notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
All times are UTC
non port: shells/bash/files/extrapatch-import-functions

Number of commits found: 3

Fri, 30 Sep 2016
[ 17:19 ehaupt search for other commits by this committer ] Original commit   Revision:423003
Update to 4.4

Differential Revision:
Sun, 28 Sep 2014
[ 16:47 bdrewery search for other commits by this committer ] Original commit   Revision:369467
- Update to patchlevel 27 which changes how functions are exported.
  This should eliminate the recent vulnerabilities, but keep the
  requirement for --import-functions/IMPORTFUNCTIONS option for now.
- Loosen the --import-functions requirement so it is not needed when running
  an interactive shell. It is already disallowed for privileged/setuid mode.
- Show an error on stderr when an imported function is ignored.
Fri, 26 Sep 2014
[ 20:33 bdrewery search for other commits by this committer ] Original commit   Revision:369341
Disable function importing from the environment by default.  This can be
enabled by using --import-functions or enabling the IMPORTFUNCTIONS option.

This removes the risk of further parser bugs leading to code execution, as
well as the risk to setuid scripts and poorly written applications that
do not cleanse their environment [1][2].

Also note that there is an unofficial 4.3.26 floating around that has not yet
been officially released.  r369261 covers the change in 4.3.26.

See also: [1] [2] [3]

Obtained from:	NetBSD (based on) [3]
PR:		193932
Reviewed by:	Eric Vangyzen
With hat:	portmgr

Number of commits found: 3