From 673c045f6d88e17938c25c3fd4a0a78ea0cf0ee7 Mon Sep 17 00:00:00 2001 From: Britney Fransen Date: Wed, 1 Oct 2014 17:15:37 +0000 Subject: bash: update to 4.3.027 closes #977 --- abs/core/bash/PKGBUILD | 169 +++++++++------------ ...2-do-not-use-memcpy-on-overlapping-memory.patch | 12 -- abs/core/bash/parser-oob-4.2.patch | 85 +++++++++++ abs/core/bash/privmode-setuid-fail.patch | 29 ++++ abs/core/bash/system.bashrc | 6 +- 5 files changed, 186 insertions(+), 115 deletions(-) delete mode 100644 abs/core/bash/bash-4.2-do-not-use-memcpy-on-overlapping-memory.patch create mode 100644 abs/core/bash/parser-oob-4.2.patch create mode 100644 abs/core/bash/privmode-setuid-fail.patch diff --git a/abs/core/bash/PKGBUILD b/abs/core/bash/PKGBUILD index c6f692a..fe5282c 100644 --- a/abs/core/bash/PKGBUILD +++ b/abs/core/bash/PKGBUILD @@ -1,19 +1,21 @@ -# $Id: PKGBUILD 193699 2013-08-28 09:22:56Z allan $ -# Maintainer: Allan McRae +# $Id$ +# Maintainer: Bartłomiej Piotrowski +# Contributor: Allan McRae # Contributor: Aaron Griffin pkgname=bash -_basever=4.2 -_patchlevel=045 #prepare for some patches +_basever=4.3 +_patchlevel=027 pkgver=$_basever.$_patchlevel -pkgrel=5 -pkgdesc="The GNU Bourne Again shell" +pkgrel=1 +pkgdesc='The GNU Bourne Again shell' arch=('i686' 'x86_64') license=('GPL') -url="http://www.gnu.org/software/bash/bash.html" +url='http://www.gnu.org/software/bash/bash.html' groups=('base') backup=(etc/bash.bash{rc,_logout} etc/skel/.bash{rc,_profile,_logout}) -depends=('readline>=6.1' 'glibc') +depends=('readline>=6.3' 'glibc') +optdepends=('bash-completion: for tab completion') provides=('sh') install=bash.install source=(http://ftp.gnu.org/gnu/bash/bash-$_basever.tar.gz{,.sig} @@ -22,26 +24,32 @@ source=(http://ftp.gnu.org/gnu/bash/bash-$_basever.tar.gz{,.sig} dot.bash_logout system.bashrc system.bash_logout - bash-4.2-do-not-use-memcpy-on-overlapping-memory.patch) -if [ $_patchlevel -gt 000 ]; then - for (( p=1; p<=$((10#${_patchlevel})); p++ )); do - source=(${source[@]} http://ftp.gnu.org/gnu/bash/bash-$_basever-patches/bash${_basever//./}-$(printf "%03d" $p){,.sig}) - done + privmode-setuid-fail.patch + parser-oob-4.2.patch) + +if [[ $((10#${_patchlevel})) -gt 0 ]]; then + for (( _p=1; _p<=$((10#${_patchlevel})); _p++ )); do + source=(${source[@]} http://ftp.gnu.org/gnu/bash/bash-$_basever-patches/bash${_basever//.}-$(printf "%03d" $_p){,.sig}) + done fi prepare() { - cd ${srcdir}/${pkgname}-$_basever + cd $pkgname-$_basever - for (( p=1; p<=$((10#${_patchlevel})); p++ )); do - msg "applying patch bash${_basever//./}-$(printf "%03d" $p)" - patch -p0 -i $srcdir/bash${_basever//./}-$(printf "%03d" $p) + for (( _p=1; _p<=$((10#${_patchlevel})); _p++ )); do + msg "applying patch bash${_basever//.}-$(printf "%03d" $_p)" + patch -p0 -i ../bash${_basever//.