diff options
author | Johannes Jost Meixner <xmj@FreeBSD.org> | 2014-09-26 17:06:49 +0000 |
---|---|---|
committer | Johannes Jost Meixner <xmj@FreeBSD.org> | 2014-09-26 17:06:49 +0000 |
commit | 21761d945c2348f893f180bd961c5f5a92001f6a (patch) | |
tree | 32d57c663b66299d796f56ae8d68c5d1da0de2c1 /emulators | |
parent | 6a6123d47eb78b4c00013d9411cf8a30e91533f5 (diff) | |
download | ports-21761d945c2348f893f180bd961c5f5a92001f6a.tar.gz ports-21761d945c2348f893f180bd961c5f5a92001f6a.zip |
emulators/linux_base-c6: Use a CVE-free version of bash
Bash 4.1.2 as shipped with this Linux base port is vulnerable to
CVE-2014-6271 and CVE-2014-7169. As EL6 policy is to backport security
patches, use a RPM that is not vulnerable to either remote code execution
vulnerability.
While here:
- Add the proper UDPATES Master site
- remove sample files installation from Makefile, in favor of @sample
Approved by: swills (mentor)
Security: 71ad81da-4414-11e4-a33e-3c970e169bc2
Notes
Notes:
svn path=/head/; revision=369331
Diffstat (limited to 'emulators')
-rw-r--r-- | emulators/linux_base-c6/Makefile | 21 | ||||
-rw-r--r-- | emulators/linux_base-c6/distinfo.i686 | 8 | ||||
-rw-r--r-- | emulators/linux_base-c6/pkg-plist | 10 |
3 files changed, 15 insertions, 24 deletions
diff --git a/emulators/linux_base-c6/Makefile b/emulators/linux_base-c6/Makefile index b13198592e06..0a600a7d776f 100644 --- a/emulators/linux_base-c6/Makefile +++ b/emulators/linux_base-c6/Makefile @@ -3,8 +3,10 @@ PORTNAME= c6 PORTVERSION= 6.5 +PORTREVISION= 1 CATEGORIES= emulators linux -MASTER_SITES= http://mirror.centos.org/centos/6/os/i386/Packages/ +MASTER_SITES= http://mirror.centos.org/centos/6/os/i386/Packages/ \ + http://mirror.centos.org/centos/6/updates/i386/Packages/ PKGNAMEPREFIX= linux_base- DISTFILES= ${BIN_DISTFILES} ${SRC_DISTFILES} EXTRACT_ONLY= ${BIN_DISTFILES} @@ -17,7 +19,7 @@ LINUX_DIST_VER=6.5 DIST_SUBDIR= rpm/${LINUX_RPM_ARCH}/${LINUX_DIST}/${LINUX_DIST_VER} BIN_DISTFILES= basesystem-10.0-4.el6.noarch.rpm \ - bash-4.1.2-15.el6_4.${LINUX_RPM_ARCH}.rpm \ + bash-4.1.2-15.el6_5.2.${LINUX_RPM_ARCH}.rpm \ bzip2-1.0.5-7.el6_0.${LINUX_RPM_ARCH}.rpm \ bzip2-libs-1.0.5-7.el6_0.${LINUX_RPM_ARCH}.rpm \ compat-db43-4.3.29-15.el6.${LINUX_RPM_ARCH}.rpm \ @@ -68,10 +70,11 @@ BIN_DISTFILES= basesystem-10.0-4.el6.noarch.rpm \ zlib-1.2.3-29.el6.${LINUX_RPM_ARCH}.rpm .if defined(PACKAGE_BUILDING) -MASTER_SITES+= http://vault.centos.org/${PORTVERSION}/os/Source/SPackages/ +MASTER_SITES+= http://vault.centos.org/${PORTVERSION}/os/Source/SPackages/ \ + http://vault.centos.org/6.5/updates/Source/SPackages/:updates SRC_DISTFILES= basesystem-10.0-4.el6.src.rpm \ - bash-4.1.2-15.el6_4.src.rpm \ + bash-4.1.2-15.el6_5.2.src.rpm:updates \ bzip2-1.0.5-7.el6_0.src.rpm \ coreutils-8.4-31.el6.src.rpm \ compat-db-4.6.21-15.el6.src.rpm \ @@ -201,7 +204,7 @@ do-build: # # If ${PREFIX}/etc/krb5.conf exists, don't touch it # - @${MV} ${WRKSRC}/etc/krb5.conf ${WRKSRC}/etc/krb5.conf.dist + @${MV} ${WRKSRC}/etc/krb5.conf ${WRKSRC}/etc/krb5.conf.sample # Fix usr/bin/*db4* permissions to allow "portupgrade -s" # @${CHMOD} u+w ${WRKSRC}/usr/bin/*db4* @@ -234,12 +237,4 @@ do-install: # @${INSTALL_SCRIPT} ${FILESDIR}/lp ${STAGEDIR}${PREFIX}/usr/bin -post-install: - if [ ! -f ${PREFIX}/etc/krb5.conf ] ; then \ - ${CP} -p ${STAGEDIR}${PREFIX}/etc/krb5.conf.dist ${STAGEDIR}${PREFIX}/etc/krb5.conf ; \ - fi - if [ ! -f ${PREFIX}/etc/yp.conf ] ; then \ - ${CP} -p ${STAGEDIR}${PREFIX}/etc/yp.conf.sample ${STAGEDIR}${PREFIX}/etc/yp.conf ; \ - fi - .include <bsd.port.post.mk> diff --git a/emulators/linux_base-c6/distinfo.i686 