bash: apply NetBSD patches to disable importing functions from environment.

This avoids completely shellshock. 1) $NetBSD: patch-shell.c,v 1.1 2014/09/25 20:28:32 christos Exp $ Add flag to disable importing of function unless explicitly enabled 2) $NetBSD: patch-variables.c,v 1.1 2014/09/25 20:28:32 christos Exp $ Only read functions from environment if flag is set.
2014-09-27 06:36:58 +02:00 · 2014-09-27 06:36:58 +02:00 · 1c22f1e6f3
parent 56dc0aa78a
commit 1c22f1e6f3
4 changed files with 47 additions and 2 deletions
--- a/srcpkgs/bash/patches/patch-shell.c
+++ b/srcpkgs/bash/patches/patch-shell.c
@ -0,0 +1,22 @@
+$NetBSD: patch-shell.c,v 1.1 2014/09/25 20:28:32 christos Exp $
+
+Add flag to disable importing of function unless explicitly enabled
+
+--- shell.c.christos	2014-01-14 08:04:32.000000000 -0500
+++ shell.c	2014-09-25 16:11:51.000000000 -0400
+@@ -229,6 +229,7 @@
+ #else
+ int posixly_correct = 0;	/* Non-zero means posix.2 superset. */
+ #endif
+int import_functions = 0;	/* Import functions from environment */
+ 
+ /* Some long-winded argument names.  These are obviously new. */
+ #define Int 1
+@@ -248,6 +249,7 @@
+   { "help", Int, &want_initial_help, (char **)0x0 },
+   { "init-file", Charp, (int *)0x0, &bashrc_file },
+   { "login", Int, &make_login_shell, (char **)0x0 },
+  { "import-functions", Int, &import_functions, (char **)0x0 },
+   { "noediting", Int, &no_line_editing, (char **)0x0 },
+   { "noprofile", Int, &no_profile, (char **)0x0 },
+   { "norc", Int, &no_rc, (char **)0x0 },
--- a/srcpkgs/bash/patches/patch-variables.c
+++ b/srcpkgs/bash/patches/patch-variables.c
@ -0,0 +1,23 @@
+$NetBSD: patch-variables.c,v 1.1 2014/09/25 20:28:32 christos Exp $
+
+Only read functions from environment if flag is set.
+
+--- variables.c.christos	2014-09-25 16:09:41.000000000 -0400
+++ variables.c	2014-09-25 16:12:10.000000000 -0400
+@@ -105,6 +105,7 @@
+ extern int assigning_in_environment;
+ extern int executing_builtin;
+ extern int funcnest_max;
+extern int import_functions;
+ 
+ #if defined (READLINE)
+ extern int no_line_editing;
+@@ -349,7 +350,7 @@
+ 
+       /* If exported function, define it now.  Don't import functions from
+ 	 the environment in privileged mode. */
+-      if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
+      if (import_functions && privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
+ 	{
+ 	  string_length = strlen (string);
+ 	  temp_string = (char *)xmalloc (3 + string_length + char_index);
--- a/srcpkgs/bash/template
+++ b/srcpkgs/bash/template
@ -3,7 +3,7 @@ pkgname=bash
 _bash_distver=4.3
 _bash_patchlevel=026
 version=${_bash_distver}.${_bash_patchlevel}
-revision=1
+revision=2
 wrksrc=${pkgname}-${_bash_distver}
 build_style=gnu-configure
 configure_args="--without-bash-malloc --with-curses --with-installed-readline"
--- a/srcpkgs/chroot-bash/template
+++ b/srcpkgs/chroot-bash/template
@ -3,7 +3,7 @@ pkgname=chroot-bash
 _bash_distver=4.3
 _bash_patchlevel=026
 version=${_bash_distver}.${_bash_patchlevel}
-revision=1
+revision=2
 wrksrc="bash-${_bash_distver}"
 build_style=gnu-configure
 configure_args="--without-bash-malloc --without-curses --without-installed-readline --disable-nls"