X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :references:in-reply-to:content-type; q=dns; s=default; b=HSX+0S K+lj3KajCUJmky1rCimwLOV3Wis9oT4ei5GPmRCrNQzAbe/d0oluL7QuBnInwjDH mE+hy0PfFuUW+CzzgWUri7mFiozDDhZtxPFLEF0brWEF7J6l+AtwBqaIfdWY+xuu OfYGneIkFUVjLcFQwmqK+5HwC9m3t1ZrwcwN8= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :references:in-reply-to:content-type; s=default; bh=j0wX5eUONyil 0tgnWwL9uugkeEk=; b=uLgau3koVsIhNdFh8clEYsGCOMd+UZe1DATmMw2APNOb 5fgwYz1oT06GYpm2r02ElRQ9BaCUGy02Cfxg/+/c27Nl+r+cJ+szyvjtaoN9/VDu jgQSv8JHyuVZ204m5EAedGcbOtSPcM0Ji9bSXERD67HpcIaH0JsRNTA5ZSGEcfs= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Message-ID: <54231331.8050301@redhat.com> Date: Wed, 24 Sep 2014 12:53:37 -0600 From: Eric Blake User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: New bash vulnerability. References: In-Reply-To: OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="nFPc9E5DMJL0ea8SX3BR6caqOSd19ksuU" X-IsSubscribed: yes --nFPc9E5DMJL0ea8SX3BR6caqOSd19ksuU Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 09/24/2014 12:12 PM, David Young wrote: > Hi, >=20 > I've been seeing some traffic on this new bash vulnerability and > wanted to know if cygwin team will be updating bash with these > patches. >=20 > http://lists.gnu.org/archive/html/bug-bash/2014-09/index.html Already done. Upgrade to 4.1.12-5. >=20 > Alternatively, is there a build guide that I can use to compile > bash-src with this patch myself? After extracting the cygwin bash-src > package, I'm unclear as to how to move forward with these src.patch > cygwin.patch files and also what tools are necessary to build. I'm > interested in 3.2.51(now 52 with the patch). Oh, you're using the OLDER build. For that, you'll have to do it yourself; but the easiest trick will be modifying the cygport script that came with the -src.tar.bz2 file to mention patch 52 instead of patch 51 as the starting point (it may be as simple as mv bash-3.2.{51,52}-*.cygport), before using cygport to regenerate the package. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --nFPc9E5DMJL0ea8SX3BR6caqOSd19ksuU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg iQEcBAEBCAAGBQJUIxMxAAoJEKeha0olJ0NqkAEH/0yS6DuI7H2nrVpAIWMtIHoL unOV0JQRGDxMPiMsJFh45fRDT4WfkamfII8CWqvWlAW9s+bd8S0klfkFmIJJfrnw AEGPGemhXZ+mYhn80i9aZxGjJhMibvNFMl+J27RDO3rW/wRTN7dqwc79EaFLieOc 9J7lVso9Kf6OayCLCXHUyc/mvs6X23k98v4DDBTdcmFAZcJuMcB5m3iv22fO3ztc xDeOsoTNFKAU/Vz2anAncl70nW+/oeUl3HptF5OTOFTdjT7bg+OM1NLo8eVuM9Ia XYeMqJw5S9+fqi6b9sIv0wGNkd96++D4Rqh1+zBuNJ4is8Ft4RyFELnH8G9BDko= =/cK4 -----END PGP SIGNATURE----- --nFPc9E5DMJL0ea8SX3BR6caqOSd19ksuU--