diff options
| author | spz <spz@pkgsrc.org> | 2018-09-10 20:18:45 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2018-09-10 20:18:45 +0000 |
| commit | 34e4d9a08426e9521b6a7da8a11b52a2f62b981e (patch) | |
| tree | 8bdf6676fc17db2fbeade0f0fb86e976f099548f /doc/CHANGES-pkgsrc-2018Q2 | |
| parent | f43f9807e2b45d573078045e4ae3e262b50ed855 (diff) | |
| download | pkgsrc-34e4d9a08426e9521b6a7da8a11b52a2f62b981e.tar.gz | |
Pullup ticket #5826 - requested by taca
shells/zsh: security update
Revisions pulled up:
- shells/zsh/Makefile 1.85
- shells/zsh/PLIST 1.39
- shells/zsh/distinfo 1.63
- shells/zsh/patches/patch-configure.ac 1.6
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wen
Date: Sun Sep 9 00:46:52 UTC 2018
Modified Files:
pkgsrc/shells/zsh: Makefile PLIST distinfo
pkgsrc/shells/zsh/patches: patch-configure.ac
Log Message:
Update to 5.6
Upstream changes:
Changes from 5.5.1-test-2 to 5.6
--------------------------------
CVE-2018-0502: Data from the second line of a #! script file might be passed to
execve(). For example, in the following situation -
.
printf '#!foo\nbar' > baz
./baz
.
the shell might take "bar" rather than "foo" for the argv[0] to be passed to
execve(). [ Reported by Anthony Sottile and Buck Evan. ]
CVE-2018-13259: A shebang line longer than 64 characters would be truncated.
For example, in the following situation:
.
( printf '#!'; repeat 64 printf 'x'; printf 'y' ) > foo
./foo
.
the shell might execute x...x (64 repetitions) rather than x...xy (64 x's,
one y). [ Reported by Daniel Shahaf. ]
Changes from 5.5.1 to 5.5.1-test-2
----------------------------------
Non-stop IEEE 754 arithmetic support - Inf and NaN are now returned
from floating point operations where errors were printed before.
Inf and NaN are also recognised in arithmetic expressions.
In shell patterns, [[:blank:]] now honours the locale instead of
matching exclusively on space and tab, like for the other POSIX
character classes or for extended regular expressions.
Nanosecond precision on file times is supported in the module
zsh/stat.
To generate a diff of this commit:
cvs rdiff -u -r1.84 -r1.85 pkgsrc/shells/zsh/Makefile
cvs rdiff -u -r1.38 -r1.39 pkgsrc/shells/zsh/PLIST
cvs rdiff -u -r1.62 -r1.63 pkgsrc/shells/zsh/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/shells/zsh/patches/patch-configure.ac
Diffstat (limited to 'doc/CHANGES-pkgsrc-2018Q2')
0 files changed, 0 insertions, 0 deletions