Wed Mar 1 16:23:10 2017 UTC ()
Pullup ticket #5219 - requested by spz
shells/bash: security fix

Revisions pulled up:
- shells/bash/Makefile                                          1.80
- shells/bash/distinfo                                          1.46

---
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Sun Jan 22 21:52:05 UTC 2017

   Modified Files:
           pkgsrc/shells/bash: Makefile distinfo

   Log Message:
   bash: update to patchlevel 11.
   changes:

   patch 06:
   Out-of-range negative offsets to popd can cause the shell to crash attempting
   to free an invalid memory block.

   patch 07:
   When performing filename completion, bash dequotes the directory name being
   completed, which can result in match failures and potential unwanted
   expansion.

   patch 08:
   Under certain circumstances, bash will evaluate arithmetic expressions as
   part of reading an expression token even when evaluation is suppressed. This
   happens while evaluating a conditional expression and skipping over the
   failed branch of the expression.

   patch 09:
   Depending on compiler optimizations and behavior, the `read' builtin may not
   save partial input when a timeout occurs.

   patch 10:
   Depending on compiler optimizations and behavior, the `read' builtin may not
   save partial input when a timeout occurs.

   patch 11:
   Subshells begun to run command and process substitutions may attempt to
   set the terminal's process group to an incorrect value if they receive
   a fatal signal.  This depends on the behavior of the process that starts
   the shell.


(bsiegert)
diff -r1.78 -r1.78.2.1 pkgsrc/shells/bash/Makefile
diff -r1.45 -r1.45.2.1 pkgsrc/shells/bash/distinfo
cvs diff -r1.78 -r1.78.2.1 pkgsrc/shells/bash/Makefile (expand / switch to unified diff)

--- pkgsrc/shells/bash/Makefile 2016/11/20 08:02:26 1.78
+++ pkgsrc/shells/bash/Makefile 2017/03/01 16:23:10 1.78.2.1
@@ -1,28 +1,28 @@ @@ -1,28 +1,28 @@
1# $NetBSD: Makefile,v 1.78 2016/11/20 08:02:26 wen Exp $ 1# $NetBSD: Makefile,v 1.78.2.1 2017/03/01 16:23:10 bsiegert Exp $
2 2
3BASH_VERSION= 4.4 3BASH_VERSION= 4.4
4BASH_PATCHLEVEL= 005 4BASH_PATCHLEVEL= 011
5 5
6DISTNAME= bash-${BASH_VERSION} 6DISTNAME= bash-${BASH_VERSION}
7PKGNAME= bash-${BASH_VERSION}.${BASH_PATCHLEVEL} 7PKGNAME= bash-${BASH_VERSION}.${BASH_PATCHLEVEL}
8CATEGORIES= shells 8CATEGORIES= shells
9MASTER_SITES= ${MASTER_SITE_GNU:=bash/} \ 9MASTER_SITES= ${MASTER_SITE_GNU:=bash/} \
10 ftp://ftp.cwru.edu/pub/bash/ 10 ftp://ftp.cwru.edu/pub/bash/
11 11
12PATCH_SITES= ${MASTER_SITES:=bash-4.4-patches/} 12PATCH_SITES= ${MASTER_SITES:=bash-4.4-patches/}
13PATCHFILES+= bash44-001 bash44-002 bash44-003 bash44-004 bash44-005 13PATCHFILES+= bash44-001 bash44-002 bash44-003 bash44-004 bash44-005
14#PATCHFILES+= bash43-006 bash43-007 bash43-008 bash43-009 bash43-010 14PATCHFILES+= bash44-006 bash44-007 bash44-008 bash44-009 bash44-010
15#PATCHFILES+= bash43-011 bash43-012 bash43-013 bash43-014 bash43-015 15PATCHFILES+= bash44-011 #bash43-012 bash43-013 bash43-014 bash43-015
16#PATCHFILES+= bash43-016 bash43-017 bash43-018 bash43-019 bash43-020 16#PATCHFILES+= bash43-016 bash43-017 bash43-018 bash43-019 bash43-020
17#PATCHFILES+= bash43-021 bash43-022 bash43-023 bash43-024 bash43-025 17#PATCHFILES+= bash43-021 bash43-022 bash43-023 bash43-024 bash43-025
18#PATCHFILES+= bash43-026 bash43-027 bash43-028 bash43-029 bash43-030 18#PATCHFILES+= bash43-026 bash43-027 bash43-028 bash43-029 bash43-030
19#PATCHFILES+= bash43-031 bash43-032 bash43-033 bash43-034 bash43-035 19#PATCHFILES+= bash43-031 bash43-032 bash43-033 bash43-034 bash43-035
20#PATCHFILES+= bash43-036 bash43-037 bash43-038 bash43-039 20#PATCHFILES+= bash43-036 bash43-037 bash43-038 bash43-039
21 21
22MAINTAINER= pkgsrc-users@NetBSD.org 22MAINTAINER= pkgsrc-users@NetBSD.org
23HOMEPAGE= http://www.gnu.org/software/bash/bash.html 23HOMEPAGE= http://www.gnu.org/software/bash/bash.html
24COMMENT= The GNU Bourne Again Shell 24COMMENT= The GNU Bourne Again Shell
25LICENSE= gnu-gpl-v3 25LICENSE= gnu-gpl-v3
26 26
27CONFLICTS= static-bash-[0-9]* 27CONFLICTS= static-bash-[0-9]*
28 28
cvs diff -r1.45 -r1.45.2.1 pkgsrc/shells/bash/distinfo (expand / switch to unified diff)

