Changelog for
bash-4.1-20.4.1.x86_64.rpm :
Sat Sep 27 14:00:00 2014 drahtAATTsuse.de
- bash-4.1-function_disable.patch: disable environment-imported
function definitions generally, on a compile-time basis.
This extends the effect of the last patch
bash-4.1-function_definition.patch to the degree that parsing
the untrusted and potentially harmful environment won\'t happen
any more.
Breakage is possible with this patch, but inherited function
definitions in shell scripts are rare (none know to me).
[bnc#896776]
Wed Sep 24 14:00:00 2014 drahtAATTsuse.de
- bash-4.1-function_definition.patch: prevent the execution of
commands after a function definition when parsing the environment.
This addresses CVE-2014-6271 [bnc#896776]
Wed Jul 11 14:00:00 2012 wernerAATTsuse.de
- Avoid possible buffer overflow when expanding the /dev/fd prefix
with e.g. the test builtin (bnc#770795)
Fri Feb 25 13:00:00 2011 wernerAATTsuse.de
- Add patch bash41-010
Thu Feb 17 13:00:00 2011 cooloAATTnovell.com
- having a bash man page is recommended (bnc#672528)
Mon Oct 18 14:00:00 2010 jslabyAATTsuse.de
- fix czech message
Thu Oct 14 14:00:00 2010 wernerAATTsuse.de
- Update bash 4.1 to patch level 9
* When declaring an associative array and implicitly assigning a
value to element \"0\", bash does not correctly allocate memory,
leading to a segmentation violation when that element or the
array itself is unset.
* An arriving SIGCHLD will interrupt `slow\' system calls such as
write(2) to or read(2) from a terminal. This results in an
error message and truncated input or output.
Fri Sep 3 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- builtin \"man2html\"generates html manual with a timestamp
that causes the package to be published over and over again.
Mon Aug 16 14:00:00 2010 wernerAATTsuse.de
- A modified version of the pipe patch which should handle
the PIPESTATUS array
Fri Aug 13 14:00:00 2010 wernerAATTsuse.de
- Disable the pipe patch from Thu Jun 24 10:40:09 CEST 2010
as this resets the PIPESTATUS array to the status of the
forground process only
Thu Jul 29 14:00:00 2010 wernerAATTsuse.de
- Add fix from mailing list to avoid crash
Mon Jul 19 14:00:00 2010 wernerAATTsuse.de
- Comment out recommendation of bash-completion, as I\'d like
no to see the bugs of bash-completion in my bugzilla
Sat Jul 17 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Do not package static libraries
- Fix Recommends/Suggests
Thu Jun 24 14:00:00 2010 wernerAATTsuse.de
- Add fix from upstream: restore the parser state over changing
readline editing mode otherwise e.g. set alias before the
change are lost.
Thu Jun 24 14:00:00 2010 wernerAATTsuse.de
- Avoid running the last member of a pipe command sequence to run
in its own subshell, this makes know lines like the simple
echo 1 2 | read a b; echo $a $b
work as expected by the users
Tue May 25 14:00:00 2010 wernerAATTsuse.de
- Update bash 4.1 to patch level 7
* Bash did not correctly print/reproduce here documents attached
to commands inside compound commands such as for and while.
* A typo caused bash to not honor a precision specification in a
printf format.
Mon Apr 12 14:00:00 2010 wernerAATTsuse.de
- Add fix for memory double free in array handling
Tue Apr 6 14:00:00 2010 wernerAATTsuse.de
- Update bash 4.1 to patch level 5 (related to bnc#522351)
* If command completion is attempted on a word with a quoted globbing
character (e.g., `
*\' or `?\'), bash can reference a NULL pointer and
dump core.
* When running in Posix mode and executing a shell function without local
variables, bash will not propagate a variable in a special builtin\'s temporary
environment to have global scope.
* When the `read\' builtin times out after the timeout specified with -t is
exceeded, it does not reset the flags that tell signal handlers to process
signals immediately instead of deferring their handling. This can result
in unsafe functions being called from signal handlers, which can cause bash
to hang or dump core.
