app-shells/bash: Revbump to fix CVE-2016-0634 (bug #594496).

Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler <[email protected]>

app-shells/bash/bash-4.3_p46-r1.ebuild

@@ -0,0 +1,254 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs multilib
+
+# Official patchlevel
+# See ftp://ftp.cwru.edu/pub/bash/bash-4.3-patches/
+PLEVEL=${PV##*_p}
+MY_PV=${PV/_p*}
+MY_PV=${MY_PV/_/-}
+MY_P=${PN}-${MY_PV}
+[[ ${PV} != *_p* ]] && PLEVEL=0
+patches() {
+ local opt=$1 plevel=${2:-${PLEVEL}} pn=${3:-${PN}} pv=${4:-${MY_PV}}
+ [[ ${plevel} -eq 0 ]] && return 1
+ eval set -- {1..${plevel}}
+ set -- $(printf "${pn}${pv/\.}-%03d " "$@")
+ if [[ ${opt} == -s ]] ; then
+ echo "${@/#/${DISTDIR}/}"
+ else
+ local u
+ for u in ftp://ftp.cwru.edu/pub/bash mirror://gnu/${pn} ; do
+ printf "${u}/${pn}-${pv}-patches/%s " "$@"
+ done
+ fi
+}
+
+# The version of readline this bash normally ships with.
+READLINE_VER="6.3"
+
+DESCRIPTION="The standard GNU Bourne again shell"
+HOMEPAGE="http://tiswww.case.edu/php/chet/bash/bashtop.html"
+SRC_URI="mirror://gnu/bash/${MY_P}.tar.gz $(patches)"
+[[ ${PV} == *_rc* ]] && SRC_URI+=" ftp://ftp.cwru.edu/pub/bash/${MY_P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
+IUSE="afs bashlogger examples mem-scramble +net nls plugins +readline vanilla"
+
+DEPEND=">=sys-libs/ncurses-5.2-r2:0=
+ readline? ( >=sys-libs/readline-${READLINE_VER}:0= )
+ nls? ( virtual/libintl )"
+RDEPEND="${DEPEND}
+ !<sys-apps/portage-2.1.6.7_p1
+ !<sys-apps/paludis-0.26.0_alpha5"
+# we only need yacc when the .y files get patched (bash42-005)
+DEPEND+=" virtual/yacc"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-4.3-mapfile-improper-array-name-validation.patch
+ "${FILESDIR}"/${PN}-4.3-arrayfunc.patch
+ "${FILESDIR}"/${PN}-4.3-protos.patch
+ # CVE-2016-0634 / bug #594496
+ "${FILESDIR}"/${PN}-4.3-prompt-string-comsub.patch
+)
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+ if is-flag -malign-double ; then #7332
+ eerror "Detected bad CFLAGS '-malign-double'. Do not use this"
+ eerror "as it breaks LFS (struct stat64) on x86."
+ die "remove -malign-double from your CFLAGS mr ricer"
+ fi
+ if use bashlogger ; then
+ ewarn "The logging patch should ONLY be used in restricted (i.e. honeypot) envs."
+ ewarn "This will log ALL output you enter into the shell, you have been warned."
+ fi
+}
+
+src_unpack() {
+ unpack ${MY_P}.tar.gz
+}
+
+src_prepare() {
+ # Include official patches
+ [[ ${PLEVEL} -gt 0 ]] && epatch $(patches -s)
+
+ # Clean out local libs so we know we use system ones w/releases.
+ if [[ ${PV} != *_rc* ]] ; then
+ rm -rf lib/{readline,termcap}/*
+ touch lib/{readline,termcap}/Makefile.in # for config.status
+ sed -ri -e 's:\$[(](RL|HIST)_LIBSRC[)]/[[:alpha:]]*.h::g' Makefile.in || die
+ fi
+
+ # Avoid regenerating docs after patches #407985
+ sed -i -r '/^(HS|RL)USER/s:=.*:=:' doc/Makefile.in || die
+ touch -r . doc/*
+
+ epatch "${PATCHES[@]}"
+
+ epatch_user
+}
+
+src_configure() {
+ local myconf=()
+
+ # For descriptions of these, see config-top.h
+ # bashrc/#26952 bash_logout/#90488 ssh/#24762 mktemp/#574426
+ append-cppflags \
+ -DDEFAULT_PATH_VALUE=\'\"${EPREFIX}/usr/local/sbin:${EPREFIX}/usr/local/bin:${EPREFIX}/usr/sbin:${EPREFIX}/usr/bin:${EPREFIX}/sbin:${EPREFIX}/bin\"\' \
+ -DSTANDARD_UTILS_PATH=\'\"${EPREFIX}/bin:${EPREFIX}/usr/bin:${EPREFIX}/sbin:${EPREFIX}/usr/sbin\"\' \
+ -DSYS_BASHRC=\'\"${EPREFIX}/etc/bash/bashrc\"\' \
+ -DSYS_BASH_LOGOUT=\'\"${EPREFIX}/etc/bash/bash_logout\"\' \
+ -DNON_INTERACTIVE_LOGIN_SHELLS \
+ -DSSH_SOURCE_BASHRC \
+ -DUSE_MKTEMP -DUSE_MKSTEMP \
+ $(use bashlogger && echo -DSYSLOG_HISTORY)
+
+ # Don't even think about building this statically without
+ # reading Bug 7714 first. If you still build it statically,