--- pkgsrc/shells/bash/distinfo 2016/11/20 08:02:26 1.45
+++ pkgsrc/shells/bash/distinfo 2017/03/01 16:23:10 1.45.2.1
@@ -1,34 +1,58 @@ @@ -1,34 +1,58 @@
1$NetBSD: distinfo,v 1.45 2016/11/20 08:02:26 wen Exp $ 1$NetBSD: distinfo,v 1.45.2.1 2017/03/01 16:23:10 bsiegert Exp $
2 2
3SHA1 (bash-4.4.tar.gz) = 8de012df1e4f3e91f571c3eb8ec45b43d7c747eb 3SHA1 (bash-4.4.tar.gz) = 8de012df1e4f3e91f571c3eb8ec45b43d7c747eb
4RMD160 (bash-4.4.tar.gz) = 48869b3a460007d05c02ef99745477b2e526fdec 4RMD160 (bash-4.4.tar.gz) = 48869b3a460007d05c02ef99745477b2e526fdec
5SHA512 (bash-4.4.tar.gz) = 73de3b425faaac55e45456b0f6f6d8077b5dfa7bb76e0d1894a19361b4a2b6bd4fbbe182117ddbfe9b07b4d898fba03537c261badc9533dd3c0da891764c7f29 5SHA512 (bash-4.4.tar.gz) = 73de3b425faaac55e45456b0f6f6d8077b5dfa7bb76e0d1894a19361b4a2b6bd4fbbe182117ddbfe9b07b4d898fba03537c261badc9533dd3c0da891764c7f29
6Size (bash-4.4.tar.gz) = 9377313 bytes 6Size (bash-4.4.tar.gz) = 9377313 bytes
7SHA1 (bash44-001) = b0a20634e049a7b747703235b96ac0da10215d99 7SHA1 (bash44-001) = b0a20634e049a7b747703235b96ac0da10215d99
8RMD160 (bash44-001) = a4915a389d04165402193ab681ed975b3e8a29d2 8RMD160 (bash44-001) = a4915a389d04165402193ab681ed975b3e8a29d2
9SHA512 (bash44-001) = fa7a1b277eb3bad6ae7d2c7a2887cbf2c0eb75b7fee8ed03ec1e9d45879a2fb4b8c7cb16d6b029987493b01a461214bd9a24454a6837e7cfe180b1bc56f61caa 9SHA512 (bash44-001) = fa7a1b277eb3bad6ae7d2c7a2887cbf2c0eb75b7fee8ed03ec1e9d45879a2fb4b8c7cb16d6b029987493b01a461214bd9a24454a6837e7cfe180b1bc56f61caa
10Size (bash44-001) = 1896 bytes 10Size (bash44-001) = 1896 bytes
11SHA1 (bash44-002) = c9b7329897295301879a9600d96b2182ea2023b1 11SHA1 (bash44-002) = c9b7329897295301879a9600d96b2182ea2023b1
12RMD160 (bash44-002) = 25623492532efd85f55e12970f157d81fd46279e 12RMD160 (bash44-002) = 25623492532efd85f55e12970f157d81fd46279e
13SHA512 (bash44-002) = 526f986057810f89080e283ff95b3a8fd24d37e4ad2f18c39f36d3a2d57956a6441d16220082157735e3c5ccf770d5016e761aa5f309129898e39277d576e6b5 13SHA512 (bash44-002) = 526f986057810f89080e283ff95b3a8fd24d37e4ad2f18c39f36d3a2d57956a6441d16220082157735e3c5ccf770d5016e761aa5f309129898e39277d576e6b5
14Size (bash44-002) = 1946 bytes 14Size (bash44-002) = 1946 bytes
15SHA1 (bash44-003) = 21cf7e0c6151de7fe8aca0bab8deb601bac2849e 15SHA1 (bash44-003) = 21cf7e0c6151de7fe8aca0bab8deb601bac2849e
