This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ANNOUNCEMENT] [1.7] Updated [security]: bash-3.2.49-23 and Windows 7 RC


Hi Eric,

I got bash 3.2.49-22 running again in cygwin 1.7 after explicitly installing libreadline6.

Ok, so I can confirm a problem with bash 3.2.49-23 on Windows 7 RC build 7100 64-bit. Basically, bash just crashes on startup. I don't have access to a Vista machine right now but it's worthwhile confirming on it.

On the given machine, I tried starting cmd.exe as Administrator (to rule out UAC issues):

Microsoft Windows [Version 6.1.7100]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>cd c:\cygwin\bin

c:\cygwin\bin>cygcheck -c bash cygwin libreadline7
Cygwin Package Information
Package              Version        Status
bash                 3.2.49-23      OK
cygwin               1.7.0-50       OK
libreadline7         6.0.3-1        OK

c:\cygwin\bin>bash
5 [main] bash 1624 _cygtls::handle_exceptions: Exception: STATUS_ACCESS_VIOLATION
1413 [main] bash 1624 open_stackdumpfile: Dumping stack trace to bash.exe.stackdump
16897 [main] bash 1624 _cygtls::handle_exceptions: Exception: STATUS_ACCESS_VIOLATION
17965 [main] bash 1624 _cygtls::handle_exceptions: Error while dumping state (probably corrupted stack)


I've attached the bash.exe.stackdump.

-Edward

Edward Lam wrote:
Hi Eric,

I seem to no longer be able to install bash 3.2.49-22 in cygwin 1.7? I even tried doing a fresh cygwin install, choosing explicitly to use bash 3.2.49-22 instead of 3.2.49-23. During the installation, I get an error saying that cygreadline6.dll is missing. Any ideas?

I also tried doing a fresh cygwin install, and then re-running setup-1.7.exe to install the older bash release. Same problem.

-Edward

Eric Blake wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A new release of bash, 3.2.49-23, has been uploaded for those testing
cygwin 1.7, replacing 3.2.49-22 as current.

NEWS:
=====
This is a package refresh, built against cygwin 1.7.  It closes a buffer
overflow exploit security hole that was reported to me off-list; the
exploit was only possible when using long path names under cygwin 1.7
coupled with bash compiled under cygwin 1.5.  It also removes special
handling for DOS paths, since cygwin 1.7 is less accommodating to those
(use /cygdrive instead).

There are a few things you should be aware of before using this version:
1. When using binary mounts, cygwin programs try to emulate Linux. Bash
on Linux does not understand \r\n line endings, but interprets the \r
literally, which leads to syntax errors or odd variable assignments.
Therefore, you will get the same behavior on Cygwin binary mounts by default.
2. d2u is your friend. You can use it to convert any problematic script
into binary line endings.
3. Cygwin text mounts automatically work with either line ending style,
because the \r is stripped before bash reads the file. If you absolutely
must use files with \r\n line endings, consider mounting the directory
where those files live as a text mount. However, text mounts are not as
well tested or supported on the cygwin mailing list, so you may encounter
other problems with other cygwin tools in those directories.
4. This version of bash has a cygwin-specific shell option, named "igncr"
to force bash to ignore \r, independently of cygwin's mount style. As of
bash-3.2.3-5, it controls regular scripts, command substitution, and
sourced files. I hope to convince the upstream bash maintainer to accept
this patch into the future bash 4.0 even on Linux, rather than keeping it
a cygwin-specific patch, but only time will tell. There are several ways
to activate this option:
4a. For a single affected script, add this line just after the she-bang:
~ (set -o igncr) 2>/dev/null && set -o igncr; # comment is needed
4b. For a single script, invoke bash explicitly with the shopt, as in
'bash -o igncr ./myscript' rather than the simpler './myscript'.
4c. To affect all scripts, export the environment variable BASH_ENV,
pointing to a file that sets the shell option as desired. Bash will
source this file on startup for every script.
4d. Added in the bash-3.2-2 release: export the environment variable
SHELLOPTS with igncr included in it. It is read-only from within bash,
but you can set it before invoking bash; once in bash, it auto-tracks the
current state of 'set -o igncr'. If exported, then all bash child
processes inherit the same option settings; with the exception added in
3.2.9-11 that certain interactive options are not inherited in
non-interactive use.
5. You can also experiment with the IFS variable for controlling how bash
will treat \r during variable expansion.
6. The bash hack for honoring the underlying mount point of DOS-style
paths has been discontinued, as had been promised in several prior release
notes. Use POSIX-style paths instead.
7. There are varying levels of speed at which bash operates. The fastest
is on a binary mount with igncr disabled (the default behavior). Next
would be text mounts with igncr disabled and no \r in the underlying file.
Next would be binary mounts with igncr enabled. And the slowest that bash
will operate is on text mounts with igncr enabled.
8. If you don't like how bash behaves, then propose a patch, rather than
proposing idle ideas. This turn of events has already been talked to
death on the mailing lists by people with many ideas, but few patches.
9. If you forget to read this release announcement, the best you can
expect when you complain to the list is a link back to this email.


