[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dragora-bug] Dragora updates 2.2 #010
|
From: |
Matias A. Fonzo |
|
Subject: |
[Dragora-bug] Dragora updates 2.2 #010 |
|
Date: |
Fri, 3 Oct 2014 11:18:32 -0300 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The following packages have been updated (#010):
bash
We recommend that you upgrade your packages as soon as possible.
Details
- -------
The upgraded for bash has the patch level 51, and 52:
Bug-Description (51):
There are two local buffer overflows in parse.y that can cause the shell
to dump core when given many here-documents attached to a single command
or many nested loops.
Bug-Description (52):
When bash is parsing a function definition that contains a here-document
delimited by end-of-file (or end-of-string), it leaves the closing
delimiter uninitialized. This can result in an invalid memory access when
the parsed function is later copied.
Obtain the packages from
* 32 bit *
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/bash-4.2-i486-10.tlz
* 64 bit *
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/bash-4.2-x86_64-10.tlz
Checksums (SHA1)
- ----------------
1d47362fd4e96626033dc0c8425071d7df9c7370 bash-4.2-i486-10.tlz
4b0632fd1665c2677a9a219a80ec1c562e31a82f bash-4.2-x86_64-10.tlz
If you need the detached GPG signatures[1] just append .sig to the URLs above.
Upgrading
- ---------
To upgrade a package you issue the following command:
pkg upgrade <package.tlz>
To upgrade multiple packages, simply type:
pkg upgrade bash-4.2-i486-10.tlz
Notes
=====
You can get all the upgrades via RSYNC, for example, to obtain 32-bit
packages, type:
# rsync -avPiz gungre.ch::dragora/dragora-2.2/upgrades/packages/32b .
Then use the sha1sum(1) tool for a complete checksumming:
# sha1sums -c SHA1SUMS
`pkg upgrade' can be used to upgrade all the packages (installed or not
installed); for more information, take a look at:
http://dragora.org/wiki/doku.php/guides/d2/pkgmanager
Footnotes:
[1] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify bash-4.2-i486-10.tlz.sig
If that command fails because you don't have the required public key,
then run these commands to import it:
wget http://gungre.ch/dragora/mirror/dragora-2.2/KEY
gpg --import KEY
and re-run the `gpg --verify' sequence.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJULq/UAAoJEKpCZu9BMdKonWEH/1M+Clq/XdZGaxrAjVsa+KT2
QBUIdGH5PRe65DC/FrgV9qU54QX3PoKaqt32GDrDLTa5MtbeVXKIrlRGZ8/AC9bl
EvQMeLYksnXMwhKebg7eQCPza830S4RKNwT2o3+g8hJqdj6KnaiZOO9Asco+qkSH
458Ytwxsaqe039UsfgIItE1pYvVUDI17al1aNfQOqyrzYy8rhrL8gGot5o3ZAb2z
KtrHwSXBVRIOarJLpx+u4PjO9KRt4HJNRXuW/kw4eCJ0zohUaFKUbwaDFjO5qO0w
z/w+/pGb63nwKuD2oKcuDsuqt72n4LLmy9jYVM9wM4nLM+KffGpPMUFTEbkErsI=
=Uv9z
-----END PGP SIGNATURE-----
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dragora-bug] Dragora updates 2.2 #010,
Matias A. Fonzo <=