summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2017-06-17 23:02:51 +0200
committerLars Wendler <polynomial-c@gentoo.org>2017-06-17 23:36:48 +0200
commitcdc25db25fb17985242fb8bced2ba1f93d11d827 (patch)
tree66d662cafb705f4602f99a7c0d39ee5028b72ffb /app-shells
parentwww-servers/apache: Bump to version 2.4.26 (diff)
downloadgentoo-cdc25db25fb17985242fb8bced2ba1f93d11d827.tar.gz
gentoo-cdc25db25fb17985242fb8bced2ba1f93d11d827.tar.bz2
gentoo-cdc25db25fb17985242fb8bced2ba1f93d11d827.zip
app-shells/bash: Security cleanup (bug #608732)
Package-Manager: Portage-2.3.5, Repoman-2.3.2 Closes: https://github.com/gentoo/gentoo/pull/4953
Diffstat (limited to 'app-shells')
-rw-r--r--app-shells/bash/bash-4.4_p5-r1.ebuild255
1 files changed, 0 insertions, 255 deletions
diff --git a/app-shells/bash/bash-4.4_p5-r1.ebuild b/app-shells/bash/bash-4.4_p5-r1.ebuild
deleted file mode 100644
index 13d0e3e64517..000000000000
--- a/app-shells/bash/bash-4.4_p5-r1.ebuild
+++ /dev/null
@@ -1,255 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib prefix
-
-# Official patchlevel
-# See ftp://ftp.cwru.edu/pub/bash/bash-4.4-patches/
-PLEVEL=${PV##*_p}
-MY_PV=${PV/_p*}
-MY_PV=${MY_PV/_/-}
-MY_P=${PN}-${MY_PV}
-is_release() {
- case ${PV} in
- *_alpha*|*_beta*|*_rc*) return 1 ;;
- *) return 0 ;;
- esac
-}
-[[ ${PV} != *_p* ]] && PLEVEL=0
-patches() {
- local opt=$1 plevel=${2:-${PLEVEL}} pn=${3:-${PN}} pv=${4:-${MY_PV}}
- [[ ${plevel} -eq 0 ]] && return 1
- eval set -- {1..${plevel}}
- set -- $(printf "${pn}${pv/\.}-%03d " "$@")
- if [[ ${opt} == -s ]] ; then
- echo "${@/#/${DISTDIR}/}"
- else
- local u
- for u in ftp://ftp.cwru.edu/pub/bash mirror://gnu/${pn} ; do
- printf "${u}/${pn}-${pv}-patches/%s " "$@"
- done
- fi
-}
-
-# The version of readline this bash normally ships with.
-READLINE_VER="7.0"
-
-DESCRIPTION="The standard GNU Bourne again shell"
-HOMEPAGE="http://tiswww.case.edu/php/chet/bash/bashtop.html"
-if is_release ; then
- SRC_URI="mirror://gnu/bash/${MY_P}.tar.gz $(patches)"
-else
- SRC_URI="ftp://ftp.cwru.edu/pub/bash/${MY_P}.tar.gz"
-fi
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
-IUSE="afs bashlogger examples mem-scramble +net nls plugins +readline"
-
-DEPEND=">=sys-libs/ncurses-5.2-r2:0=
- readline? ( >=sys-libs/readline-${READLINE_VER}:0= )
- nls? ( virtual/libintl )"
-RDEPEND="${DEPEND}
- !<sys-apps/portage-2.1.6.7_p1
- !<sys-apps/paludis-0.26.0_alpha5"
-# we only need yacc when the .y files get patched (bash42-005)
-#DEPEND+=" virtual/yacc"
-
-S=${WORKDIR}/${MY_P}
-
-pkg_setup() {
- if is-flag -malign-double ; then #7332
- eerror "Detected bad CFLAGS '-malign-double'. Do not use this"
- eerror "as it breaks LFS (struct stat64) on x86."
- die "remove -malign-double from your CFLAGS mr ricer"
- fi
- if use bashlogger ; then
- ewarn "The logging patch should ONLY be used in restricted (i.e. honeypot) envs."
- ewarn "This will log ALL output you enter into the shell, you have been warned."
- fi
-}
-
-src_unpack() {
- unpack ${MY_P}.tar.gz
-}
-
-src_prepare() {
- # Include official patches
- [[ ${PLEVEL} -gt 0 ]] && epatch $(patches -s)
- epatch "${FILESDIR}"/${PN}-4.4-popd-offset-overflow.patch #600174
-
- # Clean out local libs so we know we use system ones w/releases.
- if is_release ; then
- rm -rf lib/{readline,termcap}/*
- touch lib/{readline,termcap}/Makefile.in # for config.status
- sed -ri -e 's:\$[(](RL|HIST)_LIBSRC[)]/[[:alpha:]]*.h::g' Makefile.in || die
- fi
-
- # Prefixify hardcoded path names. No-op for non-prefix.
