Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 4EC91A665A for ; Fri, 10 Oct 2014 22:51:01 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id DDA3014A227; Fri, 10 Oct 2014 22:51:00 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 291B714A224 for ; Fri, 10 Oct 2014 22:51:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id Z8ZjtLaUX7Nb for ; Fri, 10 Oct 2014 22:50:59 +0000 (UTC) Received: from nef.pbox.org (ns.pbox.org [IPv6:2001:41d0:1:e836::1]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id E42EA14A223 for ; Fri, 10 Oct 2014 22:49:49 +0000 (UTC) Received: from nef.pbox.org (localhost [127.0.0.1]) by nef.pbox.org (8.14.5/8.14.5/) with ESMTP id s9AMncl4015390 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 11 Oct 2014 00:49:38 +0200 (CEST) Received: (from agc@localhost) by nef.pbox.org (8.14.5/8.14.5/Submit) id s9AMncmP000911 for pkgsrc-changes@netbsd.org; Sat, 11 Oct 2014 00:49:38 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id CE7DF14A1AC for ; Thu, 9 Oct 2014 13:32:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id eHNlCc-YAjW5 for ; Thu, 9 Oct 2014 13:32:19 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 077FB14A1A8 for ; Thu, 9 Oct 2014 13:32:18 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id DC5D098; Thu, 9 Oct 2014 13:32:18 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Thu, 9 Oct 2014 13:32:18 +0000 From: "Matthias Scheler" Subject: CVS commit: [pkgsrc-2014Q3] pkgsrc/shells/mksh To: pkgsrc-changes@netbsd.org Reply-To: tron@netbsd.org X-Mailer: log_accum Message-Id: <20141009133218.DC5D098@cvs.netbsd.org> X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.4.3 (nef.pbox.org [0.0.0.0]); Sat, 11 Oct 2014 00:49:39 +0200 (CEST) Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: tron Date: Thu Oct 9 13:32:18 UTC 2014 Modified Files: pkgsrc/shells/mksh [pkgsrc-2014Q3]: Makefile distinfo pkgsrc/shells/mksh/patches [pkgsrc-2014Q3]: patch-mksh.1 Log Message: Pullup ticket #4518 - requested by bsiegert shells/mksh: security update Revisions pulled up: - shells/mksh/Makefile 1.28 - shells/mksh/distinfo 1.26 - shells/mksh/patches/patch-mksh.1 1.7 --- Module Name: pkgsrc Committed By: bsiegert Date: Tue Oct 7 18:51:02 UTC 2014 Modified Files: pkgsrc/shells/mksh: Makefile distinfo pkgsrc/shells/mksh/patches: patch-mksh.1 Log Message: Security: Update mksh to 50d. R50d is a required bugfix release: - [Goodbox] Fix NULL pointer dereference on “unset x; nameref x” - [tg] Fix severe regression in field splitting (LP#1378208) - [tg] Add a warning about not using tainted user input (including from the environ(7)ment) in arithmetics, until Stéphane writes it up nicely R50c is a security fix release: - [tg] Know more rare signals when generating sys_signame[] replacement - [tg] OpenBSD sync (mostly RCSID only) - [tg] Document HISTSIZE limit; found by luigi_345 on IRC - [zacts] Fix link to Debian .mkshrc - [tg] Cease exporting $RANDOM (Debian #760857) - [tg] Fix C99 compatibility - [tg] Work around klibc bug causing a coredump (Debian #763842) - [tg] Use issetugid(2) as additional check if we are FPRIVILEGED - [tg] SECURITY: do not permit += from environment - [tg] Fix more field splitting bugs reported by Stephane Chazelas and mikeserv; document current status wrt. ambiguous ones as testcases too To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.27.2.1 pkgsrc/shells/mksh/Makefile cvs rdiff -u -r1.25 -r1.25.2.1 pkgsrc/shells/mksh/distinfo cvs rdiff -u -r1.6 -r1.6.2.1 pkgsrc/shells/mksh/patches/patch-mksh.1 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.