kumquat-buildroot/package/bash/bash-4.2-028.patch
Gustavo Zacarias 8add5064c3 bash: security bump to version 4.2 pl37
Bump bash to version 4.2 patchlevel 37.
Fixes CVE-2012-3410.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-08-24 23:47:56 +02:00

53 lines
1.8 KiB
Diff

BASH PATCH REPORT
=================
Bash-Release: 4.2
Patch-ID: bash42-028
Bug-Reported-by: Mark Edgar <medgar123@gmail.com>
Bug-Reference-ID: <CABHMh_3d+ZgO_zaEtYXPwK4P7tC0ghZ4g=Ue_TRpsEMf5YDsqw@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-03/msg00109.html
Bug-Description:
When using a word expansion for which the right hand side is evaluated,
certain expansions of quoted null strings include spurious ^? characters.
Patch (apply with `patch -p0'):
*** ../bash-4.2-patched/subst.c 2012-03-11 17:35:13.000000000 -0400
--- ./subst.c 2012-03-20 19:30:13.000000000 -0400
***************
*** 5810,5813 ****
--- 5810,5823 ----
if (qdollaratp && ((hasdol && quoted) || l->next))
*qdollaratp = 1;
+ /* If we have a quoted null result (QUOTED_NULL(temp)) and the word is
+ a quoted null (l->next == 0 && QUOTED_NULL(l->word->word)), the
+ flags indicate it (l->word->flags & W_HASQUOTEDNULL), and the
+ expansion is quoted (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
+ (which is more paranoia than anything else), we need to return the
+ quoted null string and set the flags to indicate it. */
+ if (l->next == 0 && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)) && QUOTED_NULL(temp) && QUOTED_NULL(l->word->word) && (l->word->flags & W_HASQUOTEDNULL))
+ {
+ w->flags |= W_HASQUOTEDNULL;
+ }
dispose_words (l);
}
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- ./patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 27
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 28
#endif /* _PATCHLEVEL_H_ */