mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-24 04:33:24 +00:00
0578e68df8
basename(3) has been changed to be POSIX compliant in r308264. This implies that it can possibly write to the passed string. shells/rssh passes a const string, so it always crashes on invocation with FreeBSD 12 and later. The new patches remedy this issue. [1] [2] During further tests and research came to light that there were also recently discovered security issues with the parsing of rsync/scp command line arguments and insufficient sanitization of environment variables when using rysnc. The corresponding fixes have been incorporated to the new patches and the already existing patch for the RSYNC option has been tightened for the argument parsing. Please note that with this patch the scp option "-3" can no longer be used. [3] Furthermore, another patch was applied to make this port a bit more secure. That patch handles a buffer allocation issue for an error message. [4] PR: 235121 Submitted by: topical@gmx.net (first version) [1], Jason Harris (maintainer) [2] Approved by: tcberner (mentor) Obtained from: Debian [3] [4] MFH: 2019Q1 Security: d193aa9f-3f8c-11e9-9a24-6805ca0b38e8 Differential Revision: https://reviews.freebsd.org/D19474 |
||
---|---|---|
.. | ||
44bsd-csh | ||
ammonite | ||
bash | ||
bash-completion | ||
bash-static | ||
bashc | ||
bicon | ||
ch | ||
dash | ||
envy | ||
es | ||
esh | ||
fd | ||
fish | ||
flash | ||
heirloom-sh | ||
hs-shelly | ||
ibsh | ||
jailkit | ||
klish | ||
ksh93 | ||
ksh93-devel | ||
lshell | ||
mksh | ||
nologinmsg | ||
oksh | ||
osh | ||
p5-Bash-Completion | ||
p5-Shell-Perl | ||
p5-Term-Bash-Completion-Generator | ||
p5-Term-ShellUI | ||
pdksh | ||
pear-PHP_Shell | ||
psh | ||
rc | ||
rssh | ||
sash | ||
scponly | ||
shell-include | ||
sparforte | ||
tcsh_nls | ||
tcshrc | ||
v7sh | ||
viewglob | ||
vshnu | ||
wcd | ||
xonsh | ||
zsh | ||
zsh-antigen | ||
zsh-completions | ||
zsh-navigation-tools | ||
Makefile |