Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
news:2014:09:29:slackware-current-changelog [2014/10/25 00:53] – creata Giuseppe Di Terlizzi | news:2014:09:29:slackware-current-changelog [2015/03/26 10:48] (current) – Giuseppe Di Terlizzi | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Slackware-current ChangeLog (2014/09/29) ====== | + | ====== Slackware-current ChangeLog (2014-09-29) ====== |
- | < | + | ====== |
- | Mon Sep 29 18:41:23 UTC 2014 | + | ===== Packages ===== |
- | a/ | + | |
- | Another bash update. | + | |
- | "This patch changes the encoding bash uses for exported functions to avoid | + | |
- | clashes with shell variables and to avoid depending only on an environment | + | |
- | variable' | + | |
- | function." | + | |
- | After this update, an environment variable will not go through the parser | + | |
- | unless it follows this naming structure: | + | |
- | Most scripts never expected to import functions from environment variables, | + | |
- | so this change (although not backwards compatible) is not likely to break | + | |
- | many existing scripts. | + | |
- | an attack surface in the vast majority of cases. | + | |
- | vulnerability similar to CVE-2014-6271 for which there is not yet a fix, | + | |
- | but this hardening patch prevents it (and likely many more similar ones). | + | |
- | Thanks to Florian Weimer and Chet Ramey. | + | |
- | (* Security fix *) | + | |
- | </ | + | |
- | {{tag>news slackware changelog}} | + | ==== Upgraded ==== |
+ | * [[slackware.current> | ||
+ | |||
+ | |||
+ | {{tag> | ||