}-$(printf "%03d" $_p) done - - patch -p1 -i $srcdir/bash-4.2-do-not-use-memcpy-on-overlapping-memory.patch + + # http://hmarco.org/bugs/bash_4.3-setuid-bug.html (FS#40663) + patch -p0 -i ../privmode-setuid-fail.patch + + # CVE-2014-7169 patches + patch -p0 -i ../parser-oob-4.2.patch } build() { - cd ${srcdir}/${pkgname}-$_basever + cd $pkgname-$_basever _bashconfig=(-DDEFAULT_PATH_VALUE=\'\"/usr/local/sbin:/usr/local/bin:/usr/bin\"\' -DSTANDARD_UTILS_PATH=\'\"/usr/bin\"\' @@ -55,123 +63,84 @@ build() { } check() { - cd ${srcdir}/${pkgname}-$_basever - make check + make -C $pkgname-$_basever check } package() { - cd ${srcdir}/${pkgname}-$_basever - make DESTDIR=${pkgdir} install - - ln -s bash ${pkgdir}/usr/bin/sh + make -C $pkgname-$_basever DESTDIR="$pkgdir" install + ln -s bash "$pkgdir"/usr/bin/sh - install -dm755 ${pkgdir}/etc/skel/ - + install -dm755 "$pkgdir"/etc/skel/ # system-wide configuration files - install -m644 ${srcdir}/system.bashrc ${pkgdir}/etc/bash.bashrc - install -m644 ${srcdir}/system.bash_logout ${pkgdir}/etc/bash.bash_logout - + install -m644 system.bashrc $pkgdir/etc/bash.bashrc + install -m644 system.bash_logout "$pkgdir"/etc/bash.bash_logout + # user configuration file skeletons - install -m644 ${srcdir}/dot.bashrc ${pkgdir}/etc/skel/.bashrc - install -m644 ${srcdir}/dot.bash_profile ${pkgdir}/etc/skel/.bash_profile - install -m644 ${srcdir}/dot.bash_logout ${pkgdir}/etc/skel/.bash_logout + install -m644 dot.bashrc "$pkgdir"/etc/skel/.bashrc + install -m644 dot.bash_profile "$pkgdir"/etc/skel/.bash_profile + install -m644 dot.bash_logout "$pkgdir"/etc/skel/.bash_logout } -md5sums=('3fb927c7c33022f1c327f14a81c0d4b0' +md5sums=('81348932d5da294953e15d4814c74dd1' 'SKIP' '027d6bd8f5f6a06b75bb7698cb478089' '2902e0fee7a9168f3a4fd2ccd60ff047' '42f4400ed2314bd7519c020d0187edc5' - '3546099a1b2f667adc9794f52e78e35b' + '561949793177116b7be29a07c385ba8b' '472f536d7c9e8250dc4568ec4cfaf294' - '9e55d01f2d9dda4a0c96031b25d19f45' - '1100bc1dda2cdc06ac44d7e5d17864a3' - 'SKIP' - '30e7948079921d3261efcc6a40722135' - 'SKIP' - '9ea06decec43a198f3d7cf29acc602f8' - 'SKIP' - 'fb48f6134d7b013135929476aa0c250c' - 'SKIP' - 'e70e45de33426b38153b390be0dbbcd4' - 'SKIP' - 'ce4e5c484993705b27daa151eca242c2' - 'SKIP' - '88d1f96db29461767602e2546803bda7' - 'SKIP' - '24c574bf6d6a581e300823d9c1276af6' - 'SKIP' - '4c5835f2fbab36c4292bb334977e5b6d' - 'SKIP' - '0a51602b535ef661ee707be6c8bdb373' - 'SKIP' - '58deacf3d57cbd75575444ff6a3b0806' - 'SKIP' - '72d5059820015231483bb7415d09e9db' - 'SKIP' - '608336ebe215984ef126e3c29d2d3409' - 'SKIP' - 'ed19da878e3f630834c62b9d9dcc6fce' - 'SKIP' - '2d07daba0b8ca8f876d2aa052ff594b4' - 'SKIP' - '53d246537e1fffd1aaa02ba5c056211c' - 'SKIP' - '304fd129a58fee2d8a34f8b4704db0aa' - 'SKIP' - '6921a0b4228fe89b6537a5c29f027c89' - 'SKIP' - '1195d85447f3d048d2c9bcd075fa765c' + 'a577d42e38249d298d6a8d4bf2823883' + '461145288c8ffbf05c0f90554b2aa885' + '1ab682b4e36afa4cf1b426aa7ac81c0d' 'SKIP' - 'b09000bba08da6ac753124593850cdf7' + '8fc22cf50ec85da00f6af3d66f7ddc1b' 'SKIP' - '09d3f96a16b881334cfaee0cf320b47e' + 'a41728eca78858758e26b5dea64ae506' 'SKIP' - '597bf71a2aac6feb510b7505cdd3d4f7' + 'bf8d53d227829d67235927689a03cc7a' 'SKIP' - '3fab459b4e09daea529cacad025b13b3' + 'c0c00935c8b8ffff76e8ab77e7be7d15' 'SKIP' - '4ad8d11e72afc6090e701073ff034cf4' + '6f01e364cd092faa28dd7119f47ddb5f' 'SKIP' - 'c7d2493e44490f01dd20bdc8feb0a6a7' + 'dcf471d222bcd83283d3094e6ceeb6f8' 'SKIP' - '9f19c199dd8d1fa9254eebe738759272' + 