From 9eaacc58c62fb1f9ca32af25a4f87e81bf3e62b9 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Sun, 28 Sep 2014 19:54:53 -0700 Subject: [PATCH] bash: function export hardening patch Another day another bash version bump. This is the final version of the patch to add a special prefix and suffix to exported functions in the environment, preventing bugs similar to the previous two from becoming remotely exploitable. http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00279.html There still remain two less significant memory-access issues, dubbed CVE-2014-7186 and CVE-2014-7187. So expect another bump soon. http://www.openwall.com/lists/oss-security/2014/09/25/32 --- .../coreos-overlay/app-shells/bash/Manifest | 2 ++ .../{bash-4.2_p49.ebuild => bash-4.2_p50.ebuild} | 13 +++++-------- 2 files changed, 7 insertions(+), 8 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-shells/bash/{bash-4.2_p49.ebuild => bash-4.2_p50.ebuild} (93%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/Manifest b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/Manifest index 46f7c8cbdc..ec86a30d59 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/Manifest @@ -47,3 +47,5 @@ DIST bash42-045 1572 SHA256 ddb7eff0f59d394a483b09feec3771d9026f81ba90afac32846a DIST bash42-046 1988 SHA256 95c1323b68c0ecc0ca09565ef2d5218625ced3957b702e04c8bcaad9e7b3816d SHA512 7e4a9d3961cb8bf8559f82684cb75fe8600a377522f582e1a9537696ceccab32d15d1045f850ea91ea8bd2cf286d79412bb47460af26bec8486d5f3137f5d54f WHIRLPOOL 68d83498307dec79bea516c7e7b03dfdff10116a716922c780c66d9017abb38cf6b32f17674490fed93b2701d8271f71f4aaeab6712b184fe4d880b818fab988 DIST bash42-047 1353 SHA256 c1979201d0345011c419a1c82407cd2a00c60a0c75b7f07e145d17f3718daf7a SHA512 0b43eefcc0ef3a55e309dff339db31a07849ce794e645d917f1836f48c71b84bdc50aa3315b3b2e33acef2e6e81a07f2a026cb43381d0f809c8271cc0a0699a0 WHIRLPOOL 5b2a3000dd72b4cd34f74ffcfe160fe891c8e55766913260207cdad0ed205843398ca9a261f41ef5d54c76782ae291809be0b78c3bb960ea84bb0676cdc6e263 DIST bash42-048 3258 SHA256 751a5d2330b21ac9aba7323acbbc91c948285f30a4bb41f56796f9a36b983d24 SHA512 4218377052da8900ab6d49b855ae6f7779ad94e9e76daf3424240fbbb1bab37b929989b976ecc3ccbfb66f3c278a7ba546e5d34b214382b41767991945d960b4 WHIRLPOOL 16da3dfb42b1cbb50841e381428135a9d0439d30c519725bd52bf55093c618b7ca8983b4638749dc87d5893a20b4cc5546c1ef5141f62d78fad8ccd5b4261fe7 +DIST bash42-049 1159 SHA256 901cd74cdd9f3e9bb5cc907d563e3d4dcdf9d5f6a751e85b706a958f51bc510e SHA512 a0472af2c3bb30fb3ebf0217b34261aa586314a05fc19c959b4931dcd064e0a6a8b4e37f8b4a9dd13d8fff38822e32e12fb28f4fcb73b0f6dcf42827fa5aba05 WHIRLPOOL a34df0a257a3db06b887abbda2afa823b471e1ba705318822e98d4740ce41fe906edf2d91602bcbbf97f1202067086b33217824af7cf8f2f71c58fb4d6fd65eb +DIST bash42-050 6650 SHA256 1a19b84455e83b46fcaa27759a5dd643dde2e11ceacd1e84e351970ea04d8ba6 SHA512 317a5f90d909a5db697025894b50f35f26f8293b3ce1ad9b8e9dc6d0661f277659c8cc0a70a113d3889b2de6e932e5af5ba89a427f32879c69d4e3db24e6a2a8 WHIRLPOOL 2d77d23cd0e2baa59f8024e3e09f9db48f0ab999157d9c6911c4893abcf6a3e320f8f1614049ebf2b7b9ff5da57041ef1fd1b873746a940cf720ca947ad75d43 diff --git a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p49.ebuild b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p50.ebuild similarity index 93% rename from sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p49.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p50.ebuild index 6cfb9c6685..7329df268b 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p49.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-shells/bash/bash-4.2_p50.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-shells/bash/bash-4.2_p48-r1.ebuild,v 1.4 2014/09/25 11:02:20 armin76 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-shells/bash/bash-4.2_p50.ebuild,v 1.1 2014/09/28 16:52:30 polynomial-c Exp $ EAPI="4" @@ -8,8 +8,7 @@ inherit eutils flag-o-matic toolchain-funcs multilib # Official patchlevel # See ftp://ftp.cwru.edu/pub/bash/bash-4.2-patches/ -#PLEVEL=${PV##*_p} -PLEVEL=48 +PLEVEL=${PV##*_p} MY_PV=${PV/_p*} MY_PV=${MY_PV/_/-} MY_P=${PN}-${MY_PV} @@ -35,7 +34,7 @@ SRC_URI="mirror://gnu/bash/${MY_P}.tar.gz $(patches)" LICENSE="GPL-3" SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" +KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" IUSE="afs bashlogger examples mem-scramble +net nls plugins +readline vanilla" DEPEND=">=sys-libs/ncurses-5.2-r2 @@ -85,8 +84,6 @@ src_prepare() { if ! use vanilla ; then epatch "${FILESDIR}"/${PN}-4.2-speed-up-read-N.patch fi - # proposed new release but not available for download yet - epatch "${FILESDIR}"/${PN}-4.2-049.patch epatch_user } @@ -179,8 +176,8 @@ src_install() { fi sed -i \ "${sed_args[@]}" \ - "${D}"/usr/share/skel/.bashrc \ - "${D}"/usr/share/bash/bashrc || die + "${ED}"/usr/share/skel/.bashrc \ + "${ED}"/usr/share/bash/bashrc || die if use plugins ; then exeinto /usr/$(get_libdir)/bash