Pullup ticket #4504 - requested by tron shells/bash: security patch Revisions pulled up: - shells/bash/Makefile 1.65 - shells/bash/distinfo 1.32 - shells/bash/patches/patch-parse.y 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Thu Sep 25 14:02:34 UTC 2014 Modified Files: pkgsrc/shells/bash: Makefile distinfo Added Files: pkgsrc/shells/bash/patches: patch-parse.y Log Message: Add fix for CVE-2014-7169. To generate a diff of this commit: cvs rdiff -u -r1.64 -r1.65 pkgsrc/shells/bash/Makefile cvs rdiff -u -r1.31 -r1.32 pkgsrc/shells/bash/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/shells/bash/patches/patch-parse.ydiff -r1.61.4.1 -r1.61.4.2 pkgsrc/shells/bash/Makefile
(spz)
| @@ -1,20 +1,21 @@ | @@ -1,20 +1,21 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.61.4.1 2014/09/25 09:02:06 spz Exp $ | 1 | # $NetBSD: Makefile,v 1.61.4.2 2014/09/25 18:08:56 spz Exp $ | |
| 2 | 2 | |||
| 3 | BASH_VERSION= 4.3 | 3 | BASH_VERSION= 4.3 | |
| 4 | BASH_PATCHLEVEL= 025 | 4 | BASH_PATCHLEVEL= 025 | |
| 5 | 5 | |||
| 6 | DISTNAME= bash-${BASH_VERSION} | 6 | DISTNAME= bash-${BASH_VERSION} | |
| 7 | PKGNAME= bash-${BASH_VERSION}.${BASH_PATCHLEVEL} | 7 | PKGNAME= bash-${BASH_VERSION}.${BASH_PATCHLEVEL} | |
| 8 | PKGREVISION= 1 | |||
| 8 | CATEGORIES= shells | 9 | CATEGORIES= shells | |
| 9 | MASTER_SITES= ${MASTER_SITE_GNU:=bash/} \ | 10 | MASTER_SITES= ${MASTER_SITE_GNU:=bash/} \ | |
| 10 | ftp://ftp.cwru.edu/pub/bash/ | 11 | ftp://ftp.cwru.edu/pub/bash/ | |
| 11 | 12 | |||
| 12 | PATCH_SITES= ${MASTER_SITES:=bash-4.3-patches/} | 13 | PATCH_SITES= ${MASTER_SITES:=bash-4.3-patches/} | |
| 13 | PATCHFILES+= bash43-001 bash43-002 bash43-003 bash43-004 bash43-005 | 14 | PATCHFILES+= bash43-001 bash43-002 bash43-003 bash43-004 bash43-005 | |
| 14 | PATCHFILES+= bash43-006 bash43-007 bash43-008 bash43-009 bash43-010 | 15 | PATCHFILES+= bash43-006 bash43-007 bash43-008 bash43-009 bash43-010 | |
| 15 | PATCHFILES+= bash43-011 bash43-012 bash43-013 bash43-014 bash43-015 | 16 | PATCHFILES+= bash43-011 bash43-012 bash43-013 bash43-014 bash43-015 | |
| 16 | PATCHFILES+= bash43-016 bash43-017 bash43-018 bash43-019 bash43-020 | 17 | PATCHFILES+= bash43-016 bash43-017 bash43-018 bash43-019 bash43-020 | |
| 17 | PATCHFILES+= bash43-021 bash43-022 bash43-023 bash43-024 bash43-025 | 18 | PATCHFILES+= bash43-021 bash43-022 bash43-023 bash43-024 bash43-025 | |
| 18 | 19 | |||
| 19 | MAINTAINER= pkgsrc-users@NetBSD.org | 20 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 20 | HOMEPAGE= http://www.gnu.org/software/bash/bash.html | 21 | HOMEPAGE= http://www.gnu.org/software/bash/bash.html | |
| @@ -92,20 +93,23 @@ CONFIGURE_ENV+= CC_FOR_BUILD=${NATIVE_C | @@ -92,20 +93,23 @@ CONFIGURE_ENV+= CC_FOR_BUILD=${NATIVE_C | |||
| 92 | CONFIGURE_ENV+= ac_cv_c_long_long=yes | 93 | CONFIGURE_ENV+= ac_cv_c_long_long=yes | |
| 93 | CONFIGURE_ENV+= ac_cv_c_long_double=yes | 94 | CONFIGURE_ENV+= ac_cv_c_long_double=yes | |
