bash: Import fix for CVE-2014-7169

http://www.openwall.com/lists/oss-security/2014/09/25/10

diff --git a/lfs/bash b/lfs/bash
index 47a6c45954a3d4353b8401b13275ca4d7ccd6760..58556faf0448ff3bb7f8bbc7839de6cd94a9f332 100644 (file)
--- a/lfs/bash
+++ b/lfs/bash
@@ -97,6 +97,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bash-4.0-profile-1.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bash-3.2-ssh_source_bash.patch
        cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash-3.2-CVE-2014-6271.patch
+       cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash-3.2-CVE-2014-7169.patch
 
        cd $(DIR_APP) && ./configure $(EXTRA_CONFIG)
        cd $(DIR_APP) && make $(EXTRA_MAKE)

diff --git a/src/patches/bash-3.2-CVE-2014-7169.patch b/src/patches/bash-3.2-CVE-2014-7169.patch
new file mode 100644 (file)
index 0000000..964b91f
--- /dev/null
+++ b/src/patches/bash-3.2-CVE-2014-7169.patch
@@ -0,0 +1,11 @@
+*** ../bash-20140912/parse.y   2014-08-26 15:09:42.000000000 -0400
+--- parse.y    2014-09-24 22:47:28.000000000 -0400
+***************
+*** 2959,2962 ****
+--- 2959,2964 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';              /* XXX */
+    last_read_token = '\n';