- hprefixify pathnames.h.in
-
- # Avoid regenerating docs after patches #407985
- sed -i -r '/^(HS|RL)USER/s:=.*:=:' doc/Makefile.in || die
- touch -r . doc/*
-
- epatch_user
-}
-
-src_configure() {
- local myconf=()
-
- # For descriptions of these, see config-top.h
- # bashrc/#26952 bash_logout/#90488 ssh/#24762 mktemp/#574426
- append-cppflags \
- -DDEFAULT_PATH_VALUE=\'\"${EPREFIX}/usr/local/sbin:${EPREFIX}/usr/local/bin:${EPREFIX}/usr/sbin:${EPREFIX}/usr/bin:${EPREFIX}/sbin:${EPREFIX}/bin\"\' \
- -DSTANDARD_UTILS_PATH=\'\"${EPREFIX}/bin:${EPREFIX}/usr/bin:${EPREFIX}/sbin:${EPREFIX}/usr/sbin\"\' \
- -DSYS_BASHRC=\'\"${EPREFIX}/etc/bash/bashrc\"\' \
- -DSYS_BASH_LOGOUT=\'\"${EPREFIX}/etc/bash/bash_logout\"\' \
- -DNON_INTERACTIVE_LOGIN_SHELLS \
- -DSSH_SOURCE_BASHRC \
- $(use bashlogger && echo -DSYSLOG_HISTORY)
-
- # Don't even think about building this statically without
- # reading Bug 7714 first. If you still build it statically,
- # don't come crying to us with bugs ;).
- #use static && export LDFLAGS="${LDFLAGS} -static"
- use nls || myconf+=( --disable-nls )
-
- # Historically, we always used the builtin readline, but since
- # our handling of SONAME upgrades has gotten much more stable
- # in the PM (and the readline ebuild itself preserves the old
- # libs during upgrades), linking against the system copy should
- # be safe.
- # Exact cached version here doesn't really matter as long as it
- # is at least what's in the DEPEND up above.
- export ac_cv_rl_version=${READLINE_VER%%_*}
-
- # Force linking with system curses ... the bundled termcap lib
- # sucks bad compared to ncurses. For the most part, ncurses
- # is here because readline needs it. But bash itself calls
- # ncurses in one or two small places :(.
-
- if is_release ; then
- # Use system readline only with released versions.
- myconf+=( --with-installed-readline=. )
- fi
-
- if use plugins; then
- append-ldflags -Wl,-rpath,/usr/$(get_libdir)/bash
- else
- # Disable the plugins logic by hand since bash doesn't
- # provide a way of doing it.
- export ac_cv_func_dl{close,open,sym}=no \
- ac_cv_lib_dl_dlopen=no ac_cv_header_dlfcn_h=no
- sed -i \
- -e '/LOCAL_LDFLAGS=/s:-rdynamic::' \
- configure || die
- fi
- tc-export AR #444070
- econf \
- --docdir='$(datarootdir)'/doc/${PF} \
- --htmldir='$(docdir)/html' \
- --with-curses \
- $(use_with afs) \
- $(use_enable net net-redirections) \
- --disable-profiling \
- $(use_enable mem-scramble) \
- $(use_with mem-scramble bash-malloc) \
- $(use_enable readline) \
- $(use_enable readline history) \
- $(use_enable readline bang-history) \
- "${myconf[@]}"
-}
-
-src_compile() {
- emake
-
- if use plugins ; then
- emake -C examples/loadables all others
- fi
-}
-
-src_install() {
- local d f
-
- default
-
- dodir /bin
- mv "${ED}"/usr/bin/bash "${ED}"/bin/ || die
- dosym bash /bin/rbash
-
- insinto /etc/bash
- doins "${FILESDIR}"/bash_logout
- doins "$(prefixify_ro "${FILESDIR}"/bashrc)"
- keepdir /etc/bash/bashrc.d
- insinto /etc/skel
- for f in bash{_logout,_profile,rc} ; do
- newins "${FILESDIR}"/dot-${f} .${f}
- done
-
- local sed_args=(
- -e "s:#${USERLAND}#@::"
- -e '/#@/d'
- )
- if ! use readline ; then
- sed_args+=( #432338
- -e '/^shopt -s histappend/s:^:#:'
- -e 's:use_color=true:use_color=false:'
- )
- fi
- sed -i \
- "${sed_args[@]}" \
- "${ED}"/etc/skel/.bashrc \
- "${ED}"/etc/bash/bashrc || die
-
- if use plugins ; then
- exeinto /usr/$(get_libdir)/bash
- doexe $(echo examples/loadables/*.o | sed 's:\.o::g')
- insinto /usr/include/bash-plugins
- doins *.h builtins/*.h include/*.h lib/{glob/glob.h,tilde/tilde.h}
- fi
-
- if use examples ; then
- for d in examples/{functions,misc,scripts,startup-files} ; do
- exeinto /usr/share/doc/${PF}/${d}
- insinto /usr/share/doc/${PF}/${d}
- for f in ${d}/* ; do
- if [[ ${f##*/} != PERMISSION ]] && [[ ${f##*/} != *README ]] ; then
- doexe ${f}
- else
- doins ${f}
- fi
- done
- done
- fi
-
- doman doc/*.1
- newdoc CWRU/changelog ChangeLog
- dosym bash.info /usr/share/info/bashref.info
-}
-
-pkg_preinst() {
- if [[ -e ${EROOT}/etc/bashrc ]] && [[ ! -d ${EROOT}/etc/bash ]] ; then
- mkdir -p "${EROOT}"/etc/bash
- mv -f "${EROOT}"/etc/bashrc "${EROOT}"/etc/bash/
- fi
-
- if [[ -L ${EROOT}/bin/sh ]] ; then
- # rewrite the symlink to ensure that its mtime changes. having /bin/sh
- # missing even temporarily causes a fatal error with paludis.
- local target=$(readlink "${EROOT}"/bin/sh)
- local tmp=$(emktemp "${EROOT}"/bin)
- ln -sf "${target}" "${tmp}"
- mv -f "${tmp}" "${EROOT}"/bin/sh
- fi
-}
-
-pkg_postinst() {
- # If /bin/sh does not exist, provide it
- if [[ ! -e ${EROOT}/bin/sh ]] ; then
- ln -sf bash "${EROOT}"/bin/sh
- fi
-}