Path to this page:
Subject: CVS commit: [pkgsrc-2014Q3] pkgsrc/shells/mksh
From: Matthias Scheler
Date: 2014-10-09 15:32:18
Message id: 20141009133218.DC5D098@cvs.netbsd.org
Log Message:
Pullup ticket #4518 - requested by bsiegert
shells/mksh: security update
Revisions pulled up:
- shells/mksh/Makefile 1.28
- shells/mksh/distinfo 1.26
- shells/mksh/patches/patch-mksh.1 1.7
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Tue Oct 7 18:51:02 UTC 2014
Modified Files:
pkgsrc/shells/mksh: Makefile distinfo
pkgsrc/shells/mksh/patches: patch-mksh.1
Log Message:
Security: Update mksh to 50d.
R50d is a required bugfix release:
- [Goodbox] Fix NULL pointer dereference on âunset x; nameref xâ
- [tg] Fix severe regression in field splitting (LP#1378208)
- [tg] Add a warning about not using tainted user input (including from
the environ(7)ment) in arithmetics, until Stéphane writes it up nicely
R50c is a security fix release:
- [tg] Know more rare signals when generating sys_signame[] replacement
- [tg] OpenBSD sync (mostly RCSID only)
- [tg] Document HISTSIZE limit; found by luigi_345 on IRC
- [zacts] Fix link to Debian .mkshrc
- [tg] Cease exporting $RANDOM (Debian #760857)
- [tg] Fix C99 compatibility
- [tg] Work around klibc bug causing a coredump (Debian #763842)
- [tg] Use issetugid(2) as additional check if we are FPRIVILEGED
- [tg] SECURITY: do not permit += from environment
- [tg] Fix more field splitting bugs reported by Stephane Chazelas and
mikeserv; document current status wrt. ambiguous ones as testcases too
Files: