* [ptxdist] [PATCH] bash: Version bump. 5.2.37 -> 5.3
@ 2025-07-07 16:27 Christian Melki
2025-07-12 15:48 ` [ptxdist] [APPLIED] " Michael Olbrich
0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2025-07-07 16:27 UTC (permalink / raw)
To: ptxdist
https://lists.gnu.org/archive/html/bug-bash/2025-07/msg00005.html
* Rearrange options, set a few options to their default to close
down configure diff. Also pin down a couple of configure aliases that
look like they were different options, but aren't.
* Introduce new security option to scramble mem at free.
* License diff, year update.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
rules/bash.in | 7 +++++++
rules/bash.make | 25 +++++++++++++++++++------
2 files changed, 26 insertions(+), 6 deletions(-)
diff --git a/rules/bash.in b/rules/bash.in
index 0f8f33f82..1e7967d4a 100644
--- a/rules/bash.in
+++ b/rules/bash.in
@@ -178,6 +178,13 @@ config BASH_MULTIBYTE
help
Enable multibyte characters if OS supports them.
+config BASH_MEM_SCRAMBLE
+ bool
+ prompt "Enable mem overwrite after free"
+ help
+ Security feature. Helps when handling sensitive data in variables.
+ But caveats apply, the probably is performance issues and bugs here.
+
config BASH_PROCSUBST
bool
prompt "Enable process substitution"
diff --git a/rules/bash.make b/rules/bash.make
index 1909fd509..1392eb1ac 100644
--- a/rules/bash.make
+++ b/rules/bash.make
@@ -13,8 +13,8 @@ PACKAGES-$(PTXCONF_BASH) += bash
#
# Paths and names
#
-BASH_VERSION := 5.2.37
-BASH_MD5 := 9c28f21ff65de72ca329c1779684a972
+BASH_VERSION := 5.3
+BASH_MD5 := 4c7fb7d82586f93ab1d833ef20378ee8
BASH := bash-$(BASH_VERSION)
BASH_SUFFIX := tar.gz
BASH_URL := $(call ptx/mirror, GNU, bash/$(BASH).$(BASH_SUFFIX))
@@ -23,7 +23,7 @@ BASH_DIR := $(BUILDDIR)/$(BASH)
BASH_LICENSE := GPL-3.0-or-later
BASH_LICENSE_FILES := \
file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
- file://general.c;startline=1;endline=19;md5=e33b255b2fde7a27805a07a2a59d571e
+ file://general.c;startline=1;endline=19;md5=58a7da9d30894a1d5a3c10e9eedbd393
# ----------------------------------------------------------------------------
# Prepare
@@ -37,13 +37,13 @@ BASH_CONF_ENV := \
BASH_CONF_TOOL := autoconf
BASH_CONF_OPT := \
$(CROSS_AUTOCONF_USR) \
- $(GLOBAL_LARGE_FILE_OPTION) \
- --without-bash-malloc \
--$(call ptx/endis, PTXCONF_BASH_SHLIKE)-minimal-config \
--$(call ptx/endis, PTXCONF_BASH_ALIASES)-alias \
+ --disable-alt-array-implementation \
--$(call ptx/endis, PTXCONF_BASH_ARITHMETIC_FOR)-arith-for-command \
--$(call ptx/endis, PTXCONF_BASH_ARRAY)-array-variables \
--$(call ptx/endis, PTXCONF_BASH_HISTORY)-bang-history \
+ --disable-bash-source-fullpath-default \
--$(call ptx/endis, PTXCONF_BASH_BRACE)-brace-expansion \
--$(call ptx/endis, PTXCONF_BASH_CASEMODATTR)-casemod-attributes \
--$(call ptx/endis, PTXCONF_BASH_CASEMODEXP)-casemod-expansions \
@@ -52,12 +52,14 @@ BASH_CONF_OPT := \
--$(call ptx/endis, PTXCONF_BASH_CONDITIONAL_REGEX)-cond-regexp \
--$(call ptx/endis, PTXCONF_BASH_COPROCESSES)-coprocesses \
