shell-term-fm/bash: replace unofficial patch for CVE 2014 7169 with the upstream patch

(cherry picked from commit 707d46aaf0b9d27b9c4e9b3041892539adb78da9)

5 files changed, 65 insertions, 14 deletions

diff --git a/shell-term-fm/bash/CVE-2014-7169.diff b/shell-term-fm/bash/CVE-2014-7169.diff
deleted file mode 100644
index 356184bdcd..0000000000
--- a/shell-term-fm/bash/CVE-2014-7169.diff
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/bash/parse.y
-+++ b/bash/parse.y
-@@ -2848,6 +2848,8 @@ reset_parser ()
-   FREE (word_desc_to_read);
-   word_desc_to_read = (WORD_DESC *)NULL;
- 
-+  eol_ungetc_lookahead = 0;
-+
-   current_token = '\n';		/* XXX */
-   last_read_token = '\n';
-   token_to_read = '\n';
diff --git a/shell-term-fm/bash/DETAILS b/shell-term-fm/bash/DETAILS
index ee8855857a..7b7e94faf5 100755
--- a/shell-term-fm/bash/DETAILS
+++ b/shell-term-fm/bash/DETAILS
@@ -1,7 +1,7 @@
            SPELL=bash
          VERSION=4.3
   SECURITY_PATCH=4
- BASH_PATCHLEVEL=025
+ BASH_PATCHLEVEL=026
           SOURCE=$SPELL-$VERSION.tar.gz
          SOURCE2=$SOURCE.sig
          SOURCE3=$SPELL-doc-3.2.tar.gz
diff --git a/shell-term-fm/bash/HISTORY b/shell-term-fm/bash/HISTORY
index 1bb70d8b89..1b1a6d8836 100644
--- a/shell-term-fm/bash/HISTORY
+++ b/shell-term-fm/bash/HISTORY
@@ -1,3 +1,7 @@
+2014-09-26 Florian Franzmann <siflfran@hawo.stw.uni-erlangen.de>
+	* PRE_BUILD, CVE-2014-7169.diff: remove unofficial patch
+	* DETAILS, patches/bash43-026 add upstream fix for CVE 2014 7169
+
 2014-09-25 Florian Franzmann <siflfran@hawo.stw.uni-erlangen.de>
 	* DETAILS: SECURITY_PATCH++
 	* PRE_BUILD, CVE-2014-7169.diff: fix CVE 2014 7169
diff --git a/shell-term-fm/bash/PRE_BUILD b/shell-term-fm/bash/PRE_BUILD
index a0f2d5ffb4..d3aa1ef942 100755
--- a/shell-term-fm/bash/PRE_BUILD
+++ b/shell-term-fm/bash/PRE_BUILD
@@ -7,8 +7,6 @@ for i in $(seq -w 1 $BASH_PATCHLEVEL); do
   patch -p0 < $SPELL_DIRECTORY/patches/bash43-$i
 done &&
 
-patch -p2 < $SPELL_DIRECTORY/CVE-2014-7169.diff &&
-
 if [[ "$BASH_NI_LOGIN" == y ]]; then
   message "${MESSAGE_COLOR}Defining NON_INTERACTIVE_LOGIN_SHELLS.$DEFAULT_COLOR" &&
   sed -i 's/\/\* \(#define NON_INTERACTIVE_LOGIN_SHELLS\) \*\//\1/' config-top.h 
diff --git a/shell-term-fm/bash/patches/bash43-026 b/shell-term-fm/bash/patches/bash43-026
new file mode 100644
index 0000000000..e48141b013
--- /dev/null
+++ b/shell-term-fm/bash/patches/bash43-026
@@ -0,0 +1,60 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.3
+Patch-ID:	bash43-026
+
+Bug-Reported-by:	Tavis Ormandy <taviso () cmpxchg8b com>
+Bug-Reference-ID:
+Bug-Reference-URL:	http://twitter.com/taviso/statuses/514887394294652929
+
+Bug-Description:
+
+Under certain circumstances, bash can incorrectly save a lookahead character and
+return it on a subsequent call, even when reading a new line.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3.25/parse.y	2014-07-30 10:14:31.000000000 -0400
+--- parse.y	2014-09-25 20:20:21.000000000 -0400
+***************
+*** 2954,2957 ****
+--- 2954,2959 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+*** ../bash-4.3.25/y.tab.c	2014-07-30 10:14:32.000000000 -0400
+--- y.tab.c	2014-09-25 20:21:48.000000000 -0400
+***************
+*** 5266,5269 ****
+--- 5266,5271 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+***************
+*** 8540,8542 ****
+  }
+  #endif /* HANDLE_MULTIBYTE */
+- 
+--- 8542,8543 ----
+*** ../bash-4.3/patchlevel.h	2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h	2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 25
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 26
+  
+  #endif /* _PATCHLEVEL_H_ */