How to: Patch OS X / MAC against the Shellshock vulnerability

Posted by:

It may sound complicated when you read the online descriptions, but it's actually very easy!

The latest version, as of this writing, for OS X is 10.9.5 and that is susceptible to the Shellshock vulnerability.

To check your version of Bash, open a Terminal window and run: bash –version

This will probably return this: GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)

 

I just performed the following on my own machines and it works perfectly.

Make sure you copy everything below – easiest is to click the "view raw" link to the bottom right of this Gist-box.

$ # If you want to disable auto-imported functions, uncomment the following
$ # export ADD_IMPORT_FUNCTIONS_PATCH=YES
$ mkdir bash-fix
$ cd bash-fix
$ curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
$ cd bash-92/bash-3.2
$ curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0    
$ curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0  
$ # See note above about ADD_IMPORT_FUNCTIONS_PATCH
$ [ "$ADD_IMPORT_FUNCTIONS_PATCH" == "YES" ] && curl http://alblue.bandlem.com/import_functions.patch | patch -p0
$ [ "$ADD_IMPORT_FUNCTIONS_PATCH" == "YES" ] || curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-054 | patch -p0
$ cd ..
$ # Note: DO NOT ADD SUDO TO XCODEBUILD HERE
$ xcodebuild
$ build/Release/bash --version # GNU bash, version 3.2.54(1)-release
$ build/Release/sh --version   # GNU bash, version 3.2.54(1)-release
$ sudo cp /bin/bash /bin/bash.old
$ sudo cp /bin/sh /bin/sh.old
$ sudo cp build/Release/bash /bin
$ sudo cp build/Release/sh /bin

Open a terminal window and paste the following: pbpaste | cut -c 2- | sh

Now you should see it working thru the instructions and eventually you will need to input your password.

 

To verify that everything went according to plan you can verify your bash version again, like above.

This should now return: GNU bash, version 3.2.54(1)-release (x86_64-apple-darwin13)

 

Now you beloved Mac is all safe and sound again, but just to be on the safe side you should also prevent use of the previous bash version by issuing the following command in the terminal: sudo chmod a-x /bin/bash.old /bin/sh.old

Done!

 

For more details you can read the following post where I got the above instructions from.

0

Phonegap / Cordova 3.6.3 & CDVPlugin class CDVNotification (pluginName: Notification) does not exist

Posted by:

Eager to get your hands on the new and shiny huh?

Well, if you're using the plugin: org.apache.cordova.dialogs and upgraded your project to Phonegap / Cordova 3.6.3 you're in for a world of hurt.

This plugin is what provides native notifications like alert, confirm, prompt and beep. This will, after upgrading, cease to work and you should get a confusing error message in XCode like below:

(The text from row 3 and below will vary, depending on your implementation of the plugin)

2014-09-23 08:27:40.512 Rooms[7288:414440] CDVPlugin class CDVNotification (pluginName: Notification) does not exist.
2014-09-23 08:27:40.512 Rooms[7288:414440] ERROR: Plugin 'Notification' not found, or is not a CDVPlugin. Check your plugin mapping in config.xml.
2014-09-23 08:27:40.512 Rooms[7288:414440] -[CDVCommandQueue executePending] [Line 158] FAILED pluginJSON = [
  "Notification1434422161",
  "Notification",
  "alert",
  [
    "You have to perform the setup, before you can use the application.",
    "Perform Setup",
    "Don't worry, it's easy"
  ]
]

This is how to solve it:

You need to add the plugin, manually, to the build phase of the project and you need to add a framework. Sounds complicated? It really isn't. Just have a look at the image below, follow the steps and…. BOOM! You're of to stardom once again!

Fixing CDVPlugin class CDVNotification (pluginName: Notification) does not exist

Add CDVNotification.m and AudioToolbox.framework to XCode

 

3