From owner-svn-ports-head@FreeBSD.ORG  Fri Sep 26 17:06:50 2014
Return-Path: <owner-svn-ports-head@FreeBSD.ORG>
Delivered-To: svn-ports-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C1ACBF10;
 Fri, 26 Sep 2014 17:06:50 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id AC3188FF;
 Fri, 26 Sep 2014 17:06:50 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8QH6oPD071902;
 Fri, 26 Sep 2014 17:06:50 GMT (envelope-from xmj@FreeBSD.org)
Received: (from xmj@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8QH6oOY071899;
 Fri, 26 Sep 2014 17:06:50 GMT (envelope-from xmj@FreeBSD.org)
Message-Id: <201409261706.s8QH6oOY071899@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: xmj set sender to xmj@FreeBSD.org
 using -f
From: Johannes Jost Meixner <xmj@FreeBSD.org>
Date: Fri, 26 Sep 2014 17:06:50 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r369331 - head/emulators/linux_base-c6
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Sep 2014 17:06:51 -0000

Author: xmj
Date: Fri Sep 26 17:06:49 2014
New Revision: 369331
URL: http://svnweb.freebsd.org/changeset/ports/369331
QAT: https://qat.redports.org/buildarchive/r369331/

Log:
  emulators/linux_base-c6: Use a CVE-free version of bash
  
  Bash 4.1.2 as shipped with this Linux base port is vulnerable to
  CVE-2014-6271 and CVE-2014-7169.  As EL6 policy is to backport security
  patches, use a RPM that is not vulnerable to either remote code execution
  vulnerability.
  
  While here:
   - Add the proper UDPATES Master site
   - remove sample files installation from Makefile, in favor of @sample
  
  Approved by:	swills (mentor)
  Security:	71ad81da-4414-11e4-a33e-3c970e169bc2

Modified:
  head/emulators/linux_base-c6/Makefile
  head/emulators/linux_base-c6/distinfo.i686
  head/emulators/linux_base-c6/pkg-plist

Modified: head/emulators/linux_base-c6/Makefile
==============================================================================
--- head/emulators/linux_base-c6/Makefile	Fri Sep 26 17:05:38 2014	(r369330)
+++ head/emulators/linux_base-c6/Makefile	Fri Sep 26 17:06:49 2014	(r369331)
@@ -3,8 +3,10 @@
 
 PORTNAME=		c6
 PORTVERSION=		6.5
+PORTREVISION=		1
 CATEGORIES=		emulators linux
-MASTER_SITES=	http://mirror.centos.org/centos/6/os/i386/Packages/
+MASTER_SITES=	http://mirror.centos.org/centos/6/os/i386/Packages/ \
+		http://mirror.centos.org/centos/6/updates/i386/Packages/
 PKGNAMEPREFIX=		linux_base-
 DISTFILES=		${BIN_DISTFILES} ${SRC_DISTFILES}
 EXTRACT_ONLY=		${BIN_DISTFILES}
@@ -17,7 +19,7 @@ LINUX_DIST_VER=6.5
 DIST_SUBDIR=	rpm/${LINUX_RPM_ARCH}/${LINUX_DIST}/${LINUX_DIST_VER}
 
 BIN_DISTFILES=	basesystem-10.0-4.el6.noarch.rpm \
-		bash-4.1.2-15.el6_4.${LINUX_RPM_ARCH}.rpm \
+		bash-4.1.2-15.el6_5.2.${LINUX_RPM_ARCH}.rpm \
 		bzip2-1.0.5-7.el6_0.${LINUX_RPM_ARCH}.rpm \
 		bzip2-libs-1.0.5-7.el6_0.${LINUX_RPM_ARCH}.rpm \
 		compat-db43-4.3.29-15.el6.${LINUX_RPM_ARCH}.rpm \
@@ -68,10 +70,11 @@ BIN_DISTFILES=	basesystem-10.0-4.el6.noa
 		zlib-1.2.3-29.el6.${LINUX_RPM_ARCH}.rpm
 
 .if defined(PACKAGE_BUILDING)
-MASTER_SITES+=	http://vault.centos.org/${PORTVERSION}/os/Source/SPackages/
+MASTER_SITES+=	http://vault.centos.org/${PORTVERSION}/os/Source/SPackages/ \
+		http://vault.centos.org/6.5/updates/Source/SPackages/:updates
 
 SRC_DISTFILES=	basesystem-10.0-4.el6.src.rpm \
-		bash-4.1.2-15.el6_4.src.rpm \
+		bash-4.1.2-15.el6_5.2.src.rpm:updates \
 		bzip2-1.0.5-7.el6_0.src.rpm \
 		coreutils-8.4-31.el6.src.rpm \
 		compat-db-4.6.21-15.el6.src.rpm \
@@ -201,7 +204,7 @@ do-build:
 #
 # If ${PREFIX}/etc/krb5.conf exists, don't touch it
 #
-	@${MV} ${WRKSRC}/etc/krb5.conf ${WRKSRC}/etc/krb5.conf.dist
+	@${MV} ${WRKSRC}/etc/krb5.conf ${WRKSRC}/etc/krb5.conf.sample
 
 # Fix usr/bin/*db4* permissions to allow "portupgrade -s"
 #	@${CHMOD} u+w ${WRKSRC}/usr/bin/*db4*
@@ -234,12 +237,4 @@ do-install:
 #
 	@${INSTALL_SCRIPT} ${FILESDIR}/lp ${STAGEDIR}${PREFIX}/usr/bin
 
