[packages/bash] Another CVE-2014-6271 fix

Fri, 26 Sep 2014 01:19:38 -0700 

commit 46cf417a33541ed2d4c5f933cc7fe3fdd4164fda
Author: Jacek Konieczny <[email protected]>
Date:   Fri Sep 26 10:18:13 2014 +0200

    Another CVE-2014-6271 fix
    
    should help for some variants of the attack
    
    Release: 2

 bash-CVE-2014-6271.patch | 13 +++++++++++++
 bash.spec                |  4 +++-
 2 files changed, 16 insertions(+), 1 deletion(-)
---
diff --git a/bash.spec b/bash.spec
index 81d2dc6..983032d 100644
--- a/bash.spec
+++ b/bash.spec
@@ -7,7 +7,7 @@
 # NOTE: when updating patchleve, do not forget to update 'sources' file!
 %define                ver             4.3
 %define                patchlevel      25
-%define                rel             1
+%define                rel             2
 Summary:       GNU Bourne Again Shell (bash)
 Summary(fr.UTF-8):     Le shell Bourne Again de GNU
 Summary(pl.UTF-8):     Powłoka GNU Bourne Again Shell (bash)
@@ -36,6 +36,7 @@ Patch9:               %{name}-backup_history.patch
 Patch10:       %{name}-act_like_sh.patch
 Patch11:       %{name}-elinks_cont.patch
 Patch12:       %{name}-pl.po-update.patch
+Patch13:       %{name}-CVE-2014-6271.patch
 %patchset_source -f https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-%03g 
1 %{patchlevel}
 URL:           http://www.gnu.org/software/bash/
 BuildRequires: autoconf
@@ -194,6 +195,7 @@ tym pakiecie jest wersja basha skonsolidowana statycznie.
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
 
 sed -i -e 's#/usr/bin/printf#/bin/printf#g' tests/intl2.sub
 
diff --git a/bash-CVE-2014-6271.patch b/bash-CVE-2014-6271.patch
new file mode 100644
index 0000000..289ad9e
--- /dev/null
+++ b/bash-CVE-2014-6271.patch
@@ -0,0 +1,13 @@
+diff -dur bash-4.3.orig/parse.y bash-4.3/parse.y
+--- bash-4.3.orig/parse.y      2014-09-26 09:50:51.000000000 +0200
++++ bash-4.3/parse.y   2014-09-26 09:51:26.000000000 +0200
+@@ -2955,6 +2955,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
++  eol_ungetc_lookahead = 0;
++
+   current_token = '\n';               /* XXX */
+   last_read_token = '\n';
+   token_to_read = '\n';
+Only in bash-4.3.orig: parse.y.orig
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/bash.git/commitdiff/46cf417a33541ed2d4c5f933cc7fe3fdd4164fda

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to