[olug] Bash Bug Info
unfy
olug at unfy.org
Fri Sep 26 20:26:31 CDT 2014
> You can do something like this:
>
> for i in $(seq -f "%03g" 1 52); do
> wget -nvhttp://ftp.gnu.org/gnu/bash/bash-3.1-patches/bash31-$i
> patch -p0 < bash31-$i
> done
>
> There is a fuller version here:https://gist.github.com/href/54859127c183f67f947f
> Adapt to your particular distro needs.
>
> It does not look like the latest fix is fully backported yet, so check that first.
I can thankfully just build one or two instances of the 'package' and
get that pushed out. The having to wget/curl the patches is a bit ...
grr. The lack of documentation for a 'hey first time doing this... do i
need to grab all the patches or only what i think is relevant' etc etc
etc....
But. Honestly. It's GNU. Of course it's going to be an outright pain
in the ass. The software is alright, the dev folks themselves are ...
*bllllleeeeeeeeeeppppp*
The joy of figuring out how bash was originally compiled for these
systems was also entertaining. Makes me think I'll include some kind of
configure / make commandline text field in my for-consumption projects
as well so that it can be rebuilt to spec more easily. For years I
thought the ./configure command line in version / debug was a bit
superfluous. Not anymore :D.
> Make sure you update bash (again) to the newer revision for CVE-2014-7169,
> these patches were released yesterday afternoon/evening.
Yeah, not sure if I have those. Thanks for the heads up.
Been other fires to put out today, haven't gotten around to testing
packages etc... guess that's a good thing.
More information about the OLUG
mailing list