[Buildroot] [PATCH 2/5] zsh: security bump to version 5.0.7

Gustavo Zacarias gustavo at zacarias.com.ar
Wed Oct 8 13:19:46 UTC 2014


Fixes shellshock-alike exploits.
Add /bin/sh -> zsh symlink, install binary to /bin as all shells should
be, add hash file and build after busybox.

Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
---
 package/zsh/Config.in |  2 +-
 package/zsh/zsh.hash  |  2 ++
 package/zsh/zsh.mk    | 17 ++++++++++++++---
 3 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 package/zsh/zsh.hash

diff --git a/package/zsh/Config.in b/package/zsh/Config.in
index 6853249..261df42 100644
--- a/package/zsh/Config.in
+++ b/package/zsh/Config.in
@@ -8,4 +8,4 @@ config BR2_PACKAGE_ZSH
 	  ksh, and tcsh were incorporated into zsh; many original features
 	  were added.
 
-	  http://zsh.sourceforge.net/
+	  http://www.zsh.org/
diff --git a/package/zsh/zsh.hash b/package/zsh/zsh.hash
new file mode 100644
index 0000000..358033f
--- /dev/null
+++ b/package/zsh/zsh.hash
@@ -0,0 +1,2 @@
+# From http://www.zsh.org/pub/MD5SUM
+md5	76726ff50309e628de670476e0508b3a	zsh-5.0.7.tar.gz
diff --git a/package/zsh/zsh.mk b/package/zsh/zsh.mk
index f4daeeb..87c24af 100644
--- a/package/zsh/zsh.mk
+++ b/package/zsh/zsh.mk
@@ -4,10 +4,21 @@
 #
 ################################################################################
 
-ZSH_VERSION = 5.0.6
-ZSH_SITE = http://downloads.sourceforge.net/project/zsh/zsh/$(ZSH_VERSION)
+ZSH_VERSION = 5.0.7
+ZSH_SITE = http://www.zsh.org/pub
+# Build after since zsh is better than busybox shells
+ZSH_DEPENDENCIES = $(if $(BR2_PACKAGE_BUSYBOX),busybox) \
+	ncurses
+ZSH_CONF_OPTS = --bindir=/bin
 ZSH_LICENSE = MIT-like
 ZSH_LICENSE_FILES = LICENCE
-ZSH_DEPENDENCIES = ncurses
+
+# Make /bin/sh -> zsh (no other shell, better than busybox shells)
+# Remove versioned zsh-x.y.z binary taking up space
+define ZSH_TARGET_INSTALL_FIXUPS
+	ln -sf zsh $(TARGET_DIR)/bin/sh
+	rm -f $(TARGET_DIR)/bin/zsh-$(ZSH_VERSION)
+endef
+ZSH_POST_INSTALL_TARGET_HOOKS += ZSH_TARGET_INSTALL_FIXUPS
 
 $(eval $(autotools-package))
-- 
2.0.4



More information about the buildroot mailing list