Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2014-10-09 15:32:18 by Matthias Scheler | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #4518 - requested by bsiegert
shells/mksh: security update

Revisions pulled up:
- shells/mksh/Makefile                                          1.28
- shells/mksh/distinfo                                          1.26
- shells/mksh/patches/patch-mksh.1                              1.7

---
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Tue Oct  7 18:51:02 UTC 2014

   Modified Files:
           pkgsrc/shells/mksh: Makefile distinfo
           pkgsrc/shells/mksh/patches: patch-mksh.1

   Log message:
   Security: Update mksh to 50d.

   R50d is a required bugfix release:

   - [Goodbox] Fix NULL pointer dereference on “unset x; nameref x”
   - [tg] Fix severe regression in field splitting (LP#1378208)
   - [tg] Add a warning about not using tainted user input (including from
     the environ(7)ment) in arithmetics, until Stéphane writes it up nicely

   R50c is a security fix release:

   - [tg] Know more rare signals when generating sys_signame[] replacement
   - [tg] OpenBSD sync (mostly RCSID only)
   - [tg] Document HISTSIZE limit; found by luigi_345 on IRC
   - [zacts] Fix link to Debian .mkshrc
   - [tg] Cease exporting $RANDOM (Debian #760857)
   - [tg] Fix C99 compatibility
   - [tg] Work around klibc bug causing a coredump (Debian #763842)
   - [tg] Use issetugid(2) as additional check if we are FPRIVILEGED
   - [tg] SECURITY: do not permit += from environment
   - [tg] Fix more field splitting bugs reported by Stephane Chazelas and
     mikeserv; document current status wrt. ambiguous ones as testcases too

Next | Query returned 1 messages, browsing 1 to 10 | previous