bash: Update to 4.3.26

* Fixes CVE-2014-7169. * Fix two out-of-bounds array accesses in the bash parser * Add prefix & suffix to variables containing exported functions Ref: http://seclists.org/oss-sec/2014/q3/712 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2026-04-30 07:28:39 +01:00 · 2014-09-26 11:02:14 +02:00
parent 27a99783ff
commit f195dcf02c
4 changed files with 286 additions and 1 deletions
@@ -0,0 +1,54 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.3
+Patch-ID:	bash43-026
+
+Bug-Reported-by:	Tavis Ormandy <taviso () cmpxchg8b com>
+Bug-Reference-ID:
+Bug-Reference-URL:	http://twitter.com/taviso/statuses/514887394294652929
+
+Bug-Description:
+
+Under certain circumstances, bash can incorrectly save a lookahead character and
+return it on a subsequent call, even when reading a new line.
+
+Patch (apply with `patch -p0'):
+
+--- a/parse.y
+++ b/parse.y
+@@ -2953,6 +2953,8 @@ reset_parser ()
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
+  eol_ungetc_lookahead = 0;
+
+   current_token = '\n';		/* XXX */
+   last_read_token = '\n';
+   token_to_read = '\n';
+--- a/y.tab.c
+++ b/y.tab.c
+@@ -5265,6 +5265,8 @@ reset_parser ()
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
+  eol_ungetc_lookahead = 0;
+
+   current_token = '\n';		/* XXX */
+   last_read_token = '\n';
+   token_to_read = '\n';
+@@ -8539,4 +8541,3 @@ set_line_mbstate ()
+     }
+ }
+ #endif /* HANDLE_MULTIBYTE */
+-
+--- a/patchlevel.h
+++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
+    looks for to find the patch level (for the sccs version string). */
+ 
+-#define PATCHLEVEL 25
+#define PATCHLEVEL 26
+ 
+ #endif /* _PATCHLEVEL_H_ */