The bash_4.2 recipe was missed when the fix was backported to the dora branch.
Patch from OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc by Khem Raj <raj.k...@gmail.com> Signed-off-by: Paul Eggleton <paul.eggle...@linux.intel.com> --- meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch | 16 ++++++++++++++++ meta/recipes-extended/bash/bash_4.2.bb | 1 + 2 files changed, 17 insertions(+) create mode 100644 meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch diff --git a/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch new file mode 100644 index 0000000..3c69121 --- /dev/null +++ b/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch @@ -0,0 +1,16 @@ +Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10 + +Upstream-Status: Backport +Index: bash-4.3/parse.y +=================================================================== +--- bash-4.3.orig/parse.y 2014-09-26 13:10:44.340080056 -0700 ++++ bash-4.3/parse.y 2014-09-26 13:11:44.764080056 -0700 +@@ -2953,6 +2953,8 @@ + FREE (word_desc_to_read); + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + current_token = '\n'; /* XXX */ + last_read_token = '\n'; + token_to_read = '\n'; diff --git a/meta/recipes-extended/bash/bash_4.2.bb b/meta/recipes-extended/bash/bash_4.2.bb index cb95445..e3fa39d 100644 --- a/meta/recipes-extended/bash/bash_4.2.bb +++ b/meta/recipes-extended/bash/bash_4.2.bb @@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \ file://build-tests.patch \ file://test-output.patch \ file://cve-2014-6271.patch;striplevel=0 \ + file://cve-2014-7169.patch \ file://run-ptest \ " -- 1.9.3 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