--$(call ptx/endis, PTXCONF_BASH_DEBUGGER)-debugger \
+ --disable-dev-fd-stat-broken \
--$(call ptx/endis, PTXCONF_BASH_DIREXPDEFLT)-direxpand-default \
--$(call ptx/endis, PTXCONF_BASH_DIRSTACK)-directory-stack \
--$(call ptx/endis, PTXCONF_BASH_DISABLED_BUILDINS)-disabled-builtins \
--$(call ptx/endis, PTXCONF_BASH_DPARAN_ARITH)-dparen-arithmetic \
--$(call ptx/endis, PTXCONF_BASH_EXTPATTERN)-extended-glob \
--$(call ptx/endis, PTXCONF_BASH_EXTPATTERN_DEFLT)-extended-glob-default \
+ --enable-function-import \
--$(call ptx/endis, PTXCONF_BASH_GLOB_ASCIIRANGE_DEFLT)-glob-asciiranges-default \
--$(call ptx/endis, PTXCONF_BASH_HELP)-help-builtin \
--$(call ptx/endis, PTXCONF_BASH_CMDHISTORY)-history \
@@ -72,9 +74,20 @@ BASH_CONF_OPT := \
--$(call ptx/endis, PTXCONF_BASH_SELECT)-select \
--$(call ptx/endis, PTXCONF_BASH_SEP_HELPFILES)-separate-helpfiles \
--$(call ptx/endis, PTXCONF_BASH_SINGLE_HELPLINE)-single-help-strings \
+ --disable-strict-posix-default \
+ --enable-translatable-strings \
+ --disable-usg-echo-default \
+ --disable-xpg-echo-default \
+ --$(call ptx/endis, PTXCONF_BASH_MEM_SCRAMBLE)-mem-scramble \
--$(call ptx/endis, PTXCONF_BASH_GPROF)-profiling \
--$(call ptx/endis, PTXCONF_BASH_STATIC)-static-link \
- --$(call ptx/wwo, PTXCONF_BASH_CURSES)-curses
+ $(GLOBAL_LARGE_FILE_OPTION) \
+ --enable-threads=posix \
+ --$(call ptx/endis, PTXDIST_Y2038)-year2038 \
+ --without-afs \
+ --without-bash-malloc \
+ --$(call ptx/wwo, PTXCONF_BASH_CURSES)-curses \
+ --without-gnu-malloc
# ----------------------------------------------------------------------------
# Target-Install
--
2.34.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [APPLIED] bash: Version bump. 5.2.37 -> 5.3
2025-07-07 16:27 [ptxdist] [PATCH] bash: Version bump. 5.2.37 -> 5.3 Christian Melki
@ 2025-07-12 15:48 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2025-07-12 15:48 UTC (permalink / raw)
To: ptxdist; +Cc: Christian Melki
Thanks, applied as 5d68394b8f8cc2fb933adb697de98c2fbc865dae.
Michael
[sent from post-receive hook]
On Sat, 12 Jul 2025 17:48:17 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> https://lists.gnu.org/archive/html/bug-bash/2025-07/msg00005.html
>
> * Rearrange options, set a few options to their default to close
> down configure diff. Also pin down a couple of configure aliases that
> look like they were different options, but aren't.
>
> * Introduce new security option to scramble mem at free.
>
> * License diff, year update.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20250707162759.4163708-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/bash.in b/rules/bash.in
> index 0f8f33f82499..1e7967d4a6b4 100644
> --- a/rules/bash.in
> +++ b/rules/bash.in
> @@ -178,6 +178,13 @@ config BASH_MULTIBYTE
> help
> Enable multibyte characters if OS supports them.
>
> +config BASH_MEM_SCRAMBLE
> + bool
> + prompt "Enable mem overwrite after free"
> + help
> + Security feature. Helps when handling sensitive data in variables.
> + But caveats apply, the probably is performance issues and bugs here.
