[ANNOUNCEMENT] [1.7] Updated [security]: bash-3.2.49-23

Edward Lam edward@sidefx.com
Thu Jul 2 21:01:00 GMT 2009 

Hi Eric,

I seem to no longer be able to install bash 3.2.49-22 in cygwin 1.7? I 
even tried doing a fresh cygwin install, choosing explicitly to use bash 
3.2.49-22 instead of 3.2.49-23. During the installation, I get an error 
saying that cygreadline6.dll is missing. Any ideas?

I also tried doing a fresh cygwin install, and then re-running 
setup-1.7.exe to install the older bash release. Same problem.

-Edward

Eric Blake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> A new release of bash, 3.2.49-23, has been uploaded for those testing
> cygwin 1.7, replacing 3.2.49-22 as current.
> 
> NEWS:
> =====
> This is a package refresh, built against cygwin 1.7.  It closes a buffer
> overflow exploit security hole that was reported to me off-list; the
> exploit was only possible when using long path names under cygwin 1.7
> coupled with bash compiled under cygwin 1.5.  It also removes special
> handling for DOS paths, since cygwin 1.7 is less accommodating to those
> (use /cygdrive instead).
> 
> There are a few things you should be aware of before using this version:
> 1. When using binary mounts, cygwin programs try to emulate Linux.  Bash
> on Linux does not understand \r\n line endings, but interprets the \r
> literally, which leads to syntax errors or odd variable assignments.
> Therefore, you will get the same behavior on Cygwin binary mounts by default.
> 2. d2u is your friend.  You can use it to convert any problematic script
> into binary line endings.
> 3. Cygwin text mounts automatically work with either line ending style,
> because the \r is stripped before bash reads the file.  If you absolutely
> must use files with \r\n line endings, consider mounting the directory
> where those files live as a text mount.  However, text mounts are not as
> well tested or supported on the cygwin mailing list, so you may encounter
> other problems with other cygwin tools in those directories.
> 4. This version of bash has a cygwin-specific shell option, named "igncr"
> to force bash to ignore \r, independently of cygwin's mount style.  As of
> bash-3.2.3-5, it controls regular scripts, command substitution, and
> sourced files.  I hope to convince the upstream bash maintainer to accept
> this patch into the future bash 4.0 even on Linux, rather than keeping it
> a cygwin-specific patch, but only time will tell.  There are several ways
> to activate this option:
> 4a. For a single affected script, add this line just after the she-bang:
> ~ (set -o igncr) 2>/dev/null && set -o igncr; # comment is needed
> 4b. For a single script, invoke bash explicitly with the shopt, as in
> 'bash -o igncr ./myscript' rather than the simpler './myscript'.
> 4c. To affect all scripts, export the environment variable BASH_ENV,
> pointing to a file that sets the shell option as desired.  Bash will
> source this file on startup for every script.
> 4d. Added in the bash-3.2-2 release: export the environment variable
> SHELLOPTS with igncr included in it.  It is read-only from within bash,
> but you can set it before invoking bash; once in bash, it auto-tracks the
> current state of 'set -o igncr'.  If exported, then all bash child
> processes inherit the same option settings; with the exception added in
> 3.2.9-11 that certain interactive options are not inherited in
> non-interactive use.
> 5. You can also experiment with the IFS variable for controlling how bash
> will treat \r during variable expansion.
> 6. The bash hack for honoring the underlying mount point of DOS-style
> paths has been discontinued, as had been promised in several prior release
> notes.  Use POSIX-style paths instead.
> 7. There are varying levels of speed at which bash operates.  The fastest
> is on a binary mount with igncr disabled (the default behavior).  Next
> would be text mounts with igncr disabled and no \r in the underlying file.
> Next would be binary mounts with igncr enabled.  And the slowest that bash
> will operate is on text mounts with igncr enabled.
> 8. If you don't like how bash behaves, then propose a patch, rather than
> proposing idle ideas.  This turn of events has already been talked to
> death on the mailing lists by people with many ideas, but few patches.
> 9. If you forget to read this release announcement, the best you can
> expect when you complain to the list is a link back to this email.
> 
> Remember, you must not have any bash or /bin/sh instances running when you
> upgrade the bash package.  This release requires cygwin-1.7.0-50 or
> later; and it requires libreadline7-6.0.3-1 or later.  See also the
> upstream documentation in /usr/share/doc/bash/.
> 
> DESCRIPTION:
> ============
> Bash is an sh-compatible shell that incorporates useful features from the
> Korn shell (ksh) and C shell (csh).  It is intended to conform to the IEEE
> POSIX P1003.2/ISO 9945.2 Shell and Tools standard.  It offers functional
> improvements over sh for both programming and interactive use. In
> addition, most sh scripts can be run by Bash without modification.
> 
> As of the bash 3.0 series, cygwin /bin/sh defaults to bash, not ash,
> similar to Linux distributions.
> 
> UPDATE:
> =======
> To update your installation, click on the "Install Cygwin now" link on the
> http://cygwin.com/ web page.  This downloads setup.exe to your system.
> Save it and run setup, answer the questions and pick up 'bash' in the
> 'Base' category (it should already be selected).
> 
> DOWNLOAD:
> =========
> Note that downloads from sources.redhat.com (aka cygwin.com) aren't
> allowed due to bandwidth limitations.  This means that you will need to
> find a mirror which has this update, please choose the one nearest to you:
> http://cygwin.com/mirrors.html
> 
> QUESTIONS:
> ==========
> If you want to make a point or ask a question the Cygwin mailing list is
> the appropriate place.
> 
> - --
> Eric Blake
> volunteer cygwin bash maintainer
> 
> CYGWIN-ANNOUNCE UNSUBSCRIBE INFO:
> =================================
> To unsubscribe to the cygwin-announce mailing list, look at the
> "List-Unsubscribe: " tag in the email header of this message.  Send email
> to the address specified there.  It will be in the format:
> 
> cygwin-announce-unsubscribe-YOU=YOURDOMAIN.COM@cygwin.com
> 
> If you need more information on unsubscribing, start reading here:
> 
> http://sourceware.org/lists.html#unsubscribe-simple
> 
> Please read *all* of the information on unsubscribing that is available
> starting at this URL.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Cygwin)
> Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkpMGLYACgkQ84KuGfSFAYBaJgCeOUFnU0wnvpQRvIxNJvnMYljF
> yEYAnjoZP3DPn4UX8fXgBxlAwiQOFdp+
> =cnEu
> -----END PGP SIGNATURE-----
> 
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> 


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list