summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/bash/bash-4.2
Commit message (Collapse)AuthorAgeFilesLines
* bash: Fix-for-CVE-2014-6278Catalin Popeanga2014-10-161-0/+127
| | | | | | | | | | | | | | This vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277 See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278 (From OE-Core daisy rev: de596b5f31e837dcd2ce991245eb5548f12d72ae) (From OE-Core rev: 32e6864323cf2e4405b835cf474bcdf6fd572961) Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: Fix for CVE-2014-6277Catalin Popeanga2014-10-161-0/+44
| | | | | | | | | | | | | | | | Follow up bash42-049 to parse properly function definitions in the values of environment variables, to not allow remote attackers to execute arbitrary code or to cause a denial of service. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277 (From OE-Core daisy rev: 85961bcf81650992259cebb0ef1f1c6cdef3fefa) (From OE-Core rev: ae653aed4c6b7d8075cd464edcd2e01237bfc105) Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: Fix for CVE-2014-7186 and CVE-2014-7187Catalin Popeanga2014-10-161-0/+167
| | | | | | | | | | | | | | | | This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187 (From OE-Core daisy rev: 153d1125659df9e5c09e35a58bd51be184cb13c1) (From OE-Core rev: 32818a104ae99a5795d91a2960d48d433d542dee) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: Fix for exported function namespace changeCatalin Popeanga2014-10-161-0/+212
| | | | | | | | | | | | | | | | | | This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment This patch changes the encoding bash uses for exported functions to avoid clashes with shell variables and to avoid depending only on an environment variable's contents to determine whether or not to interpret it as a shell function. (From OE-Core daisy rev: 6c51cc96d03df26d1c10867633e7a10dfbec7c45) (From OE-Core rev: 998cd2c6dd3709ae0d47c845dff227680bda96f5) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: Fix CVE-2014-7169Khem Raj2014-10-161-0/+16
| | | | | | | | | | | | | | | | This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed (From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc) (From OE-Core rev: 59e7817b6e1d1dd90668083cf34f1650a84430c0) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: fix CVE-2014-6271Ross Burton2014-10-161-0/+95
| | | | | | | | | | | | | | | | | | CVE-2014-6271 aka ShellShock. "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment." (From OE-Core master rev: 798d833c9d4bd9ab287fa86b85b4d5f128170ed3) (From OE-Core rev: d57b9ce8bb97f88c329da973c3567d04d8eb07d2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add ptest for bash.Björn Stenberg2012-12-263-0/+75
| | | | | | | | (From OE-Core rev: 71e07ce8d1e4c2a50e937f0c819f025afd4677cb) Signed-off-by: Björn Stenberg <bjst@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: fix mkbuiltins build failureChristopher Larson2012-11-141-0/+26
| | | | | | | | | | | | | | | | | | | | | On hosts with FORTIFY_SOURCES, stringize support is required, as it's used by the macros to wrap functions (e.g. read and open in unistd.h). Those wrappers use the STRING() macro from unistd.h. A header in the bash sources overrides the unistd.h macro to 'x' when HAVE_STRINGIZE is not defined, causing the wrappers to generate calls to 'xread' and 'xopen', which do not exist, resulting in a failure to link. Assume we have stringize support when cross-compiling, which works around the issue. It may be best for upstream to either give up on supporting compilers without stringize support, or to not define STRING() at all when FORTIFY_SOURCES is defined, letting the unistd.h one be used, instead. (From OE-Core rev: f7a25dd72d1d463eb72d48c6f9dd968d376496c0) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Patch Upstream Status UpdatesSaul Wold2011-12-151-0/+2
| | | | | | | (From OE-Core rev: 0eb139619301d0efee330932eba3617dcb39284e) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: update to 4.2Saul Wold2011-10-141-0/+15
(From OE-Core rev: cd3d74f88b950050ee1e7738287b8752e8c7b711) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>