Another CVE-2014-6271 fix

should help for some variants of the attack

Release: 2

diff --git a/bash-CVE-2014-6271.patch b/bash-CVE-2014-6271.patch
new file mode 100644 (file)
index 0000000..289ad9e
--- /dev/null
+++ b/bash-CVE-2014-6271.patch
@@ -0,0 +1,13 @@
+diff -dur bash-4.3.orig/parse.y bash-4.3/parse.y
+--- bash-4.3.orig/parse.y      2014-09-26 09:50:51.000000000 +0200
++++ bash-4.3/parse.y   2014-09-26 09:51:26.000000000 +0200
+@@ -2955,6 +2955,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
++  eol_ungetc_lookahead = 0;
++
+   current_token = '\n';               /* XXX */
+   last_read_token = '\n';
+   token_to_read = '\n';
+Only in bash-4.3.orig: parse.y.orig

diff --git a/bash.spec b/bash.spec
index 81d2dc6023ba36dd9621571230329c5216bbe6bb..983032d29234ee15fbe56942b59b2c480b81dc9d 100644 (file)
--- a/bash.spec
+++ b/bash.spec
@@ -7,7 +7,7 @@
 # NOTE: when updating patchleve, do not forget to update 'sources' file!
 %define                ver             4.3
 %define                patchlevel      25
-%define                rel             1
+%define                rel             2
 Summary:       GNU Bourne Again Shell (bash)
 Summary(fr.UTF-8):     Le shell Bourne Again de GNU
 Summary(pl.UTF-8):     Powłoka GNU Bourne Again Shell (bash)
@@ -36,6 +36,7 @@ Patch9:               %{name}-backup_history.patch
 Patch10:       %{name}-act_like_sh.patch
 Patch11:       %{name}-elinks_cont.patch
 Patch12:       %{name}-pl.po-update.patch
+Patch13:       %{name}-CVE-2014-6271.patch
 %patchset_source -f https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-%03g 1 %{patchlevel}
 URL:           http://www.gnu.org/software/bash/
 BuildRequires: autoconf
@@ -194,6 +195,7 @@ tym pakiecie jest wersja basha skonsolidowana statycznie.
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
 
 sed -i -e 's#/usr/bin/printf#/bin/printf#g' tests/intl2.sub