summaryrefslogtreecommitdiff
path: root/shells/bash
diff options
context:
space:
mode:
authorspz <spz@pkgsrc.org>2012-07-18 15:43:09 +0000
committerspz <spz@pkgsrc.org>2012-07-18 15:43:09 +0000
commit1d8bc7358300aaf7769cb2333228867144edfe7b (patch)
tree9914516dc023f013353120bf22b3698c05ba0438 /shells/bash
parente75049012eb4dd35f0286f0dbc8cced3a73ff1ca (diff)
downloadpkgsrc-1d8bc7358300aaf7769cb2333228867144edfe7b.tar.gz
add patch from the Bash project fixing CVE-2012-3410
Diffstat (limited to 'shells/bash')
-rw-r--r--shells/bash/Makefile4
-rw-r--r--shells/bash/distinfo3
-rw-r--r--shells/bash/patches/patch-lib_sh_eaccess.c37
3 files changed, 41 insertions, 3 deletions
diff --git a/shells/bash/Makefile b/shells/bash/Makefile
index ea02468d17f..a9c457d6545 100644
--- a/shells/bash/Makefile
+++ b/shells/bash/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.52 2011/04/22 13:44:39 obache Exp $
+# $NetBSD: Makefile,v 1.53 2012/07/18 15:43:09 spz Exp $
BASH_VERSION= 4.2
DISTNAME= bash-${BASH_VERSION}
#PKGNAME= bash-${BASH_VERSION}.${BASH_PATCHLEVEL}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= shells
MASTER_SITES= ${MASTER_SITE_GNU:=bash/} \
ftp://ftp.cwru.edu/pub/bash/
diff --git a/shells/bash/distinfo b/shells/bash/distinfo
index 739b623c5a7..7be54aea22f 100644
--- a/shells/bash/distinfo
+++ b/shells/bash/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2011/03/22 04:45:31 obache Exp $
+$NetBSD: distinfo,v 1.25 2012/07/18 15:43:10 spz Exp $
SHA1 (bash-4.2.tar.gz) = 487840ab7134eb7901fbb2e49b0ee3d22de15cb8
RMD160 (bash-4.2.tar.gz) = df7ae51783f039a1234d3b720ffcf4bfa5d09673
@@ -8,3 +8,4 @@ SHA1 (patch-ag) = 4da0a43f6b890482affff46b18eef4be67770e48
SHA1 (patch-ai) = 26825922898567841bed0bf62a8dee3bcc50cd75
SHA1 (patch-aj) = 8b3c52c2aee9cf53ee5a9ce64ead243d0970305e
SHA1 (patch-ak) = 6dfb7195f45f81064f687a4c9febb9dcae721aa7
+SHA1 (patch-lib_sh_eaccess.c) = 484577f09efe67f604c3fb85afdb5a58b64f5b6c
diff --git a/shells/bash/patches/patch-lib_sh_eaccess.c b/shells/bash/patches/patch-lib_sh_eaccess.c
new file mode 100644
index 00000000000..f7bb5d94778
--- /dev/null
+++ b/shells/bash/patches/patch-lib_sh_eaccess.c
@@ -0,0 +1,37 @@
+$NetBSD: patch-lib_sh_eaccess.c,v 1.1 2012/07/18 15:43:12 spz Exp $
+
+from ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033
+
+ Bash-Release: 4.2
+ Patch-ID: bash42-033
+
+ Bug-Reported-by: David Leverton <levertond@googlemail.com>
+ Bug-Reference-ID: <4FCCE737.1060603@googlemail.com>
+ Bug-Reference-URL:
+
+ Bug-Description:
+
+ Bash uses a static buffer when expanding the /dev/fd prefix for the test
+ and conditional commands, among other uses, when it should use a dynamic
+ buffer to avoid buffer overflow.
+
+--- lib/sh/eaccess.c.orig 2011-01-09 01:50:10.000000000 +0000
++++ lib/sh/eaccess.c
+@@ -82,6 +82,8 @@ sh_stat (path, finfo)
+ const char *path;
+ struct stat *finfo;
+ {
++ static char *pbuf = 0;
++
+ if (*path == '\0')
+ {
+ errno = ENOENT;
+@@ -106,7 +108,7 @@ sh_stat (path, finfo)
+ trailing slash. Make sure /dev/fd/xx really uses DEV_FD_PREFIX/xx.
+ On most systems, with the notable exception of linux, this is
+ effectively a no-op. */
+- char pbuf[32];
++ pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
+ strcpy (pbuf, DEV_FD_PREFIX);
+ strcat (pbuf, path + 8);
+ return (stat (pbuf, finfo));