New bash vulnerability.

Eric Blake eblake@redhat.com
Wed Sep 24 22:19:00 GMT 2014


On 09/24/2014 12:12 PM, David Young wrote:
> Hi,
> 
> I've been seeing some traffic on this new bash vulnerability and
> wanted to know if cygwin team will be updating bash with these
> patches.
> 
> http://lists.gnu.org/archive/html/bug-bash/2014-09/index.html

Already done.  Upgrade to 4.1.12-5.

> 
> Alternatively, is there a build guide that I can use to compile
> bash-src with this patch myself?  After extracting the cygwin bash-src
> package, I'm unclear as to how to move forward with these src.patch
> cygwin.patch files and also what tools are necessary to build.  I'm
> interested in 3.2.51(now 52 with the patch).

Oh, you're using the OLDER build.  For that, you'll have to do it
yourself; but the easiest trick will be modifying the cygport script
that came with the -src.tar.bz2 file to mention patch 52 instead of
patch 51 as the starting point (it may be as simple as mv
bash-3.2.{51,52}-*.cygport), before using cygport to regenerate the package.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 539 bytes
Desc: OpenPGP digital signature
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140924/cda004eb/attachment.sig>


More information about the Cygwin mailing list