-post-install:
-	if [ ! -f ${PREFIX}/etc/krb5.conf ] ; then \
-		${CP} -p ${STAGEDIR}${PREFIX}/etc/krb5.conf.dist ${STAGEDIR}${PREFIX}/etc/krb5.conf ; \
-	fi
-	if [ ! -f ${PREFIX}/etc/yp.conf ] ; then \
-		${CP} -p ${STAGEDIR}${PREFIX}/etc/yp.conf.sample ${STAGEDIR}${PREFIX}/etc/yp.conf ; \
-	fi
-
 .include <bsd.port.post.mk>

Modified: head/emulators/linux_base-c6/distinfo.i686
==============================================================================
--- head/emulators/linux_base-c6/distinfo.i686	Fri Sep 26 17:05:38 2014	(r369330)
+++ head/emulators/linux_base-c6/distinfo.i686	Fri Sep 26 17:06:49 2014	(r369331)
@@ -1,7 +1,7 @@
 SHA256 (rpm/i686/centos/6.5/basesystem-10.0-4.el6.noarch.rpm) = 18860007697438e375733bb4a36a599daac2e2ae95d98a74c436a10d0974710e
 SIZE (rpm/i686/centos/6.5/basesystem-10.0-4.el6.noarch.rpm) = 4784
-SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.i686.rpm) = 81bc62e6d2396a462ea898f2c91c97578ad2d744af4588686602ffc3bec47420
-SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.i686.rpm) = 907712
+SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.i686.rpm) = 28a674dd09ca395b3021749ebf8928806ae981a325c02b8ead070e75cdae2cab
+SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.i686.rpm) = 908364
 SHA256 (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.i686.rpm) = 37883219612b1ffa199f5a7227fcd165687a24e5c7c291c579647d1563777e47
 SIZE (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.i686.rpm) = 49428
 SHA256 (rpm/i686/centos/6.5/bzip2-libs-1.0.5-7.el6_0.i686.rpm) = d3424f4610860e7f8f444cc3cddf51cd75f5e58ca0ecffc8bdbbcb5f8fe1b0d1
@@ -100,8 +100,8 @@ SHA256 (rpm/i686/centos/6.5/zlib-1.2.3-2
 SIZE (rpm/i686/centos/6.5/zlib-1.2.3-29.el6.i686.rpm) = 74284
 SHA256 (rpm/i686/centos/6.5/basesystem-10.0-4.el6.src.rpm) = 18d3bd0580f40bdc208773f26b424fa1975fad70fae9f179c52337a8f80ade76
 SIZE (rpm/i686/centos/6.5/basesystem-10.0-4.el6.src.rpm) = 5949
-SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.src.rpm) = 17e92fbaf55ef5fbaccc7e28761edaaa1d18ede8e330fb20a40a27d27605003c
-SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.src.rpm) = 6663735
+SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.src.rpm) = d0a8f52d7db4c729c17188a2bd690aff2371f8ac86900dabb14b0df5aa1ff6a5
+SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.src.rpm) = 6668343
 SHA256 (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.src.rpm) = 99a3d6a620f9f427aaeba974ae06234d0a771231730de7e203b97dce1dbf1931
 SIZE (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.src.rpm) = 855419
 SHA256 (rpm/i686/centos/6.5/coreutils-8.4-31.el6.src.rpm) = 0e39f22a1ea12009f7e95811003d4b56b99fc2ea77b5bf3ebc716f3ae5a15b83

Modified: head/emulators/linux_base-c6/pkg-plist
==============================================================================
--- head/emulators/linux_base-c6/pkg-plist	Fri Sep 26 17:05:38 2014	(r369330)
+++ head/emulators/linux_base-c6/pkg-plist	Fri Sep 26 17:06:49 2014	(r369331)
@@ -72,9 +72,6 @@ etc/hosts.deny
 etc/inputrc
 etc/issue
 etc/issue.net
-@unexec if cmp -s %D/etc/krb5.conf.dist %D/etc/krb5.conf ; then rm -f %D/etc/krb5.conf ; fi
-etc/krb5.conf.dist
-@exec if [ ! -f %D/etc/krb5.conf ] ; then cp -p %D/%F %B/krb5.conf ; fi
 etc/ld.so.cache
 etc/ld.so.conf
 etc/mke2fs.conf
@@ -121,9 +118,6 @@ etc/skel/.bashrc
 etc/system-release
 etc/system-release-cpe
 etc/udev/rules.d/60-raw.rules
-@unexec if cmp -s %D/etc/yp.conf.sample %D/etc/yp.conf ; then rm -f %D/etc/yp.cpnf ; fi
-etc/yp.conf.sample
-@exec if [ ! -f %D/etc/yp.conf ] ; then cp -p %D/%F %B/yp.conf ; fi
 etc/yum.repos.d/CentOS-Base.repo
 etc/yum.repos.d/CentOS-Debuginfo.repo
 etc/yum.repos.d/CentOS-Media.repo
@@ -2317,8 +2311,11 @@ usr/share/man/man8/switch_root.8.gz
 usr/share/man/man8/tunelp.8.gz
 usr/share/man/man8/umount.8.gz
 usr/share/man/man8/wipefs.8.gz
+usr/tmp
 @unexec rm -f %D/var/cache/ldconfig/aux-cache
 var/mail
+@sample etc/krb5.conf.sample
+@sample etc/yp.conf.sample
 @dirrm bin
 @dirrm var/yp
 @dirrm var/spool/mail
@@ -2339,7 +2336,6 @@ var/mail
 @dirrm var/cache/ldconfig
 @dirrm var/cache
 @dirrm var
-@dirrm usr/tmp
 @dirrm usr/src/kernels
 @dirrm usr/src/debug
 @dirrm usr/src