svn commit: r369467 - in head/shells/bash: . files

Bryan Drewery bdrewery at FreeBSD.org
Sun Sep 28 16:47:01 UTC 2014 

Author: bdrewery
Date: Sun Sep 28 16:47:00 2014
New Revision: 369467
URL: http://svnweb.freebsd.org/changeset/ports/369467
QAT: https://qat.redports.org/buildarchive/r369467/

Log:
  - Update to patchlevel 27 which changes how functions are exported.
    This should eliminate the recent vulnerabilities, but keep the
    requirement for --import-functions/IMPORTFUNCTIONS option for now.
  - Loosen the --import-functions requirement so it is not needed when running
    an interactive shell. It is already disallowed for privileged/setuid mode.
  - Show an error on stderr when an imported function is ignored.

Modified:
  head/shells/bash/Makefile
  head/shells/bash/distinfo
  head/shells/bash/files/extrapatch-import-functions

Modified: head/shells/bash/Makefile
==============================================================================
--- head/shells/bash/Makefile	Sun Sep 28 16:37:33 2014	(r369466)
+++ head/shells/bash/Makefile	Sun Sep 28 16:47:00 2014	(r369467)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=		bash
-PATCHLEVEL=		26
+PATCHLEVEL=		27
 PORTVERSION=		4.3.${PATCHLEVEL:S/^0//g}
 PORTREVISION?=		0
 CATEGORIES=		shells

Modified: head/shells/bash/distinfo
==============================================================================
--- head/shells/bash/distinfo	Sun Sep 28 16:37:33 2014	(r369466)
+++ head/shells/bash/distinfo	Sun Sep 28 16:47:00 2014	(r369467)
@@ -52,3 +52,5 @@ SHA256 (bash/bash43-025) = 1e5186f5c4a61
 SIZE (bash/bash43-025) = 3940
 SHA256 (bash/bash43-026) = 2ecc12201b3ba4273b63af4e9aad2305168cf9babf6d11152796db08724c214d
 SIZE (bash/bash43-026) = 1575
+SHA256 (bash/bash43-027) = 1eb76ad28561d27f7403ff3c76a36e932928a4b58a01b868d663c165f076dabe
+SIZE (bash/bash43-027) = 6889

Modified: head/shells/bash/files/extrapatch-import-functions
==============================================================================
--- head/shells/bash/files/extrapatch-import-functions	Sun Sep 28 16:37:33 2014	(r369466)
+++ head/shells/bash/files/extrapatch-import-functions	Sun Sep 28 16:47:00 2014	(r369467)
@@ -19,12 +19,9 @@ Based on christos at NetBSD's patch
    { "noprofile", Int, &no_profile, (char **)0x0 },
    { "norc", Int, &no_rc, (char **)0x0 },
 
-$NetBSD: patch-variables.c,v 1.1 2014/09/25 20:28:32 christos Exp $
-
-Only read functions from environment if flag is set.
---- variables.c.christos        2014-09-25 16:09:41.000000000 -0400
-+++ variables.c 2014-09-25 16:12:10.000000000 -0400
-@@ -105,6 +105,7 @@
+--- variables.c.orig	2014-09-28 11:15:53.189768951 -0500
++++ variables.c	2014-09-28 11:27:07.250722694 -0500
+@@ -110,6 +110,7 @@ extern time_t shell_start_time;
  extern int assigning_in_environment;
  extern int executing_builtin;
  extern int funcnest_max;
@@ -32,12 +29,38 @@ Only read functions from environment if 
  
  #if defined (READLINE)
  extern int no_line_editing;
-@@ -349,7 +350,7 @@ initialize_shell_variables (env, privmod
+@@ -328,6 +329,7 @@ initialize_shell_variables (env, privmod
+   char *name, *string, *temp_string;
+   int c, char_index, string_index, string_length, ro;
+   SHELL_VAR *temp_var;
++  int skipped_import;
+ 
+   create_variable_tables ();
+ 
+@@ -352,9 +354,12 @@ initialize_shell_variables (env, privmod
  
+       temp_var = (SHELL_VAR *)NULL;
+ 
++      skipped_import = 0;
++reval:
++
        /* If exported function, define it now.  Don't import functions from
  	 the environment in privileged mode. */
--      if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
-+      if (import_functions && privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
- 	{
+-      if (privmode == 0 && read_but_dont_execute == 0 && 
++      if (skipped_import == 0 && privmode == 0 && read_but_dont_execute == 0 && 
+           STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) &&
+           STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) &&
+ 	  STREQN ("() {", string, 4))
+@@ -367,6 +372,12 @@ initialize_shell_variables (env, privmod
+ 	  tname = name + BASHFUNC_PREFLEN;	/* start of func name */
+ 	  tname[namelen] = '\0';		/* now tname == func name */
+ 
++	  if (!import_functions && !interactive_shell) {
++		  skipped_import = 1;
++		  report_error (_("Skipping importing function definition for `%s': --import-functions required."), tname);
++		  goto reval;
++	  }
++
  	  string_length = strlen (string);
- 	  temp_string = (char *)xmalloc (3 + string_length + char_index);
+ 	  temp_string = (char *)xmalloc (namelen + string_length + 2);
+

More information about the svn-ports-head mailing list