Tue Mar 9 13:00:00 2010 wernerAATTsuse.de
- Add patch from bash-bug list to avoid crahs on some strange
TAB completions
Tue Mar 2 13:00:00 2010 roAATTsuse.de
- fix warning no return statement in function returning non-void
to fix build (in bashline.c)
Wed Feb 24 13:00:00 2010 wernerAATTsuse.de
- Avoid hang due malloc()/free() within signal handler (bnc#522351)
Thu Feb 18 13:00:00 2010 wernerAATTsuse.de
- Add patch to reflect the usage of /etc/bash.bashrc (bnc#577221)
Mon Feb 15 13:00:00 2010 wernerAATTsuse.de
- Update bash 4.1 to patch level 2
* Here-documents within $(...) command substitutions may once more be
delimited by the closing right paren, instead of requiring a newline.
* Bash\'s file status checks (executable, readable, etc.) now take file
system ACLs into account on file systems that support them.
* Bash now passes environment variables with names that are not valid
shell variable names through into the environment passed to child
processes.
* The `execute-unix-command\' readline function now attempts to clear and
reuse the current line rather than move to a new one after the command
executes.
* `printf -v\' can now assign values to array indices.
* New `complete -E\' and `compopt -E\' options that work on the \"empty\"
completion: completion attempted on an empty command line.
* New complete/compgen/compopt -D option to define a `default\' completion:
a completion to be invoked on command for which no completion has been
defined. If this function returns 124, programmable completion is
attempted again, allowing a user to dynamically build a set of completions
as completion is attempted by having the default completion function
install individual completion functions each time it is invoked.
* When displaying associative arrays, subscripts are now quoted.
* Changes to dabbrev-expand to make it more `emacs-like\': no space appended
after matches, completions are not sorted, and most recent history entries
are presented first.
* The [[ and (( commands are now subject to the setting of `set -e\' and the
ERR trap.
* The source/. builtin now removes NUL bytes from the file before attempting
to parse commands.
* There is a new configuration option (in config-top.h) that forces bash to
forward all history entries to syslog.
* A new variable $BASHOPTS to export shell options settable using `shopt\' to
child processes.
* There is a new confgure option that forces the extglob option to be
enabled by default.
* New variable $BASH_XTRACEFD; when set to an integer bash will write xtrace
output to that file descriptor.
* If the optional left-hand-side of a redirection is of the form {var}, the
shell assigns the file descriptor used to $var or uses $var as the file
descriptor to move or close, depending on the redirection operator.
* The < and > operators to the [[ conditional command now do string
comparison according to the current locale if the compatibility level
is greater than 40.
* Programmable completion now uses the completion for `b\' instead of `a\'
when completion is attempted on a line like: a $(b c.
* Force extglob on temporarily when parsing the pattern argument to
the == and != operators to the [[ command, for compatibility.
* Changed the behavior of interrupting the wait builtin when a SIGCHLD is
received and a trap on SIGCHLD is set to be Posix-mode only.
* The read builtin has a new `-N nchars\' option, which reads exactly NCHARS
characters, ignoring delimiters like newline.
* The mapfile/readarray builtin no longer stores the commands it invokes via
callbacks in the history list.
* There is a new `compat40\' shopt option.
- Update readline 6.1 to patch level 1
* New bindable function: menu-complete-backward.
* In the vi insertion keymap, C-n is now bound to menu-complete by default,
and C-p to menu-complete-backward.
* When in vi command mode, repeatedly hitting ESC now does nothing, even
when ESC introduces a bound key sequence. This is closer to how
historical vi behaves.
* New bindable function: skip-csi-sequence. Can be used as a default to
consume key sequences generated by keys like Home and End without having
to bind all keys.
* New application-settable function: rl_filename_rewrite_hook. Can be used
to rewite or modify filenames read from the file system before they are
compared to the word to be completed.
* New bindable variable: skip-completed-text, active when completing in the
middle of a word. If enabled, it means that characters in the completion
that match characters in the remainder of the word are \"skipped\" rather
than inserted into the line.
* The pre-readline-6.0 version of menu completion is available as
\"old-menu-complete\" for users who do not like the readline-6.0 version.
