summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHank Leininger <hlein@korelogic.com>2019-12-11 15:06:45 -0700
committerLars Wendler <polynomial-c@gentoo.org>2021-01-07 01:48:45 +0100
commitba53be405112d10b85e88cc2637156804b88bd91 (patch)
tree55236cd8357c225126f7629736f377a8cd9386db /app-shells/bash
parentapp-arch/lzlib: Bump to 1.12 (diff)
downloadgentoo-ba53be405112d10b85e88cc2637156804b88bd91.tar.gz
gentoo-ba53be405112d10b85e88cc2637156804b88bd91.tar.bz2
gentoo-ba53be405112d10b85e88cc2637156804b88bd91.zip
app-shells/bash: fix CVE-2019-18276 (priv-dropping bug)
Cherry-picked the relevant parts of https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaad7a18cc0dc1036bba86b18b90874d39ff and modified the patches to apply. Note that the existing bash-5.0*patch files are applied with -p0, which is not the norm for eapply, etc. I simply followed what was required to work with the rest of the existing patches. Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/702488 Package-Manager: Portage-2.3.81, Repoman-2.3.18 Closes: https://github.com/gentoo/gentoo/pull/13941 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'app-shells/bash')
-rw-r--r--app-shells/bash/bash-5.0_p11-r1.ebuild266
-rw-r--r--app-shells/bash/files/bash-5.0_p11-disable_priv_mode.patch85
2 files changed, 351 insertions, 0 deletions
diff --git a/app-shells/bash/bash-5.0_p11-r1.ebuild b/app-shells/bash/bash-5.0_p11-r1.ebuild
new file mode 100644
index 000000000000..a6cf9c086ced
--- /dev/null
+++ b/app-shells/bash/bash-5.0_p11-r1.ebuild
@@ -0,0 +1,266 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic toolchain-funcs multilib prefix
+
+# Official patchlevel
+# See ftp://ftp.cwru.edu/pub/bash/bash-5.0-patches/
+PLEVEL=${PV##*_p}
+MY_PV=${PV/_p*}
+MY_PV=${MY_PV/_/-}
+MY_P=${PN}-${MY_PV}
+is_release() {
+ case ${PV} in
+ *_alpha*|*_beta*|*_rc*) return 1 ;;
+ *) return 0 ;;
+ esac
+}
+[[ ${PV} != *_p* ]] && PLEVEL=0
+patches() {
+ local opt=$1 plevel=${2:-${PLEVEL}} pn=${3:-${PN}} pv=${4:-${MY_PV}}
+ [[ ${plevel} -eq 0 ]] && return 1
+ eval set -- {1..${plevel}}
+ set -- $(printf "${pn}${pv/\.}-%03d " "$@")
+ if [[ ${opt} == -s ]] ; then
+ echo "${@/#/${DISTDIR}/}"
+ else
+ local u
+ for u in ftp://ftp.cwru.edu/pub/bash mirror://gnu/${pn} ; do
+ printf "${u}/${pn}-${pv}-patches/%s " "$@"
+ done
+ fi
+}
+
+# The version of readline this bash normally ships with.
+READLINE_VER="8.0"
+
+DESCRIPTION="The standard GNU Bourne again shell"
+HOMEPAGE="http://tiswww.case.edu/php/chet/bash/bashtop.html"
+if is_release ; then
+ SRC_URI="mirror://gnu/bash/${MY_P}.tar.gz $(patches)"
+else
+ SRC_URI="ftp://ftp.cwru.edu/pub/bash/${MY_P}.tar.gz"
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="afs bashlogger examples mem-scramble +net nls plugins +readline"
+
+DEPEND="
+ >=sys-libs/ncurses-5.2-r2:0=
+ nls? ( virtual/libintl )
+ readline? ( >=sys-libs/readline-${READLINE_VER}:0= )
+"
+RDEPEND="
+ ${DEPEND}
+ !<sys-apps/portage-2.1.6.7_p1
+"
+# we only need yacc when the .y files get patched (bash42-005)
+#DEPEND+=" virtual/yacc"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=(
+ # Patches from Chet sent to bashbug ml
+ "${FILESDIR}"/${PN}-5.0-history-append.patch
+ "${FILESDIR}"/${PN}-5.0-syslog-history-extern.patch
+ # fix CVE-2019-18276 #702488
+ "${FILESDIR}"/${PN}-5.0_p11-disable_priv_mode.patch
+)
+
+pkg_setup() {
+ if is-flag -malign-double ; then #7332
+ eerror "Detected bad CFLAGS '-malign-double'. Do not use this"
+ eerror "as it breaks LFS (struct stat64) on x86."
