From d513c95110fbec3a9c1f6bb3d56e5ecf0971f058 Mon Sep 17 00:00:00 2001
From: Jay Freeman <saurik@saurik.com>
Date: Fri, 26 Sep 2014 10:03:21 +0000
Subject: Fix the shellshock vulnerability (not regression).

git-svn-id: http://svn.telesphoreo.org/trunk@793 514c082c-b64e-11dc-b46d-3d985efe055d
---
 data/bash/bash40-034 | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 data/bash/bash40-034

(limited to 'data/bash/bash40-034')

diff --git a/data/bash/bash40-034 b/data/bash/bash40-034
new file mode 100644
index 000000000..bacb33ce1
--- /dev/null
+++ b/data/bash/bash40-034
@@ -0,0 +1,59 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.0
+Patch-ID:	bash40-034
+
+Bug-Reported-by:	Anders Kaseorg <andersk@mit.edu>
+Bug-Reference-ID:	<1252856832.991059.8162.nullmailer@balanced-tree.mit.edu>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2009-09/msg00043.html
+
+Bug-Description:
+
+When using the globstar option, bash incorrectly interprets wildcarded path
+components between a **/ and the last / as matching any path, even if the
+constructed path does not match any files.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/glob/glob.c	2009-07-22 23:18:50.000000000 -0400
+--- lib/glob/glob.c	2009-09-18 17:53:25.000000000 -0400
+***************
+*** 920,928 ****
+  	  char **temp_results;
+  
+  	  /* Scan directory even on a NULL filename.  That way, `*h/'
+  	     returns only directories ending in `h', instead of all
+  	     files ending in `h' with a `/' appended. */
+  	  dname = directories[i];
+! 	  dflags = flags & ~GX_MARKDIRS;
+  	  if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+  	    dflags |= GX_ALLDIRS|GX_ADDCURDIR;
+--- 927,938 ----
+  	  char **temp_results;
+  
++ 	  /* XXX -- we've recursively scanned any directories resulting from
++ 	     a `**', so turn off the flag.  We turn it on again below if
++ 	     filename is `**' */
+  	  /* Scan directory even on a NULL filename.  That way, `*h/'
+  	     returns only directories ending in `h', instead of all
+  	     files ending in `h' with a `/' appended. */
+  	  dname = directories[i];
+! 	  dflags = flags & ~(GX_MARKDIRS|GX_ALLDIRS|GX_ADDCURDIR);
+  	  if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+  	    dflags |= GX_ALLDIRS|GX_ADDCURDIR;
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 33
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 34
+  
+  #endif /* _PATCHLEVEL_H_ */
-- 
cgit v1.2.3