Remember, you must not have any bash or /bin/sh instances running when you
upgrade the bash package. This release requires cygwin-1.7.0-50 or
later; and it requires libreadline7-6.0.3-1 or later. See also the
upstream documentation in /usr/share/doc/bash/.


DESCRIPTION:
============
Bash is an sh-compatible shell that incorporates useful features from the
Korn shell (ksh) and C shell (csh). It is intended to conform to the IEEE
POSIX P1003.2/ISO 9945.2 Shell and Tools standard. It offers functional
improvements over sh for both programming and interactive use. In
addition, most sh scripts can be run by Bash without modification.


As of the bash 3.0 series, cygwin /bin/sh defaults to bash, not ash,
similar to Linux distributions.

UPDATE:
=======
To update your installation, click on the "Install Cygwin now" link on the
http://cygwin.com/ web page. This downloads setup.exe to your system.
Save it and run setup, answer the questions and pick up 'bash' in the
'Base' category (it should already be selected).


DOWNLOAD:
=========
Note that downloads from sources.redhat.com (aka cygwin.com) aren't
allowed due to bandwidth limitations. This means that you will need to
find a mirror which has this update, please choose the one nearest to you:
http://cygwin.com/mirrors.html


QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

- --
Eric Blake
volunteer cygwin bash maintainer

CYGWIN-ANNOUNCE UNSUBSCRIBE INFO:
=================================
To unsubscribe to the cygwin-announce mailing list, look at the
"List-Unsubscribe: " tag in the email header of this message.  Send email
to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-YOU=YOURDOMAIN.COM@cygwin.com

If you need more information on unsubscribing, start reading here:

http://sourceware.org/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpMGLYACgkQ84KuGfSFAYBaJgCeOUFnU0wnvpQRvIxNJvnMYljF
yEYAnjoZP3DPn4UX8fXgBxlAwiQOFdp+
=cnEu
-----END PGP SIGNATURE-----

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Exception: STATUS_ACCESS_VIOLATION at eip=04FF0000
eax=04FF0000 ebx=00000001 ecx=0000000B edx=0000000A esi=6FFCCAD4 edi=00000005
ebp=0028CCE8 esp=0028CCDC program=c:\cygwin\bin\bash.exe, pid 580, thread main
cs=0023 ds=002B es=002B fs=0053 gs=002B ss=002B
Stack trace:
Frame     Function  Args
0028CCE8  04FF0000  (6120B808, 6120C41C, 0028CD50, 61020360)
0028CD78  61020293  (00000000, 0028CDB0, 610066C0, 7EFDE000)
End of stack trace
  23209 [main] bash 580 _cygtls::handle_exceptions: Exception: STATUS_ACCESS_VIOLATION
  25350 [main] bash 580 _cygtls::handle_exceptions: Error while dumping state (probably corrupted stack)

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]