From 2dd9420b25b51fc417d90da0409412b8b9693b6b Mon Sep 17 00:00:00 2001
From: Juan RP <xtraeme@gmail.com>
Date: Thu, 25 Sep 2014 20:29:21 +0200
Subject: [PATCH] bash: update to patchlevel 025 and apply 2nd patch for
 CVE-2014-6271.

See http://seclists.org/oss-sec/2014/q3/690
---
 srcpkgs/bash/patches/eol-pushback.patch       | 13 +++
 srcpkgs/bash/patches/funcdef-import-4.3.patch | 93 -------------------
 srcpkgs/bash/template                         |  7 +-
 srcpkgs/chroot-bash/template                  | 29 +++++-
 4 files changed, 41 insertions(+), 101 deletions(-)
 create mode 100644 srcpkgs/bash/patches/eol-pushback.patch
 delete mode 100644 srcpkgs/bash/patches/funcdef-import-4.3.patch

diff --git a/srcpkgs/bash/patches/eol-pushback.patch b/srcpkgs/bash/patches/eol-pushback.patch
new file mode 100644
index 0000000000..e78bf7339b
--- /dev/null
+++ b/srcpkgs/bash/patches/eol-pushback.patch
@@ -0,0 +1,13 @@
+CVE-2014-6271: remote code execution through bash (2/2)
+
+*** parse.y	2014-08-26 15:09:42.000000000 -0400
+--- parse.y	2014-09-24 22:47:28.000000000 -0400
+***************
+*** 2959,2962 ****
+--- 2959,2964 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
diff --git a/srcpkgs/bash/patches/funcdef-import-4.3.patch b/srcpkgs/bash/patches/funcdef-import-4.3.patch
deleted file mode 100644
index c1fb0af75c..0000000000
--- a/srcpkgs/bash/patches/funcdef-import-4.3.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-CVE-2014-6271: remote code execution through bash
-
-*** builtins/common.h	2013-07-08 16:54:47.000000000 -0400
---- builtins/common.h	2014-09-12 14:25:47.000000000 -0400
-***************
-*** 34,37 ****
---- 49,54 ----
-  #define SEVAL_PARSEONLY	0x020
-  #define SEVAL_NOLONGJMP 0x040
-+ #define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
-+ #define SEVAL_ONECMD	0x100		/* only allow a single command */
-  
-  /* Flags for describe_command, shared between type.def and command.def */
-*** builtins/evalstring.c	2014-02-11 09:42:10.000000000 -0500
---- builtins/evalstring.c	2014-09-14 14:15:13.000000000 -0400
-***************
-*** 309,312 ****
---- 313,324 ----
-  	      struct fd_bitmap *bitmap;
-  
-+ 	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
-+ 		{
-+ 		  internal_warning ("%s: ignoring function definition attempt", from_file);
-+ 		  should_jump_to_top_level = 0;
-+ 		  last_result = last_command_exit_value = EX_BADUSAGE;
-+ 		  break;
-+ 		}
-+ 
-  	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
-  	      begin_unwind_frame ("pe_dispose");
-***************
-*** 369,372 ****
---- 381,387 ----
-  	      dispose_fd_bitmap (bitmap);
-  	      discard_unwind_frame ("pe_dispose");
-+ 
-+ 	      if (flags & SEVAL_ONECMD)
-+ 		break;
-  	    }
-  	}
-*** variables.c	2014-05-15 08:26:50.000000000 -0400
---- variables.c	2014-09-14 14:23:35.000000000 -0400
-***************
-*** 359,369 ****
-  	  strcpy (temp_string + char_index + 1, string);
-  
-! 	  if (posixly_correct == 0 || legal_identifier (name))
-! 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
-! 
-! 	  /* Ancient backwards compatibility.  Old versions of bash exported
-! 	     functions like name()=() {...} */
-! 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
-! 	    name[char_index - 2] = '\0';
-  
-  	  if (temp_var = find_function (name))
---- 364,372 ----
-  	  strcpy (temp_string + char_index + 1, string);
-  
-! 	  /* Don't import function names that are invalid identifiers from the
-! 	     environment, though we still allow them to be defined as shell
-! 	     variables. */
-! 	  if (legal_identifier (name))
-! 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
-  
-  	  if (temp_var = find_function (name))
-***************
-*** 382,389 ****
-  	      report_error (_("error importing function definition for `%s'"), name);
-  	    }
-- 
-- 	  /* ( */
-- 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
-- 	    name[char_index - 2] = '(';		/* ) */
-  	}
-  #if defined (ARRAY_VARS)
---- 385,388 ----
-*** subst.c	2014-08-11 11:16:35.000000000 -0400
---- subst.c	2014-09-12 15:31:04.000000000 -0400
-***************
-*** 8048,8052 ****
-  	  goto return0;
-  	}
-!       else if (var = find_variable_last_nameref (temp1))
-  	{
-  	  temp = nameref_cell (var);
---- 8118,8124 ----
-  	  goto return0;
-  	}
-!       else if (var && (invisible_p (var) || var_isset (var) == 0))
-! 	temp = (char *)NULL;
-!       else if ((var = find_variable_last_nameref (temp1)) && var_isset (var) && invisible_p (var) == 0)
-  	{
-  	  temp = nameref_cell (var);
diff --git a/srcpkgs/bash/template b/srcpkgs/bash/template
index 3d94b82665..c79751402f 100644
--- a/srcpkgs/bash/template
+++ b/srcpkgs/bash/template
@@ -1,9 +1,9 @@
 # Template build file for 'bash'.
 pkgname=bash
 _bash_distver=4.3
-_bash_patchlevel=024
+_bash_patchlevel=025
 version=${_bash_distver}.${_bash_patchlevel}
-revision=2
+revision=1
 wrksrc=${pkgname}-${_bash_distver}
 build_style=gnu-configure
 configure_args="--without-bash-malloc --with-curses --with-installed-readline"
@@ -22,7 +22,6 @@ pre_configure() {
 	local url="http://ftp.gnu.org/gnu/bash/bash-${_bash_distver}-patches"
 	local ver=$(echo ${_bash_distver}|sed "s|\.||g")
 
-	cd ${XBPS_SRCDISTDIR}/${pkgname}-${version}
 	if [ "${_bash_patchlevel}" -gt 000 ]; then
 		for p in $(seq -w 001 ${_bash_patchlevel}); do
 			if [ -f bash${ver}-${p} ]; then
@@ -34,7 +33,7 @@ pre_configure() {
 	fi
 	cd ${wrksrc}
 	for p in $(seq -w 001 ${_bash_patchlevel}); do
-		patch -sNp0 -i ${XBPS_SRCDISTDIR}/${pkgname}-${version}/bash${ver}-${p}
+		patch -sNp0 -i bash${ver}-${p}
 		msg_normal " Applying patch bash${ver}-$p.\n"
 	done
 }
diff --git a/srcpkgs/chroot-bash/template b/srcpkgs/chroot-bash/template
index cec2b294ef..4c6f2ae23e 100644
--- a/srcpkgs/chroot-bash/template
+++ b/srcpkgs/chroot-bash/template
@@ -1,15 +1,17 @@
 # Template build file for 'chroot-bash'.
 pkgname=chroot-bash
-version=4.3
-revision=3
-wrksrc="bash-${version}"
+_bash_distver=4.3
+_bash_patchlevel=025
+version=${_bash_distver}.${_bash_patchlevel}
+revision=1
+wrksrc="bash-${_bash_distver}"
 build_style=gnu-configure
 configure_args="--without-bash-malloc --without-curses --without-installed-readline --disable-nls"
 short_desc="The GNU Bourne Again Shell -- for xbps-src use"
 maintainer="Juan RP <xtraeme@gmail.com>"
 homepage="http://www.gnu.org/software/bash/bash.html"
 license="GPL-3"
-distfiles="http://ftp.gnu.org/gnu/bash/bash-${version}.tar.gz"
+distfiles="http://ftp.gnu.org/gnu/bash/bash-${_bash_distver}.tar.gz"
 checksum=afc687a28e0e24dc21b988fa159ff9dbcf6b7caa92ade8645cc6d5605cd024d4
 
 broken_as_needed=yes
@@ -17,6 +19,25 @@ bootstrap=yes
 provides="bash-${version}_${revision}"
 conflicts="bash>=0"
 
+pre_configure() {
+	local url="http://ftp.gnu.org/gnu/bash/bash-${_bash_distver}-patches"
+	local ver=$(echo ${_bash_distver}|sed "s|\.||g")
+
+	if [ "${_bash_patchlevel}" -gt 000 ]; then
+		for p in $(seq -w 001 ${_bash_patchlevel}); do
+			if [ -f bash${ver}-${p} ]; then
+				continue
+			fi
+			msg_normal " Fetching ${url}/bash${ver}-$p ...\n"
+			$XBPS_FETCH_CMD ${url}/bash${ver}-$p
+		done
+	fi
+	cd ${wrksrc}
+	for p in $(seq -w 001 ${_bash_patchlevel}); do
+		patch -sNp0 -i bash${ver}-${p}
+		msg_normal " Applying patch bash${ver}-$p.\n"
+	done
+}
 post_install() {
 	ln -s /bin/bash ${DESTDIR}/usr/bin/sh
 	rm -rf ${DESTDIR}/usr/share