b/emulators/linux_base-c6/distinfo.i686 index 5a9e7022bec9..7e5d25ce57eb 100644 --- a/emulators/linux_base-c6/distinfo.i686 +++ b/emulators/linux_base-c6/distinfo.i686 @@ -1,7 +1,7 @@ SHA256 (rpm/i686/centos/6.5/basesystem-10.0-4.el6.noarch.rpm) = 18860007697438e375733bb4a36a599daac2e2ae95d98a74c436a10d0974710e SIZE (rpm/i686/centos/6.5/basesystem-10.0-4.el6.noarch.rpm) = 4784 -SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.i686.rpm) = 81bc62e6d2396a462ea898f2c91c97578ad2d744af4588686602ffc3bec47420 -SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.i686.rpm) = 907712 +SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.i686.rpm) = 28a674dd09ca395b3021749ebf8928806ae981a325c02b8ead070e75cdae2cab +SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.i686.rpm) = 908364 SHA256 (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.i686.rpm) = 37883219612b1ffa199f5a7227fcd165687a24e5c7c291c579647d1563777e47 SIZE (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.i686.rpm) = 49428 SHA256 (rpm/i686/centos/6.5/bzip2-libs-1.0.5-7.el6_0.i686.rpm) = d3424f4610860e7f8f444cc3cddf51cd75f5e58ca0ecffc8bdbbcb5f8fe1b0d1 @@ -100,8 +100,8 @@ SHA256 (rpm/i686/centos/6.5/zlib-1.2.3-29.el6.i686.rpm) = 1e40dce8a497f740b22d20 SIZE (rpm/i686/centos/6.5/zlib-1.2.3-29.el6.i686.rpm) = 74284 SHA256 (rpm/i686/centos/6.5/basesystem-10.0-4.el6.src.rpm) = 18d3bd0580f40bdc208773f26b424fa1975fad70fae9f179c52337a8f80ade76 SIZE (rpm/i686/centos/6.5/basesystem-10.0-4.el6.src.rpm) = 5949 -SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.src.rpm) = 17e92fbaf55ef5fbaccc7e28761edaaa1d18ede8e330fb20a40a27d27605003c -SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.src.rpm) = 6663735 +SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.src.rpm) = d0a8f52d7db4c729c17188a2bd690aff2371f8ac86900dabb14b0df5aa1ff6a5 +SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.src.rpm) = 6668343 SHA256 (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.src.rpm) = 99a3d6a620f9f427aaeba974ae06234d0a771231730de7e203b97dce1dbf1931 SIZE (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.src.rpm) = 855419 SHA256 (rpm/i686/centos/6.5/coreutils-8.4-31.el6.src.rpm) = 0e39f22a1ea12009f7e95811003d4b56b99fc2ea77b5bf3ebc716f3ae5a15b83 diff --git a/emulators/linux_base-c6/pkg-plist b/emulators/linux_base-c6/pkg-plist index 2caa204580ce..76e75fc17153 100644 --- a/emulators/linux_base-c6/pkg-plist +++ b/emulators/linux_base-c6/pkg-plist @@ -72,9 +72,6 @@ etc/hosts.deny etc/inputrc etc/issue etc/issue.net -@unexec if cmp -s %D/etc/krb5.conf.dist %D/etc/krb5.conf ; then rm -f %D/etc/krb5.conf ; fi -etc/krb5.conf.dist -@exec if [ ! -f %D/etc/krb5.conf ] ; then cp -p %D/%F %B/krb5.conf ; fi etc/ld.so.cache etc/ld.so.conf etc/mke2fs.conf @@ -121,9 +118,6 @@ etc/skel/.bashrc etc/system-release etc/system-release-cpe etc/udev/rules.d/60-raw.rules -@unexec if cmp -s %D/etc/yp.conf.sample %D/etc/yp.conf ; then rm -f %D/etc/yp.cpnf ; fi -etc/yp.conf.sample -@exec if [ ! -f %D/etc/yp.conf ] ; then cp -p %D/%F %B/yp.conf ; fi etc/yum.repos.d/CentOS-Base.repo etc/yum.repos.d/CentOS-Debuginfo.repo etc/yum.repos.d/CentOS-Media.repo @@ -2317,8 +2311,11 @@ usr/share/man/man8/switch_root.8.gz usr/share/man/man8/tunelp.8.gz usr/share/man/man8/umount.8.gz usr/share/man/man8/wipefs.8.gz +usr/tmp @unexec rm -f %D/var/cache/ldconfig/aux-cache var/mail +@sample etc/krb5.conf.sample +@sample etc/yp.conf.sample @dirrm bin @dirrm var/yp @dirrm var/spool/mail @@ -2339,7 +2336,6 @@ var/mail @dirrm var/cache/ldconfig @dirrm var/cache @dirrm var -@dirrm usr/tmp @dirrm usr/src/kernels @dirrm usr/src/debug @dirrm usr/src |