From owner-svn-ports-all@FreeBSD.ORG Fri Sep 26 20:33:24 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 82C4881A; Fri, 26 Sep 2014 20:33:24 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 635011E0; Fri, 26 Sep 2014 20:33:24 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8QKXOcp070530; Fri, 26 Sep 2014 20:33:24 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8QKXNYc070527; Fri, 26 Sep 2014 20:33:23 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201409262033.s8QKXNYc070527@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Fri, 26 Sep 2014 20:33:23 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r369341 - in head: . shells/bash shells/bash/files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2014 20:33:24 -0000 Author: bdrewery Date: Fri Sep 26 20:33:23 2014 New Revision: 369341 URL: http://svnweb.freebsd.org/changeset/ports/369341 QAT: https://qat.redports.org/buildarchive/r369341/ Log: Disable function importing from the environment by default. This can be enabled by using --import-functions or enabling the IMPORTFUNCTIONS option. This removes the risk of further parser bugs leading to code execution, as well as the risk to setuid scripts and poorly written applications that do not cleanse their environment [1][2]. Also note that there is an unofficial 4.3.26 floating around that has not yet been officially released. r369261 covers the change in 4.3.26. See also: http://seclists.org/oss-sec/2014/q3/747 [1] http://seclists.org/oss-sec/2014/q3/746 [2] http://seclists.org/oss-sec/2014/q3/755 [3] Obtained from: NetBSD (based on) [3] PR: 193932 Reviewed by: Eric Vangyzen With hat: portmgr Added: head/shells/bash/files/extrapatch-import-functions (contents, props changed) Modified: head/UPDATING head/shells/bash/Makefile Modified: head/UPDATING ============================================================================== --- head/UPDATING Fri Sep 26 20:21:09 2014 (r369340) +++ head/UPDATING Fri Sep 26 20:33:23 2014 (r369341) @@ -6,6 +6,22 @@ You should get into the habit of checkin you update your ports collection, before attempting any port upgrades. 20140926: + AFFECTS: users of shells/bash + AUTHOR: bdrewery@FreeBSD.org + + Bash supports a feature of exporting functions in the environment with + export -f. Running bash with exported functioned in the environment will + then import those functions into the environment. This resulted in + security issues CVE-2014-6271 and CVE-2014-7169, commonly known as + "shellshock". + + To fully mitigate against this sort of attack we have applied a non-upstream + patch to disable this functionality by default. You can execute bash + with --import-functions to allow it to import functions from the + environment. The default can also be changed in the port by selecting the + IMPORTFUNCTIONS option. + +20140926: AFFECTS: users of net/asterisk and net/asterisk11 AUTHOR: madpilot@FreeBSD.org Modified: head/shells/bash/Makefile ============================================================================== --- head/shells/bash/Makefile Fri Sep 26 20:21:09 2014 (r369340) +++ head/shells/bash/Makefile Fri Sep 26 20:33:23 2014 (r369341) @@ -4,7 +4,7 @@ PORTNAME= bash PATCHLEVEL= 25 PORTVERSION= 4.3.${PATCHLEVEL:S/^0//g} -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES= shells MASTER_SITES= GNU MASTER_SITE_SUBDIR= ${PORTNAME} @@ -25,10 +25,12 @@ COMMENT= The GNU Project's Bourne Again LICENSE= GPLv3 OPTIONS_DEFINE= IMPLICITCD COLONBREAKSWORDS HELP NLS STATIC SYSLOG DOCS +OPTIONS_DEFINE+= IMPORTFUNCTIONS OPTIONS_DEFAULT= IMPLICITCD COLONBREAKSWORDS HELP NLS IMPLICITCD_DESC= Use directory name alone to cd into it COLONBREAKSWORDS_DESC= Colons break words HELP_DESC= Enable builtin help +IMPORTFUNCTIONS_DESC= Import function from env without --import-functions USES= bison cpe makeinfo OPTIONS_SUB= yes @@ -36,6 +38,8 @@ CPE_VENDOR= gnu IMPLICITCD_EXTRA_PATCHES= ${PATCHDIR}/extrapatch-implicitcd COLONBREAKSWORDS_EXTRA_PATCHES= ${PATCHDIR}/extrapatch-colonbreakswords +# Always apply this for now. The option will modify the default. +EXTRA_PATCHES+= ${PATCHDIR}/extrapatch-import-functions HELP_CONFIGURE_ENABLE= help-builtin NLS_CONFIGURE_ENABLE= nls @@ -54,6 +58,12 @@ CONFIGURE_ARGS+= --without-bash-malloc \ .include +.if ${PORT_OPTIONS:MIMPORTFUNCTIONS} +CFLAGS+= -DIMPORT_FUNCTIONS_DEF=1 +.else +CFLAGS+= -DIMPORT_FUNCTIONS_DEF=0 +.endif + .if ${PORT_OPTIONS:MSTATIC} || defined(NO_DYNAMICROOT) || (defined(NOSHARED) && ${NOSHARED:tl} != "no") CONFIGURE_ARGS+= --enable-static-link PKGNAMESUFFIX= -static Added: head/shells/bash/files/extrapatch-import-functions ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/shells/bash/files/extrapatch-import-functions Fri Sep 26 20:33:23 2014 (r369341) @@ -0,0 +1,43 @@ +Based on christos@NetBSD's patch + +--- shell.c.christos 2014-01-14 08:04:32.000000000 -0500 ++++ shell.c 2014-09-25 16:11:51.000000000 -0400 +@@ -229,6 +229,7 @@ + #else + int posixly_correct = 0; /* Non-zero means posix.2 superset. */ + #endif ++int import_functions = IMPORT_FUNCTIONS_DEF; /* Import functions from environment */ + + /* Some long-winded argument names. These are obviously new. */ + #define Int 1 +@@ -248,6 +249,7 @@ + { "help", Int, &want_initial_help, (char **)0x0 }, + { "init-file", Charp, (int *)0x0, &bashrc_file }, + { "login", Int, &make_login_shell, (char **)0x0 }, ++ { "import-functions", Int, &import_functions, (char **)0x0 }, + { "noediting", Int, &no_line_editing, (char **)0x0 }, + { "noprofile", Int, &no_profile, (char **)0x0 }, + { "norc", Int, &no_rc, (char **)0x0 }, + +$NetBSD: patch-variables.c,v 1.1 2014/09/25 20:28:32 christos Exp $ + +Only read functions from environment if flag is set. +--- variables.c.christos 2014-09-25 16:09:41.000000000 -0400 ++++ variables.c 2014-09-25 16:12:10.000000000 -0400 +@@ -105,6 +105,7 @@ + extern int assigning_in_environment; + extern int executing_builtin; + extern int funcnest_max; ++extern int import_functions; + + #if defined (READLINE) + extern int no_line_editing; +@@ -349,7 +350,7 @@ initialize_shell_variables (env, privmod + + /* If exported function, define it now. Don't import functions from + the environment in privileged mode. */ +- if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4)) ++ if (import_functions && privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4)) + { + string_length = strlen (string); + temp_string = (char *)xmalloc (3 + string_length + char_index);