ports/core (3.1): [notify] dhcpcd: update to 6.4.7
commit 21401f48463a8e561b3f124267053da0ff6ba367 Author: Juergen Daubert <jue@jue.li> Date: Sat Sep 27 11:48:05 2014 +0200 [notify] dhcpcd: update to 6.4.7 includes the following addition: * Sanitise the following characters using svis(3) with VIS_CTYLE and VIS_OCTAL: | ^ & ; < > ( ) $ ` \ " ' <tab> <newline> This allows a non buggy unvis(1) to decode it 100% and stays compatible with how dhcpcd used to handle encoding on most platforms. For systems that supply svis(3) there is a code reduction, for systems that do not, a slight code increase. This change mitigates systems affected by bash CVE-2014-6271 and CVE-2014-7169. Obviously the last one is quite important as DHCP/RA is one of the attack vectors the "shellshock" bug. As dhcpcd cannot know if /bin/sh is vulnerable (and as of now, bash is *still* vulnerable), it sanitises all the important shell characters as noted in IEEE Std 1003.1, 2004 Edition, 2. Shell Command Language, 2.2 Quoting with the exception of the space character. Full change log: http://roy.marples.name/archives/dhcpcd-discuss/2014/0811.html diff --git a/dhcpcd/.md5sum b/dhcpcd/.md5sum index 829d52f..ff0e011 100644 --- a/dhcpcd/.md5sum +++ b/dhcpcd/.md5sum @@ -1 +1 @@ -4272a7de51bf0ba2b5d4f602e7fa5691 dhcpcd-6.4.5.tar.bz2 +b2289237a5b666a11178a9517c3f1240 dhcpcd-6.4.7.tar.bz2 diff --git a/dhcpcd/Pkgfile b/dhcpcd/Pkgfile index 2dc04d1..ef8a4dd 100644 --- a/dhcpcd/Pkgfile +++ b/dhcpcd/Pkgfile @@ -4,7 +4,7 @@ # Depends on: eudev name=dhcpcd -version=6.4.5 +version=6.4.7 release=1 source=(http://roy.marples.name/downloads/dhcpcd/$name-$version.tar.bz2)
participants (1)
-
crux@crux.nu