New bash vulnerability.
Helmut Karlowski
helmut.karlowski@ish.de
Thu Sep 25 04:49:00 GMT 2014
Am 24.09.2014, 19:53 Uhr, schrieb Eric Blake:
> On 09/24/2014 12:12 PM, David Young wrote:
>> Hi,
>>
>> I've been seeing some traffic on this new bash vulnerability and
>> wanted to know if cygwin team will be updating bash with these
>> patches.
>>
>> http://lists.gnu.org/archive/html/bug-bash/2014-09/index.html
>
> Already done. Upgrade to 4.1.12-5.
>
>>
>> Alternatively, is there a build guide that I can use to compile
>> bash-src with this patch myself? After extracting the cygwin bash-src
Haven't looked at cygport, but bash builds nearly out-of-the box from the
original sources:
git://git.savannah.gnu.org/bash.git
Only change is
#undef HAVE_POSIX_SIGSETJMP
/*#define HAVE_POSIX_SIGSETJMP 1*/
in config.h. That is because sigsetjmp is a macro in
/usr/include/machine/setjmp.h using setjmp and setjmp is a marco in bash
somewhere using sigsetjmp if I recall right. This should be fixed in the
cygwin-header.
1144/usr/src/bash/bash#bash --version
GNU bash, version 4.3.24(13)-release (i686-pc-cygwin)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
-Helmut
--
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list