~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-aports] [PATCH v3.1] main/bash: security upgrade - fixes #6413

Sergey Lukin <sergej.lukin@gmail.com>
Details
Message ID
<1481541619-7908-1-git-send-email-sergej.lukin@gmail.com>
Sender timestamp
1481541619
DKIM signature
missing
Download raw message
7 years ago
Patch: +27 -4 
CVE-2016-7543
---
 main/bash/APKBUILD            | 12 ++++++++----
 main/bash/CVE-2016-7543.patch | 19 +++++++++++++++++++
 2 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 main/bash/CVE-2016-7543.patch

diff --git a/main/bash/APKBUILD b/main/bash/APKBUILD
index b3cda04..67821d7 100644
--- a/main/bash/APKBUILD
+++ b/main/bash/APKBUILD
@@ -4,7 +4,7 @@ pkgver=4.3.30
_patchlevel=${pkgver##*.}
_myver=${pkgver%.*}
_patchbase=${_myver/./}
pkgrel=0
pkgrel=1
pkgdesc="The GNU Bourne Again shell"
url="http://www.gnu.org/software/bash/bash.html"
arch="all"
@@ -15,6 +15,7 @@ subpackages="$pkgname-doc"
source="http://ftp.gnu.org/gnu/bash/bash-${_myver}.tar.gz
	bash-noinfo.patch
	privmode-setuid-fail.patch
	CVE-2016-7543.patch
	"
# generate url's to patches. note: no forks allowed!
_i=1
@@ -26,10 +27,10 @@ while [ $_i -le $_patchlevel ]; do
	_i=$(( $_i + 1))
done

_builddir="$srcdir"/$pkgname-$_myver
builddir="$srcdir"/$pkgname-$_myver
prepare() {
	local p
	cd "$_builddir"
	cd "$builddir"
	update_config_sub || return 1
	for p in $source; do
		case $p in
@@ -42,7 +43,7 @@ prepare() {
}

build() {
	cd "$_builddir"
	cd "$builddir"
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
@@ -70,6 +71,7 @@ package() {
md5sums="81348932d5da294953e15d4814c74dd1  bash-4.3.tar.gz
80fec5f3d60a63756a4999c877e31a8e  bash-noinfo.patch
a577d42e38249d298d6a8d4bf2823883  privmode-setuid-fail.patch
7813a0639fc2958f23469ccab204a8f0  CVE-2016-7543.patch
1ab682b4e36afa4cf1b426aa7ac81c0d  bash43-001
8fc22cf50ec85da00f6af3d66f7ddc1b  bash43-002
a41728eca78858758e26b5dea64ae506  bash43-003
@@ -103,6 +105,7 @@ efb709fdb1368945513de23ccbfae053  bash43-030"
sha256sums="afc687a28e0e24dc21b988fa159ff9dbcf6b7caa92ade8645cc6d5605cd024d4  bash-4.3.tar.gz
363bc919d98cadbfca27660be0d1d4bb6cfe1c5f86a7830966e456df36e46792  bash-noinfo.patch
6bc2d4e48ad05fb3c8aac120a012baf1911f6522464ed18c8232b111a40b7901  privmode-setuid-fail.patch
690e6d0366bf2d717f59fac770a37bf26929950a6f380e1984677737e4d658da  CVE-2016-7543.patch
ecb3dff2648667513e31554b3ad054ccd89fce38e33367c9459ac3a285153742  bash43-001
eee7cd7062ab29a9e4f02924d9c367264dcb8b162703f74ff6eb8f175a91502b  bash43-002
000e6eac50cd9053ce0630db01239dcdead04a2c2c351c47e2b51dac1ac1087d  bash43-003
@@ -136,6 +139,7 @@ e8b0dbed4724fa7b9bd8ff77d12c7f03da0fbfc5f8251ef5cb8511eb082b469d  bash43-028
sha512sums="a852b8e46ee55568dce9d23a30a9dbd1c770c2d2a4bc91e1c3177d723b31b32c5d69d19704a93f165891b409b9dd2cc65723372044e2bd0ee49ed59a11512651  bash-4.3.tar.gz
74d51550cc03410f22ffea13f6452350d1e5564bff619fb07a5bbef14ca565fbe03770a2c0041292732cda16e8944b33ccbd0dfe29a606a068fedabe277cd6ae  bash-noinfo.patch
c5804ace658f9d7f957d4b98bebab4d8eb0ba3dd2dd155a480c7f9b0f17b06ced344b4b4c9f52ef1d5c0cabb047bce5237c350f53b95cf6c95e156ab4ab9e8a9  privmode-setuid-fail.patch
00fe0c0b30122f3de543a7b2a609e277db05d5e5fce58eabb052deb2788d579e90a14c362f5e889fc8e0168b82ad4555eb0d38ba3b300aac54432453a83daded  CVE-2016-7543.patch
a1011392652180a28f9837af4a341a80beb929c1458e2384e282f0007713c5fe8d0b315abf1340b3707748d3caed322135dee87b59eeb7612ee5130f87d79888  bash43-001
e3178c85f553522d5d1c5fd39e76f015b680a8ccc84836a5e10283b2aed6e5b7cc3d23af0e67a270b7622dce0abf35dd8a95afa9bb6f89b73a9439f7435175a4  bash43-002
dc2c5fad8d357d1301e419afd959dfaf015a63172857080c11f77ab1bb7d1d737f411eb0e70a861f98a36bed1b19edb7217a4fa9f4773e21706b62dc56ec3464  bash43-003
diff --git a/main/bash/CVE-2016-7543.patch b/main/bash/CVE-2016-7543.patch
new file mode 100644
index 0000000..69686a1
--- /dev/null
+++ b/main/bash/CVE-2016-7543.patch
@@ -0,0 +1,19 @@
CVE-2016-7543
http://lists.gnu.org/archive/html/bug-bash/2016-10/msg00009.html

diff -ru variables.c.orig variables.c
--- variables.c.orig
+++ variables.c
@@ -495,7 +495,11 @@
 #endif
       set_if_not ("PS2", secondary_prompt);
     }
-  set_if_not ("PS4", "+ ");
+
+  if (current_user.euid == 0)
+    bind_variable ("PS4", "+ ", 0);
+  else
+    set_if_not ("PS4", "+ ");

   /* Don't allow IFS to be imported from the environment. */
   temp_var = bind_variable ("IFS", " \t\n", 0);
-- 
2.2.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)