From 8add5064c35f64fdf32d4f9b121b8f4c888ba1a2 Mon Sep 17 00:00:00 2001
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Mon, 13 Aug 2012 10:09:18 -0300
Subject: bash: security bump to version 4.2 pl37

Bump bash to version 4.2 patchlevel 37.
Fixes CVE-2012-3410.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 package/bash/bash-4.2-026.patch | 58 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 package/bash/bash-4.2-026.patch

(limited to 'package/bash/bash-4.2-026.patch')

diff --git a/package/bash/bash-4.2-026.patch b/package/bash/bash-4.2-026.patch
new file mode 100644
index 000000000..06f8bb7aa
--- /dev/null
+++ b/package/bash/bash-4.2-026.patch
@@ -0,0 +1,58 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-026
+
+Bug-Reported-by:	Greg Wooledge <wooledg@eeg.ccf.org>
+Bug-Reference-ID:	<20120425180443.GO22241@eeg.ccf.org>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-04/msg00172.html
+
+Bug-Description:
+
+The `lastpipe' option does not behave correctly on machines where the
+open file limit is less than 256.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/execute_cmd.c	2011-11-21 12:04:47.000000000 -0500
+--- ./execute_cmd.c	2012-04-26 11:09:30.000000000 -0400
+***************
+*** 2206,2210 ****
+    if (lastpipe_opt && job_control == 0 && asynchronous == 0 && pipe_out == NO_PIPE && prev > 0)
+      {
+!       lstdin = move_to_high_fd (0, 0, 255);
+        if (lstdin > 0)
+  	{
+--- 2325,2329 ----
+    if (lastpipe_opt && job_control == 0 && asynchronous == 0 && pipe_out == NO_PIPE && prev > 0)
+      {
+!       lstdin = move_to_high_fd (0, 1, -1);
+        if (lstdin > 0)
+  	{
+***************
+*** 2252,2256 ****
+--- 2371,2377 ----
+      }
+  
++ #if defined (JOB_CONTROL)
+    discard_unwind_frame ("lastpipe-exec");
++ #endif
+  
+    return (exec_result);
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 25
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 26
+  
+  #endif /* _PATCHLEVEL_H_ */
-- 
cgit v1.2.3