| 94 | CONFIGURE_ENV+= bash_cv_type_rlimit=yes | 95 | CONFIGURE_ENV+= bash_cv_type_rlimit=yes | |
| 95 | CONFIGURE_ENV+= bash_cv_getcwd_malloc=yes | 96 | CONFIGURE_ENV+= bash_cv_getcwd_malloc=yes | |
| 96 | CONFIGURE_ENV+= bash_cv_func_sigsetjmp=yes | 97 | CONFIGURE_ENV+= bash_cv_func_sigsetjmp=yes | |
| 97 | CONFIGURE_ENV+= bash_cv_printf_a_format=yes | 98 | CONFIGURE_ENV+= bash_cv_printf_a_format=yes | |
| 98 | CONFIGURE_ENV+= bash_cv_job_control_missing=present | 99 | CONFIGURE_ENV+= bash_cv_job_control_missing=present | |
| 99 | CONFIGURE_ENV+= bash_cv_sys_named_pipes=present | 100 | CONFIGURE_ENV+= bash_cv_sys_named_pipes=present | |
| 100 | CONFIGURE_ENV+= bash_cv_unusable_rtsigs=no | 101 | CONFIGURE_ENV+= bash_cv_unusable_rtsigs=no | |
| 101 | CONFIGURE_ENV+= bash_cv_func_ctype_nonascii=yes | 102 | CONFIGURE_ENV+= bash_cv_func_ctype_nonascii=yes | |
| 102 | CONFIGURE_ENV+= bash_cv_wexitstatus_offset=8 | 103 | CONFIGURE_ENV+= bash_cv_wexitstatus_offset=8 | |
| 103 | .endif | 104 | .endif | |
| 104 | 105 | |||
| 106 | pre-configure: | |||
| 107 | ${RM} -f ${WRKSRC}/y.tab.c | |||
| 108 | ||||
| 105 | post-install: | 109 | post-install: | |
| 106 | ${INSTALL_MAN} ${WRKSRC}/doc/bash.1 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1 | 110 | ${INSTALL_MAN} ${WRKSRC}/doc/bash.1 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1 | |
| 107 | ${INSTALL_MAN} ${WRKSRC}/doc/bashbug.1 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1 | 111 | ${INSTALL_MAN} ${WRKSRC}/doc/bashbug.1 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1 | |
| 108 | 112 | |||
| 109 | .include "../../mk/termcap.buildlink3.mk" | 113 | .include "../../mk/termcap.buildlink3.mk" | |
| 110 | .include "../../devel/gettext-lib/buildlink3.mk" | 114 | .include "../../devel/gettext-lib/buildlink3.mk" | |
| 111 | .include "../../mk/bsd.pkg.mk" | 115 | .include "../../mk/bsd.pkg.mk" |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | $NetBSD: distinfo,v 1.29.4.1 2014/09/25 09:02:06 spz Exp $ | 1 | $NetBSD: distinfo,v 1.29.4.2 2014/09/25 18:08:56 spz Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (bash-4.3.tar.gz) = 45ac3c5727e7262334f4dfadecdf601b39434e84 | 3 | SHA1 (bash-4.3.tar.gz) = 45ac3c5727e7262334f4dfadecdf601b39434e84 | |
| 4 | RMD160 (bash-4.3.tar.gz) = cd21a9f51ea7780994d4e2c9c7d16d5eb000f845 | 4 | RMD160 (bash-4.3.tar.gz) = cd21a9f51ea7780994d4e2c9c7d16d5eb000f845 | |
| 5 | Size (bash-4.3.tar.gz) = 7955839 bytes | 5 | Size (bash-4.3.tar.gz) = 7955839 bytes | |
| 6 | SHA1 (bash43-001) = d67ffd6833b30fd41f429205953714a184caa03b | 6 | SHA1 (bash43-001) = d67ffd6833b30fd41f429205953714a184caa03b | |
| 7 | RMD160 (bash43-001) = 6fc9c8c814602c60f6cda0965848dc19a2601a62 | 7 | RMD160 (bash43-001) = 6fc9c8c814602c60f6cda0965848dc19a2601a62 | |
| 8 | Size (bash43-001) = 1617 bytes | 8 | Size (bash43-001) = 1617 bytes | |
| 9 | SHA1 (bash43-002) = 0c1d486387e5f3bea6a97b317de54f9c3de71c7c | 9 | SHA1 (bash43-002) = 0c1d486387e5f3bea6a97b317de54f9c3de71c7c | |
