X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:content-type:to:subject:references:date :mime-version:content-transfer-encoding:from:message-id :in-reply-to; q=dns; s=default; b=v+Vx635Cyeu8mmsHztGN+xTm++XL1R eZ56EGX/r87tkcj7odqtchxdHfM1rWZi4cV1x5/nNxC8e+NSTBo5gSkSEUUcyqMX Ov1/ljvrKSEDGJjOV/vozhrpfFT6xH0OdM1O1jBXa+Bec5h9JlxrgHXiV0swoSQU zeoGqnoc/OV2A= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:content-type:to:subject:references:date :mime-version:content-transfer-encoding:from:message-id :in-reply-to; s=default; bh=BQSGwGtlwtHw23soWDdC0tqvnAE=; b=sQBN su7bGZ3Z38WrE8cP/HOIX918fi/gwIfuaKEEUyp5DMkn1eHsrTTNhhVjKKwyuDC/ G0BK+4wg6N83lrfSnRI/NYcBp5XOfzMCL6fLRlV6Ye8V/g/ZGn4FSSPyF/K8Nq40 M7IEWl4S1/nQJLsX8eY3PuzvDJuzH30c19hZ8OU= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mailout.ish.de X-Spam-Score: -0.684 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: cygwin AT cygwin DOT com Subject: Re: New bash vulnerability. References: <54231331 DOT 8050301 AT redhat DOT com> Date: Thu, 25 Sep 2014 01:08:56 +0100 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Helmut Karlowski" Message-ID: In-Reply-To: <54231331.8050301@redhat.com> User-Agent: Opera Mail/12.16 (Win32) X-IsSubscribed: yes Am 24.09.2014, 19:53 Uhr, schrieb Eric Blake: > On 09/24/2014 12:12 PM, David Young wrote: >> Hi, >> >> I've been seeing some traffic on this new bash vulnerability and >> wanted to know if cygwin team will be updating bash with these >> patches. >> >> http://lists.gnu.org/archive/html/bug-bash/2014-09/index.html > > Already done. Upgrade to 4.1.12-5. > >> >> Alternatively, is there a build guide that I can use to compile >> bash-src with this patch myself? After extracting the cygwin bash-src Haven't looked at cygport, but bash builds nearly out-of-the box from the original sources: git://git.savannah.gnu.org/bash.git Only change is #undef HAVE_POSIX_SIGSETJMP /*#define HAVE_POSIX_SIGSETJMP 1*/ in config.h. That is because sigsetjmp is a macro in /usr/include/machine/setjmp.h using setjmp and setjmp is a marco in bash somewhere using sigsetjmp if I recall right. This should be fixed in the cygwin-header. 1144/usr/src/bash/bash#bash --version GNU bash, version 4.3.24(13)-release (i686-pc-cygwin) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. -Helmut -- -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple