Navigation:
Browse pkgsrc
(this page) 2018-01-19 21:20:44 by S.P.Zeidler | Files touched by this commit (3) |  |
Log message:
Pullup ticket #5679 - requested by wiz
devel/global: security update
Revisions pulled up:
- devel/global/Makefile 1.69
- devel/global/PLIST 1.26
- devel/global/distinfo 1.33
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jan 10 09:51:57 UTC 2018
Modified Files:
pkgsrc/devel/global: Makefile PLIST distinfo
Log message:
global: update to 6.6.1.
Version 6.6.1 - December 16 2017
[FIXED BUG]
o gozilla: A critical vulnerability (CVE-2017-17531) was found in a unknown
function of gozilla(1). It allows remote attackers to execute arbitrary
code via a crafted URL. All gozilla(1) before GLOBAL-6.6.1 have the \
vulnerability.
Now it is fixed.
- What is the unknown function?
Gozilla accepts a URL as an argument, and invokes a web browser with the URL.
Though it is undocumented, it is implied in the online manual as follows:
> BUGS
> Gozilla can accept not only source files but also text files,
> directories, HTML files and even URLs, because it is omnivorous.
Version 6.6 - December 12 2017
[CHANGES]
New facilities:
o gtags: Added support for glob patterns in langmap variable in gtags.conf(5).
Now, you can treat source files without extension like ctags(1).
(e.g. :langmap=Make\:.mak.mk([Mm]akefile):)
Changed:
o gozilla: Changed the default browser from 'mozilla' to 'firefox'.
o gtags.conf.in: Updated to adapt to the latest ctags(s).
Removed: common-ctags-maps
Updated: exuberant-ctags, universal-ctags
[INCOMPATIBLE CHANGES]
o universal-ctags.la: The --extra option in Exuberant-ctags is renamed
to --extras (plural) in Universal-ctags for making consistent with
--kinds-<LANG> and --fields.
[FIXED BUGS]
o gtags: (parser error) picked up a typedef name as both of definition
and reference. Now it works.
Input:
[a.h]
typedef struct a A;
$ global -x A
A 1 a.h typedef struct a A;
$ global -x A -r
(global-6.5.7)
A 1 a.h typedef struct a A;
(global-6.6)
no output
o global: the -i option does not work correctly in some conditions.
Now it works.
o global: didn't accept pattern as a string literal with the --from-here
option, even if the --literal option was specified. Now, global(1)
accepts pattern as a string literal with the --literal option.
o libdb: there was 4 Gbyte limitation on the system where `off_t' is 64 bits
and `long' is 32 bits. Now it is eliminated.
o libparser: php parser was not reset state for each source file.
So, it was producing unintelligible results. Now it is fixed.
o gozilla: with wrong argument caused segmentation violation.
$ gozilla -d
Segmentation fault: 11
Now it displays usage.
To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 pkgsrc/devel/global/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/devel/global/PLIST
cvs rdiff -u -r1.32 -r1.33 pkgsrc/devel/global/distinfo
|
New packages: