From owner-svn-ports-branches@FreeBSD.ORG Sun Sep 28 16:47:45 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7DA34208; Sun, 28 Sep 2014 16:47:45 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 60652AFE; Sun, 28 Sep 2014 16:47:45 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8SGljuK037826; Sun, 28 Sep 2014 16:47:45 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8SGliqL037823; Sun, 28 Sep 2014 16:47:44 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201409281647.s8SGliqL037823@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Sun, 28 Sep 2014 16:47:44 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369468 - in branches/2014Q3/shells/bash: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Sep 2014 16:47:45 -0000 Author: bdrewery Date: Sun Sep 28 16:47:44 2014 New Revision: 369468 URL: http://svnweb.freebsd.org/changeset/ports/369468 QAT: https://qat.redports.org/buildarchive/r369468/ Log: MFH: r369467 - Update to patchlevel 27 which changes how functions are exported. This should eliminate the recent vulnerabilities, but keep the requirement for --import-functions/IMPORTFUNCTIONS option for now. - Loosen the --import-functions requirement so it is not needed when running an interactive shell. It is already disallowed for privileged/setuid mode. - Show an error on stderr when an imported function is ignored. Modified: branches/2014Q3/shells/bash/Makefile branches/2014Q3/shells/bash/distinfo branches/2014Q3/shells/bash/files/extrapatch-import-functions Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/shells/bash/Makefile ============================================================================== --- branches/2014Q3/shells/bash/Makefile Sun Sep 28 16:47:00 2014 (r369467) +++ branches/2014Q3/shells/bash/Makefile Sun Sep 28 16:47:44 2014 (r369468) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= bash -PATCHLEVEL= 26 +PATCHLEVEL= 27 PORTVERSION= 4.3.${PATCHLEVEL:S/^0//g} PORTREVISION?= 0 CATEGORIES= shells Modified: branches/2014Q3/shells/bash/distinfo ============================================================================== --- branches/2014Q3/shells/bash/distinfo Sun Sep 28 16:47:00 2014 (r369467) +++ branches/2014Q3/shells/bash/distinfo Sun Sep 28 16:47:44 2014 (r369468) @@ -52,3 +52,5 @@ SHA256 (bash/bash43-025) = 1e5186f5c4a61 SIZE (bash/bash43-025) = 3940 SHA256 (bash/bash43-026) = 2ecc12201b3ba4273b63af4e9aad2305168cf9babf6d11152796db08724c214d SIZE (bash/bash43-026) = 1575 +SHA256 (bash/bash43-027) = 1eb76ad28561d27f7403ff3c76a36e932928a4b58a01b868d663c165f076dabe +SIZE (bash/bash43-027) = 6889 Modified: branches/2014Q3/shells/bash/files/extrapatch-import-functions ============================================================================== --- branches/2014Q3/shells/bash/files/extrapatch-import-functions Sun Sep 28 16:47:00 2014 (r369467) +++ branches/2014Q3/shells/bash/files/extrapatch-import-functions Sun Sep 28 16:47:44 2014 (r369468) @@ -19,12 +19,9 @@ Based on christos@NetBSD's patch { "noprofile", Int, &no_profile, (char **)0x0 }, { "norc", Int, &no_rc, (char **)0x0 }, -$NetBSD: patch-variables.c,v 1.1 2014/09/25 20:28:32 christos Exp $ - -Only read functions from environment if flag is set. ---- variables.c.christos 2014-09-25 16:09:41.000000000 -0400 -+++ variables.c 2014-09-25 16:12:10.000000000 -0400 -@@ -105,6 +105,7 @@ +--- variables.c.orig 2014-09-28 11:15:53.189768951 -0500 ++++ variables.c 2014-09-28 11:27:07.250722694 -0500 +@@ -110,6 +110,7 @@ extern time_t shell_start_time; extern int assigning_in_environment; extern int executing_builtin; extern int funcnest_max; @@ -32,12 +29,38 @@ Only read functions from environment if #if defined (READLINE) extern int no_line_editing; -@@ -349,7 +350,7 @@ initialize_shell_variables (env, privmod +@@ -328,6 +329,7 @@ initialize_shell_variables (env, privmod + char *name, *string, *temp_string; + int c, char_index, string_index, string_length, ro; + SHELL_VAR *temp_var; ++ int skipped_import; + + create_variable_tables (); + +@@ -352,9 +354,12 @@ initialize_shell_variables (env, privmod + temp_var = (SHELL_VAR *)NULL; + ++ skipped_import = 0; ++reval: ++ /* If exported function, define it now. Don't import functions from the environment in privileged mode. */ -- if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4)) -+ if (import_functions && privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4)) - { +- if (privmode == 0 && read_but_dont_execute == 0 && ++ if (skipped_import == 0 && privmode == 0 && read_but_dont_execute == 0 && + STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) && + STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) && + STREQN ("() {", string, 4)) +@@ -367,6 +372,12 @@ initialize_shell_variables (env, privmod + tname = name + BASHFUNC_PREFLEN; /* start of func name */ + tname[namelen] = '\0'; /* now tname == func name */ + ++ if (!import_functions && !interactive_shell) { ++ skipped_import = 1; ++ report_error (_("Skipping importing function definition for `%s': --import-functions required."), tname); ++ goto reval; ++ } ++ string_length = strlen (string); - temp_string = (char *)xmalloc (3 + string_length + char_index); + temp_string = (char *)xmalloc (namelen + string_length + 2); +