aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2016-11-08 08:29:02 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2016-11-08 08:29:02 +0000
commit38eb1971090dee7ec5924cfec648274e021800f9 (patch)
tree3880024d0b8e8cd593225d50861ce9af275152d2
parent0d6386a4a6fbacfc209846e456a09e14b92535d3 (diff)
downloadaports-38eb1971090dee7ec5924cfec648274e021800f9.tar.bz2
aports-38eb1971090dee7ec5924cfec648274e021800f9.tar.xz
main/bash: security fix for CVE-2016-7543
fixes #6409
-rw-r--r--main/bash/APKBUILD6
-rw-r--r--main/bash/CVE-2016-7543.patch29
2 files changed, 34 insertions, 1 deletions
diff --git a/main/bash/APKBUILD b/main/bash/APKBUILD
index 9b7f51928d..f027b784da 100644
--- a/main/bash/APKBUILD
+++ b/main/bash/APKBUILD
@@ -5,7 +5,7 @@ pkgver=4.3.46
_patchlevel=${pkgver##*.}
_myver=${pkgver%.*}
_patchbase=${_myver/./}
-pkgrel=3
+pkgrel=4
pkgdesc="The GNU Bourne Again shell"
url="http://www.gnu.org/software/bash/bash.html"
arch="all"
@@ -17,6 +17,7 @@ subpackages="$pkgname-doc"
source="http://ftp.gnu.org/gnu/bash/bash-${_myver}.tar.gz
bash-noinfo.patch
privmode-setuid-fail.patch
+ CVE-2016-7543.patch
"
# generate url's to patches. note: no forks allowed!
_i=1
@@ -72,6 +73,7 @@ package() {
md5sums="81348932d5da294953e15d4814c74dd1 bash-4.3.tar.gz
80fec5f3d60a63756a4999c877e31a8e bash-noinfo.patch
a577d42e38249d298d6a8d4bf2823883 privmode-setuid-fail.patch
+17dc92c0e7d02b75c0e9fc0b335d2473 CVE-2016-7543.patch
1ab682b4e36afa4cf1b426aa7ac81c0d bash43-001
8fc22cf50ec85da00f6af3d66f7ddc1b bash43-002
a41728eca78858758e26b5dea64ae506 bash43-003
@@ -121,6 +123,7 @@ a4775487abe958536751c8ce53cdf6f9 bash43-039
sha256sums="afc687a28e0e24dc21b988fa159ff9dbcf6b7caa92ade8645cc6d5605cd024d4 bash-4.3.tar.gz
363bc919d98cadbfca27660be0d1d4bb6cfe1c5f86a7830966e456df36e46792 bash-noinfo.patch
6bc2d4e48ad05fb3c8aac120a012baf1911f6522464ed18c8232b111a40b7901 privmode-setuid-fail.patch
+2e844ca9c7117fc34ac837c423c65e193b0d1990943b29ec843ba415092c77c6 CVE-2016-7543.patch
ecb3dff2648667513e31554b3ad054ccd89fce38e33367c9459ac3a285153742 bash43-001
eee7cd7062ab29a9e4f02924d9c367264dcb8b162703f74ff6eb8f175a91502b bash43-002
000e6eac50cd9053ce0630db01239dcdead04a2c2c351c47e2b51dac1ac1087d bash43-003
@@ -170,6 +173,7 @@ b3b456a6b690cd293353f17e22d92a202b3c8bce587ae5f2667c20c9ab6f688f bash43-046"
sha512sums="a852b8e46ee55568dce9d23a30a9dbd1c770c2d2a4bc91e1c3177d723b31b32c5d69d19704a93f165891b409b9dd2cc65723372044e2bd0ee49ed59a11512651 bash-4.3.tar.gz
74d51550cc03410f22ffea13f6452350d1e5564bff619fb07a5bbef14ca565fbe03770a2c0041292732cda16e8944b33ccbd0dfe29a606a068fedabe277cd6ae bash-noinfo.patch
c5804ace658f9d7f957d4b98bebab4d8eb0ba3dd2dd155a480c7f9b0f17b06ced344b4b4c9f52ef1d5c0cabb047bce5237c350f53b95cf6c95e156ab4ab9e8a9 privmode-setuid-fail.patch
+5d36121e202c495eb380de5f6f456626c53f4b091cea58d0f01242dc86a3a6e720db74d9f89823afc0edaef357c79dd27c41d3f9cb243666c57b83721536c0f2 CVE-2016-7543.patch
a1011392652180a28f9837af4a341a80beb929c1458e2384e282f0007713c5fe8d0b315abf1340b3707748d3caed322135dee87b59eeb7612ee5130f87d79888 bash43-001
e3178c85f553522d5d1c5fd39e76f015b680a8ccc84836a5e10283b2aed6e5b7cc3d23af0e67a270b7622dce0abf35dd8a95afa9bb6f89b73a9439f7435175a4 bash43-002
dc2c5fad8d357d1301e419afd959dfaf015a63172857080c11f77ab1bb7d1d737f411eb0e70a861f98a36bed1b19edb7217a4fa9f4773e21706b62dc56ec3464 bash43-003
diff --git a/main/bash/CVE-2016-7543.patch b/main/bash/CVE-2016-7543.patch
new file mode 100644
index 0000000000..2ce0f6f363
--- /dev/null
+++ b/main/bash/CVE-2016-7543.patch
@@ -0,0 +1,29 @@
+From f43310742819253bfa6add2dce406701bb8cc2bb Mon Sep 17 00:00:00 2001
+From: Siteshwar Vashisht <svashisht@redhat.com>
+Date: Wed, 28 Sep 2016 18:33:55 +0530
+Subject: [PATCH] CVE-2016-7543: Patch imported from bash-4.4
+
+---
+ variables.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/variables.c b/variables.c
+index ac587f3..ffd39e8 100644
+--- variables.c
++++ variables.c
+@@ -496,7 +496,11 @@ initialize_shell_variables (env, privmode)
+ #endif
+ set_if_not ("PS2", secondary_prompt);
+ }
+- set_if_not ("PS4", "+ ");
++
++ if (current_user.euid == 0)
++ bind_variable ("PS4", "+ ", 0);
++ else
++ set_if_not ("PS4", "+ ");
+
+ /* Don't allow IFS to be imported from the environment. */
+ temp_var = bind_variable ("IFS", " \t\n", 0);
+--
+2.5.5
+