Solaris bash package and other updates

Updated:

Note : This page may contain outdated information and/or broken links; some of the formatting may be mangled due to the many different code-bases this site has been through in over 20 years; my opinions may have changed etc. etc.

A quick update for users of my Solaris 11 x86 packages. I’ve created a GNU Bash 4.3 package which includes the patch for the much-publicized Shellshock vulnerability. As the package name “bash” also matches the one provided by Oracle, as usual you’ll just need to specify the full FMRI when installing:

$ pkg install pkg://markround/mar/shell/bash

And just to confirm you’re safe from Shellshock, using the test script at shellshocker.net:

$ export PATH=/opt/mar/bin:$PATH
$ ./shellshock_test.sh
CVE-2014-6271 (original shellshock): not vulnerable
CVE-2014-6277 (segfault): not vulnerable
CVE-2014-6278 (Florian's patch): not vulnerable
CVE-2014-7169 (taviso bug): not vulnerable
CVE-2014-7186 (redir_stack bug): not vulnerable
CVE-2014-7187 (nested loops off by one): not vulnerable
CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable

I’ve also updated the following packages:

  • HAProxy - 1.5.9. New major version, includes native SSL support and much more.
  • NGinX - 1.6.2. Bump to latest stable version from 1.6.0.
  • rsync - 3.1.1. Bumped from 3.1.0
  • redis - 2.8.17. Latest stable version including many bug fixes.

These have all been in the /dev branch for a while, and have now been promoted to /stable.