X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:to:subject:references:date
	:mime-version:content-transfer-encoding:from:message-id
	:in-reply-to; q=dns; s=default; b=v+Vx635Cyeu8mmsHztGN+xTm++XL1R
	eZ56EGX/r87tkcj7odqtchxdHfM1rWZi4cV1x5/nNxC8e+NSTBo5gSkSEUUcyqMX
	Ov1/ljvrKSEDGJjOV/vozhrpfFT6xH0OdM1O1jBXa+Bec5h9JlxrgHXiV0swoSQU
	zeoGqnoc/OV2A=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:to:subject:references:date
	:mime-version:content-transfer-encoding:from:message-id
	:in-reply-to; s=default; bh=BQSGwGtlwtHw23soWDdC0tqvnAE=; b=sQBN
	su7bGZ3Z38WrE8cP/HOIX918fi/gwIfuaKEEUyp5DMkn1eHsrTTNhhVjKKwyuDC/
	G0BK+4wg6N83lrfSnRI/NYcBp5XOfzMCL6fLRlV6Ye8V/g/ZGn4FSSPyF/K8Nq40
	M7IEWl4S1/nQJLsX8eY3PuzvDJuzH30c19hZ8OU=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2
X-HELO: mailout.ish.de
X-Spam-Score: -0.684
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: cygwin AT cygwin DOT com
Subject: Re: New bash vulnerability.
References: <CAKs0fxFNsOnxf8PbZ3XQTLo_0-Qe7dyfLXE8wGfp=f6KyTjs4w AT mail DOT gmail DOT com> <54231331 DOT 8050301 AT redhat DOT com>
Date: Thu, 25 Sep 2014 01:08:56 +0100
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Helmut Karlowski" <helmut DOT karlowski AT ish DOT de>
Message-ID: <op.xmpuo6pmofd6j1@nebbiolo.upc.de>
In-Reply-To: <54231331.8050301@redhat.com>
User-Agent: Opera Mail/12.16 (Win32)
X-IsSubscribed: yes

Am 24.09.2014, 19:53 Uhr, schrieb Eric Blake:

> On 09/24/2014 12:12 PM, David Young wrote:
>> Hi,
>>
>> I've been seeing some traffic on this new bash vulnerability and
>> wanted to know if cygwin team will be updating bash with these
>> patches.
>>
>> http://lists.gnu.org/archive/html/bug-bash/2014-09/index.html
>
> Already done.  Upgrade to 4.1.12-5.
>
>>
>> Alternatively, is there a build guide that I can use to compile
>> bash-src with this patch myself?  After extracting the cygwin bash-src

Haven't looked at cygport, but bash builds nearly out-of-the box from the  
original sources:

git://git.savannah.gnu.org/bash.git

Only change is

#undef HAVE_POSIX_SIGSETJMP
/*#define HAVE_POSIX_SIGSETJMP 1*/

in config.h. That is because sigsetjmp is a macro in  
/usr/include/machine/setjmp.h using setjmp and setjmp is a marco in bash  
somewhere using sigsetjmp if I recall right. This should be fixed in the  
cygwin-header.

1144/usr/src/bash/bash#bash --version
GNU bash, version 4.3.24(13)-release (i686-pc-cygwin)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later  
<http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


-Helmut


--

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple