From owner-svn-ports-head@FreeBSD.ORG Thu Sep 25 19:45:00 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2A60EEEC for ; Thu, 25 Sep 2014 19:45:00 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0B3CA69A for ; Thu, 25 Sep 2014 19:45:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s8PJix1H071861 for ; Thu, 25 Sep 2014 19:44:59 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s8PJix3X071857 for svn-ports-head@freebsd.org; Thu, 25 Sep 2014 19:44:59 GMT (envelope-from bdrewery) Received: (qmail 20199 invoked from network); 25 Sep 2014 14:44:57 -0500 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 25 Sep 2014 14:44:57 -0500 Message-ID: <542470B0.70105@FreeBSD.org> Date: Thu, 25 Sep 2014 14:44:48 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1 MIME-Version: 1.0 To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r369261 - in head/shells/bash: . files References: <201409251538.s8PFcvVX037226@svn.freebsd.org> In-Reply-To: <201409251538.s8PFcvVX037226@svn.freebsd.org> OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OIFtTFkHBwaH4WIdW8esgHXEgiiLxakAA" X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 19:45:00 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OIFtTFkHBwaH4WIdW8esgHXEgiiLxakAA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 9/25/2014 10:38 AM, Bryan Drewery wrote: > Author: bdrewery > Date: Thu Sep 25 15:38:56 2014 > New Revision: 369261 > URL: http://svnweb.freebsd.org/changeset/ports/369261 > QAT: https://qat.redports.org/buildarchive/r369261/ >=20 > Log: > Fix CVE-2014-3659. The original fix in 25 was not enough. FYI this issue was reassigned to CVE-2014-7169. > =20 > Obtained from: http://seclists.org/oss-sec/2014/q3/690 (bash develope= r) > Security: CVE-2014-3659 >=20 > Added: > head/shells/bash/files/patch-parse.y (contents, props changed) > Modified: > head/shells/bash/Makefile >=20 > Modified: head/shells/bash/Makefile > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/shells/bash/Makefile Thu Sep 25 15:18:27 2014 (r369260) > +++ head/shells/bash/Makefile Thu Sep 25 15:38:56 2014 (r369261) > @@ -4,7 +4,7 @@ > PORTNAME=3D bash > PATCHLEVEL=3D 25 > PORTVERSION=3D 4.3.${PATCHLEVEL:S/^0//g} > -PORTREVISION?=3D 0 > +PORTREVISION?=3D 1 > CATEGORIES=3D shells > MASTER_SITES=3D GNU > MASTER_SITE_SUBDIR=3D ${PORTNAME} > @@ -64,6 +64,9 @@ CONFLICTS+=3D bash-static-[0-9]* > .endif > =20 > post-patch: > +# Ensure y.tab.c is regenerated > + ${TOUCH} ${WRKSRC}/parse.y > + ${RM} ${WRKSRC}/y.tab.c > @${REINPLACE_CMD} -e "s|%%PREFIX%%|${PREFIX}|g" ${WRKSRC}/doc/bash.1 > .if ${PORT_OPTIONS:MSYSLOG} > @${REINPLACE_CMD} \ >=20 > Added: head/shells/bash/files/patch-parse.y > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/shells/bash/files/patch-parse.y Thu Sep 25 15:38:56 2014 (r369= 261) > @@ -0,0 +1,13 @@ > +http://seclists.org/oss-sec/2014/q3/690 > + > +*** ../bash-20140912/parse.y 2014-08-26 15:09:42.000000000 -0400 > +--- parse.y 2014-09-24 22:47:28.000000000 -0400 > +*************** > +*** 2959,2962 **** > +--- 2959,2964 ---- > + word_desc_to_read =3D (WORD_DESC *)NULL; > + =20 > ++ eol_ungetc_lookahead =3D 0; > ++=20 > + current_token =3D '\n'; /* XXX */ > + last_read_token =3D '\n'; >=20 --=20 Regards, Bryan Drewery --OIFtTFkHBwaH4WIdW8esgHXEgiiLxakAA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQEcBAEBAgAGBQJUJHCwAAoJEDXXcbtuRpfP7YYIAJKqY9Gu0M2q7ajsD/yz+g3o I9xt7nrSRFQshEZyLtufRXSQBRnZ8ncpKSWv1H7a6meV+GNFRxvVU5U8507NohIE 7R02oModLuanXq+8/vPcTjWPDNNXnDf9HP+nol3st+4ljzTzwANxyurJYXilpqF5 NfgsvXo5PpHpWEZH2aG+W9PT80SK6lh9r1ZS0KO15QTjkk7zQFgxiJKVu5SzZSMc ZmbKGn6wbvdtdC1gJBGEPzi+gFXfIS/4tkE/Da/f70RVrbcPydEYY4ZAy6fjweRe bJvm1RFqbhqZWOmjUGKbhORRg0TFfypz0RVNdV2nzsVWvclFRpudWXm2vpZCS/w= =adA1 -----END PGP SIGNATURE----- --OIFtTFkHBwaH4WIdW8esgHXEgiiLxakAA--