From e6b5525077eee1a6df5e924652548c885a664a84 Mon Sep 17 00:00:00 2001 From: wiz Date: Mon, 29 Sep 2014 12:08:12 +0000 Subject: Add another upstream security fix patch. Welcome to 4.3.027. --- shells/bash/Makefile | 7 +++---- shells/bash/distinfo | 7 +++++-- shells/bash/patches/patch-variables.c | 20 ++++++++++---------- 3 files changed, 18 insertions(+), 16 deletions(-) (limited to 'shells') diff --git a/shells/bash/Makefile b/shells/bash/Makefile index 00c2bc33453..5b7c1e6d86b 100644 --- a/shells/bash/Makefile +++ b/shells/bash/Makefile @@ -1,11 +1,10 @@ -# $NetBSD: Makefile,v 1.68 2014/09/27 02:50:26 christos Exp $ +# $NetBSD: Makefile,v 1.69 2014/09/29 12:08:12 wiz Exp $ BASH_VERSION= 4.3 -BASH_PATCHLEVEL= 026 +BASH_PATCHLEVEL= 027 DISTNAME= bash-${BASH_VERSION} PKGNAME= bash-${BASH_VERSION}.${BASH_PATCHLEVEL} -PKGREVISION= 1 CATEGORIES= shells MASTER_SITES= ${MASTER_SITE_GNU:=bash/} \ ftp://ftp.cwru.edu/pub/bash/ @@ -16,7 +15,7 @@ PATCHFILES+= bash43-006 bash43-007 bash43-008 bash43-009 bash43-010 PATCHFILES+= bash43-011 bash43-012 bash43-013 bash43-014 bash43-015 PATCHFILES+= bash43-016 bash43-017 bash43-018 bash43-019 bash43-020 PATCHFILES+= bash43-021 bash43-022 bash43-023 bash43-024 bash43-025 -PATCHFILES+= bash43-026 +PATCHFILES+= bash43-026 bash43-027 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.gnu.org/software/bash/bash.html diff --git a/shells/bash/distinfo b/shells/bash/distinfo index fa9853010b4..bc32663f93d 100644 --- a/shells/bash/distinfo +++ b/shells/bash/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.34 2014/09/27 02:50:26 christos Exp $ +$NetBSD: distinfo,v 1.35 2014/09/29 12:08:12 wiz Exp $ SHA1 (bash-4.3.tar.gz) = 45ac3c5727e7262334f4dfadecdf601b39434e84 RMD160 (bash-4.3.tar.gz) = cd21a9f51ea7780994d4e2c9c7d16d5eb000f845 @@ -81,10 +81,13 @@ Size (bash43-025) = 3940 bytes SHA1 (bash43-026) = ddfe741f358fb6ff0182d7d1eb6b36aabe0598b7 RMD160 (bash43-026) = bec0d5846a592fee0b62b02713b8d9c908c02edb Size (bash43-026) = 1575 bytes +SHA1 (bash43-027) = d934917a67e353dc645a2af0e10ce0ecc2aa9282 +RMD160 (bash43-027) = 0203d8d9bd3c07c9763211f2f2c8c3410ab79af9 +Size (bash43-027) = 6889 bytes SHA1 (patch-af) = dfd1d1be3d822cfc3ae0fd21bb2bbd3e35b11f0d SHA1 (patch-ag) = 4da0a43f6b890482affff46b18eef4be67770e48 SHA1 (patch-aj) = 8b3c52c2aee9cf53ee5a9ce64ead243d0970305e SHA1 (patch-builtins_ulimit.def) = d4cb59bedc6a6199f9a99a3530c99374e428baeb SHA1 (patch-lib_readline_colors.c) = f2f47e7aa0b5c1e999368109de10f80e39fd4438 SHA1 (patch-shell.c) = 08e55c3fa57a9e8eb6366c4eba91aa70f487acb2 -SHA1 (patch-variables.c) = 9fa0c4fc7650581b23d4fa768a0c76757a8874aa +SHA1 (patch-variables.c) = 55472b2c79451cd1bc7bd4bf097c9b697f95f521 diff --git a/shells/bash/patches/patch-variables.c b/shells/bash/patches/patch-variables.c index bb93ba5b9dd..a373f6eeb16 100644 --- a/shells/bash/patches/patch-variables.c +++ b/shells/bash/patches/patch-variables.c @@ -1,10 +1,10 @@ -$NetBSD: patch-variables.c,v 1.1 2014/09/25 20:28:32 christos Exp $ +$NetBSD: patch-variables.c,v 1.2 2014/09/29 12:08:12 wiz Exp $ Only read functions from environment if flag is set. ---- variables.c.christos 2014-09-25 16:09:41.000000000 -0400 -+++ variables.c 2014-09-25 16:12:10.000000000 -0400 -@@ -105,6 +105,7 @@ +--- variables.c.orig 2014-09-29 12:04:58.000000000 +0000 ++++ variables.c +@@ -110,6 +110,7 @@ extern time_t shell_start_time; extern int assigning_in_environment; extern int executing_builtin; extern int funcnest_max; @@ -12,12 +12,12 @@ Only read functions from environment if flag is set. #if defined (READLINE) extern int no_line_editing; -@@ -349,7 +350,7 @@ +@@ -354,7 +355,7 @@ initialize_shell_variables (env, privmod /* If exported function, define it now. Don't import functions from the environment in privileged mode. */ -- if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4)) -+ if (import_functions && privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4)) - { - string_length = strlen (string); - temp_string = (char *)xmalloc (3 + string_length + char_index); +- if (privmode == 0 && read_but_dont_execute == 0 && ++ if (import_functions && privmode == 0 && read_but_dont_execute == 0 && + STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) && + STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) && + STREQN ("() {", string, 4)) -- cgit v1.2.3