+ # don't come crying to us with bugs ;).
+ #use static && export LDFLAGS="${LDFLAGS} -static"
+ use nls || myconf+=( --disable-nls )
+
+ # Historically, we always used the builtin readline, but since
+ # our handling of SONAME upgrades has gotten much more stable
+ # in the PM (and the readline ebuild itself preserves the old
+ # libs during upgrades), linking against the system copy should
+ # be safe.
+ # Exact cached version here doesn't really matter as long as it
+ # is at least what's in the DEPEND up above.
+ export ac_cv_rl_version=${READLINE_VER}
+
+ # Force linking with system curses ... the bundled termcap lib
+ # sucks bad compared to ncurses. For the most part, ncurses
+ # is here because readline needs it. But bash itself calls
+ # ncurses in one or two small places :(.
+
+ if [[ ${PV} != *_rc* ]] ; then
+ # Use system readline only with released versions.
+ myconf+=( --with-installed-readline=. )
+ fi
+
+ if use plugins; then
+ append-ldflags -Wl,-rpath,/usr/$(get_libdir)/bash
+ else
+ # Disable the plugins logic by hand since bash doesn't
+ # provide a way of doing it.
+ export ac_cv_func_dl{close,open,sym}=no \
+ ac_cv_lib_dl_dlopen=no ac_cv_header_dlfcn_h=no
+ sed -i \
+ -e '/LOCAL_LDFLAGS=/s:-rdynamic::' \
+ configure || die
+ fi
+ tc-export AR #444070
+ econf \
+ --docdir='$(datarootdir)'/doc/${PF} \
+ --htmldir='$(docdir)/html' \
+ --with-curses \
+ $(use_with afs) \
+ $(use_enable net net-redirections) \
+ --disable-profiling \
+ $(use_enable mem-scramble) \
+ $(use_with mem-scramble bash-malloc) \
+ $(use_enable readline) \
+ $(use_enable readline history) \
+ $(use_enable readline bang-history) \
+ "${myconf[@]}"
+}
+
+src_compile() {
+ emake
+
+ if use plugins ; then
+ emake -C examples/loadables all others
+ fi
+}
+
+src_install() {
+ local d f
+
+ default
+
+ dodir /bin
+ mv "${ED}"/usr/bin/bash "${ED}"/bin/ || die
+ dosym bash /bin/rbash
+
+ insinto /etc/bash
+ doins "${FILESDIR}"/bash_logout
+ doins "${FILESDIR}"/bashrc
+ keepdir /etc/bash/bashrc.d
+ insinto /etc/skel
+ for f in bash{_logout,_profile,rc} ; do
+ newins "${FILESDIR}"/dot-${f} .${f}
+ done
+
+ local sed_args=(
+ -e "s:#${USERLAND}#@::"
+ -e '/#@/d'
+ )
+ if ! use readline ; then
+ sed_args+=( #432338
+ -e '/^shopt -s histappend/s:^:#:'
+ -e 's:use_color=true:use_color=false:'
+ )
+ fi
+ sed -i \
+ "${sed_args[@]}" \
+ "${ED}"/etc/skel/.bashrc \
+ "${ED}"/etc/bash/bashrc || die
+
+ if use plugins ; then
+ exeinto /usr/$(get_libdir)/bash
+ doexe $(echo examples/loadables/*.o | sed 's:\.o::g')
+ insinto /usr/include/bash-plugins
+ doins *.h builtins/*.h include/*.h lib/{glob/glob.h,tilde/tilde.h}
+ fi
+
+ if use examples ; then
+ for d in examples/{functions,misc,scripts,startup-files} ; do
+ exeinto /usr/share/doc/${PF}/${d}
+ insinto /usr/share/doc/${PF}/${d}
+ for f in ${d}/* ; do
+ if [[ ${f##*/} != PERMISSION ]] && [[ ${f##*/} != *README ]] ; then
+ doexe ${f}
+ else
+ doins ${f}
+ fi
+ done
+ done
+ fi
+
+ doman doc/*.1
+ newdoc CWRU/changelog ChangeLog
+ dosym bash.info /usr/share/info/bashref.info
+}
+
+pkg_preinst() {
+ if [[ -e ${EROOT}/etc/bashrc ]] && [[ ! -d ${EROOT}/etc/bash ]] ; then
+ mkdir -p "${EROOT}"/etc/bash
+ mv -f "${EROOT}"/etc/bashrc "${EROOT}"/etc/bash/
+ fi
+
+ if [[ -L ${EROOT}/bin/sh ]] ; then
+ # rewrite the symlink to ensure that its mtime changes. having /bin/sh
+ # missing even temporarily causes a fatal error with paludis.
+ local target=$(readlink "${EROOT}"/bin/sh)
+ local tmp=$(emktemp "${EROOT}"/bin)
+ ln -sf "${target}" "${tmp}"
+ mv -f "${tmp}" "${EROOT}"/bin/sh
+ fi
+}
+
+pkg_postinst() {
+ # If /bin/sh does not exist, provide it
+ if [[ ! -e ${EROOT}/bin/sh ]] ; then
+ ln -sf bash "${EROOT}"/bin/sh
+ fi
+}

app-shells/bash/files/bash-4.3-prompt-string-comsub.patch

@@ -0,0 +1,118 @@
+http://seclists.org/oss-sec/2016/q3/538
+https://bugs.gentoo.org/594496
+
+*** ../bash-4.3-patched/parse.y 2015-08-13 15:11:54.000000000 -0400
+--- parse.y 2016-03-07 15:44:14.000000000 -0500
+***************
+*** 5259,5263 ****
+ int result_size, result_index;
+ int c, n, i;
+! char *temp, octal_string[4];
+ struct tm *tm; 
+ time_t the_time;
+--- 5259,5263 ----
+ int result_size, result_index;
+ int c, n, i;
+! char *temp, *t_host, octal_string[4];
+ struct tm *tm; 
+ time_t the_time;
+***************
+*** 5407,5411 ****
+ case 's':
+ temp = base_pathname (shell_name);
+! temp = savestring (temp);
+ goto add_string;
+
+--- 5407,5415 ----
+ case 's':
+ temp = base_pathname (shell_name);
+! /* Try to quote anything the user can set in the file system */
+! if (promptvars || posixly_correct)
+! temp = sh_backslash_quote_for_double_quotes (temp);
+! else
+! temp = savestring (temp);
+ goto add_string;
+
+***************
+*** 5497,5503 ****
+ case 'h':
+ case 'H':
+! temp = savestring (current_host_name);
+! if (c == 'h' && (t = (char *)strchr (temp, '.')))
+ *t = '\0';
+ goto add_string;
+
+--- 5501,5515 ----
+ case 'h':
+ case 'H':
+! t_host = savestring (current_host_name);
+! if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+ *t = '\0';
++ if (promptvars || posixly_correct)
++ /* Make sure that expand_prompt_string is called with a
++ second argument of Q_DOUBLE_QUOTES if we use this
++ function here. */
++ temp = sh_backslash_quote_for_double_quotes (t_host);
++ else
++ temp = savestring (t_host);
++ free (t_host);
+ goto add_string;
+
+*** ../bash-4.3-patched/y.tab.c 2015-08-13 15:11:54.000000000 -0400
+--- y.tab.c 2016-03-07 15:44:14.000000000 -0500
+***************
+*** 7571,7575 ****
+ int result_size, result_index;
+ int c, n, i;
+! char *temp, octal_string[4];
+ struct tm *tm; 
+ time_t the_time;
+--- 7571,7575 ----
+ int result_size, result_index;
+ int c, n, i;
+! char *temp, *t_host, octal_string[4];
+ struct tm *tm; 
+ time_t the_time;
+***************
+*** 7719,7723 ****
+ case 's':
+ temp = base_pathname (shell_name);
+! temp = savestring (temp);
+ goto add_string;
+
+--- 7719,7727 ----
+ case 's':
+ temp = base_pathname (shell_name);
+! /* Try to quote anything the user can set in the file system */
+! if (promptvars || posixly_correct)
+! temp = sh_backslash_quote_for_double_quotes (temp);
+! else
+! temp = savestring (temp);
+ goto add_string;
+
+***************
+*** 7809,7815 ****
+ case 'h':
+ case 'H':
+! temp = savestring (current_host_name);
+! if (c == 'h' && (t = (char *)strchr (temp, '.')))
+ *t = '\0';
+ goto add_string;
+
+--- 7813,7827 ----
+ case 'h':
+ case 'H':
+! t_host = savestring (current_host_name);
+! if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+ *t = '\0';
++ if (promptvars || posixly_correct)
++ /* Make sure that expand_prompt_string is called with a
++ second argument of Q_DOUBLE_QUOTES if we use this
++ function here. */
++ temp = sh_backslash_quote_for_double_quotes (t_host);
++ else
++ temp = savestring (t_host);
++ free (t_host);
+ goto add_string;
+
+