From 46cf417a33541ed2d4c5f933cc7fe3fdd4164fda Mon Sep 17 00:00:00 2001 From: Jacek Konieczny Date: Fri, 26 Sep 2014 10:18:13 +0200 Subject: [PATCH] Another CVE-2014-6271 fix should help for some variants of the attack Release: 2 --- bash-CVE-2014-6271.patch | 13 +++++++++++++ bash.spec | 4 +++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 bash-CVE-2014-6271.patch diff --git a/bash-CVE-2014-6271.patch b/bash-CVE-2014-6271.patch new file mode 100644 index 0000000..289ad9e --- /dev/null +++ b/bash-CVE-2014-6271.patch @@ -0,0 +1,13 @@ +diff -dur bash-4.3.orig/parse.y bash-4.3/parse.y +--- bash-4.3.orig/parse.y 2014-09-26 09:50:51.000000000 +0200 ++++ bash-4.3/parse.y 2014-09-26 09:51:26.000000000 +0200 +@@ -2955,6 +2955,8 @@ + FREE (word_desc_to_read); + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + current_token = '\n'; /* XXX */ + last_read_token = '\n'; + token_to_read = '\n'; +Only in bash-4.3.orig: parse.y.orig diff --git a/bash.spec b/bash.spec index 81d2dc6..983032d 100644 --- a/bash.spec +++ b/bash.spec @@ -7,7 +7,7 @@ # NOTE: when updating patchleve, do not forget to update 'sources' file! %define ver 4.3 %define patchlevel 25 -%define rel 1 +%define rel 2 Summary: GNU Bourne Again Shell (bash) Summary(fr.UTF-8): Le shell Bourne Again de GNU Summary(pl.UTF-8): Powłoka GNU Bourne Again Shell (bash) @@ -36,6 +36,7 @@ Patch9: %{name}-backup_history.patch Patch10: %{name}-act_like_sh.patch Patch11: %{name}-elinks_cont.patch Patch12: %{name}-pl.po-update.patch +Patch13: %{name}-CVE-2014-6271.patch %patchset_source -f https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-%03g 1 %{patchlevel} URL: http://www.gnu.org/software/bash/ BuildRequires: autoconf @@ -194,6 +195,7 @@ tym pakiecie jest wersja basha skonsolidowana statycznie. %patch10 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 sed -i -e 's#/usr/bin/printf#/bin/printf#g' tests/intl2.sub -- 2.44.0