[olug] Bash Bug Info

Rob Townley rob.townley at gmail.com
Fri Sep 26 20:47:47 CDT 2014


Wondering if it might be helpful to pull the source for the package - SRPM
and whatever DEB calls it  - and see what they do to patch and configure
it. Would not be surprised if there is a metric boatload of options for
bash compilation and configuration afterwards.
On Sep 26, 2014 8:27 PM, "unfy" <olug at unfy.org> wrote:

> You can do something like this:
>>
>> for i in $(seq -f "%03g" 1 52); do
>>    wget -nvhttp://ftp.gnu.org/gnu/bash/bash-3.1-patches/bash31-$i
>>    patch -p0 < bash31-$i
>> done
>>
>> There is a fuller version here:https://gist.github.com/
>> href/54859127c183f67f947f
>> Adapt to your particular distro needs.
>>
>> It does not look like the latest fix is fully backported yet, so check
>> that first.
>>
>
> I can thankfully just build one or two instances of the 'package' and get
> that pushed out.  The having to wget/curl the patches is a bit ... grr.
> The lack of documentation for a 'hey first time doing this... do i need to
> grab all the patches or only what i think is relevant' etc etc etc....
>
> But.  Honestly.  It's GNU.  Of course it's going to be an outright pain in
> the ass.  The software is alright, the dev folks themselves are ...
> *bllllleeeeeeeeeeppppp*
>
> The joy of figuring out how bash was originally compiled for these systems
> was also entertaining.  Makes me think I'll include some kind of configure
> / make commandline text field in my for-consumption projects as well so
> that it can be rebuilt to spec more easily.  For years I thought the
> ./configure command line in version / debug was a bit superfluous.  Not
> anymore :D.
>
>  Make sure you update bash (again) to the newer revision for CVE-2014-7169,
>> these patches were released yesterday afternoon/evening.
>>
>
> Yeah, not sure if I have those.  Thanks for the heads up.
>
> Been other fires to put out today, haven't gotten around to testing
> packages etc... guess that's a good thing.
>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>


More information about the OLUG mailing list