- Pass -Wl,-export-dynamic to LDFLAGS instead of CFLAGS in order to avoid warning:
cc: warning: -Wl,-export-dynamic: 'linker' input unused [-Wunused-command-line-argument]
Changelog:
Fixes a bug. When -N is used, the input is not supposed to be split
using $IFS, but leading and trailing IFS whitespace was still removed.
MFH: 2017Q1
Changelog:
Under certain circumstances, bash will evaluate arithmetic expressions as
part of reading an expression token even when evaluation is suppressed. This
happens while evaluating a conditional expression and skipping over the
failed branch of the expression.
There is a race condition in add_history() that can be triggered by a fatal
signal arriving between the time the history length is updated and the time
the history list update is completed. A later attempt to reference an
invalid history entry can cause a crash.
Depending on compiler optimizations and behavior, the `read' builtin may not
save partial input when a timeout occurs.
Subshells begun to run command and process substitutions may attempt to
set the terminal's process group to an incorrect value if they receive
a fatal signal. This depends on the behavior of the process that starts
the shell.
MFH: 2017Q1
Changelog:
- Out-of-range negative offsets to popd can cause the shell to crash attempting
to free an invalid memory block.
- When performing filename completion, bash dequotes the directory name being
completed, which can result in match failures and potential unwanted
expansion.
MFH: 2017Q1
The reason is that NLS is related to message translations to different
languages.
And bash has the general feature that \uNNNN is translated into the unicode
character using iconv. This is unicode support, and should have nothing to
do with translations.
bash also currently has a bug that --disable-nls causes it to fail to find
iconv. This bug has been reported upstream to bash-devel ML. In the future,
when bash will fix this, this will make a difference.
Note that this uses iconv from libc.
[2] Update to 4.3.46
PR: 206903 [1], 210620 [2]
Submitted by: yuri@rawbw.com [1], pkubaj@anongoth.pl [2]
Discussed with: adamw
This addresses the local crash from CVE-2014-6277. Note that
the fixes applied in 4.3.25_2 (and upstream 4.3.27) already made
this non-exploitable remotely.
This makes 'bashcheck' [1] fully green now. It had a soft warning
before for CVE-2014-6277.
[1] https://github.com/hannob/bashcheck
This should eliminate the recent vulnerabilities, but keep the
requirement for --import-functions/IMPORTFUNCTIONS option for now.
- Loosen the --import-functions requirement so it is not needed when running
an interactive shell. It is already disallowed for privileged/setuid mode.
- Show an error on stderr when an imported function is ignored.
- Takeover maintainership
- Merge changes from shells/bash-devel this updates the port to 4.3
- Remove the now useless -devel ports
- Document change in ports/MOVED
Approved by: portmgr (bapt)
* If a backslash-newline (which is removed) with no other input is given as
input to `read', the shell tries to dereference a null pointer and seg faults.
* Under certain circumstances, bash attempts to expand variables in
arithmetic expressions even when evaluation is being suppressed.
* Output redirection applied to builtin commands missed I/O errors if
they happened when the file descriptor was closed, rather than on write
(e.g., like with an out-of-space error on a remote NFS file system).
* Process substitution incorrectly inherited a flag that inhibited using
the (local) temporary environment for variable lookups if it was providing
the filename to a redirection. The intent the flag is to enforce the
POSIX command expansion ordering rules.
Under certain circumstances, running `fc -l' two times in succession
with a relative history offset at the end of the history will result
in an incorrect calculation of the last history entry and a seg fault
PR: 160239
