Date: Wednesday, September 24, 2014 @ 16:02:05
  Author: fyan
Revision: 222934

upgpkg: bash 4.3.024-2

add upstream patch to fix CVE-2014-6271

Added:
  bash/trunk/funcdef-import.patch
Modified:
  bash/trunk/PKGBUILD

----------------------+
 PKGBUILD             |    9 +++-
 funcdef-import.patch |   91 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 98 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2014-09-24 13:00:05 UTC (rev 222933)
+++ PKGBUILD    2014-09-24 14:02:05 UTC (rev 222934)
@@ -7,7 +7,7 @@
 _basever=4.3
 _patchlevel=024
 pkgver=$_basever.$_patchlevel
-pkgrel=1
+pkgrel=2
 pkgdesc='The GNU Bourne Again shell'
 arch=('i686' 'x86_64')
 license=('GPL')
@@ -24,7 +24,8 @@
         dot.bash_logout
         system.bashrc
         system.bash_logout
-        privmode-setuid-fail.patch)
+        privmode-setuid-fail.patch
+        funcdef-import.patch)
 
 if [[ $((10#${_patchlevel})) -gt 0 ]]; then
     for (( _p=1; _p<=$((10#${_patchlevel})); _p++ )); do
@@ -42,6 +43,9 @@
 
   # http://hmarco.org/bugs/bash_4.3-setuid-bug.html (FS#40663)
   patch -p0 -i ../privmode-setuid-fail.patch
+
+  # CVE-2014-6271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
+  patch -p0 -i ../funcdef-import.patch
 }
 
 build() {
@@ -85,6 +89,7 @@
          '561949793177116b7be29a07c385ba8b'
          '472f536d7c9e8250dc4568ec4cfaf294'
          'a577d42e38249d298d6a8d4bf2823883'
+         '231b04ccc931653b12244bcc0a4eea70'
          '1ab682b4e36afa4cf1b426aa7ac81c0d'
          'SKIP'
          '8fc22cf50ec85da00f6af3d66f7ddc1b'

Added: funcdef-import.patch
===================================================================
--- funcdef-import.patch                                (rev 0)
+++ funcdef-import.patch        2014-09-24 14:02:05 UTC (rev 222934)
@@ -0,0 +1,91 @@
+*** ../bash-4.3-patched/builtins/common.h      2013-07-08 16:54:47.000000000 
-0400
+--- builtins/common.h  2014-09-12 14:25:47.000000000 -0400
+***************
+*** 34,37 ****
+--- 49,54 ----
+  #define SEVAL_PARSEONLY      0x020
+  #define SEVAL_NOLONGJMP 0x040
++ #define SEVAL_FUNCDEF        0x080           /* only allow function 
definitions */
++ #define SEVAL_ONECMD 0x100           /* only allow a single command */
+  
+  /* Flags for describe_command, shared between type.def and command.def */
+*** ../bash-4.3-patched/builtins/evalstring.c  2014-02-11 09:42:10.000000000 
-0500
+--- builtins/evalstring.c      2014-09-14 14:15:13.000000000 -0400
+***************
+*** 309,312 ****
+--- 313,324 ----
+             struct fd_bitmap *bitmap;
+  
++            if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
++              {
++                internal_warning ("%s: ignoring function definition attempt", 
from_file);
++                should_jump_to_top_level = 0;
++                last_result = last_command_exit_value = EX_BADUSAGE;
++                break;
++              }
++ 
+             bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+             begin_unwind_frame ("pe_dispose");
+***************
+*** 369,372 ****
+--- 381,387 ----
+             dispose_fd_bitmap (bitmap);
+             discard_unwind_frame ("pe_dispose");
++ 
++            if (flags & SEVAL_ONECMD)
++              break;
+           }
+       }
+*** ../bash-4.3-patched/variables.c    2014-05-15 08:26:50.000000000 -0400
+--- variables.c        2014-09-14 14:23:35.000000000 -0400
+***************
+*** 359,369 ****
+         strcpy (temp_string + char_index + 1, string);
+  
+!        if (posixly_correct == 0 || legal_identifier (name))
+!          parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
+! 
+!        /* Ancient backwards compatibility.  Old versions of bash exported
+!           functions like name()=() {...} */
+!        if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
+!          name[char_index - 2] = '\0';
+  
+         if (temp_var = find_function (name))
+--- 364,372 ----
+         strcpy (temp_string + char_index + 1, string);
+  
+!        /* Don't import function names that are invalid identifiers from the
+!           environment, though we still allow them to be defined as shell
+!           variables. */
+!        if (legal_identifier (name))
+!          parse_and_execute (temp_string, name, 
SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+  
+         if (temp_var = find_function (name))
+***************
+*** 382,389 ****
+             report_error (_("error importing function definition for `%s'"), 
name);
+           }
+- 
+-        /* ( */
+-        if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+-          name[char_index - 2] = '(';         /* ) */
+       }
+  #if defined (ARRAY_VARS)
+--- 385,388 ----
+*** ../bash-4.3-patched/subst.c        2014-08-11 11:16:35.000000000 -0400
+--- subst.c    2014-09-12 15:31:04.000000000 -0400
+***************
+*** 8048,8052 ****
+         goto return0;
+       }
+!       else if (var = find_variable_last_nameref (temp1))
+       {
+         temp = nameref_cell (var);
+--- 8118,8124 ----
+         goto return0;
+       }
+!       else if (var && (invisible_p (var) || var_isset (var) == 0))
+!      temp = (char *)NULL;
+!       else if ((var = find_variable_last_nameref (temp1)) && var_isset (var) 
&& invisible_p (var) == 0)
+       {
+         temp = nameref_cell (var);

Reply via email to