Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=0035d51fc7bc4ae677285f6635a4b0939e519195
commit 0035d51fc7bc4ae677285f6635a4b0939e519195 Author: kikadf <[email protected]> Date: Sun Oct 12 17:51:59 2014 +0200 bash-4.2_053-1arcturus1-x86_64 * Bump to latest 4.2 patchlevel * Fix CVE-2014-6277, CVE-2014-6278 diff --git a/source/base/bash/CVE-2014-6271.patch b/source/base/bash/CVE-2014-6271.patch deleted file mode 100644 index 54e2b89..0000000 --- a/source/base/bash/CVE-2014-6271.patch +++ /dev/null @@ -1,72 +0,0 @@ -*** ../bash-4.2.47/builtins/common.h 2010-05-30 18:31:51.000000000 -0400 ---- builtins/common.h 2014-09-16 19:35:45.000000000 -0400 -*************** -*** 36,39 **** ---- 36,41 ---- - - /* Flags for describe_command, shared between type.def and command.def */ -+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ -+ #define SEVAL_ONECMD 0x100 /* only allow a single command */ - #define CDESC_ALL 0x001 /* type -a */ - #define CDESC_SHORTDESC 0x002 /* command -V */ -*** ../bash-4.2.47/builtins/evalstring.c 2010-11-23 08:22:15.000000000 -0500 ---- builtins/evalstring.c 2014-09-16 19:35:45.000000000 -0400 -*************** -*** 262,265 **** ---- 262,273 ---- - struct fd_bitmap *bitmap; - -+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) -+ { -+ internal_warning ("%s: ignoring function definition attempt", from_file); -+ should_jump_to_top_level = 0; -+ last_result = last_command_exit_value = EX_BADUSAGE; -+ break; -+ } -+ - bitmap = new_fd_bitmap (FD_BITMAP_SIZE); - begin_unwind_frame ("pe_dispose"); -*************** -*** 322,325 **** ---- 330,336 ---- - dispose_fd_bitmap (bitmap); - discard_unwind_frame ("pe_dispose"); -+ -+ if (flags & SEVAL_ONECMD) -+ break; - } - } -*** ../bash-4.2.47/variables.c 2011-03-01 16:15:20.000000000 -0500 ---- variables.c 2014-09-16 19:35:45.000000000 -0400 -*************** -*** 348,357 **** - strcpy (temp_string + char_index + 1, string); - -! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); -! -! /* Ancient backwards compatibility. Old versions of bash exported -! functions like name()=() {...} */ -! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') -! name[char_index - 2] = '\0'; - - if (temp_var = find_function (name)) ---- 348,355 ---- - strcpy (temp_string + char_index + 1, string); - -! /* Don't import function names that are invalid identifiers from the -! environment. */ -! if (legal_identifier (name)) -! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); - - if (temp_var = find_function (name)) -*************** -*** 362,369 **** - else - report_error (_("error importing function definition for `%s'"), name); -- -- /* ( */ -- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') -- name[char_index - 2] = '('; /* ) */ - } - #if defined (ARRAY_VARS) ---- 360,363 ---- diff --git a/source/base/bash/CVE-2014-7169-0.patch b/source/base/bash/CVE-2014-7169-0.patch deleted file mode 100644 index 5f59b46..0000000 --- a/source/base/bash/CVE-2014-7169-0.patch +++ /dev/null @@ -1,12 +0,0 @@ -*** ../bash-20140912/parse.y 2014-08-26 15:09:42.000000000 -0400 ---- parse.y 2014-09-24 22:47:28.000000000 -0400 -*************** -*** 2959,2962 **** ---- 2959,2964 ---- - word_desc_to_read = (WORD_DESC *)NULL; - -+ eol_ungetc_lookahead = 0; -+ - current_token = '\n'; /* XXX */ - last_read_token = '\n'; - diff --git a/source/base/bash/CVE-2014-7169-1.patch b/source/base/bash/CVE-2014-7169-1.patch deleted file mode 100644 index a2a0ce4..0000000 --- a/source/base/bash/CVE-2014-7169-1.patch +++ /dev/null @@ -1,146 +0,0 @@ ---- ../bash-4.2-orig/variables.c 2014-09-25 13:07:59.313209541 +0200 -+++ variables.c 2014-09-25 13:15:29.869420719 +0200 -@@ -268,7 +268,7 @@ - static void propagate_temp_var __P((PTR_T)); - static void dispose_temporary_env __P((sh_free_func_t *)); - --static inline char *mk_env_string __P((const char *, const char *)); -+static inline char *mk_env_string __P((const char *, const char *, int)); - static