bash: add missing patch for CVE-2014-7169 to 4.2 recipe

The bash_4.2 recipe was missed when the fix was backported to the dora
branch.

Patch from OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc
by Khem Raj <raj.khem@gmail.com>

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch b/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch
new file mode 100644 (file)
index 0000000..3c69121
--- /dev/null
+++ b/meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch
@@ -0,0 +1,16 @@
+Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
+
+Upstream-Status: Backport
+Index: bash-4.3/parse.y
+===================================================================
+--- bash-4.3.orig/parse.y      2014-09-26 13:10:44.340080056 -0700
++++ bash-4.3/parse.y   2014-09-26 13:11:44.764080056 -0700
+@@ -2953,6 +2953,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
++  eol_ungetc_lookahead = 0;
++
+   current_token = '\n';               /* XXX */
+   last_read_token = '\n';
+   token_to_read = '\n';

diff --git a/meta/recipes-extended/bash/bash_4.2.bb b/meta/recipes-extended/bash/bash_4.2.bb
index cb95445fc8a31d17ba50658adffc140a73f0eb92..e3fa39decebe743700de571f893ab892bef84b52 100644 (file)
--- a/meta/recipes-extended/bash/bash_4.2.bb
+++ b/meta/recipes-extended/bash/bash_4.2.bb
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \
            file://build-tests.patch \
            file://test-output.patch \
            file://cve-2014-6271.patch;striplevel=0 \
+           file://cve-2014-7169.patch \
            file://run-ptest \
            "