On 9/28/14, 12:51 AM, Deron Meranda wrote:
> I was wondering if anybody was going to address the problem with 4.2 patch
> 49 ?
I've attached a corrected version and I will update the FTP sites today.
> Not only is there a critical line of code missing, but the the 'patch'
> command will also fail when used with the --fuzz=0 option -- which is
> something that rpmbuild (Fedora, etc) uses.
There are no missing lines of code -- the entire patch is one line to
parse.y, which fixes the underlying problem CVE-2014-7169 exploits.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU [email protected] http://cnswww.cns.cwru.edu/~chet/
BASH PATCH REPORT
=================
Bash-Release: 4.2
Patch-ID: bash42-049
Bug-Reported-by: Tavis Ormandy <[email protected]>
Bug-Reference-ID:
Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929
Bug-Description:
Under certain circumstances, bash can incorrectly save a lookahead character and
return it on a subsequent call, even when reading a new line.
Patch (apply with `patch -p0'):
*** ../bash-4.2.48/parse.y 2012-12-31 11:52:57.000000000 -0500
--- parse.y 2014-09-25 16:12:19.000000000 -0400
***************
*** 2851,2854 ****
--- 2851,2856 ----
word_desc_to_read = (WORD_DESC *)NULL;
+ eol_ungetc_lookahead = 0;
+
current_token = '\n'; /* XXX */
last_read_token = '\n';
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 48
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 49
#endif /* _PATCHLEVEL_H_ */