* New bindable variable: echo-control-characters. If enabled, and the
tty ECHOCTL bit is set, controls the echoing of characters corresponding
to keyboard-generated signals.
* New bindable variable: enable-meta-key. Controls whether or not readline
sends the smm/rmm sequences if the terminal indicates it has a meta key
that enables eight-bit characters.
Wed Dec 16 13:00:00 2009 jengelhAATTmedozas.de
- package documentation as noarch
Sat Dec 12 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
Fri Dec 4 13:00:00 2009 wernerAATTsuse.de
- Fix bug in bash-4.0-security.patch (bnc#559877)
Thu Oct 29 13:00:00 2009 wernerAATTsuse.de
- Update to newest patch level 35
* bash incorrectly interprets wildcarded path components between
a
*
*/ and the last /
* bash incorrectly treated single and double quotes as
delimiters rather than introducing quoted strings when
splitting the line into words for programmable completion
functions
Wed Sep 30 14:00:00 2009 wernerAATTsuse.de
- Make _rl_enable_meta configurable by the users (bnc#541379)
Wed Sep 9 14:00:00 2009 wernerAATTsuse.de
- Do not change tty owner group twice by child and parent (bnc#523667)
Wed Sep 9 14:00:00 2009 wernerAATTsuse.de
- Update to newest patch level 33
* Includes one of our own patches
Wed Aug 26 14:00:00 2009 cooloAATTnovell.com
- rediff patches to avoid fuzz
Tue Jul 28 14:00:00 2009 wernerAATTsuse.de
- Update to newest patch level 28
Thu Jul 2 14:00:00 2009 wernerAATTsuse.de
- Add fix from bash maintainer for closing memory leak in read
builtin (bnc#510288)
Tue Jun 9 14:00:00 2009 wernerAATTsuse.de
- Branch off some sub packages:
* bash-lang to include localization
* bash-loadables for installing the loadable runtime builtins
* bash-devel to install headers for developing loadable builtins
Wed Jun 3 14:00:00 2009 wernerAATTsuse.de
- Enforce the usage of euidaccess(3) instead of stat(2) for testing
permissions for a file (bnc#509105)
Mon May 25 14:00:00 2009 wernerAATTsuse.de
- Update to newest patch level 24:
* include last few patches
- Add patches from mailing list for globstar expansion
Mon May 11 14:00:00 2009 werneAATTsuse.de
- Increase size of hash table for runtime linker a lot
Mon Apr 27 14:00:00 2009 werneAATTsuse.de
- Add patches from mailing list:
* fix problem with invisible characters in prompt
* make dir
*/
*
* work
Tue Apr 21 14:00:00 2009 werneAATTsuse.de
- Do not crash on forbidden subdirectories with globstar extension
Wed Apr 15 14:00:00 2009 werneAATTsuse.de
- Add fix to be able to clear to eol in readline library
Tue Apr 14 14:00:00 2009 werneAATTsuse.de
- Add fix for timing issue in readline SIGWINCH handling
Wed Apr 8 14:00:00 2009 werneAATTsuse.de
- Add patches from bug-bashAATTgnu.org to avoid eg. segmentation fault
Mon Mar 16 13:00:00 2009 wernerAATTsuse.de
- Add patches from bug-bashAATTgnu.org to avoid eg. segmentation fault
Thu Mar 12 13:00:00 2009 wernerAATTsuse.de
- Add patch from bug-bashAATTgnu.org to enable |& not only for
builtins and shell functions but for all commands.
Tue Mar 10 13:00:00 2009 wernerAATTsuse.de
- Switch to official patches, now we are on patch level 10
Wed Mar 4 13:00:00 2009 wernerAATTsuse.de
- Use patches from bug-bashAATTgnu.org to make it work
Wed Mar 4 13:00:00 2009 wernerAATTsuse.de
- Patch for bnc#481817 does not work in any case
Wed Mar 4 13:00:00 2009 wernerAATTsuse.de
- My last patch for bnc#470548 send to bug-bashAATTgnu.org was not
fully applied and this had caused a memory corruption on tab
completion.
- Enable the parser to find closing parenthesis at the end of
an argument of a command even if backslash is used (bnc#481817)
- Correct link of shared libraries of devel readline package