16RMD160 (bash44-003) = 3022c7eba181eb3c9eb3d8fe980ffdaf81c685ed 16RMD160 (bash44-003) = 3022c7eba181eb3c9eb3d8fe980ffdaf81c685ed
17SHA512 (bash44-003) = e61db89bdd1a7ae15013fe258046a343c9ea41e5a1c6d2c810947500a617fce7536b8d51194e14bb42499fe0de6d70cc9b2c81da0afdcb5a2278459f4f76d748 17SHA512 (bash44-003) = e61db89bdd1a7ae15013fe258046a343c9ea41e5a1c6d2c810947500a617fce7536b8d51194e14bb42499fe0de6d70cc9b2c81da0afdcb5a2278459f4f76d748
18Size (bash44-003) = 1593 bytes 18Size (bash44-003) = 1593 bytes
19SHA1 (bash44-004) = 32789657933c288d81210dd96a6b08e67207b593 19SHA1 (bash44-004) = 32789657933c288d81210dd96a6b08e67207b593
20RMD160 (bash44-004) = ec182f0390290ce05fe6b0f55e236fe7fdccc65b 20RMD160 (bash44-004) = ec182f0390290ce05fe6b0f55e236fe7fdccc65b
21SHA512 (bash44-004) = 7570cf15518f79230cfe91b3e58c795c16c7fb6ba6418d967355b36fb7982e7919a9eaaef9177fb605c7fb7d7efb8a8335e725c1bacffff69a098433f5adc9c7 21SHA512 (bash44-004) = 7570cf15518f79230cfe91b3e58c795c16c7fb6ba6418d967355b36fb7982e7919a9eaaef9177fb605c7fb7d7efb8a8335e725c1bacffff69a098433f5adc9c7
22Size (bash44-004) = 2350 bytes 22Size (bash44-004) = 2350 bytes
23SHA1 (bash44-005) = 8eee9cf9997215bd14f53dfc25c97186cee9437c 23SHA1 (bash44-005) = 8eee9cf9997215bd14f53dfc25c97186cee9437c
24RMD160 (bash44-005) = e899f89c49cd2b905191041ea06b642546865982 24RMD160 (bash44-005) = e899f89c49cd2b905191041ea06b642546865982
25SHA512 (bash44-005) = 7546a6c90c8e8508567dde713722291477ca87c1116905b46432514a4fc632840a855b84f102591914cd4c44d5bf2eb7400866e26366fc94525fb401ea844a8f 25SHA512 (bash44-005) = 7546a6c90c8e8508567dde713722291477ca87c1116905b46432514a4fc632840a855b84f102591914cd4c44d5bf2eb7400866e26366fc94525fb401ea844a8f
26Size (bash44-005) = 1439 bytes 26Size (bash44-005) = 1439 bytes
 27SHA1 (bash44-006) = 59d9e79adb1fc35e086caa0fa2af49381fe8b2f5
 28RMD160 (bash44-006) = 6924afd21adc108a37350f2b3c36d4f7e0159423
 29SHA512 (bash44-006) = 5edcd76cf97bfe289f71924ba279ff48a1167eb3cc36f811cbcc23732746f5c821d1d39d4b137b7d99d57809a4b7270a54f4a41176fcfde0708bf92ddc68b77f
 30Size (bash44-006) = 1805 bytes
 31SHA1 (bash44-007) = 8924cde74fbb4fafeaf0ff6b5e4e94fcd2c2b98a
 32RMD160 (bash44-007) = 270ab48ad0c7dcf9bc2a0856c1eeb5b89819a3ce
 33SHA512 (bash44-007) = 386c019debee414697abc648d9a77894e842bb0b7a2a71709e8b3398582f25065e68963405fa22fb77439c6b431ee94a2ecbb16734c2436af3dfb4d1b5f06fcf
 34Size (bash44-007) = 4640 bytes
