 @@ SPELL=bash VERSION=4.3 - SECURITY_PATCH=6 - BASH_PATCHLEVEL=028 + SECURITY_PATCH=7 + BASH_PATCHLEVEL=029 SOURCE=$SPELL-$VERSION.tar.gz SOURCE2=$SOURCE.sig SOURCE3=$SPELL-doc-3.2.tar.gz diff --git a/shell-term-fm/bash/HISTORY b/shell-term-fm/bash/HISTORY index 84f73c281c..1c63d3f7d3 100644 --- a/shell-term-fm/bash/HISTORY +++ b/shell-term-fm/bash/HISTORY @@ -1,3 +1,8 @@ +2014-10-03 Vlad Glagolev <stealth@sourcemage.org> + * DETAILS: SECURITY_PATCH++ (yet another fix for unannounced CVE from + Michal Zalewski) + * patches/bash43-029: added, official patch + 2014-10-01 Vlad Glagolev <stealth@sourcemage.org> * DETAILS: SECURITY_PATCH++ (final ShellShock fixes for CVE-2014-6277 and CVE-2014-6278 found by Michal Zalewski) diff --git a/shell-term-fm/bash/patches/bash43-029 b/shell-term-fm/bash/patches/bash43-029 new file mode 100644 index 0000000000..93bd390a8e --- /dev/null +++ b/shell-term-fm/bash/patches/bash43-029 @@ -0,0 +1,59 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.3 +Patch-ID: bash43-029 + +Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx> +Bug-Reference-ID: +Bug-Reference-URL: + +Bug-Description: + +When bash is parsing a function definition that contains a here-document +delimited by end-of-file (or end-of-string), it leaves the closing delimiter +uninitialized. This can result in an invalid memory access when the parsed +function is later copied. + +Patch (apply with `patch -p0'): + +*** ../bash-4.3.28/make_cmd.c 2011-12-16 08:08:01.000000000 -0500 +--- make_cmd.c 2014-10-02 11:24:23.000000000 -0400 +*************** +*** 693,696 **** +--- 693,697 ---- + temp->redirector = source; + temp->redirectee = dest_and_filename; ++ temp->here_doc_eof = 0; + temp->instruction = instruction; + temp->flags = 0; +*** ../bash-4.3.28/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400 +--- copy_cmd.c 2014-10-02 11:24:23.000000000 -0400 +*************** +*** 127,131 **** + case r_reading_until: + case r_deblank_reading_until: +! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof); + /*FALLTHROUGH*/ + case r_reading_string: +--- 127,131 ---- + case r_reading_until: + case r_deblank_reading_until: +! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0; + /*FALLTHROUGH*/ + case r_reading_string: +*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 +--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 28 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 29 + + #endif /* _PATCHLEVEL_H_ */ |