This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: New bash vulnerability.


Am 24.09.2014, 19:53 Uhr, schrieb Eric Blake:

On 09/24/2014 12:12 PM, David Young wrote:
Hi,

I've been seeing some traffic on this new bash vulnerability and
wanted to know if cygwin team will be updating bash with these
patches.

http://lists.gnu.org/archive/html/bug-bash/2014-09/index.html

Already done.  Upgrade to 4.1.12-5.


Alternatively, is there a build guide that I can use to compile
bash-src with this patch myself?  After extracting the cygwin bash-src

Haven't looked at cygport, but bash builds nearly out-of-the box from the original sources:

git://git.savannah.gnu.org/bash.git

Only change is

#undef HAVE_POSIX_SIGSETJMP
/*#define HAVE_POSIX_SIGSETJMP 1*/

in config.h. That is because sigsetjmp is a macro in /usr/include/machine/setjmp.h using setjmp and setjmp is a marco in bash somewhere using sigsetjmp if I recall right. This should be fixed in the cygwin-header.

1144/usr/src/bash/bash#bash --version
GNU bash, version 4.3.24(13)-release (i686-pc-cygwin)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


-Helmut


--

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]