bash: 4.3.25 (addresses remote code exec vulnerability)

2026-04-23 12:10:06 +02:00 · 2014-09-24 19:57:21 -04:00
parent 81f3f8c9c3
commit ecbab95934
1 changed files with 19 additions and 8 deletions
--- a/app-shells/bash/bash-4.3.25.recipe
+++ b/app-shells/bash/bash-4.3.25.recipe
@@ -4,14 +4,14 @@ Bash is an sh-compatible command language interpreter that \
 executes commands read from the standard input or from a file. Bash also \
 incorporates useful features from the Korn and C shells (ksh and csh).
 "
-HOMEPAGE="http://tiswww.case.edu/php/chet/bash/bashtop.html"
-SRC_URI="ftp://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz"
+HOMEPAGE="http://www.gnu.org/software/bash/"
+SRC_URI="https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz"
 CHECKSUM_SHA256="afc687a28e0e24dc21b988fa159ff9dbcf6b7caa92ade8645cc6d5605cd024d4"
+SOURCE_DIR="bash-4.3"
 REVISION="1"
 LICENSE="GNU GPL v3"
-COPYRIGHT="1989, Brian Fox; 2010, Chet Ramey"
-
-ARCHITECTURES="?x86_gcc2 ?x86 ?x86_64"
+COPYRIGHT="2013 Free Software Foundation, Inc."
+ARCHITECTURES="x86_gcc2 x86 x86_64"

 PROVIDES="
 	bash = $portVersion
@@ -33,11 +33,22 @@ BUILD_REQUIRES="
 	cmd:bison
 	cmd:make
 	cmd:awk
+	cmd:wget
+	cmd:patch
 	"

-
-#PATCHES="
-#	"
+PATCH()
+{
+	# Yes, this is nasty. But the GNU guys don't seem to want to ship
+	# patch releases, instead they want to ship patches. Hence this.
+	mkdir -p patches
+	for i in {001..025}; do
+		wget "https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i" \
+			-O patches/bash43-$i.patch
+		patch -p0 <patches/bash43-$i.patch
+	done
+	rm -rf patches
+}

 BUILD()
 {