Re: [OE-core] [PATCH] Bash bug fixes and CVE updates

Fri, 03 Oct 2014 14:03:39 -0700 

On 10/3/14, 9:51 AM, Mark Hatle wrote:

Use the official community fixes by patching to the latest patch level.

The key patches for the active CVEs are listed below:

bash32-052      CVE-2014-6271                           9/24/2014
bash32-053      CVE-2014-7169                           9/26/2014
bash32-054      exported function namespace change      9/27/2014
bash32-055      CVE-2014-7186/CVE-2014-7187             10/1/2014
bash32-056      CVE-2014-6277                           10/2/2014

bash43-025      CVE-2014-6271                           9/24/2014
bash43-026      CVE-2014-7169                           9/26/2014
bash43-027      exported function namespace change      9/27/2014
bash43-028      CVE-2014-7186/CVE-2014-7187             10/1/2014
bash43-029      CVE-2014-6277                           10/2/2014


I am still in the process of validating the before and after behavior of
bash using the ptests, I'll let the list know once the tests have been
completed.


ptests have been run for all of the QEMU machines.

Differences from before and after the patches:

-version: 4.3.0(1)-release
-versinfo: 4 3 0 1 release arm-oe-linux-gnueabi
+version: 4.3.29(2)-release
+versinfo: 4 3 29 2 release arm-oe-linux-gnueabi

(on arm only)

-FAIL: run-heredoc
+PASS: run-heredoc

(on mips64 and x86-64 only)

-PASS: run-jobs
+FAIL: run-jobs
Looking at the surrounding information, I believe both of the above are errors in the the test suite themselves. 

--Mark


Mark Hatle (1):
   bash: Upgrade bash to latest patch level to fix CVEs

  .../bash/bash-3.2.48/cve-2014-6271.patch           |  77 --------------
  .../bash/bash-3.2.48/cve-2014-7169.patch           |  16 ---
  .../recipes-extended/bash/bash/cve-2014-6271.patch | 114 ---------------------
  .../recipes-extended/bash/bash/cve-2014-7169.patch |  16 ---
  meta/recipes-extended/bash/bash_3.2.48.bb          |  38 ++++---
  meta/recipes-extended/bash/bash_4.3.bb             |  90 +++++++++++++++-
  6 files changed, 112 insertions(+), 239 deletions(-)
  delete mode 100644 meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch
  delete mode 100644 meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
  delete mode 100644 meta/recipes-extended/bash/bash/cve-2014-6271.patch
  delete mode 100644 meta/recipes-extended/bash/bash/cve-2014-7169.patch



--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to