+ die "remove -malign-double from your CFLAGS mr ricer"
+ fi
+ if use bashlogger ; then
+ ewarn "The logging patch should ONLY be used in restricted (i.e. honeypot) envs."
+ ewarn "This will log ALL output you enter into the shell, you have been warned."
+ fi
+}
+
+src_unpack() {
+ unpack ${MY_P}.tar.gz
+}
+
+src_prepare() {
+ # Include official patches
+ [[ ${PLEVEL} -gt 0 ]] && eapply -p0 $(patches -s)
+
+ # Clean out local libs so we know we use system ones w/releases.
+ if is_release ; then
+ rm -rf lib/{readline,termcap}/*
+ touch lib/{readline,termcap}/Makefile.in # for config.status
+ sed -ri -e 's:\$[(](RL|HIST)_LIBSRC[)]/[[:alpha:]]*.h::g' Makefile.in || die
+ fi
+
+ # Prefixify hardcoded path names. No-op for non-prefix.
+ hprefixify pathnames.h.in
+
+ # Avoid regenerating docs after patches #407985
+ sed -i -r '/^(HS|RL)USER/s:=.*:=:' doc/Makefile.in || die
+ touch -r . doc/*
+
+ eapply -p0 "${PATCHES[@]}"
+ eapply_user
+}
+
+src_configure() {
+ local myconf=(
+ --disable-profiling
+ --docdir='$(datarootdir)'/doc/${PF}
+ --htmldir='$(docdir)/html'
+ --with-curses
+ $(use_enable mem-scramble)
+ $(use_enable net net-redirections)
+ $(use_enable readline)
+ $(use_enable readline bang-history)
+ $(use_enable readline history)
+ $(use_with afs)
+ $(use_with mem-scramble bash-malloc)
+ )
+
+ # For descriptions of these, see config-top.h
+ # bashrc/#26952 bash_logout/#90488 ssh/#24762 mktemp/#574426
+ append-cppflags \
+ -DDEFAULT_PATH_VALUE=\'\"${EPREFIX}/usr/local/sbin:${EPREFIX}/usr/local/bin:${EPREFIX}/usr/sbin:${EPREFIX}/usr/bin:${EPREFIX}/sbin:${EPREFIX}/bin\"\' \
+ -DSTANDARD_UTILS_PATH=\'\"${EPREFIX}/bin:${EPREFIX}/usr/bin:${EPREFIX}/sbin:${EPREFIX}/usr/sbin\"\' \
+ -DSYS_BASHRC=\'\"${EPREFIX}/etc/bash/bashrc\"\' \
+ -DSYS_BASH_LOGOUT=\'\"${EPREFIX}/etc/bash/bash_logout\"\' \
+ -DNON_INTERACTIVE_LOGIN_SHELLS \
+ -DSSH_SOURCE_BASHRC \
+ $(use bashlogger && echo -DSYSLOG_HISTORY)
+
+ # Don't even think about building this statically without
+ # reading Bug 7714 first. If you still build it statically,
+ # don't come crying to us with bugs ;).
+ #use static && export LDFLAGS="${LDFLAGS} -static"
+ use nls || myconf+=( --disable-nls )
+
+ # Historically, we always used the builtin readline, but since
+ # our handling of SONAME upgrades has gotten much more stable
+ # in the PM (and the readline ebuild itself preserves the old
+ # libs during upgrades), linking against the system copy should
+ # be safe.
+ # Exact cached version here doesn't really matter as long as it
+ # is at least what's in the DEPEND up above.
+ export ac_cv_rl_version=${READLINE_VER%%_*}
+
+ # Force linking with system curses ... the bundled termcap lib
+ # sucks bad compared to ncurses. For the most part, ncurses
+ # is here because readline needs it. But bash itself calls
+ # ncurses in one or two small places :(.
