From 3098184499b8afd21cb51418207a87fdc30c266d Mon Sep 17 00:00:00 2001 From: Juan RP Date: Sun, 28 Sep 2014 12:07:34 +0200 Subject: [PATCH] bash: apply 3rd patch for CVE-2014-7169 from Fedora too. --- .../patches/bash-4.2-cve-2014-7169-2.patch | 83 +++++++++++++++++++ srcpkgs/bash/template | 2 +- srcpkgs/chroot-bash/template | 2 +- 3 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 srcpkgs/bash/patches/bash-4.2-cve-2014-7169-2.patch diff --git a/srcpkgs/bash/patches/bash-4.2-cve-2014-7169-2.patch b/srcpkgs/bash/patches/bash-4.2-cve-2014-7169-2.patch new file mode 100644 index 00000000000..9036fbb8f69 --- /dev/null +++ b/srcpkgs/bash/patches/bash-4.2-cve-2014-7169-2.patch @@ -0,0 +1,83 @@ +--- parse.y 2014-09-25 13:07:59.218209276 +0200 ++++ parse.y 2014-09-25 15:26:52.813159810 +0200 +@@ -264,9 +264,21 @@ + + /* Variables to manage the task of reading here documents, because we need to + defer the reading until after a complete command has been collected. */ +-static REDIRECT *redir_stack[10]; ++static REDIRECT **redir_stack; + int need_here_doc; + ++/* Pushes REDIR onto redir_stack, resizing it as needed. */ ++static void ++push_redir_stack (REDIRECT *redir) ++{ ++ /* Guard against oveflow. */ ++ if (need_here_doc + 1 > INT_MAX / sizeof (*redir_stack)) ++ abort (); ++ redir_stack = xrealloc (redir_stack, ++ (need_here_doc + 1) * sizeof (*redir_stack)); ++ redir_stack[need_here_doc++] = redir; ++} ++ + /* Where shell input comes from. History expansion is performed on each + line when the shell is interactive. */ + static char *shell_input_line = (char *)NULL; +@@ -519,42 +531,42 @@ + source.dest = 0; + redir.filename = $2; + $$ = make_redirection (source, r_reading_until, redir, 0); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | NUMBER LESS_LESS WORD + { + source.dest = $1; + redir.filename = $3; + $$ = make_redirection (source, r_reading_until, redir, 0); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | REDIR_WORD LESS_LESS WORD + { + source.filename = $1; + redir.filename = $3; + $$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | LESS_LESS_MINUS WORD + { + source.dest = 0; + redir.filename = $2; + $$ = make_redirection (source, r_deblank_reading_until, redir, 0); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | NUMBER LESS_LESS_MINUS WORD + { + source.dest = $1; + redir.filename = $3; + $$ = make_redirection (source, r_deblank_reading_until, redir, 0); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | REDIR_WORD LESS_LESS_MINUS WORD + { + source.filename = $1; + redir.filename = $3; + $$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | LESS_LESS_LESS WORD + { +@@ -4757,7 +4769,7 @@ + case CASE: + case SELECT: + case FOR: +- if (word_top < MAX_CASE_NEST) ++ if (word_top + 1 < MAX_CASE_NEST) + word_top++; + word_lineno[word_top] = line_number; + break; diff --git a/srcpkgs/bash/template b/srcpkgs/bash/template index f83ce79804e..d53629fe0b8 100644 --- a/srcpkgs/bash/template +++ b/srcpkgs/bash/template @@ -3,7 +3,7 @@ pkgname=bash _bash_distver=4.3 _bash_patchlevel=027 version=${_bash_distver}.${_bash_patchlevel} -revision=1 +revision=2 wrksrc=${pkgname}-${_bash_distver} build_style=gnu-configure configure_args="--without-bash-malloc --with-curses --with-installed-readline" diff --git a/srcpkgs/chroot-bash/template b/srcpkgs/chroot-bash/template index 5d1b974ba15..32b92e48f6e 100644 --- a/srcpkgs/chroot-bash/template +++ b/srcpkgs/chroot-bash/template @@ -3,7 +3,7 @@ pkgname=chroot-bash _bash_distver=4.3 _bash_patchlevel=027 version=${_bash_distver}.${_bash_patchlevel} -revision=1 +revision=2 wrksrc="bash-${_bash_distver}" build_style=gnu-configure configure_args="--without-bash-malloc --without-curses --without-installed-readline --disable-nls"