Mail Archives: cygwin/2014/09/24/14:53:57

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/09/24/14:53:57

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type; q=dns; s=default; b=HSX+0S

K+lj3KajCUJmky1rCimwLOV3Wis9oT4ei5GPmRCrNQzAbe/d0oluL7QuBnInwjDH

mE+hy0PfFuUW+CzzgWUri7mFiozDDhZtxPFLEF0brWEF7J6l+AtwBqaIfdWY+xuu

OfYGneIkFUVjLcFQwmqK+5HwC9m3t1ZrwcwN8=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type; s=default; bh=j0wX5eUONyil

0tgnWwL9uugkeEk=; b=uLgau3koVsIhNdFh8clEYsGCOMd+UZe1DATmMw2APNOb

5fgwYz1oT06GYpm2r02ElRQ9BaCUGy02Cfxg/+/c27Nl+r+cJ+szyvjtaoN9/VDu

jgQSv8JHyuVZ204m5EAedGcbOtSPcM0Ji9bSXERD67HpcIaH0JsRNTA5ZSGEcfs=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2

X-HELO: mx1.redhat.com

Message-ID: <54231331.8050301@redhat.com>

Date: Wed, 24 Sep 2014 12:53:37 -0600

From: Eric Blake <eblake AT redhat DOT com>

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: New bash vulnerability.

References: <CAKs0fxFNsOnxf8PbZ3XQTLo_0-Qe7dyfLXE8wGfp=f6KyTjs4w AT mail DOT gmail DOT com>

In-Reply-To: <CAKs0fxFNsOnxf8PbZ3XQTLo_0-Qe7dyfLXE8wGfp=f6KyTjs4w@mail.gmail.com>

OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg

X-IsSubscribed: yes

--nFPc9E5DMJL0ea8SX3BR6caqOSd19ksuU
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 09/24/2014 12:12 PM, David Young wrote:
> Hi,
>=20
> I've been seeing some traffic on this new bash vulnerability and
> wanted to know if cygwin team will be updating bash with these
> patches.
>=20
> http://lists.gnu.org/archive/html/bug-bash/2014-09/index.html

Already done.  Upgrade to 4.1.12-5.

>=20
> Alternatively, is there a build guide that I can use to compile
> bash-src with this patch myself?  After extracting the cygwin bash-src
> package, I'm unclear as to how to move forward with these src.patch
> cygwin.patch files and also what tools are necessary to build.  I'm
> interested in 3.2.51(now 52 with the patch).

Oh, you're using the OLDER build.  For that, you'll have to do it
yourself; but the easiest trick will be modifying the cygport script
that came with the -src.tar.bz2 file to mention patch 52 instead of
patch 51 as the starting point (it may be as simple as mv
bash-3.2.{51,52}-*.cygport), before using cygport to regenerate the package.

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--nFPc9E5DMJL0ea8SX3BR6caqOSd19ksuU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg

iQEcBAEBCAAGBQJUIxMxAAoJEKeha0olJ0NqkAEH/0yS6DuI7H2nrVpAIWMtIHoL
unOV0JQRGDxMPiMsJFh45fRDT4WfkamfII8CWqvWlAW9s+bd8S0klfkFmIJJfrnw
AEGPGemhXZ+mYhn80i9aZxGjJhMibvNFMl+J27RDO3rW/wRTN7dqwc79EaFLieOc
9J7lVso9Kf6OayCLCXHUyc/mvs6X23k98v4DDBTdcmFAZcJuMcB5m3iv22fO3ztc
xDeOsoTNFKAU/Vz2anAncl70nW+/oeUl3HptF5OTOFTdjT7bg+OM1NLo8eVuM9Ia
XYeMqJw5S9+fqi6b9sIv0wGNkd96++D4Rqh1+zBuNJ4is8Ft4RyFELnH8G9BDko=
=/cK4
-----END PGP SIGNATURE-----

--nFPc9E5DMJL0ea8SX3BR6caqOSd19ksuU--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type; q=dns; s=default; b=HSX+0S
	K+lj3KajCUJmky1rCimwLOV3Wis9oT4ei5GPmRCrNQzAbe/d0oluL7QuBnInwjDH
	mE+hy0PfFuUW+CzzgWUri7mFiozDDhZtxPFLEF0brWEF7J6l+AtwBqaIfdWY+xuu
	OfYGneIkFUVjLcFQwmqK+5HwC9m3t1ZrwcwN8=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type; s=default; bh=j0wX5eUONyil
	0tgnWwL9uugkeEk=; b=uLgau3koVsIhNdFh8clEYsGCOMd+UZe1DATmMw2APNOb
	5fgwYz1oT06GYpm2r02ElRQ9BaCUGy02Cfxg/+/c27Nl+r+cJ+szyvjtaoN9/VDu
	jgQSv8JHyuVZ204m5EAedGcbOtSPcM0Ji9bSXERD67HpcIaH0JsRNTA5ZSGEcfs=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.4 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	mx1.redhat.com
Message-ID:	<54231331.8050301@redhat.com>
Date:	Wed, 24 Sep 2014 12:53:37 -0600
From:	Eric Blake <eblake AT redhat DOT com>
User-Agent:	Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: New bash vulnerability.
References:	<CAKs0fxFNsOnxf8PbZ3XQTLo_0-Qe7dyfLXE8wGfp=f6KyTjs4w AT mail DOT gmail DOT com>
In-Reply-To:	<CAKs0fxFNsOnxf8PbZ3XQTLo_0-Qe7dyfLXE8wGfp=f6KyTjs4w@mail.gmail.com>
OpenPGP:	url=http://people.redhat.com/eblake/eblake.gpg
X-IsSubscribed:	yes