Mail archive
alpine-aports

[alpine-aports] [PATCH v3.4] main/bash: security fixes #6656

From: Sergei Lukin <sergej.lukin_at_gmail.com>
Date: Tue, 24 Jan 2017 08:58:44 +0000

CVE-2016-9401
---
 main/bash/APKBUILD            | 12 +++++++++++-
 main/bash/CVE-2016-9401.patch | 27 +++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 main/bash/CVE-2016-9401.patch
diff --git a/main/bash/APKBUILD b/main/bash/APKBUILD
index 4b4f06a..d2afe95 100644
--- a/main/bash/APKBUILD
+++ b/main/bash/APKBUILD
_at_@ -1,3 +1,4 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Contributor: Ɓukasz Jendrysik <scadu_at_yandex.com>
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=bash
_at_@ -5,7 +6,7 @@ pkgver=4.3.42
 _patchlevel=${pkgver##*.}
 _myver=${pkgver%.*}
 _patchbase=${_myver/./}
-pkgrel=4
+pkgrel=5
 pkgdesc="The GNU Bourne Again shell"
 url="http://www.gnu.org/software/bash/bash.html"
 arch="all"
_at_@ -18,7 +19,13 @@ source="http://ftp.gnu.org/gnu/bash/bash-${_myver}.tar.gz
 	bash-noinfo.patch
 	privmode-setuid-fail.patch
 	CVE-2016-7543.patch
+	CVE-2016-9401.patch
 	"
+
+# secfixes:
+#   4.3.46-r5:
+#     - CVE-2016-9401
+
 # generate url's to patches. note: no forks allowed!
 _i=1
 _pad="00"
_at_@ -74,6 +81,7 @@ md5sums="81348932d5da294953e15d4814c74dd1  bash-4.3.tar.gz
 80fec5f3d60a63756a4999c877e31a8e  bash-noinfo.patch
 a577d42e38249d298d6a8d4bf2823883  privmode-setuid-fail.patch
 17dc92c0e7d02b75c0e9fc0b335d2473  CVE-2016-7543.patch
+0d8a6627e31e0647ee135981df6295a1  CVE-2016-9401.patch
 1ab682b4e36afa4cf1b426aa7ac81c0d  bash43-001
 8fc22cf50ec85da00f6af3d66f7ddc1b  bash43-002
 a41728eca78858758e26b5dea64ae506  bash43-003
_at_@ -120,6 +128,7 @@ sha256sums="afc687a28e0e24dc21b988fa159ff9dbcf6b7caa92ade8645cc6d5605cd024d4  ba
 363bc919d98cadbfca27660be0d1d4bb6cfe1c5f86a7830966e456df36e46792  bash-noinfo.patch
 6bc2d4e48ad05fb3c8aac120a012baf1911f6522464ed18c8232b111a40b7901  privmode-setuid-fail.patch
 2e844ca9c7117fc34ac837c423c65e193b0d1990943b29ec843ba415092c77c6  CVE-2016-7543.patch
+d30d949bcfde8db0d34485200aa2917440e77db84fb00a230aa691b4439666c1  CVE-2016-9401.patch
 ecb3dff2648667513e31554b3ad054ccd89fce38e33367c9459ac3a285153742  bash43-001
 eee7cd7062ab29a9e4f02924d9c367264dcb8b162703f74ff6eb8f175a91502b  bash43-002
 000e6eac50cd9053ce0630db01239dcdead04a2c2c351c47e2b51dac1ac1087d  bash43-003
_at_@ -166,6 +175,7 @@ sha512sums="a852b8e46ee55568dce9d23a30a9dbd1c770c2d2a4bc91e1c3177d723b31b32c5d69
 74d51550cc03410f22ffea13f6452350d1e5564bff619fb07a5bbef14ca565fbe03770a2c0041292732cda16e8944b33ccbd0dfe29a606a068fedabe277cd6ae  bash-noinfo.patch
 c5804ace658f9d7f957d4b98bebab4d8eb0ba3dd2dd155a480c7f9b0f17b06ced344b4b4c9f52ef1d5c0cabb047bce5237c350f53b95cf6c95e156ab4ab9e8a9  privmode-setuid-fail.patch
 5d36121e202c495eb380de5f6f456626c53f4b091cea58d0f01242dc86a3a6e720db74d9f89823afc0edaef357c79dd27c41d3f9cb243666c57b83721536c0f2  CVE-2016-7543.patch
+6907974352bf009a03862794eebc5963f33b7ab9d3768f1cde92f86d9dc899ffb7f139768509161abcd40fa2c2f876db118ca1d8b8d78fba6f30360364d2ec11  CVE-2016-9401.patch
 a1011392652180a28f9837af4a341a80beb929c1458e2384e282f0007713c5fe8d0b315abf1340b3707748d3caed322135dee87b59eeb7612ee5130f87d79888  bash43-001
 e3178c85f553522d5d1c5fd39e76f015b680a8ccc84836a5e10283b2aed6e5b7cc3d23af0e67a270b7622dce0abf35dd8a95afa9bb6f89b73a9439f7435175a4  bash43-002
 dc2c5fad8d357d1301e419afd959dfaf015a63172857080c11f77ab1bb7d1d737f411eb0e70a861f98a36bed1b19edb7217a4fa9f4773e21706b62dc56ec3464  bash43-003
diff --git a/main/bash/CVE-2016-9401.patch b/main/bash/CVE-2016-9401.patch
new file mode 100644
index 0000000..4237330
--- /dev/null
+++ b/main/bash/CVE-2016-9401.patch
_at_@ -0,0 +1,27 @@
+*** ../bash-4.4-patched/builtins/pushd.def	2016-01-25 13:31:49.000000000 -0500
+--- builtins/pushd.def	2016-10-28 10:46:49.000000000 -0400
+***************
+*** 366,370 ****
+      }
+  
+!   if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
+      {
+        pushd_error (directory_list_offset, which_word ? which_word : "");
+--- 366,370 ----
+      }
+  
+!   if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
+      {
+        pushd_error (directory_list_offset, which_word ? which_word : "");
+***************
+*** 388,391 ****
+--- 388,396 ----
+  	 of the list into place. */
+        i = (direction == '+') ? directory_list_offset - which : which;
++       if (i < 0 || i > directory_list_offset)
++ 	{
++ 	  pushd_error (directory_list_offset, which_word ? which_word : "");
++ 	  return (EXECUTION_FAILURE);
++ 	}
+        free (pushd_directory_list[i]);
+        directory_list_offset--;
-- 
2.8.3
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Tue Jan 24 2017 - 08:58:44 GMT