This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: New bash vulnerability.

From: Eric Blake <eblake at redhat dot com>
To: cygwin at cygwin dot com
Date: Wed, 24 Sep 2014 12:53:37 -0600
Subject: Re: New bash vulnerability.
Authentication-results: sourceware.org; auth=none
Openpgp: url=http://people.redhat.com/eblake/eblake.gpg
References: <CAKs0fxFNsOnxf8PbZ3XQTLo_0-Qe7dyfLXE8wGfp=f6KyTjs4w at mail dot gmail dot com>

On 09/24/2014 12:12 PM, David Young wrote:
> Hi,
> 
> I've been seeing some traffic on this new bash vulnerability and
> wanted to know if cygwin team will be updating bash with these
> patches.
> 
> http://lists.gnu.org/archive/html/bug-bash/2014-09/index.html

Already done.  Upgrade to 4.1.12-5.

> 
> Alternatively, is there a build guide that I can use to compile
> bash-src with this patch myself?  After extracting the cygwin bash-src
> package, I'm unclear as to how to move forward with these src.patch
> cygwin.patch files and also what tools are necessary to build.  I'm
> interested in 3.2.51(now 52 with the patch).

Oh, you're using the OLDER build.  For that, you'll have to do it
yourself; but the easiest trick will be modifying the cygport script
that came with the -src.tar.bz2 file to mention patch 52 instead of
patch 51 as the starting point (it may be as simple as mv
bash-3.2.{51,52}-*.cygport), before using cygport to regenerate the package.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: New bash vulnerability.
  - From: Helmut Karlowski

References:
- New bash vulnerability.
  - From: David Young

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]