From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 26 Sep 2014 10:42:27 +0000 (+0200)
Subject: bash: Import upstream patches for CVE-2014-6271 and CVE-2014-7169
X-Git-Tag: v2.15-core84~8^2~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b30890aa068415f5c47ee76d90b19753f0ee1da5;p=ipfire-2.x.git

bash: Import upstream patches for CVE-2014-6271 and CVE-2014-7169
---

diff --git a/config/rootfiles/core/84/filelists/bash b/config/rootfiles/core/84/filelists/bash
new file mode 120000
index 0000000000..de970cb1d1
--- /dev/null
+++ b/config/rootfiles/core/84/filelists/bash
@@ -0,0 +1 @@
+../../../common/bash
\ No newline at end of file
diff --git a/lfs/bash b/lfs/bash
index 58556faf04..55afd24ef2 100644
--- a/lfs/bash
+++ b/lfs/bash
@@ -89,15 +89,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 
-	for i in $$(seq 1 51); do \
+	for i in $$(seq 1 53); do \
 		cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash/bash32-$$(printf "%03d" "$${i}") || exit 1; \
 	done
 
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bash-4.0-paths-1.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bash-4.0-profile-1.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bash-3.2-ssh_source_bash.patch
-	cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash-3.2-CVE-2014-6271.patch
-	cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash-3.2-CVE-2014-7169.patch
 
 	cd $(DIR_APP) && ./configure $(EXTRA_CONFIG)
 	cd $(DIR_APP) && make $(EXTRA_MAKE)
diff --git a/src/patches/bash-3.2-CVE-2014-7169.patch b/src/patches/bash-3.2-CVE-2014-7169.patch
deleted file mode 100644
index 964b91f51e..0000000000
--- a/src/patches/bash-3.2-CVE-2014-7169.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-*** ../bash-20140912/parse.y	2014-08-26 15:09:42.000000000 -0400
---- parse.y	2014-09-24 22:47:28.000000000 -0400
-***************
-*** 2959,2962 ****
---- 2959,2964 ----
-    word_desc_to_read = (WORD_DESC *)NULL;
-  
-+   eol_ungetc_lookahead = 0;
-+ 
-    current_token = '\n';		/* XXX */
-    last_read_token = '\n';
diff --git a/src/patches/bash-3.2-CVE-2014-6271.patch b/src/patches/bash/bash32-052
similarity index 75%
rename from src/patches/bash-3.2-CVE-2014-6271.patch
rename to src/patches/bash/bash32-052
index 396491603e..78e7d92706 100644
--- a/src/patches/bash-3.2-CVE-2014-6271.patch
+++ b/src/patches/bash/bash32-052
@@ -1,3 +1,20 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 3.2
+Patch-ID: bash32-052
+
+Bug-Reported-by:	Stephane Chazelas <stephane.chazelas@gmail.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+Under certain circumstances, bash will execute user code while processing the
+environment for exported function definitions.
+
+Patch (apply with `patch -p0'):
+
 *** ../bash-3.2.51/builtins/common.h	2006-03-06 09:38:44.000000000 -0500
 --- builtins/common.h	2014-09-16 19:08:02.000000000 -0400
 ***************
@@ -70,3 +87,18 @@
   	}
   #if defined (ARRAY_VARS)
 --- 331,334 ----
+*** ../bash-3.2/patchlevel.h	Thu Apr 13 08:31:04 2006
+--- patchlevel.h	Mon Oct 16 14:22:54 2006
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 51
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 52
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/src/patches/bash/bash32-053 b/src/patches/bash/bash32-053
new file mode 100644
index 0000000000..e7efce71ad
--- /dev/null
+++ b/src/patches/bash/bash32-053
@@ -0,0 +1,54 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 3.2
+Patch-ID: bash32-053
+
+Bug-Reported-by:	Tavis Ormandy <taviso () cmpxchg8b com>
+Bug-Reference-ID:
+Bug-Reference-URL:	http://twitter.com/taviso/statuses/514887394294652929
+
+Bug-Description:
+
+Under certain circumstances, bash can incorrectly save a lookahead character and
+return it on a subsequent call, even when reading a new line.
+
+Patch:
+
+*** ../bash-3.2.52/parse.y	2008-04-29 21:24:55.000000000 -0400
+--- parse.y	2014-09-25 16:18:41.000000000 -0400
+***************
+*** 2504,2507 ****
+--- 2504,2509 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    last_read_token = '\n';
+    token_to_read = '\n';
+*** ../bash-3.2.52/y.tab.c	2006-09-25 08:15:16.000000000 -0400
+--- y.tab.c	2014-09-25 20:28:17.000000000 -0400
+***************
+*** 3833,3836 ****
+--- 3833,3838 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    last_read_token = '\n';
+    token_to_read = '\n';
+*** ../bash-3.2/patchlevel.h	Thu Apr 13 08:31:04 2006
+--- patchlevel.h	Mon Oct 16 14:22:54 2006
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 52
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 53
+  
+  #endif /* _PATCHLEVEL_H_ */