Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2018-09-10 22:18:45 by S.P.Zeidler | Files touched by this commit (4) | Package updated
Log message:
Pullup ticket #5826 - requested by taca
shells/zsh: security update

Revisions pulled up:
- shells/zsh/Makefile                                           1.85
- shells/zsh/PLIST                                              1.39
- shells/zsh/distinfo                                           1.63
- shells/zsh/patches/patch-configure.ac                         1.6

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wen
   Date:		Sun Sep  9 00:46:52 UTC 2018

   Modified Files:
   	pkgsrc/shells/zsh: Makefile PLIST distinfo
   	pkgsrc/shells/zsh/patches: patch-configure.ac

   Log message:
   Update to 5.6

   Upstream changes:
   Changes from 5.5.1-test-2 to 5.6
   --------------------------------

   CVE-2018-0502: Data from the second line of a #! script file might be passed to
   execve().  For example, in the following situation -
   .
       printf '#!foo\nbar' > baz
       ./baz
   .
   the shell might take "bar" rather than "foo" for the \ 
argv[0] to be passed to
   execve().  [ Reported by Anthony Sottile and Buck Evan. ]

   CVE-2018-13259: A shebang line longer than 64 characters would be truncated.
   For example, in the following situation:
   .
       ( printf '#!'; repeat 64 printf 'x'; printf 'y' ) > foo
       ./foo
   .
   the shell might execute x...x (64 repetitions) rather than x...xy (64 x's,
   one y).  [ Reported by Daniel Shahaf. ]

   Changes from 5.5.1 to 5.5.1-test-2
   ----------------------------------

   Non-stop IEEE 754 arithmetic support - Inf and NaN are now returned
   from floating point operations where errors were printed before.
   Inf and NaN are also recognised in arithmetic expressions.

   In shell patterns, [[:blank:]] now honours the locale instead of
   matching exclusively on space and tab, like for the other POSIX
   character classes or for extended regular expressions.

   Nanosecond precision on file times is supported in the module
   zsh/stat.

   To generate a diff of this commit:
   cvs rdiff -u -r1.84 -r1.85 pkgsrc/shells/zsh/Makefile
   cvs rdiff -u -r1.38 -r1.39 pkgsrc/shells/zsh/PLIST
   cvs rdiff -u -r1.62 -r1.63 pkgsrc/shells/zsh/distinfo
   cvs rdiff -u -r1.5 -r1.6 pkgsrc/shells/zsh/patches/patch-configure.ac

Next | Query returned 1 messages, browsing 1 to 10 | previous