wok-stable rev 12440
bash: apply *all* security fixes
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Wed Oct 08 14:53:31 2014 +0200 (2014-10-08) |
parents | 4acc6a6b8f4f |
children | fa8aff184d68 |
files | bash/receipt |
line diff
1.1 --- a/bash/receipt Thu Oct 02 18:53:53 2014 +0200 1.2 +++ b/bash/receipt Wed Oct 08 14:53:31 2014 +0200 1.3 @@ -8,18 +8,30 @@ 1.4 TARBALL="$PACKAGE-$VERSION.tar.gz" 1.5 WEB_SITE="http://www.gnu.org/software/bash/" 1.6 WGET_URL="$GNU_MIRROR/$PACKAGE/$TARBALL" 1.7 +BASHCHECKURL="https://raw.githubusercontent.com/hannob/bashcheck/master/bashcheck" 1.8 +BASHCHECK="$(basename $BASHCHECKURL)" 1.9 +BASHPATCHES="$(for i in $(seq 1 53); do printf "bash${VERSION/./}-%03d " $i; done)" 1.10 +EXTRA_SOURCE_FILES="$BASHCHECK $BASHPATCHES" 1.11 1.12 DEPENDS="readline" 1.13 -BUILD_DEPENDS="readline bison" 1.14 +BUILD_DEPENDS="readline bison wget texinfo" 1.15 + 1.16 +patch_bash() 1.17 +{ 1.18 + for i in $BASHPATCHES ; do 1.19 + [ -s "$SOURCES_REPOSITORY/$i" ] || 1.20 + wget -O "$SOURCES_REPOSITORY/$i" \ 1.21 + http://ftp.gnu.org/gnu/bash/bash-$VERSION-patches/$i 1.22 + echo "Apply $i ..." 1.23 + patch -p0 < $SOURCES_REPOSITORY/$i 1.24 + done 1.25 +} 1.26 1.27 # Rules to compile & install the temporary toolchain. 1.28 cook_tmp_toolchain() 1.29 { 1.30 cd $src 1.31 - # CVE-2014-6271 1.32 - patch -p0 < $stuff/funcdef-import-4.2.patch 1.33 - # CVE-2014-7169 1.34 - patch -p0 < $stuff/CVE-2014-7169.patch 1.35 + patch_bash 1.36 ./configure --without-bash-malloc && 1.37 make && make install 1.38 } 1.39 @@ -29,8 +41,7 @@ 1.40 { 1.41 # Patch and then build. 1.42 cd $src 1.43 - # CVE-2014-6271 1.44 - patch -p0 < $stuff/funcdef-import-4.2.patch 1.45 + patch_bash 1.46 # Skip tests that can not run while cross-compiling. 1.47 cat > config.cache << "EOF" 1.48 ac_cv_func_mmap_fixed_mapped=yes 1.49 @@ -57,6 +68,10 @@ 1.50 make && 1.51 # Bash doesn't care about DESTDIR in environnment variable. 1.52 make DESTDIR=$DESTDIR install 1.53 + [ -s "$SOURCES_REPOSITORY/$BASHCHECK" ] || 1.54 + wget --no-check-certificate -O "$SOURCES_REPOSITORY/$BASHCHECK" $BASHCHECKURL 1.55 + $DESTDIR/bin/bash $SOURCES_REPOSITORY/$BASHCHECK | tee bashcheck.log 1.56 + grep Vulnerable bashcheck.log && echo "ERROR: Vulnerable" 1.57 } 1.58 1.59 # Rules to gen a SliTaz package suitable for Tazpkg.