cfeduke/patch-osx-bash-3.2

## patch-osx-bash-3.2
# from https://gist.github.com/JonRowe/8f128cbfca40d61547bc with comments for 2nd patch
# original script author JonRow, 2nd patch script: rwebler
# recommend running these commands manually from Terminal, requires sudo for install
# you can:
# curl -L _this-url_ | sh
# if you are lazy
mkdir /tmp/bash-fix
cd cd /tmp/bash-fix
curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
cd bash-92/bash-3.2
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
curl http://alblue.bandlem.com/bash32-053.patch | patch -p0
cd ..
xcodebuild

# install
sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old
sudo cp -f build/Release/sh /bin
sudo cp -f build/Release/sh /bin

# verify
echo verifying bash is no longer vulnerable - expect 2 errors
env X="() { :;} ; echo still vulnerable" /bin/sh -c "echo not vulnerable - 2 messages above this line"
	# from https://gist.github.com/JonRowe/8f128cbfca40d61547bc with comments for 2nd patch
	# original script author JonRow, 2nd patch script: rwebler
	# recommend running these commands manually from Terminal, requires sudo for install
	# you can:
	# curl -L _this-url_ \| sh
	# if you are lazy
	mkdir /tmp/bash-fix
	cd cd /tmp/bash-fix
	curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz \| tar zxf -
	cd bash-92/bash-3.2
	curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 \| patch -p0
	curl http://alblue.bandlem.com/bash32-053.patch \| patch -p0
	cd ..
	xcodebuild

	# install
	sudo cp /bin/bash /bin/bash.old
	sudo cp /bin/sh /bin/sh.old
	sudo cp -f build/Release/sh /bin
	sudo cp -f build/Release/sh /bin

	# verify
	echo verifying bash is no longer vulnerable - expect 2 errors
	env X="() { :;} ; echo still vulnerable" /bin/sh -c "echo not vulnerable - 2 messages above this line"