New bash vulnerability.

Helmut Karlowski
Thu Sep 25 04:49:00 GMT 2014

Am 24.09.2014, 19:53 Uhr, schrieb Eric Blake:

> On 09/24/2014 12:12 PM, David Young wrote:
>> Hi,
>> I've been seeing some traffic on this new bash vulnerability and
>> wanted to know if cygwin team will be updating bash with these
>> patches.
> Already done.  Upgrade to 4.1.12-5.
>> Alternatively, is there a build guide that I can use to compile
>> bash-src with this patch myself?  After extracting the cygwin bash-src

Haven't looked at cygport, but bash builds nearly out-of-the box from the  
original sources:


Only change is


in config.h. That is because sigsetjmp is a macro in  
/usr/include/machine/setjmp.h using setjmp and setjmp is a marco in bash  
somewhere using sigsetjmp if I recall right. This should be fixed in the  

1144/usr/src/bash/bash#bash --version
GNU bash, version 4.3.24(13)-release (i686-pc-cygwin)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later  

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.



Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list