+
+ if is_release ; then
+ # Use system readline only with released versions.
+ myconf+=( --with-installed-readline=. )
+ fi
+
+ if use plugins; then
+ append-ldflags -Wl,-rpath,/usr/$(get_libdir)/bash
+ else
+ # Disable the plugins logic by hand since bash doesn't
+ # provide a way of doing it.
+ export ac_cv_func_dl{close,open,sym}=no \
+ ac_cv_lib_dl_dlopen=no ac_cv_header_dlfcn_h=no
+ sed -i \
+ -e '/LOCAL_LDFLAGS=/s:-rdynamic::' \
+ configure || die
+ fi
+ tc-export AR #444070
+ econf "${myconf[@]}"
+}
+
+src_compile() {
+ emake
+
+ if use plugins ; then
+ emake -C examples/loadables all others
+ fi
+}
+
+src_install() {
+ local d f
+
+ default
+
+ dodir /bin
+ mv "${ED}"/usr/bin/bash "${ED}"/bin/ || die
+ dosym bash /bin/rbash
+
+ insinto /etc/bash
+ doins "${FILESDIR}"/bash_logout
+ doins "$(prefixify_ro "${FILESDIR}"/bashrc)"
+ keepdir /etc/bash/bashrc.d
+ insinto /etc/skel
+ for f in bash{_logout,_profile,rc} ; do
+ newins "${FILESDIR}"/dot-${f} .${f}
+ done
+
+ local sed_args=(
+ -e "s:#${USERLAND}#@::"
+ -e '/#@/d'
+ )
+ if ! use readline ; then
+ sed_args+=( #432338
+ -e '/^shopt -s histappend/s:^:#:'
+ -e 's:use_color=true:use_color=false:'
+ )
+ fi
+ sed -i \
+ "${sed_args[@]}" \
+ "${ED}"/etc/skel/.bashrc \
+ "${ED}"/etc/bash/bashrc || die
+
+ if use plugins ; then
+ exeinto /usr/$(get_libdir)/bash
+ doexe $(echo examples/loadables/*.o | sed 's:\.o::g')
+ insinto /usr/include/bash-plugins
+ doins *.h builtins/*.h include/*.h lib/{glob/glob.h,tilde/tilde.h}
+ fi
+
+ if use examples ; then
+ for d in examples/{functions,misc,scripts,startup-files} ; do
+ exeinto /usr/share/doc/${PF}/${d}
+ insinto /usr/share/doc/${PF}/${d}
+ for f in ${d}/* ; do
+ if [[ ${f##*/} != PERMISSION ]] && [[ ${f##*/} != *README ]] ; then
+ doexe ${f}
+ else
+ doins ${f}
+ fi
+ done
+ done
+ fi
+
+ doman doc/*.1
+ newdoc CWRU/changelog ChangeLog
+ dosym bash.info /usr/share/info/bashref.info
+}
+
+pkg_preinst() {
+ if [[ -e ${EROOT}/etc/bashrc ]] && [[ ! -d ${EROOT}/etc/bash ]] ; then
+ mkdir -p "${EROOT}"/etc/bash
+ mv -f "${EROOT}"/etc/bashrc "${EROOT}"/etc/bash/
+ fi
+
+ if [[ -L ${EROOT}/bin/sh ]] ; then
+ # rewrite the symlink to ensure that its mtime changes. having /bin/sh
+ # missing even temporarily causes a fatal error with paludis.
