emulators/linux_base-c6: Use a CVE-free version of bash

Bash 4.1.2 as shipped with this Linux base port is vulnerable to CVE-2014-6271 and CVE-2014-7169. As EL6 policy is to backport security patches, use a RPM that is not vulnerable to either remote code execution vulnerability. While here: - Add the proper UDPATES Master site - remove sample files installation from Makefile, in favor of @sample Approved by: swills (mentor) Security: 71ad81da-4414-11e4-a33e-3c970e169bc2
svn path=/head/; revision=369331
2014-09-26 17:06:49 +00:00 · 2014-09-26 17:06:49 +00:00 · 21761d945c · 2021-03-31 03:12:20 +00:00
commit 21761d945c
parent 6a6123d47e
3 changed files with 15 additions and 24 deletions
--- a/emulators/linux_base-c6/Makefile
+++ b/emulators/linux_base-c6/Makefile
@ -3,8 +3,10 @@

 PORTNAME=		c6
 PORTVERSION=		6.5
+PORTREVISION=		1
 CATEGORIES=		emulators linux
-MASTER_SITES=	http://mirror.centos.org/centos/6/os/i386/Packages/
+MASTER_SITES=	http://mirror.centos.org/centos/6/os/i386/Packages/ \
+		http://mirror.centos.org/centos/6/updates/i386/Packages/
 PKGNAMEPREFIX=		linux_base-
 DISTFILES=		${BIN_DISTFILES} ${SRC_DISTFILES}
 EXTRACT_ONLY=		${BIN_DISTFILES}
@ -17,7 +19,7 @@ LINUX_DIST_VER=6.5
 DIST_SUBDIR=	rpm/${LINUX_RPM_ARCH}/${LINUX_DIST}/${LINUX_DIST_VER}

 BIN_DISTFILES=	basesystem-10.0-4.el6.noarch.rpm \
-		bash-4.1.2-15.el6_4.${LINUX_RPM_ARCH}.rpm \
+		bash-4.1.2-15.el6_5.2.${LINUX_RPM_ARCH}.rpm \
 		bzip2-1.0.5-7.el6_0.${LINUX_RPM_ARCH}.rpm \
 		bzip2-libs-1.0.5-7.el6_0.${LINUX_RPM_ARCH}.rpm \
 		compat-db43-4.3.29-15.el6.${LINUX_RPM_ARCH}.rpm \
@ -68,10 +70,11 @@ BIN_DISTFILES=	basesystem-10.0-4.el6.noarch.rpm \
 		zlib-1.2.3-29.el6.${LINUX_RPM_ARCH}.rpm

 .if defined(PACKAGE_BUILDING)
-MASTER_SITES+=	http://vault.centos.org/${PORTVERSION}/os/Source/SPackages/
+MASTER_SITES+=	http://vault.centos.org/${PORTVERSION}/os/Source/SPackages/ \
+		http://vault.centos.org/6.5/updates/Source/SPackages/:updates

 SRC_DISTFILES=	basesystem-10.0-4.el6.src.rpm \
-		bash-4.1.2-15.el6_4.src.rpm \
+		bash-4.1.2-15.el6_5.2.src.rpm:updates \
 		bzip2-1.0.5-7.el6_0.src.rpm \
 		coreutils-8.4-31.el6.src.rpm \
 		compat-db-4.6.21-15.el6.src.rpm \
@ -201,7 +204,7 @@ do-build:
 #
 # If ${PREFIX}/etc/krb5.conf exists, don't touch it
 #
-	@${MV} ${WRKSRC}/etc/krb5.conf ${WRKSRC}/etc/krb5.conf.dist
+	@${MV} ${WRKSRC}/etc/krb5.conf ${WRKSRC}/etc/krb5.conf.sample

 # Fix usr/bin/*db4* permissions to allow "portupgrade -s"
 #	@${CHMOD} u+w ${WRKSRC}/usr/bin/*db4*
@ -234,12 +237,4 @@ do-install:
 #
 	@${INSTALL_SCRIPT} ${FILESDIR}/lp ${STAGEDIR}${PREFIX}/usr/bin

