>>>>> On Tue, 07 Oct 2014 09:11:54 +0200, Michael Prokop <m...@debian.org> said:
> FAI uses exported function definitions in Bash, a feature that was
> recently disabled by the CVEs around Shellshock.
No. Exporting function was not disabled. See below for a proof.
The fix only changes the encoding when exporting functions. See
http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027
> During FAI runs (fai dirinstall in my case) there are plenty of
Which distribution do you use during dirinstall?
Do these messages appear during task updatebase?
Please provide the full fai.log.
> I'm tending to call this an RC bug, actually.
Maybe a RC bug of bash, because this fix breaks unrelated software,
see also #763164.
------------------------------
I'm using bash 4.2+dfsg-0.1+deb7u3.
$ set -a
$ . ~/fai-4.3/lib/subroutines
$ export -f
You will see that all FAI functions are defined.
Now. execute a new bash.
$ bash
$ export -f
All the FAI shell functions are still defined. They are exported to
the new shell without any error messages.
------------------------------
Here's a complete analysis of the problem.
newbash = 4.2+dfsg-0.1+deb7u3 including the shellshock fix
oldbash = 4.2+dfsg-0.1
First, use the new bash and define a function. Using set -a exports
all functions. If you then call the old bash (for example if you
chroot into a directory containing the old bash version) you'll get
the error messages.
#Call the new bash /bin/bash
newbash$ set -a
# Define a function
newbash$ a() {
> echo a
> }
# you can all this function
newbash~$ a
a
# Now call the old version of bash
newbash$ /tmp/oldbash/bin/bash
bash: BASH_FUNC_a(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_a(): line 0: `BASH_FUNC_a() () { echo a'
bash: error importing function definition for `BASH_FUNC_a'
It's not a bug of FAI. The problem is that functions are exported in
different internal encodings in the old and new bash, and the old bash
does not work with the new encoding of functions. So, this problem
only appear if you mix the version of bash.
This problem appears, because
debootstrap does not use the security repository, but only the main
repository, which still contains the not fixed bash version.
It will be fixed, if a new Debian wheezy release is
available that contains the fixed bash in the main repository.
--
regards Thomas
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