+ local target=$(readlink "${EROOT}"/bin/sh)
+ local tmp=$(emktemp "${EROOT}"/bin)
+ ln -sf "${target}" "${tmp}"
+ mv -f "${tmp}" "${EROOT}"/bin/sh
+ fi
+}
+
+pkg_postinst() {
+ # If /bin/sh does not exist, provide it
+ if [[ ! -e ${EROOT}/bin/sh ]] ; then
+ ln -sf bash "${EROOT}"/bin/sh
+ fi
+}
diff --git a/app-shells/bash/files/bash-5.0_p11-disable_priv_mode.patch b/app-shells/bash/files/bash-5.0_p11-disable_priv_mode.patch
new file mode 100644
index 000000000000..9a05c8b8613f
--- /dev/null
+++ b/app-shells/bash/files/bash-5.0_p11-disable_priv_mode.patch
@@ -0,0 +1,85 @@
+diff -urP ../bash-5.0.orig/config.h.in config.h.in
+--- ../bash-5.0.orig/config.h.in 2018-12-04 09:54:17.000000000 -0700
++++ config.h.in 2019-12-10 11:34:42.157926317 -0700
+@@ -1,6 +1,6 @@
+ /* config.h -- Configuration file for bash. */
+
+-/* Copyright (C) 1987-2009,2011-2012 Free Software Foundation, Inc.
++/* Copyright (C) 1987-2009,2011-2012,2013-2019 Free Software Foundation, Inc.
+
+ This file is part of GNU Bash, the Bourne Again SHell.
+
+@@ -807,6 +807,14 @@
+ #undef HAVE_SETREGID
+ #undef HAVE_DECL_SETREGID
+
++/* Define if you have the setregid function. */
++#undef HAVE_SETRESGID
++#undef HAVE_DECL_SETRESGID
++
++/* Define if you have the setresuid function. */
++#undef HAVE_SETRESUID
++#undef HAVE_DECL_SETRESUID
++
+ /* Define if you have the setvbuf function. */
+ #undef HAVE_SETVBUF
+
+diff -urP ../bash-5.0.orig/configure configure
+--- ../bash-5.0.orig/configure 2019-01-02 07:43:31.000000000 -0700
++++ configure 2019-12-10 11:34:42.166926317 -0700
+@@ -10281,6 +10281,17 @@
+ #define HAVE_DECL_SETREGID $ac_have_decl
+ _ACEOF
+
++ac_fn_c_check_decl "$LINENO" "" "ac_cv_have_decl_" "$ac_includes_default"
++if test "x$ac_cv_have_decl_" = xyes; then :
++ ac_have_decl=1
++else
++ ac_have_decl=0
++fi
++
++cat >>confdefs.h <<_ACEOF
++#define HAVE_DECL_ $ac_have_decl
++_ACEOF
++(setresuid, setresgid)
+ ac_fn_c_check_decl "$LINENO" "strcpy" "ac_cv_have_decl_strcpy" "$ac_includes_default"
+ if test "x$ac_cv_have_decl_strcpy" = xyes; then :
+ ac_have_decl=1
+diff -urP ../bash-5.0.orig/configure.ac configure.ac
+--- ../bash-5.0.orig/configure.ac 2019-01-02 07:39:11.000000000 -0700
++++ configure.ac 2019-12-10 11:34:42.168926317 -0700
+@@ -810,6 +810,7 @@
+ AC_CHECK_DECLS([printf])
+ AC_CHECK_DECLS([sbrk])
+ AC_CHECK_DECLS([setregid])
++AC_CHECK_DECLS[(setresuid, setresgid])
+ AC_CHECK_DECLS([strcpy])
+ AC_CHECK_DECLS([strsignal])
+
+diff -urP ../bash-5.0.orig/shell.c shell.c
+--- ../bash-5.0.orig/shell.c 2018-12-06 09:28:21.000000000 -0700
++++ shell.c 2019-12-10 11:34:42.170926317 -0700
+@@ -1293,7 +1293,11 @@
+ {
+ int e;
+
++#if HAVE_DECL_SETRESUID
++ if (setresuid (current_user.uid, current_user.uid, current_user.uid) < 0)
++#else
+ if (setuid (current_user.uid) < 0)
++#endif
+ {
+ e = errno;
+ sys_error (_("cannot set uid to %d: effective uid %d"), current_user.uid, current_user.euid);
+@@ -1302,7 +1306,11 @@
+ exit (e);
+ #endif
+ }
++#if HAVE_DECL_SETRESGID
++ if (setresgid (current_user.gid, current_user.gid, current_user.gid) < 0)
++#else
+ if (setgid (current_user.gid) < 0)
++#endif
+ sys_error (_("cannot set gid to %d: effective gid %d"), current_user.gid, current_user.egid);
+
+ current_user.euid = current_user.uid;