'f7553416646dc26c266454c78a916d36' 'SKIP' - 'a6ed82daf034587aee2f2581ba5fe829' + '7e73d2151f4064b484a4ba2c4b09960e' 'SKIP' - 'da9265aa2527fd4a7481baa3e0550287' + 'a275463d21735bb6d7161f9fbd320d8f' 'SKIP' - 'ec444d229e8899fbaaf6fc7de2d82ae6' + 'c17103ee20420d77e46b224c8d3fceda' 'SKIP' - 'b4bc1c4dc1b508ff9cdfc44f1a5039b5' + '3e2a057a19d02b3f92a3a09eacbc03ae' 'SKIP' - '89390ff6a3c2ef7e09dd4b8b097a8e56' + 'fb377143a996d4ff087a2771bc8332f9' 'SKIP' - 'eee08003395c417f677d1a4bf8c548ee' + '1a1aaecc99a9d0cbc310e8e247dcc8b6' 'SKIP' - '2fe070dd6d75d8ff16f269184a16e9c4' + '4f04387458a3c1b4d460d199f49991a8' 'SKIP' - '4e610506c1711bf3483b965800ac3d5d' + '90e759709720c4f877525bebc9d5dc06' 'SKIP' - '7cd9bfdf7cbfd45274d07620ee94c8d9' + '11e4046e1b86070f6adbb7ffc89641be' 'SKIP' - '9c3142956064d175a880bcb186e51ef9' + 'cd5a9b46f5bea0dc0248c93c7dfac011' 'SKIP' - 'c10692f447d4966c879f8fb8d7c8ebc9' + 'cff4dc024d9d3456888aaaf8a36ca774' 'SKIP' - '9ef3c308cde413e95866c1266cfb4e98' + '167839c5f147347f4a03d88ab97ff787' 'SKIP' - 'cd48f57a404498d4e5c73a3501c4b1a5' + '1d350671c48dec30b34d8b81f09cd79d' 'SKIP' - '00a2371b6c05acbfce6bc850c6d982f8' + '11c349af66a55481a3215ef2520bec36' 'SKIP' - '7bc4942a66ca4024ee964db7ede07896' + 'b3cb0d80fd0c47728264405cbb3b23c7' 'SKIP' - '1cf7701017ebfc8e129de92c8f8b798c' + 'b5ea5600942acceb4b6f07313d2de74e' 'SKIP' - '9e61168fca692d8d1a733c389a63712e' + '193c06f578d38ffdbaebae9c51a7551f' 'SKIP' - 'b4b11d64b45ea9ec50dcc74c6c3861f6' + '922578e2be7ed03729454e92ee8d3f3a' 'SKIP' - '1661bcc83c4715f54368877452ff2247' + '8ff6948b16f2db5c29b1b9ae1085bbe7' 'SKIP') diff --git a/abs/core/bash/bash-4.2-do-not-use-memcpy-on-overlapping-memory.patch b/abs/core/bash/bash-4.2-do-not-use-memcpy-on-overlapping-memory.patch deleted file mode 100644 index c621f0a..0000000 --- a/abs/core/bash/bash-4.2-do-not-use-memcpy-on-overlapping-memory.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur bash-4.2-orig/general.c bash-4.2/general.c ---- bash-4.2-orig/general.c 2010-12-13 06:06:27.000000000 +1000 -+++ bash-4.2/general.c 2013-08-25 21:52:36.681484302 +1000 -@@ -766,7 +766,7 @@ - *nbeg++ = '.'; - - nlen = nend - ntail; -- memcpy (nbeg, ntail, nlen); -+ memmove (nbeg, ntail, nlen); - nbeg[nlen] = '\0'; - - return name; diff --git a/abs/core/bash/parser-oob-4.2.patch b/abs/core/bash/parser-oob-4.2.patch new file mode 100644 index 0000000..2ef5c48 --- /dev/null +++ b/abs/core/bash/parser-oob-4.2.patch @@ -0,0 +1,85 @@ +--- ../bash-4.2-orig/parse.y 2014-09-25 13:07:59.218209276 +0200 ++++ parse.y 2014-09-25 15:26:52.813159810 +0200 +@@ -264,9 +264,21 @@ + + /* Variables to manage the task of reading here documents, because we need to + defer the reading until after a complete command has been collected. */ +-static REDIRECT *redir_stack[10]; ++static REDIRECT **redir_stack; + int need_here_doc; + ++/* Pushes REDIR onto redir_stack, resizing it as needed. */ ++static void ++push_redir_stack (REDIRECT *redir) ++{ ++ /* Guard against oveflow. */ ++ if (need_here_doc + 1 > INT_MAX / sizeof (*redir_stack)) ++ abort (); ++ redir_stack = xrealloc (redir_stack, ++ (need_here_doc + 1) * sizeof (*redir_stack)); ++ redir_stack[need_here_doc++] = redir; ++} ++ + /* Where shell input comes from. History expansion is performed on each + line when the shell is interactive. */ + static char *shell_input_line = (char *)NULL; +@@ -519,42 +531,42 @@ + source.dest = 0; + redir.filename = $2; + $$ = make_redirection (source, r_reading_until, redir, 0); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | NUMBER LESS_LESS WORD + { + source.dest = $1; + redir.filename = $3; + $$ = make_redirection (source, r_reading_until, redir, 0); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | REDIR_WORD LESS_LESS WORD + { + source.filename = $1; + redir.filename = $3; + $$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | LESS_LESS_MINUS WORD + { + source.dest = 0; + redir.filename = $2; + $$ = make_redirection (source, r_deblank_reading_until, redir, 0); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | NUMBER LESS_LESS_MINUS WORD + { + source.dest = $1; + redir.filename = $3; + $$ = make_redirection (source, r_deblank_reading_until, redir, 0); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | REDIR_WORD LESS_LESS_MINUS WORD + { + source.filename = $1; + redir.filename = $3; + $$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN); +- redir_stack[need_here_doc++] = $$; ++ push_redir_stack ($$); + } + | LESS_LESS_LESS WORD + { +@@ -4757,7 +4769,7 @@ + case CASE: + case SELECT: + case FOR: +- if (word_top < MAX_CASE_NEST) ++ if (word_top + 1 < MAX_CASE_NEST) + word_top++; + word_lineno[word_top] = line_number; + break; + + diff --git a/abs/core/bash/privmode-setuid-fail.patch b/abs/core/bash/privmode-setuid-fail.patch new file mode 100644 index 0000000..059857d --- /dev/null +++ b/abs/core/bash/privmode-setuid-fail.patch @@ -0,0 +1,29 @@ +*** ../bash-4.3-patched/shell.c 2014-01-14 08:04:32.000000000 -0500 +--- shell.c 2014-06-06 16:29:01.000000000 -0400 +*************** +*** 1227,1232 **** + disable_priv_mode () + { +! setuid (current_user.uid); +! setgid (current_user.gid); + current_user.euid = current_user.uid; + current_user.egid = current_user.gid; +--- 1229,1246 ---- + disable_priv_mode () + { +! int e; +! +! if (setuid (current_user.uid) < 0) +! { +! e = errno; +! sys_error (_("cannot set uid to %d: effective uid %d"), current_user.uid, current_user.euid); +! #if defined (EXIT_ON_SETUID_FAILURE) +! if (e == EAGAIN) +! exit (e); +! #endif +! } +! if (setgid (current_user.gid) < 0) +! sys_error (_("cannot set gid to %d: effective gid %d"), current_user.gid, current_user.egid); +! + current_user.euid = current_user.uid; + current_user.egid = current_user.gid; diff --git a/abs/core/bash/system.bashrc b/abs/core/bash/system.bashrc index a2231e8..4d7a643 100644 --- a/abs/core/bash/system.bashrc +++ b/abs/core/bash/system.bashrc @@ -12,11 +12,11 @@ PS4='+ ' case ${TERM} in xterm*|rxvt*|Eterm|aterm|kterm|gnome*) - PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' - + PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"' + ;; screen) - PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' + PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"' ;; esac -- cgit v0.12