diff options
author | Shell Turner <cam.turn@gmail.com> | 2014-09-29 13:04:28 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-09-29 13:44:38 +0200 |
commit | 21c12b40652d4aee0f3b58bcd8993c66733f9bbe (patch) | |
tree | c0a452b37319398624895f8d3e499aecd0e0a0a6 /pkgs | |
parent | 7f043ffbbe0564d3acc9f1600bb2a056e0790c0e (diff) | |
download | nixlib-21c12b40652d4aee0f3b58bcd8993c66733f9bbe.tar nixlib-21c12b40652d4aee0f3b58bcd8993c66733f9bbe.tar.gz nixlib-21c12b40652d4aee0f3b58bcd8993c66733f9bbe.tar.bz2 nixlib-21c12b40652d4aee0f3b58bcd8993c66733f9bbe.tar.lz nixlib-21c12b40652d4aee0f3b58bcd8993c66733f9bbe.tar.xz nixlib-21c12b40652d4aee0f3b58bcd8993c66733f9bbe.tar.zst nixlib-21c12b40652d4aee0f3b58bcd8993c66733f9bbe.zip |
Updated bash to patch 50.
This fully mitigates Shellshock and related parsing vulnerabilities, due to attackers never controlling environment variable names.
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/shells/bash/bash-4.2-patches.nix | 2 | ||||
-rw-r--r-- | pkgs/shells/bash/cve-2014-7169.patch | 13 | ||||
-rw-r--r-- | pkgs/shells/bash/default.nix | 2 |
3 files changed, 3 insertions, 14 deletions
diff --git a/pkgs/shells/bash/bash-4.2-patches.nix b/pkgs/shells/bash/bash-4.2-patches.nix index 5239a9ec0a09..6924e7ab2b9a 100644 --- a/pkgs/shells/bash/bash-4.2-patches.nix +++ b/pkgs/shells/bash/bash-4.2-patches.nix @@ -49,4 +49,6 @@ patch: [ (patch "046" "0vc1ngkxkamwr022ww3vjp9ww9c647az4pjn175c1v60d0xk5hcm") (patch "047" "0ymgimqz65sx2izg1dvm1h5cc01arl3j9j5137212l1ls00r55y1") (patch "048" "091xk1ms7ycnczsl3fx461gjhj69j6ycnfijlymwj6mj60ims6km") +(patch "049" "03jipi8qz5baf1dyhld7yvazkkad7lz5czchrjsrnglzvm6df74h") +(patch "050" "19lb9nh0x5siwf21xkga3khy5pa3srfrlx97mby4cfz8am2bh68s") ] diff --git a/pkgs/shells/bash/cve-2014-7169.patch b/pkgs/shells/bash/cve-2014-7169.patch deleted file mode 100644 index f58e73f7806b..000000000000 --- a/pkgs/shells/bash/cve-2014-7169.patch +++ /dev/null @@ -1,13 +0,0 @@ -http://www.openwall.com/lists/oss-security/2014/09/25/10 - -*** ../bash-20140912/parse.y 2014-08-26 15:09:42.000000000 -0400 ---- parse.y 2014-09-24 22:47:28.000000000 -0400 -*************** -*** 2959,2962 **** ---- 2959,2964 ---- - word_desc_to_read = (WORD_DESC *)NULL; - -+ eol_ungetc_lookahead = 0; -+ - current_token = '\n'; /* XXX */ - last_read_token = '\n'; diff --git a/pkgs/shells/bash/default.nix b/pkgs/shells/bash/default.nix index 5181da77f3a0..ca12c26f256c 100644 --- a/pkgs/shells/bash/default.nix +++ b/pkgs/shells/bash/default.nix @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { inherit sha256; }; in - import ./bash-4.2-patches.nix patch) ++ [ ./cve-2014-7169.patch ]; + import ./bash-4.2-patches.nix patch); crossAttrs = { configureFlags = baseConfigureFlags + |