Fri Sep 26 22:23:32 UTC 2014

a/bash-4.3.026-x86_64-1.txz:  Upgraded.
  This is essentially a rebuild as the preliminary patch for CVE-2014-7169
  has been accepted by upstream and is now signed.  This also bumps the
  patchlevel, making it easy to tell this is the fixed version.
  Possibly more changes to come, given the ongoing discussions on oss-sec.

5 files changed, 61 insertions, 13 deletions

diff --git a/slackware64-current/source/a/bash/bash-4.3-patches/bash43-00a b/slackware64-current/source/a/bash/bash-4.3-patches/bash43-00a
deleted file mode 120000
index 366479fc7..000000000
--- a/slackware64-current/source/a/bash/bash-4.3-patches/bash43-00a
+++ /dev/null
@@ -1 +0,0 @@
-eol-pushback.patch
\ No newline at end of file
diff --git a/slackware64-current/source/a/bash/bash-4.3-patches/bash43-026 b/slackware64-current/source/a/bash/bash-4.3-patches/bash43-026
new file mode 100644
index 000000000..d5d5b1dd0
--- /dev/null
+++ b/slackware64-current/source/a/bash/bash-4.3-patches/bash43-026
@@ -0,0 +1,60 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.3
+Patch-ID:	bash43-026
+
+Bug-Reported-by:	Tavis Ormandy <taviso@cmpxchg8b.com>
+Bug-Reference-ID:
+Bug-Reference-URL:	http://twitter.com/taviso/statuses/514887394294652929
+
+Bug-Description:
+
+Under certain circumstances, bash can incorrectly save a lookahead character and
+return it on a subsequent call, even when reading a new line.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3.25/parse.y	2014-07-30 10:14:31.000000000 -0400
+--- parse.y	2014-09-25 20:20:21.000000000 -0400
+***************
+*** 2954,2957 ****
+--- 2954,2959 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+*** ../bash-4.3.25/y.tab.c	2014-07-30 10:14:32.000000000 -0400
+--- y.tab.c	2014-09-25 20:21:48.000000000 -0400
+***************
+*** 5266,5269 ****
+--- 5266,5271 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+***************
+*** 8540,8542 ****
+  }
+  #endif /* HANDLE_MULTIBYTE */
+- 
+--- 8542,8543 ----
+*** ../bash-4.3/patchlevel.h	2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h	2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 25
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 26
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/slackware64-current/source/a/bash/bash-4.3-patches/bash43-026.sig b/slackware64-current/source/a/bash/bash-4.3-patches/bash43-026.sig
new file mode 100644
index 000000000..6b9f01bd0
--- /dev/null
+++ b/slackware64-current/source/a/bash/bash-4.3-patches/bash43-026.sig
diff --git a/slackware64-current/source/a/bash/bash-4.3-patches/eol-pushback.patch b/slackware64-current/source/a/bash/bash-4.3-patches/eol-pushback.patch
deleted file mode 100644
index 964b91f51..000000000
--- a/slackware64-current/source/a/bash/bash-4.3-patches/eol-pushback.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-*** ../bash-20140912/parse.y	2014-08-26 15:09:42.000000000 -0400
---- parse.y	2014-09-24 22:47:28.000000000 -0400
-***************
-*** 2959,2962 ****
---- 2959,2964 ----
-    word_desc_to_read = (WORD_DESC *)NULL;
-  
-+   eol_ungetc_lookahead = 0;
-+ 
-    current_token = '\n';		/* XXX */
-    last_read_token = '\n';
diff --git a/slackware64-current/source/a/bash/bash.SlackBuild b/slackware64-current/source/a/bash/bash.SlackBuild
index 91e1fefae..98a375b42 100755
--- a/slackware64-current/source/a/bash/bash.SlackBuild
+++ b/slackware64-current/source/a/bash/bash.SlackBuild
@@ -31,7 +31,7 @@ fi
 PKG=$TMP/package-bash
 
 VERSION=${VERSION:-$(echo bash-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
 
 # Automatically determine the architecture we're building on:
 MARCH=$( uname -m )