diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2017-01-13 10:04:04 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-01-13 10:04:40 +0000 |
commit | 2399dd2a5a6a24f0f1ac9580ca4683a007cc9d40 (patch) | |
tree | 17fa38a3ace979b3f6aae5f80c27ea43de1778de /main/bash | |
parent | 630926c392b8eb520465b96ba0171e7c60b1b26d (diff) | |
download | aports-2399dd2a5a6a24f0f1ac9580ca4683a007cc9d40.tar.bz2 aports-2399dd2a5a6a24f0f1ac9580ca4683a007cc9d40.tar.xz |
main/bash: fix for CVE-2016-9401
fixes #6654
Diffstat (limited to 'main/bash')
-rw-r--r-- | main/bash/APKBUILD | 6 | ||||
-rw-r--r-- | main/bash/CVE-2016-9401.patch | 27 |
2 files changed, 32 insertions, 1 deletions
diff --git a/main/bash/APKBUILD b/main/bash/APKBUILD index 68f8eca976..df2b3b32c9 100644 --- a/main/bash/APKBUILD +++ b/main/bash/APKBUILD @@ -5,7 +5,7 @@ pkgver=4.3.48 _patchlevel=${pkgver##*.} _myver=${pkgver%.*} _patchbase=${_myver/./} -pkgrel=0 +pkgrel=1 pkgdesc="The GNU Bourne Again shell" url="http://www.gnu.org/software/bash/bash.html" arch="all" @@ -17,6 +17,7 @@ subpackages="$pkgname-doc" source="http://ftp.gnu.org/gnu/bash/bash-${_myver}.tar.gz bash-noinfo.patch privmode-setuid-fail.patch + CVE-2016-9401.patch " # generate url's to patches. note: no forks allowed! _i=1 @@ -72,6 +73,7 @@ package() { md5sums="81348932d5da294953e15d4814c74dd1 bash-4.3.tar.gz 80fec5f3d60a63756a4999c877e31a8e bash-noinfo.patch a577d42e38249d298d6a8d4bf2823883 privmode-setuid-fail.patch +0d8a6627e31e0647ee135981df6295a1 CVE-2016-9401.patch 1ab682b4e36afa4cf1b426aa7ac81c0d bash43-001 8fc22cf50ec85da00f6af3d66f7ddc1b bash43-002 a41728eca78858758e26b5dea64ae506 bash43-003 @@ -123,6 +125,7 @@ e9f5dc12a32b2e0d3961344e794f92b3 bash43-048" sha256sums="afc687a28e0e24dc21b988fa159ff9dbcf6b7caa92ade8645cc6d5605cd024d4 bash-4.3.tar.gz 363bc919d98cadbfca27660be0d1d4bb6cfe1c5f86a7830966e456df36e46792 bash-noinfo.patch 6bc2d4e48ad05fb3c8aac120a012baf1911f6522464ed18c8232b111a40b7901 privmode-setuid-fail.patch +d30d949bcfde8db0d34485200aa2917440e77db84fb00a230aa691b4439666c1 CVE-2016-9401.patch ecb3dff2648667513e31554b3ad054ccd89fce38e33367c9459ac3a285153742 bash43-001 eee7cd7062ab29a9e4f02924d9c367264dcb8b162703f74ff6eb8f175a91502b bash43-002 000e6eac50cd9053ce0630db01239dcdead04a2c2c351c47e2b51dac1ac1087d bash43-003 @@ -174,6 +177,7 @@ c69248de7e78ba6b92f118fe1ef47bc86479d5040fe0b1f908ace1c9e3c67c4a bash43-047 sha512sums="a852b8e46ee55568dce9d23a30a9dbd1c770c2d2a4bc91e1c3177d723b31b32c5d69d19704a93f165891b409b9dd2cc65723372044e2bd0ee49ed59a11512651 bash-4.3.tar.gz 74d51550cc03410f22ffea13f6452350d1e5564bff619fb07a5bbef14ca565fbe03770a2c0041292732cda16e8944b33ccbd0dfe29a606a068fedabe277cd6ae bash-noinfo.patch c5804ace658f9d7f957d4b98bebab4d8eb0ba3dd2dd155a480c7f9b0f17b06ced344b4b4c9f52ef1d5c0cabb047bce5237c350f53b95cf6c95e156ab4ab9e8a9 privmode-setuid-fail.patch +6907974352bf009a03862794eebc5963f33b7ab9d3768f1cde92f86d9dc899ffb7f139768509161abcd40fa2c2f876db118ca1d8b8d78fba6f30360364d2ec11 CVE-2016-9401.patch a1011392652180a28f9837af4a341a80beb929c1458e2384e282f0007713c5fe8d0b315abf1340b3707748d3caed322135dee87b59eeb7612ee5130f87d79888 bash43-001 e3178c85f553522d5d1c5fd39e76f015b680a8ccc84836a5e10283b2aed6e5b7cc3d23af0e67a270b7622dce0abf35dd8a95afa9bb6f89b73a9439f7435175a4 bash43-002 dc2c5fad8d357d1301e419afd959dfaf015a63172857080c11f77ab1bb7d1d737f411eb0e70a861f98a36bed1b19edb7217a4fa9f4773e21706b62dc56ec3464 bash43-003 diff --git a/main/bash/CVE-2016-9401.patch b/main/bash/CVE-2016-9401.patch new file mode 100644 index 0000000000..4237330e6d --- /dev/null +++ b/main/bash/CVE-2016-9401.patch @@ -0,0 +1,27 @@ +*** ../bash-4.4-patched/builtins/pushd.def 2016-01-25 13:31:49.000000000 -0500 +--- builtins/pushd.def 2016-10-28 10:46:49.000000000 -0400 +*************** +*** 366,370 **** + } + +! if (which > directory_list_offset || (directory_list_offset == 0 && which == 0)) + { + pushd_error (directory_list_offset, which_word ? which_word : ""); +--- 366,370 ---- + } + +! if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0)) + { + pushd_error (directory_list_offset, which_word ? which_word : ""); +*************** +*** 388,391 **** +--- 388,396 ---- + of the list into place. */ + i = (direction == '+') ? directory_list_offset - which : which; ++ if (i < 0 || i > directory_list_offset) ++ { ++ pushd_error (directory_list_offset, which_word ? which_word : ""); ++ return (EXECUTION_FAILURE); ++ } + free (pushd_directory_list[i]); + directory_list_offset--; |