From owner-freebsd-security@FreeBSD.ORG Fri Sep 26 21:01:40 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D6A955ED for ; Fri, 26 Sep 2014 21:01:40 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9901D837 for ; Fri, 26 Sep 2014 21:01:40 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s8QL1elN081266 for ; Fri, 26 Sep 2014 21:01:40 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s8QL1epT081264 for freebsd-security@freebsd.org; Fri, 26 Sep 2014 21:01:40 GMT (envelope-from bdrewery) Received: (qmail 63181 invoked from network); 26 Sep 2014 16:01:38 -0500 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 26 Sep 2014 16:01:38 -0500 Message-ID: <5425D427.8090309@FreeBSD.org> Date: Fri, 26 Sep 2014 16:01:27 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 Subject: Re: bash velnerability References: <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> <54243F0F.6070904@FreeBSD.org> <54244982.8010002@FreeBSD.org> <16EB2C50-FBBA-4797-83B0-FB340A737238@circl.lu> <542596E3.3070707@FreeBSD.org> <5425999A.3070405@FreeBSD.org> <5425A548.9090306@FreeBSD.org> In-Reply-To: <5425A548.9090306@FreeBSD.org> OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="MTurRjG07qWw2eVNCmuAqjHpejEKKteUn" X-Mailman-Approved-At: Fri, 26 Sep 2014 22:41:10 +0000 Cc: freebsd-security , freebsd-ports X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2014 21:01:40 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --MTurRjG07qWw2eVNCmuAqjHpejEKKteUn Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 9/26/2014 12:41 PM, Bryan Drewery wrote: > On 9/26/2014 11:51 AM, Bryan Drewery wrote: >> On 9/26/2014 11:46 AM, Bartek Rutkowski wrote: >>> Apparently, the full fix is still not delivered, accordingly to this:= >>> http://seclists.org/oss-sec/2014/q3/741 >>> >>> Kind regards, >>> Bartek Rutkowski >>> >> >> I'm pretty sure they call that a "feature". This is a bit different. I've disabled environment function importing in the port. Using --import-functions will allow it to work if you need it. https://svnweb.freebsd.org/changeset/ports/369341 --=20 Regards, Bryan Drewery --MTurRjG07qWw2eVNCmuAqjHpejEKKteUn Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQEcBAEBAgAGBQJUJdQnAAoJEDXXcbtuRpfPGLIH/jXFSyJal3Vnbj+CDSY+P5VZ 3oRq3spm96tpulRobGZG52gdlaSWTzoZrTvTN0vTA1WlUGzmV8tAVc8P0M8lvgho 6TJecVIVURzqu+Q9A6MVW82uc0G6F+tWY99lk0w1Vxz+ghyYlpIIWeaAXwrSSgbD RYDmnZapPvaTwdpQJRixCXRiR7SYElMWxXLF6L08KAJujpZUHCZa7kHRw8FSMSUN DjDFT/lnkWxFqnDjT7BU9Jf4hHwJUSpHxbA9RFKXS4ICekYZpfS1n5RTPOWeGtvY wLbRFIVISRQxgMjw/6X+F77ZvmUTEzU5jSbKkFhs2ZNNEb4oJbYAK44Nz6Ib5SQ= =PBZY -----END PGP SIGNATURE----- --MTurRjG07qWw2eVNCmuAqjHpejEKKteUn--