wok-stable rev 12440

bash: apply *all* security fixes
author Pascal Bellard <pascal.bellard@slitaz.org>
date Wed Oct 08 14:53:31 2014 +0200 (2014-10-08)
parents 4acc6a6b8f4f
children fa8aff184d68
files bash/receipt
line diff
     1.1 --- a/bash/receipt	Thu Oct 02 18:53:53 2014 +0200
     1.2 +++ b/bash/receipt	Wed Oct 08 14:53:31 2014 +0200
     1.3 @@ -8,18 +8,30 @@
     1.4  TARBALL="$PACKAGE-$VERSION.tar.gz"
     1.5  WEB_SITE="http://www.gnu.org/software/bash/"
     1.6  WGET_URL="$GNU_MIRROR/$PACKAGE/$TARBALL"
     1.7 +BASHCHECKURL="https://raw.githubusercontent.com/hannob/bashcheck/master/bashcheck"
     1.8 +BASHCHECK="$(basename $BASHCHECKURL)"
     1.9 +BASHPATCHES="$(for i in $(seq 1 53); do printf "bash${VERSION/./}-%03d " $i; done)"
    1.10 +EXTRA_SOURCE_FILES="$BASHCHECK $BASHPATCHES"
    1.11  
    1.12  DEPENDS="readline"
    1.13 -BUILD_DEPENDS="readline bison"
    1.14 +BUILD_DEPENDS="readline bison wget texinfo"
    1.15 +
    1.16 +patch_bash()
    1.17 +{
    1.18 +	for i in $BASHPATCHES ; do
    1.19 +		[ -s "$SOURCES_REPOSITORY/$i" ] || 
    1.20 +			wget -O "$SOURCES_REPOSITORY/$i" \
    1.21 +			http://ftp.gnu.org/gnu/bash/bash-$VERSION-patches/$i
    1.22 +		echo "Apply $i ..."
    1.23 +		patch -p0 < $SOURCES_REPOSITORY/$i
    1.24 +	done
    1.25 +}
    1.26  
    1.27  # Rules to compile & install the temporary toolchain.
    1.28  cook_tmp_toolchain()
    1.29  {
    1.30  	cd $src
    1.31 -	# CVE-2014-6271
    1.32 -	patch -p0 < $stuff/funcdef-import-4.2.patch
    1.33 -	# CVE-2014-7169
    1.34 -	patch -p0 < $stuff/CVE-2014-7169.patch
    1.35 +	patch_bash
    1.36  	./configure --without-bash-malloc &&
    1.37  	make && make install
    1.38  }
    1.39 @@ -29,8 +41,7 @@
    1.40  {
    1.41  	# Patch and then build.
    1.42  	cd $src
    1.43 -	# CVE-2014-6271
    1.44 -	patch -p0 < $stuff/funcdef-import-4.2.patch
    1.45 +	patch_bash
    1.46  	# Skip tests that can not run while cross-compiling.
    1.47  	cat > config.cache << "EOF"
    1.48  ac_cv_func_mmap_fixed_mapped=yes
    1.49 @@ -57,6 +68,10 @@
    1.50  	make &&
    1.51  	# Bash doesn't care about DESTDIR in environnment variable.
    1.52  	make DESTDIR=$DESTDIR install
    1.53 +	[ -s "$SOURCES_REPOSITORY/$BASHCHECK" ] || 
    1.54 +		wget --no-check-certificate -O "$SOURCES_REPOSITORY/$BASHCHECK" $BASHCHECKURL
    1.55 +	$DESTDIR/bin/bash $SOURCES_REPOSITORY/$BASHCHECK | tee bashcheck.log
    1.56 +	grep Vulnerable bashcheck.log && echo "ERROR: Vulnerable"
    1.57  }
    1.58  
    1.59  # Rules to gen a SliTaz package suitable for Tazpkg.