| 10 | RMD160 (bash43-002) = eecdd1863f8cb8f6ae6055d88b5ea811f5cc5674 | 10 | RMD160 (bash43-002) = eecdd1863f8cb8f6ae6055d88b5ea811f5cc5674 | |
| 11 | Size (bash43-002) = 1594 bytes | 11 | Size (bash43-002) = 1594 bytes | |
| 12 | SHA1 (bash43-003) = 024d9a6dc6822bb5424f83478b495de29883fb3c | 12 | SHA1 (bash43-003) = 024d9a6dc6822bb5424f83478b495de29883fb3c | |
| 13 | RMD160 (bash43-003) = 957f27933224699fff6c508be93ac9b378af174d | 13 | RMD160 (bash43-003) = 957f27933224699fff6c508be93ac9b378af174d | |
| 14 | Size (bash43-003) = 1465 bytes | 14 | Size (bash43-003) = 1465 bytes | |
| @@ -72,13 +72,14 @@ Size (bash43-022) = 1782 bytes | @@ -72,13 +72,14 @@ Size (bash43-022) = 1782 bytes | |||
| 72 | SHA1 (bash43-023) = 5fe81781847c5bad848b790d3c2c0e3df19e8719 | 72 | SHA1 (bash43-023) = 5fe81781847c5bad848b790d3c2c0e3df19e8719 | |
| 73 | RMD160 (bash43-023) = 86e0fe2326a81b7182f52cd3cd7da087a52ea962 | 73 | RMD160 (bash43-023) = 86e0fe2326a81b7182f52cd3cd7da087a52ea962 | |
| 74 | Size (bash43-023) = 3414 bytes | 74 | Size (bash43-023) = 3414 bytes | |
| 75 | SHA1 (bash43-024) = 875accb818ebecdb77a2fc3dc6167056ea1ce347 | 75 | SHA1 (bash43-024) = 875accb818ebecdb77a2fc3dc6167056ea1ce347 | |
| 76 | RMD160 (bash43-024) = a1fd34a95f55b37b065e824b494f3a35c4eb4361 | 76 | RMD160 (bash43-024) = a1fd34a95f55b37b065e824b494f3a35c4eb4361 | |
| 77 | Size (bash43-024) = 1909 bytes | 77 | Size (bash43-024) = 1909 bytes | |
| 78 | SHA1 (bash43-025) = 484d85e54547a18f9702284c55145e34e74768d1 | 78 | SHA1 (bash43-025) = 484d85e54547a18f9702284c55145e34e74768d1 | |
| 79 | RMD160 (bash43-025) = 9fd51a95756fcaf9b57cab9c29d6e3f6e3b900fe | 79 | RMD160 (bash43-025) = 9fd51a95756fcaf9b57cab9c29d6e3f6e3b900fe | |
| 80 | Size (bash43-025) = 3940 bytes | 80 | Size (bash43-025) = 3940 bytes | |
| 81 | SHA1 (patch-af) = dfd1d1be3d822cfc3ae0fd21bb2bbd3e35b11f0d | 81 | SHA1 (patch-af) = dfd1d1be3d822cfc3ae0fd21bb2bbd3e35b11f0d | |
| 82 | SHA1 (patch-ag) = 4da0a43f6b890482affff46b18eef4be67770e48 | 82 | SHA1 (patch-ag) = 4da0a43f6b890482affff46b18eef4be67770e48 | |
| 83 | SHA1 (patch-aj) = 8b3c52c2aee9cf53ee5a9ce64ead243d0970305e | 83 | SHA1 (patch-aj) = 8b3c52c2aee9cf53ee5a9ce64ead243d0970305e | |
| 84 | SHA1 (patch-builtins_ulimit.def) = d4cb59bedc6a6199f9a99a3530c99374e428baeb | 84 | SHA1 (patch-builtins_ulimit.def) = d4cb59bedc6a6199f9a99a3530c99374e428baeb | |
| 85 | SHA1 (patch-parse.y) = 41c747ef8095b43c6b077a3fab54105d338f156e |
$NetBSD: patch-parse.y,v 1.1.2.2 2014/09/25 18:08:56 spz Exp $
Fix for CVE-2014-7169 taken from here:
http://www.openwall.com/lists/oss-security/2014/09/25/10
--- parse.y.orig 2014-09-25 14:24:07.000000000 +0100
+++ parse.y 2014-09-25 14:25:05.000000000 +0100
@@ -2953,6 +2953,8 @@
FREE (word_desc_to_read);
word_desc_to_read = (WORD_DESC *)NULL;
+ eol_ungetc_lookahead = 0;
+
current_token = '\n'; /* XXX */
last_read_token = '\n';
token_to_read = '\n';