> +
> config BASH_PROCSUBST
> bool
> prompt "Enable process substitution"
> diff --git a/rules/bash.make b/rules/bash.make
> index 1909fd509b86..1392eb1ac708 100644
> --- a/rules/bash.make
> +++ b/rules/bash.make
> @@ -13,8 +13,8 @@ PACKAGES-$(PTXCONF_BASH) += bash
> #
> # Paths and names
> #
> -BASH_VERSION := 5.2.37
> -BASH_MD5 := 9c28f21ff65de72ca329c1779684a972
> +BASH_VERSION := 5.3
> +BASH_MD5 := 4c7fb7d82586f93ab1d833ef20378ee8
> BASH := bash-$(BASH_VERSION)
> BASH_SUFFIX := tar.gz
> BASH_URL := $(call ptx/mirror, GNU, bash/$(BASH).$(BASH_SUFFIX))
> @@ -23,7 +23,7 @@ BASH_DIR := $(BUILDDIR)/$(BASH)
> BASH_LICENSE := GPL-3.0-or-later
> BASH_LICENSE_FILES := \
> file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
> - file://general.c;startline=1;endline=19;md5=e33b255b2fde7a27805a07a2a59d571e
> + file://general.c;startline=1;endline=19;md5=58a7da9d30894a1d5a3c10e9eedbd393
>
> # ----------------------------------------------------------------------------
> # Prepare
> @@ -37,13 +37,13 @@ BASH_CONF_ENV := \
> BASH_CONF_TOOL := autoconf
> BASH_CONF_OPT := \
> $(CROSS_AUTOCONF_USR) \
> - $(GLOBAL_LARGE_FILE_OPTION) \
> - --without-bash-malloc \
> --$(call ptx/endis, PTXCONF_BASH_SHLIKE)-minimal-config \
> --$(call ptx/endis, PTXCONF_BASH_ALIASES)-alias \
> + --disable-alt-array-implementation \
> --$(call ptx/endis, PTXCONF_BASH_ARITHMETIC_FOR)-arith-for-command \
> --$(call ptx/endis, PTXCONF_BASH_ARRAY)-array-variables \
> --$(call ptx/endis, PTXCONF_BASH_HISTORY)-bang-history \
> + --disable-bash-source-fullpath-default \
> --$(call ptx/endis, PTXCONF_BASH_BRACE)-brace-expansion \
> --$(call ptx/endis, PTXCONF_BASH_CASEMODATTR)-casemod-attributes \
> --$(call ptx/endis, PTXCONF_BASH_CASEMODEXP)-casemod-expansions \
> @@ -52,12 +52,14 @@ BASH_CONF_OPT := \
> --$(call ptx/endis, PTXCONF_BASH_CONDITIONAL_REGEX)-cond-regexp \
> --$(call ptx/endis, PTXCONF_BASH_COPROCESSES)-coprocesses \
> --$(call ptx/endis, PTXCONF_BASH_DEBUGGER)-debugger \
> + --disable-dev-fd-stat-broken \
> --$(call ptx/endis, PTXCONF_BASH_DIREXPDEFLT)-direxpand-default \
> --$(call ptx/endis, PTXCONF_BASH_DIRSTACK)-directory-stack \
> --$(call ptx/endis, PTXCONF_BASH_DISABLED_BUILDINS)-disabled-builtins \
> --$(call ptx/endis, PTXCONF_BASH_DPARAN_ARITH)-dparen-arithmetic \
> --$(call ptx/endis, PTXCONF_BASH_EXTPATTERN)-extended-glob \
> --$(call ptx/endis, PTXCONF_BASH_EXTPATTERN_DEFLT)-extended-glob-default \
> + --enable-function-import \
> --$(call ptx/endis, PTXCONF_BASH_GLOB_ASCIIRANGE_DEFLT)-glob-asciiranges-default \
> --$(call ptx/endis, PTXCONF_BASH_HELP)-help-builtin \
> --$(call ptx/endis, PTXCONF_BASH_CMDHISTORY)-history \
> @@ -72,9 +74,20 @@ BASH_CONF_OPT := \
> --$(call ptx/endis, PTXCONF_BASH_SELECT)-select \
> --$(call ptx/endis, PTXCONF_BASH_SEP_HELPFILES)-separate-helpfiles \
> --$(call ptx/endis, PTXCONF_BASH_SINGLE_HELPLINE)-single-help-strings \
> + --disable-strict-posix-default \
> + --enable-translatable-strings \
> + --disable-usg-echo-default \
> + --disable-xpg-echo-default \
> + --$(call ptx/endis, PTXCONF_BASH_MEM_SCRAMBLE)-mem-scramble \
> --$(call ptx/endis, PTXCONF_BASH_GPROF)-profiling \
> --$(call ptx/endis, PTXCONF_BASH_STATIC)-static-link \
> - --$(call ptx/wwo, PTXCONF_BASH_CURSES)-curses
> + $(GLOBAL_LARGE_FILE_OPTION) \
> + --enable-threads=posix \
> + --$(call ptx/endis, PTXDIST_Y2038)-year2038 \
> + --without-afs \
> + --without-bash-malloc \
> + --$(call ptx/wwo, PTXCONF_BASH_CURSES)-curses \
> + --without-gnu-malloc
>
> # ----------------------------------------------------------------------------
> # Target-Install
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-07-12 15:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-07-07 16:27 [ptxdist] [PATCH] bash: Version bump. 5.2.37 -> 5.3 Christian Melki
2025-07-12 15:48 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox