diff options
| author | wiz <wiz> | 2014-10-07 00:16:52 +0000 |
|---|---|---|
| committer | wiz <wiz> | 2014-10-07 00:16:52 +0000 |
| commit | a6cb2f41ce0704473f9d123418e771d2b7ed2c74 (patch) | |
| tree | 47eaa87d483a5fc50d9f86067e1b50b380079ccc | |
| parent | c6d2ef7ab9cbe9f6e0f85436618000a08f718aaf (diff) | |
| download | pkgsrc-a6cb2f41ce0704473f9d123418e771d2b7ed2c74.tar.gz | |
Another day, another bash patch. Welcome to 4.3.030.
Fixes CVE-2014-6278:
A combination of nested command substitutions and function importing
from the environment can cause bash to execute code appearing in
the environment variable value following the function definition.
| -rw-r--r-- | shells/bash/Makefile | 6 | ||||
| -rw-r--r-- | shells/bash/distinfo | 5 |
2 files changed, 7 insertions, 4 deletions
diff --git a/shells/bash/Makefile b/shells/bash/Makefile index cf4d230c6b3..2ab85d49d0c 100644 --- a/shells/bash/Makefile +++ b/shells/bash/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.71 2014/10/03 09:46:23 wiz Exp $ +# $NetBSD: Makefile,v 1.72 2014/10/07 00:16:52 wiz Exp $ BASH_VERSION= 4.3 -BASH_PATCHLEVEL= 029 +BASH_PATCHLEVEL= 030 DISTNAME= bash-${BASH_VERSION} PKGNAME= bash-${BASH_VERSION}.${BASH_PATCHLEVEL} @@ -15,7 +15,7 @@ PATCHFILES+= bash43-006 bash43-007 bash43-008 bash43-009 bash43-010 PATCHFILES+= bash43-011 bash43-012 bash43-013 bash43-014 bash43-015 PATCHFILES+= bash43-016 bash43-017 bash43-018 bash43-019 bash43-020 PATCHFILES+= bash43-021 bash43-022 bash43-023 bash43-024 bash43-025 -PATCHFILES+= bash43-026 bash43-027 bash43-028 bash43-029 +PATCHFILES+= bash43-026 bash43-027 bash43-028 bash43-029 bash43-030 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.gnu.org/software/bash/bash.html diff --git a/shells/bash/distinfo b/shells/bash/distinfo index 23f65a30e81..24fdb870027 100644 --- a/shells/bash/distinfo +++ b/shells/bash/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.37 2014/10/03 09:46:23 wiz Exp $ +$NetBSD: distinfo,v 1.38 2014/10/07 00:16:52 wiz Exp $ SHA1 (bash-4.3.tar.gz) = 45ac3c5727e7262334f4dfadecdf601b39434e84 RMD160 (bash-4.3.tar.gz) = cd21a9f51ea7780994d4e2c9c7d16d5eb000f845 @@ -90,6 +90,9 @@ Size (bash43-028) = 69606 bytes SHA1 (bash43-029) = 883ae5901a45940d04136b0beae491238d50f70b RMD160 (bash43-029) = 1103874024539f44b40e14058e4f7be3ed4b8b0e Size (bash43-029) = 1824 bytes +SHA1 (bash43-030) = ad1e978c051ef58584343ad24f165e614ed2a184 +RMD160 (bash43-030) = 9634eb9f937b10507fb5b750633b0d7ea17c3456 +Size (bash43-030) = 63206 bytes SHA1 (patch-af) = dfd1d1be3d822cfc3ae0fd21bb2bbd3e35b11f0d SHA1 (patch-ag) = 4da0a43f6b890482affff46b18eef4be67770e48 SHA1 (patch-aj) = 8b3c52c2aee9cf53ee5a9ce64ead243d0970305e |