char **make_env_array_from_var_list __P((SHELL_VAR **)); - static char **make_var_export_array __P((VAR_CONTEXT *)); - static char **make_func_export_array __P((void)); -@@ -301,6 +301,14 @@ - #endif - } - -+/* Prefix and suffix for environment variable names which contain -+ shell functions. */ -+#define FUNCDEF_PREFIX "BASH_FUNC_" -+#define FUNCDEF_PREFIX_LEN (strlen (FUNCDEF_PREFIX)) -+#define FUNCDEF_SUFFIX "()" -+#define FUNCDEF_SUFFIX_LEN (strlen (FUNCDEF_SUFFIX)) -+ -+ - /* Initialize the shell variables from the current environment. - If PRIVMODE is nonzero, don't import functions from ENV or - parse $SHELLOPTS. */ -@@ -338,27 +346,39 @@ - - /* If exported function, define it now. Don't import functions from - the environment in privileged mode. */ -- if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4)) -- { -- string_length = strlen (string); -- temp_string = (char *)xmalloc (3 + string_length + char_index); -+ if (privmode == 0 && read_but_dont_execute == 0 -+ && STREQN (FUNCDEF_PREFIX, name, FUNCDEF_PREFIX_LEN) -+ && STREQ (name + char_index - FUNCDEF_SUFFIX_LEN, FUNCDEF_SUFFIX) -+ && STREQN ("() {", string, 4)) -+ { -+ size_t name_length -+ = char_index - (FUNCDEF_PREFIX_LEN + FUNCDEF_SUFFIX_LEN); -+ char *temp_name = name + FUNCDEF_PREFIX_LEN; -+ /* Temporarily remove the suffix. */ -+ temp_name[name_length] = '\0'; - -- strcpy (temp_string, name); -- temp_string[char_index] = ' '; -- strcpy (temp_string + char_index + 1, string); -+ string_length = strlen (string); -+ temp_string = (char *)xmalloc (name_length + 1 + string_length + 1); -+ memcpy (temp_string, temp_name, name_length); -+ temp_string[name_length] = ' '; -+ memcpy (temp_string + name_length + 1, string, string_length + 1); - - /* Don't import function names that are invalid identifiers from the - environment. */ -- if (legal_identifier (name)) -- parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); -+ if (legal_identifier (temp_name)) -+ parse_and_execute (temp_string, temp_name, -+ SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); - -- if (temp_var = find_function (name)) -+ if (temp_var = find_function (temp_name)) - { - VSETATTR (temp_var, (att_exported|att_imported)); - array_needs_making = 1; - } - else - report_error (_("error importing function definition for `%s'"), name); -+ -+ /* Restore the original suffix. */ -+ temp_name[name_length] = FUNCDEF_SUFFIX[0]; - } - #if defined (ARRAY_VARS) - # if 0 -@@ -2537,7 +2557,7 @@ - var->context = variable_context; /* XXX */ - - INVALIDATE_EXPORTSTR (var); -- var->exportstr = mk_env_string (name, value); -+ var->exportstr = mk_env_string (name, value, 0); - - array_needs_making = 1; - -@@ -3388,22 +3408,43 @@ - /* */ - /* **************************************************************** */ - -+/* Returns the string NAME=VALUE if !FUNCTIONP or if VALUE == NULL (in -+ which case it is treated as empty). Otherwise, decorate NAME with -+ FUNCDEF_PREFIX and FUNCDEF_SUFFIX, and return a string of the form -+ FUNCDEF_PREFIX NAME FUNCDEF_SUFFIX = VALUE (without spaces). */ - static inline char * --mk_env_string (name, value) -+mk_env_string (name, value, functionp) - const char *name, *value; -+ int functionp; - { -- int name_len, value_len; -- char *p; -+ size_t name_len, value_len; -+ char *p, *q; - - name_len = strlen (name); - value_len = STRLEN (value); -- p = (char *)xmalloc (2 + name_len + value_len); -- strcpy (p, name); -- p[name_len] = '='; -+ if (functionp && value != NULL) -+ { -+ p = (char *)xmalloc (FUNCDEF_PREFIX_LEN + name_len + FUNCDEF_SUFFIX_LEN -+ + 1 + value_len + 1); -+ q = p; -+ memcpy (q, FUNCDEF_PREFIX, FUNCDEF_PREFIX_LEN); -+ q += FUNCDEF_PREFIX_LEN; -+ memcpy (q, name, name_len); -+ q += name_len; -+ memcpy (q, FUNCDEF_SUFFIX, FUNCDEF_SUFFIX_LEN); -+ q += FUNCDEF_SUFFIX_LEN; -+ } -+ else -+ { -+ p = (char *)xmalloc (name_len + 1 + value_len + 1); -+ memcpy (p, name, name_len); -+ q = p + name_len; -+ } -+ q[0] = '='; - if (value && *value) -- strcpy (p + name_len + 1, value); -+ memcpy (q + 1, value, value_len + 1); - else -- p[name_len + 1] = '\0'; -+ q[1] = '\0'; - return (p); - } - -@@ -3489,7 +3530,7 @@ - /* Gee, I'd like to get away with not using savestring() if we're - using the cached exportstr... */ - list[list_index] = USE_EXPORTSTR ? savestring (value) -- : mk_env_string (var->name, value); -+ : mk_env_string (var->name, value, function_p (var)); - - if (USE_EXPORTSTR == 0) - SAVE_EXPORTSTR (var, list[list_index]); diff --git a/source/base/bash/CVE-2014-7169-2.patch b/source/base/bash/CVE-2014-7169-2.patch deleted file mode 100644 index 3da05bb..0000000 --- a/source/base/bash/CVE-2014-7169-2.patch +++ /dev/null @@ -1,83 +0,0 @@ ---- ../bash-4.2-orig/parse.y 2014-09-25 13:07:59.218209276 +0200 -+++ parse.y 2014-09-25 15:26:52.813159810 +0200 -@@ -264,9 +264,21 @@ - - /* Variables to manage the task of reading here documents, because we need to - defer the reading until after a complete command has been collected. */ --static REDIRECT *redir_stack[10]; -+static REDIRECT **redir_stack; - int need_here_doc; - -+/* Pushes REDIR onto redir_stack, resizing it as needed. */ -+static void -+push_redir_stack (REDIRECT *redir) -+{ -+ /* Guard against oveflow. */ -+ if (need_here_doc + 1 > INT_MAX / sizeof (*redir_stack)) -+ abort (); -+ redir_stack = xrealloc (redir_stack, -+ (need_here_doc + 1) * sizeof (*redir_stack)); -+ redir_stack[need_here_doc++] = redir; -+} -+ - /* Where shell input comes from. History expansion is performed on each - line when the shell is interactive. */ - static char *shell_input_line = (char *)NULL; -@@ -519,42 +531,42 @@ - source.dest = 0; - redir.filename = $2; - $$ = make_redirection (source, r_reading_until, redir, 0); -- redir_stack[need_here_doc++] = $$; -+ push_redir_stack ($$); - } - | NUMBER LESS_LESS WORD - { - source.dest = $1; - redir.filename = $3; - $$ = make_redirection (source, r_reading_until, redir, 0); -- redir_stack[need_here_doc++] = $$; -+ push_redir_stack ($$); - } - | REDIR_WORD LESS_LESS WORD - { - source.filename = $1; - redir.filename = $3; - $$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN); -- redir_stack[need_here_doc++] = $$; -+ push_redir_stack ($$); - } - | LESS_LESS_MINUS WORD - { - source.dest = 0; - redir.filename = $2; - $$ = make_redirection (source, r_deblank_reading_until, redir, 0); -- redir_stack[need_here_doc++] = $$; -+ push_redir_stack ($$); - } - | NUMBER LESS_LESS_MINUS WORD - { - source.dest = $1; - redir.filename = $3; - $$ = make_redirection (source, r_deblank_reading_until, redir, 0); -- redir_stack[need_here_doc++] = $$; -+ push_redir_stack ($$); - } - | REDIR_WORD LESS_LESS_MINUS WORD - { - source.filename = $1; - redir.filename = $3; - $$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN); -- redir_stack[need_here_doc++] = $$; -+ push_redir_stack ($$); - } - | LESS_LESS_LESS WORD - { -@@ -4757,7 +4769,7 @@ - case CASE: - case SELECT: - case FOR: -- if (word_top < MAX_CASE_NEST) -+ if (word_top + 1 < MAX_CASE_NEST) - word_top++; - word_lineno[word_top] = line_number; - break; diff --git a/source/base/bash/FrugalBuild b/source/base/bash/FrugalBuild index 21a096f..d38c24d 100644 --- a/source/base/bash/FrugalBuild +++ b/source/base/bash/FrugalBuild @@ -4,13 +4,13 @@ pkgname=bash basever=4.2 -patchver=045 +patchver=053 if [ -z "$patchver" ]; then pkgver=$basever else pkgver=${basever}_$patchver fi -pkgrel=5arcturus2 +pkgrel=1arcturus1 pkgdesc="The GNU Bourne Again shell" url="http://tiswww.case.edu/php/chet/bash/bashtop.html"; backup=(etc/{profile,shells,skel/.bashrc}) @@ -29,13 +29,6 @@ if [ -n "$patchver" ]; then done fi -# FSA fix *** -source=(${source[@]} CVE-2014-6271.patch CVE-2014-7169-0.patch - CVE-2014-7169-1.patch CVE-2014-7169-2.patch) -signatures=(${signatures[@]} '' '' '' '') -# *********** - - build() { _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
