From 8add5064c35f64fdf32d4f9b121b8f4c888ba1a2 Mon Sep 17 00:00:00 2001
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Mon, 13 Aug 2012 10:09:18 -0300
Subject: bash: security bump to version 4.2 pl37

Bump bash to version 4.2 patchlevel 37.
Fixes CVE-2012-3410.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 package/bash/bash-4.2-028.patch | 52 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 package/bash/bash-4.2-028.patch

(limited to 'package/bash/bash-4.2-028.patch')

diff --git a/package/bash/bash-4.2-028.patch b/package/bash/bash-4.2-028.patch
new file mode 100644
index 000000000..28dfc71d5
--- /dev/null
+++ b/package/bash/bash-4.2-028.patch
@@ -0,0 +1,52 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-028
+
+Bug-Reported-by:	Mark Edgar <medgar123@gmail.com>
+Bug-Reference-ID:	<CABHMh_3d+ZgO_zaEtYXPwK4P7tC0ghZ4g=Ue_TRpsEMf5YDsqw@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-03/msg00109.html
+
+Bug-Description:
+
+When using a word expansion for which the right hand side is evaluated,
+certain expansions of quoted null strings include spurious ^? characters.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c	2012-03-11 17:35:13.000000000 -0400
+--- ./subst.c	2012-03-20 19:30:13.000000000 -0400
+***************
+*** 5810,5813 ****
+--- 5810,5823 ----
+        if (qdollaratp && ((hasdol && quoted) || l->next))
+  	*qdollaratp = 1;
++       /* If we have a quoted null result (QUOTED_NULL(temp)) and the word is
++ 	 a quoted null (l->next == 0 && QUOTED_NULL(l->word->word)), the
++ 	 flags indicate it (l->word->flags & W_HASQUOTEDNULL), and the
++ 	 expansion is quoted (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
++ 	 (which is more paranoia than anything else), we need to return the
++ 	 quoted null string and set the flags to indicate it. */
++       if (l->next == 0 && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)) && QUOTED_NULL(temp) && QUOTED_NULL(l->word->word) && (l->word->flags & W_HASQUOTEDNULL))
++ 	{
++ 	  w->flags |= W_HASQUOTEDNULL;
++ 	}
+        dispose_words (l);
+      }
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 27
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 28
+  
+  #endif /* _PATCHLEVEL_H_ */
-- 
cgit v1.2.3