 35SHA1 (bash44-008) = b38e9df20869643ef9388cbab585610a20ccc847
 36RMD160 (bash44-008) = f9634425241188bb2ec79b1212d2e76dbfdd4592
 37SHA512 (bash44-008) = d9a8924f1c9263deab89153bb688a87f211913ebd72c8077e607db6fdddc7e5af05042dd22a9a2df593e518ea74b54ca79d20afc796e47d871827a2556e233d0
 38Size (bash44-008) = 2223 bytes
 39SHA1 (bash44-009) = 4bd44109ff79f0d6da19c27948dc40db9598da85
 40RMD160 (bash44-009) = 4beb1212b56e82dc005f1026852aa5564f7eeafe
 41SHA512 (bash44-009) = 3b01c080cf4a54658679b36c282a69a9ac48b900b19ceb42dbaf084abd395d50e5ff14db90a7fdf0c9856dad150897dca561160686c931634765782447fc076e
 42Size (bash44-009) = 3117 bytes
 43SHA1 (bash44-010) = 31180db58d25591f0744fc6923df1f8a97f0d19b
 44RMD160 (bash44-010) = a2f825a27b5c9854cb6b3cd9cc9e386ea7517222
 45SHA512 (bash44-010) = 54ff556b62fd88381e7a495db50957b016474973b3a566661c65b649a40960f2d3355221b3a71fb292128aad92a45d73d9816d63833bc416b4d15acdef391b98
 46Size (bash44-010) = 1670 bytes
 47SHA1 (bash44-011) = 240c287dc60cb69185a2a05b1341bfceafd1071a
 48RMD160 (bash44-011) = 63587fcb788ceced48dfd455c55868bb058ee647
 49SHA512 (bash44-011) = 6b5b068b74978fc691749ccff5e094c768047f702430e97114f5bf342f078696f7d7616d0642d4061b062e9112dfe00a1c2309c65de4147e0e98fb52c593d844
 50Size (bash44-011) = 1603 bytes
27SHA1 (patch-af) = e26e3209902247263884cfebc11a2f7e43245062 51SHA1 (patch-af) = e26e3209902247263884cfebc11a2f7e43245062
28SHA1 (patch-ag) = cd3b151e3bb045d2bb609c0a03d7d3df2c871f47 52SHA1 (patch-ag) = cd3b151e3bb045d2bb609c0a03d7d3df2c871f47
29SHA1 (patch-aj) = 2e4c15afd9b50d44967ee8e1f85bdc908c0eeeb0 53SHA1 (patch-aj) = 2e4c15afd9b50d44967ee8e1f85bdc908c0eeeb0
30SHA1 (patch-builtins_ulimit.def) = 1390069344607204eb3abbd6ddeb148ff590c55e 54SHA1 (patch-builtins_ulimit.def) = 1390069344607204eb3abbd6ddeb148ff590c55e
31SHA1 (patch-configure) = c4e1ab53a1ee85f3e6121047f0aca8ceb85e6e5d 55SHA1 (patch-configure) = c4e1ab53a1ee85f3e6121047f0aca8ceb85e6e5d
32SHA1 (patch-lib_readline_colors.c) = 4ebf871b883fc8ab6756758c423f777d9eb21da1 56SHA1 (patch-lib_readline_colors.c) = 4ebf871b883fc8ab6756758c423f777d9eb21da1
33SHA1 (patch-shell.c) = daa07914d4c318cd72463f80344f4f7c364809cd 57SHA1 (patch-shell.c) = daa07914d4c318cd72463f80344f4f7c364809cd
34SHA1 (patch-variables.c) = 0bb513cb863f82eb378b8c720bdfb1c31d21d36c 58SHA1 (patch-variables.c) = 0bb513cb863f82eb378b8c720bdfb1c31d21d36c