From 8add5064c35f64fdf32d4f9b121b8f4c888ba1a2 Mon Sep 17 00:00:00 2001
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Mon, 13 Aug 2012 10:09:18 -0300
Subject: bash: security bump to version 4.2 pl37

Bump bash to version 4.2 patchlevel 37.
Fixes CVE-2012-3410.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 package/bash/bash-4.2-033.patch | 57 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 package/bash/bash-4.2-033.patch

(limited to 'package/bash/bash-4.2-033.patch')

diff --git a/package/bash/bash-4.2-033.patch b/package/bash/bash-4.2-033.patch
new file mode 100644
index 000000000..9eb19540f
--- /dev/null
+++ b/package/bash/bash-4.2-033.patch
@@ -0,0 +1,57 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-033
+
+Bug-Reported-by:	David Leverton <levertond@googlemail.com>
+Bug-Reference-ID:	<4FCCE737.1060603@googlemail.com>
+Bug-Reference-URL:
+
+Bug-Description:
+
+Bash uses a static buffer when expanding the /dev/fd prefix for the test
+and conditional commands, among other uses, when it should use a dynamic
+buffer to avoid buffer overflow.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/sh/eaccess.c	2011-01-08 20:50:10.000000000 -0500
+--- ./lib/sh/eaccess.c	2012-06-04 21:06:43.000000000 -0400
+***************
+*** 83,86 ****
+--- 83,88 ----
+       struct stat *finfo;
+  {
++   static char *pbuf = 0;
++ 
+    if (*path == '\0')
+      {
+***************
+*** 107,111 ****
+       On most systems, with the notable exception of linux, this is
+       effectively a no-op. */
+!       char pbuf[32];
+        strcpy (pbuf, DEV_FD_PREFIX);
+        strcat (pbuf, path + 8);
+--- 109,113 ----
+       On most systems, with the notable exception of linux, this is
+       effectively a no-op. */
+!       pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
+        strcpy (pbuf, DEV_FD_PREFIX);
+        strcat (pbuf, path + 8);
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 32
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 33
+  
+  #endif /* _PATCHLEVEL_H_ */
-- 
cgit v1.2.3