[gnome-continuous-yocto/gnomeostree-3.28-rocko: 5833/8267] bash: CVE-2016-0634

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 5833/8267] bash: CVE-2016-0634
Date: Sun, 17 Dec 2017 03:59:40 +0000 (UTC)

commit 9ef73fbeba5dd95e1cf4c5afebe98a2d76a8df2e
Author: Zhixiong Chi <zhixiong chi windriver com>
Date:   Thu Apr 20 15:04:54 2017 +0800

    bash: CVE-2016-0634
    
    A vulnerability was found in a way bash expands the $HOSTNAME.
    Injecting the hostname with malicious code would cause it to run
    each time bash expanded \h in the prompt string.
    
    Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
    bash43-047> to solve CVE-2016-0634
    
    CVE: CVE-2016-0634
    
    (From OE-Core rev: 7dd6aa1a4bf6e9fc8a1998cda6ac5397bb5cd5cb)
    
    Signed-off-by: Zhixiong Chi <zhixiong chi windriver com>
    Signed-off-by: Ross Burton <ross burton intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 meta/recipes-extended/bash/bash_4.3.30.bb |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/meta/recipes-extended/bash/bash_4.3.30.bb b/meta/recipes-extended/bash/bash_4.3.30.bb
index e398e87..b40059f 100644
--- a/meta/recipes-extended/bash/bash_4.3.30.bb
+++ b/meta/recipes-extended/bash/bash_4.3.30.bb
@@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \
            ${GNU_MIRROR}/bash/bash-4.3-patches/bash43-044;apply=yes;striplevel=0;name=patch044 \
            ${GNU_MIRROR}/bash/bash-4.3-patches/bash43-045;apply=yes;striplevel=0;name=patch045 \
            ${GNU_MIRROR}/bash/bash-4.3-patches/bash43-046;apply=yes;striplevel=0;name=patch046 \
+           ${GNU_MIRROR}/bash/bash-4.3-patches/bash43-047;apply=yes;striplevel=0;name=patch047 \
            file://execute_cmd.patch;striplevel=0 \
            file://mkbuiltins_have_stringize.patch \
            file://build-tests.patch \
@@ -68,5 +69,7 @@ SRC_URI[patch045.md5sum] = "4473244ca5abfd4b018ea26dc73e7412"
 SRC_URI[patch045.sha256sum] = "ba6ec3978e9eaa1eb3fabdaf3cc6fdf8c4606ac1c599faaeb4e2d69864150023"
 SRC_URI[patch046.md5sum] = "7e5fb09991c077076b86e0e057798913"
 SRC_URI[patch046.sha256sum] = "b3b456a6b690cd293353f17e22d92a202b3c8bce587ae5f2667c20c9ab6f688f"
+SRC_URI[patch047.md5sum] = "8483153bad1a6f52cadc3bd9a8df7835"
+SRC_URI[patch047.sha256sum] = "c69248de7e78ba6b92f118fe1ef47bc86479d5040fe0b1f908ace1c9e3c67c4a"
 
 BBCLASSEXTEND = "nativesdk"

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]