[pkgsrc/trunk]: pkgsrc/shells/bash Add fix for CVE-2014-7169.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/shells/bash Add fix for CVE-2014-7169.
From: tron <tron%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 16:30:43 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/98fb7336bdef
branches:  trunk
changeset: 639785:98fb7336bdef
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu Sep 25 14:02:34 2014 +0000

description:
Add fix for CVE-2014-7169.

diffstat:

 shells/bash/Makefile              |   6 +++++-
 shells/bash/distinfo              |   3 ++-
 shells/bash/patches/patch-parse.y |  17 +++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diffs (61 lines):

diff -r 6773e92cf347 -r 98fb7336bdef shells/bash/Makefile
--- a/shells/bash/Makefile      Thu Sep 25 13:56:50 2014 +0000
+++ b/shells/bash/Makefile      Thu Sep 25 14:02:34 2014 +0000
@@ -1,10 +1,11 @@
-# $NetBSD: Makefile,v 1.64 2014/09/24 15:24:35 wiz Exp $
+# $NetBSD: Makefile,v 1.65 2014/09/25 14:02:34 tron Exp $
 
 BASH_VERSION=          4.3
 BASH_PATCHLEVEL=       025
 
 DISTNAME=      bash-${BASH_VERSION}
 PKGNAME=       bash-${BASH_VERSION}.${BASH_PATCHLEVEL}
+PKGREVISION=   1
 CATEGORIES=    shells
 MASTER_SITES=  ${MASTER_SITE_GNU:=bash/} \
                ftp://ftp.cwru.edu/pub/bash/
@@ -102,6 +103,9 @@
 CONFIGURE_ENV+=                bash_cv_wexitstatus_offset=8
 .endif
 
+pre-configure:
+       ${RM} -f ${WRKSRC}/y.tab.c
+
 post-install:
        ${INSTALL_MAN} ${WRKSRC}/doc/bash.1 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1
        ${INSTALL_MAN} ${WRKSRC}/doc/bashbug.1 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1
diff -r 6773e92cf347 -r 98fb7336bdef shells/bash/distinfo
--- a/shells/bash/distinfo      Thu Sep 25 13:56:50 2014 +0000
+++ b/shells/bash/distinfo      Thu Sep 25 14:02:34 2014 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.31 2014/09/24 15:24:35 wiz Exp $
+$NetBSD: distinfo,v 1.32 2014/09/25 14:02:34 tron Exp $
 
 SHA1 (bash-4.3.tar.gz) = 45ac3c5727e7262334f4dfadecdf601b39434e84
 RMD160 (bash-4.3.tar.gz) = cd21a9f51ea7780994d4e2c9c7d16d5eb000f845
@@ -83,3 +83,4 @@
 SHA1 (patch-aj) = 8b3c52c2aee9cf53ee5a9ce64ead243d0970305e
 SHA1 (patch-builtins_ulimit.def) = d4cb59bedc6a6199f9a99a3530c99374e428baeb
 SHA1 (patch-lib_readline_colors.c) = f2f47e7aa0b5c1e999368109de10f80e39fd4438
+SHA1 (patch-parse.y) = 41c747ef8095b43c6b077a3fab54105d338f156e
diff -r 6773e92cf347 -r 98fb7336bdef shells/bash/patches/patch-parse.y
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/shells/bash/patches/patch-parse.y Thu Sep 25 14:02:34 2014 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-parse.y,v 1.1 2014/09/25 14:02:34 tron Exp $
+
+Fix for CVE-2014-7169 taken from here:
+
+http://www.openwall.com/lists/oss-security/2014/09/25/10
+
+--- parse.y.orig       2014-09-25 14:24:07.000000000 +0100
++++ parse.y    2014-09-25 14:25:05.000000000 +0100
+@@ -2953,6 +2953,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
++  eol_ungetc_lookahead = 0;
++
+   current_token = '\n';               /* XXX */
+   last_read_token = '\n';
+   token_to_read = '\n';

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc Updated devel/deforaos-libsystem to 0.2.0
Next by Date: [pkgsrc/trunk]: pkgsrc/net/ruby-userstream Update ruby-userstream to 1.4.0.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated devel/deforaos-libsystem to 0.2.0
Next by Thread: [pkgsrc/trunk]: pkgsrc/net/ruby-userstream Update ruby-userstream to 1.4.0.
Indexes:

Home | Main Index | Thread Index | Old Index