diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2012-09-18 14:45:06 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-09-18 14:45:06 +0000 |
| commit | 4134d8fdbca1b44e1056509d67db8080d00400aa (patch) | |
| tree | 8491145707a59ae5e3e4cb3c075af181f517a04e | |
| parent | 33ea92473a8fc21b9fdbc54753706a72bef8c485 (diff) | |
| download | aports-4134d8fdbca1b44e1056509d67db8080d00400aa.tar.bz2 aports-4134d8fdbca1b44e1056509d67db8080d00400aa.tar.xz | |
main/bash: fix CVE-2012-3410 and upgrade to 4.1.011
fixes #1360
| -rw-r--r-- | main/bash/APKBUILD | 19 | ||||
| -rw-r--r-- | main/bash/CVE-2012-3410.patch | 57 |
2 files changed, 71 insertions, 5 deletions
diff --git a/main/bash/APKBUILD b/main/bash/APKBUILD index ed8eb8ccbc..ed27839947 100644 --- a/main/bash/APKBUILD +++ b/main/bash/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=bash -pkgver=4.1.009 +pkgver=4.1.011 _patchlevel=${pkgver##*.} _myver=${pkgver%.*} _patchbase=${_myver%.*}${_myver#*.} @@ -25,6 +25,8 @@ while [ $_i -le $_patchlevel ]; do _i=$(( $_i + 1)) done +source="$source CVE-2012-3410.patch" + # run 'abuild _gensrc >> APKBUILD' to generate the patch list #_gensrc() { # for _i in $(seq 1 $_patchlevel); do @@ -38,9 +40,13 @@ _builddir="$srcdir"/$pkgname-$_myver prepare() { local p cd "$_builddir" - for p in ../bash${_patchbase}-??? ../*.patch; do - msg "applying patch ${p##*/}" - patch -p0 -i $p || return 1 + for i in $source; do + case $i in + *.patch|*bash??-???) + msg "applying patch ${i##*/}" + patch -p0 -i "$srcdir"/${i##*/} || return 1 + ;; + esac done } @@ -74,4 +80,7 @@ md5sums="9800d8724815fd84994d9be65ab5e7b8 bash-4.1.tar.gz fb80ccd58cb1e34940f3adf4ce6e4a1e bash41-006 192a8b161d419a1d0d211169f1d1046e bash41-007 1dc5a0253827decbe6aa529cde83e154 bash41-008 -ea361b842b7405a7f5ebbabbdf74372f bash41-009" +ea361b842b7405a7f5ebbabbdf74372f bash41-009 +3bfe98c6896ada8a447d3f6c5c22eaed bash41-010 +c213938955d70b9da7789d6039123e0c bash41-011 +e567b963c4df4309c7f3d632e2d0b1ba CVE-2012-3410.patch" diff --git a/main/bash/CVE-2012-3410.patch b/main/bash/CVE-2012-3410.patch new file mode 100644 index 0000000000..41c11e6f00 --- /dev/null +++ b/main/bash/CVE-2012-3410.patch @@ -0,0 +1,57 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.2 +Patch-ID: bash42-033 + +Bug-Reported-by: David Leverton <levertond@googlemail.com> +Bug-Reference-ID: <4FCCE737.1060603@googlemail.com> +Bug-Reference-URL: + +Bug-Description: + +Bash uses a static buffer when expanding the /dev/fd prefix for the test +and conditional commands, among other uses, when it should use a dynamic +buffer to avoid buffer overflow. + +Patch (apply with `patch -p0'): + +*** ../bash-4.2-patched/lib/sh/eaccess.c 2011-01-08 20:50:10.000000000 -0500 +--- lib/sh/eaccess.c 2012-06-04 21:06:43.000000000 -0400 +*************** +*** 83,86 **** +--- 83,88 ---- + struct stat *finfo; + { ++ static char *pbuf = 0; ++ + if (*path == '\0') + { +*************** +*** 107,111 **** + On most systems, with the notable exception of linux, this is + effectively a no-op. */ +! char pbuf[32]; + strcpy (pbuf, DEV_FD_PREFIX); + strcat (pbuf, path + 8); +--- 109,113 ---- + On most systems, with the notable exception of linux, this is + effectively a no-op. */ +! pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8)); + strcpy (pbuf, DEV_FD_PREFIX); + strcat (pbuf, path + 8); +*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 +--- patchlevel.h Thu Feb 24 21:41:34 2011 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 11 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 12 + + #endif /* _PATCHLEVEL_H_ */ |