Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Sep 2014 15:38:57 +0000 (UTC)
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r369261 - in head/shells/bash: . files
Message-ID:  <201409251538.s8PFcvVX037226@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bdrewery
Date: Thu Sep 25 15:38:56 2014
New Revision: 369261
URL: http://svnweb.freebsd.org/changeset/ports/369261
QAT: https://qat.redports.org/buildarchive/r369261/

Log:
  Fix CVE-2014-3659. The original fix in 25 was not enough.
  
  Obtained from:	http://seclists.org/oss-sec/2014/q3/690 (bash developer)
  Security:	CVE-2014-3659

Added:
  head/shells/bash/files/patch-parse.y   (contents, props changed)
Modified:
  head/shells/bash/Makefile

Modified: head/shells/bash/Makefile
==============================================================================
--- head/shells/bash/Makefile	Thu Sep 25 15:18:27 2014	(r369260)
+++ head/shells/bash/Makefile	Thu Sep 25 15:38:56 2014	(r369261)
@@ -4,7 +4,7 @@
 PORTNAME=		bash
 PATCHLEVEL=		25
 PORTVERSION=		4.3.${PATCHLEVEL:S/^0//g}
-PORTREVISION?=		0
+PORTREVISION?=		1
 CATEGORIES=		shells
 MASTER_SITES=		GNU
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -64,6 +64,9 @@ CONFLICTS+=		bash-static-[0-9]*
 .endif
 
 post-patch:
+# Ensure y.tab.c is regenerated
+	${TOUCH} ${WRKSRC}/parse.y
+	${RM} ${WRKSRC}/y.tab.c
 	@${REINPLACE_CMD} -e "s|%%PREFIX%%|${PREFIX}|g" ${WRKSRC}/doc/bash.1
 .if ${PORT_OPTIONS:MSYSLOG}
 	@${REINPLACE_CMD} \

Added: head/shells/bash/files/patch-parse.y
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/shells/bash/files/patch-parse.y	Thu Sep 25 15:38:56 2014	(r369261)
@@ -0,0 +1,13 @@
+http://seclists.org/oss-sec/2014/q3/690
+
+*** ../bash-20140912/parse.y	2014-08-26 15:09:42.000000000 -0400
+--- parse.y	2014-09-24 22:47:28.000000000 -0400
+***************
+*** 2959,2962 ****
+--- 2959,2964 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409251538.s8PFcvVX037226>