diff options
| author | Mark H Weaver <mhw@netris.org> | 2014-09-28 01:48:58 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2014-09-29 14:14:54 -0400 |
| commit | 2d5d63d7180137cc4bc9527a8fb472173629731c (patch) | |
| tree | 985291e91e2be204e283d6d7f1ceacd820f50ce9 /gnu/packages/bash.scm | |
| parent | b5f4bb855d97708f12b29bdce4d81ae68ee960ff (diff) | |
| download | guix-2d5d63d7180137cc4bc9527a8fb472173629731c.tar.gz | |
gnu: bash: Update to 4.3.27 and fix out-of-bounds memory accesses.
Based on a patch by Ludovic Courtès <ludo@gnu.org>. * gnu/packages/bash.scm (%patch-series-4.3): Add two patches. (bash)[source]: Add parser-oob patch. Add 'snippet'. [native-inputs]: New field. * gnu/packages/commencement.scm (bison-boot1): New variable. (static-bash-for-glibc): Add 'native-inputs'. Co-Authored-By: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'gnu/packages/bash.scm')
| -rw-r--r-- | gnu/packages/bash.scm | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm index a2952ceef5..d2f20735cb 100644 --- a/gnu/packages/bash.scm +++ b/gnu/packages/bash.scm @@ -20,6 +20,7 @@ #:use-module (guix licenses) #:use-module (gnu packages ncurses) #:use-module (gnu packages readline) + #:use-module (gnu packages bison) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix utils) @@ -74,7 +75,9 @@ (22 "120s0s4qcqd0q12j1iv0hkpf9fp3w5jnqw646kv66n66jnxlfkgx") (23 "1m00sfi88p2akgiyrg4hw0gvz3s1586pkzjdr3dm73vs773m1hls") (24 "0v0gjqzjsqjfgj5x17fq7g649k94jn8zq92qsxkhc2d6l215hl1v") - (25 "0lcj96i659q35f1jcmwwbnw3p7w7vvlxjxqi989vn6d6qksqcl8y"))) ;CVE-2014-6271 + (25 "0lcj96i659q35f1jcmwwbnw3p7w7vvlxjxqi989vn6d6qksqcl8y") ;CVE-2014-6271 + (26 "0k919ir0inwn4wai2vdzpbwqq5h54fnrlkmgccxjg91v3ch15k1f") ;CVE-2014-7169 + (27 "1gnsfvq6bhb3srlbh0cannj2hackdsipcg7z0ds7zlk1hp96mdqy"))) (define (download-patches store count) "Download COUNT Bash patches into store. Return a list of @@ -129,12 +132,29 @@ number/base32-hash tuples, directly usable in the 'patch-series' form." (base32 "1m14s1f61mf6bijfibcjm9y6pkyvz6gibyl8p4hxq90fisi8gimg")) (patch-flags '("-p0")) - (patches %patch-series-4.3))) + (patches + (append + %patch-series-4.3 + (list + ;; Fix out-of-bound memory accesses. + ;; See <http://seclists.org/oss-sec/2014/q3/712>. + (origin + (method url-fetch) + (uri "http://seclists.org/oss-sec/2014/q3/att-712/parser-oob-4_2.patch") + (sha256 + (base32 + "1zc26qv76ch2l7pxyzcw0b0bpdsr65g9hrrl2gpw6k9kq2sjvc36")))))) + + ;; The patches above modify 'parse.y', so force a rebuild of the + ;; parser. + (snippet '(for-each delete-file + '("y.tab.c" "y.tab.h" "parser-built"))))) (version (string-append version "." (number->string (length %patch-series-4.3)))) (build-system gnu-build-system) + (native-inputs `(("bison" ,bison))) ;to rebuild the parser (inputs `(("readline" ,readline) - ("ncurses" ,ncurses))) ; TODO: add texinfo + ("ncurses" ,ncurses))) ;TODO: add texinfo (arguments `(;; When cross-compiling, `configure' incorrectly guesses that job ;; control is missing. |