-post-install:
-	if [ ! -f ${PREFIX}/etc/krb5.conf ] ; then \
-		${CP} -p ${STAGEDIR}${PREFIX}/etc/krb5.conf.dist ${STAGEDIR}${PREFIX}/etc/krb5.conf ; \
-	fi
-	if [ ! -f ${PREFIX}/etc/yp.conf ] ; then \
-		${CP} -p ${STAGEDIR}${PREFIX}/etc/yp.conf.sample ${STAGEDIR}${PREFIX}/etc/yp.conf ; \
-	fi
-
 .include <bsd.port.post.mk>
--- a/emulators/linux_base-c6/distinfo.i686
+++ b/emulators/linux_base-c6/distinfo.i686
@ -1,7 +1,7 @@
 SHA256 (rpm/i686/centos/6.5/basesystem-10.0-4.el6.noarch.rpm) = 18860007697438e375733bb4a36a599daac2e2ae95d98a74c436a10d0974710e
 SIZE (rpm/i686/centos/6.5/basesystem-10.0-4.el6.noarch.rpm) = 4784
-SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.i686.rpm) = 81bc62e6d2396a462ea898f2c91c97578ad2d744af4588686602ffc3bec47420
-SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.i686.rpm) = 907712
+SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.i686.rpm) = 28a674dd09ca395b3021749ebf8928806ae981a325c02b8ead070e75cdae2cab
+SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.i686.rpm) = 908364
 SHA256 (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.i686.rpm) = 37883219612b1ffa199f5a7227fcd165687a24e5c7c291c579647d1563777e47
 SIZE (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.i686.rpm) = 49428
 SHA256 (rpm/i686/centos/6.5/bzip2-libs-1.0.5-7.el6_0.i686.rpm) = d3424f4610860e7f8f444cc3cddf51cd75f5e58ca0ecffc8bdbbcb5f8fe1b0d1
@ -100,8 +100,8 @@ SHA256 (rpm/i686/centos/6.5/zlib-1.2.3-29.el6.i686.rpm) = 1e40dce8a497f740b22d20
 SIZE (rpm/i686/centos/6.5/zlib-1.2.3-29.el6.i686.rpm) = 74284
 SHA256 (rpm/i686/centos/6.5/basesystem-10.0-4.el6.src.rpm) = 18d3bd0580f40bdc208773f26b424fa1975fad70fae9f179c52337a8f80ade76
 SIZE (rpm/i686/centos/6.5/basesystem-10.0-4.el6.src.rpm) = 5949
-SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.src.rpm) = 17e92fbaf55ef5fbaccc7e28761edaaa1d18ede8e330fb20a40a27d27605003c
-SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_4.src.rpm) = 6663735
+SHA256 (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.src.rpm) = d0a8f52d7db4c729c17188a2bd690aff2371f8ac86900dabb14b0df5aa1ff6a5
+SIZE (rpm/i686/centos/6.5/bash-4.1.2-15.el6_5.2.src.rpm) = 6668343
 SHA256 (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.src.rpm) = 99a3d6a620f9f427aaeba974ae06234d0a771231730de7e203b97dce1dbf1931
 SIZE (rpm/i686/centos/6.5/bzip2-1.0.5-7.el6_0.src.rpm) = 855419
 SHA256 (rpm/i686/centos/6.5/coreutils-8.4-31.el6.src.rpm) = 0e39f22a1ea12009f7e95811003d4b56b99fc2ea77b5bf3ebc716f3ae5a15b83
--- a/emulators/linux_base-c6/pkg-plist
+++ b/emulators/linux_base-c6/pkg-plist
@ -72,9 +72,6 @@ etc/hosts.deny
 etc/inputrc
 etc/issue
 etc/issue.net
-@unexec if cmp -s %D/etc/krb5.conf.dist %D/etc/krb5.conf ; then rm -f %D/etc/krb5.conf ; fi
-etc/krb5.conf.dist
-@exec if [ ! -f %D/etc/krb5.conf ] ; then cp -p %D/%F %B/krb5.conf ; fi
 etc/ld.so.cache
 etc/ld.so.conf
 etc/mke2fs.conf
@ -121,9 +118,6 @@ etc/skel/.bashrc
 etc/system-release
 etc/system-release-cpe
 etc/udev/rules.d/60-raw.rules
-@unexec if cmp -s %D/etc/yp.conf.sample %D/etc/yp.conf ; then rm -f %D/etc/yp.cpnf ; fi
-etc/yp.conf.sample
-@exec if [ ! -f %D/etc/yp.conf ] ; then cp -p %D/%F %B/yp.conf ; fi
 etc/yum.repos.d/CentOS-Base.repo
 etc/yum.repos.d/CentOS-Debuginfo.repo
 etc/yum.repos.d/CentOS-Media.repo
@ -2317,8 +2311,11 @@ usr/share/man/man8/switch_root.8.gz
 usr/share/man/man8/tunelp.8.gz
 usr/share/man/man8/umount.8.gz
 usr/share/man/man8/wipefs.8.gz
+usr/tmp
@unexec rm -f %D/var/cache/ldconfig/aux-cache
 var/mail
+@sample etc/krb5.conf.sample
+@sample etc/yp.conf.sample
@dirrm bin
@dirrm var/yp
@dirrm var/spool/mail
@ -2339,7 +2336,6 @@ var/mail
@dirrm var/cache/ldconfig
@dirrm var/cache
@dirrm var
-@dirrm usr/tmp
@dirrm usr/src/kernels
@dirrm usr/src/debug
@dirrm usr/src