-
bash (4.3-11ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- skel.bashrc:
- Run lesspipe.
- Enable ls aliases.
- Set options in ll alias to -alF.
- Define an alert alias.
- Enabled colored grep aliases.
- etc.bash.bashrc:
- Add sudo hint.
bash (4.3-11) unstable; urgency=medium
* Apply upstream patches 028 - 030.
* Remove the parser-oob patch.
-- Matthias Klose <email address hidden> Tue, 07 Oct 2014 16:23:35 +0200
-
bash (4.3-10ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- skel.bashrc:
- Run lesspipe.
- Enable ls aliases.
- Set options in ll alias to -alF.
- Define an alert alias.
- Enabled colored grep aliases.
- etc.bash.bashrc:
- Add sudo hint.
bash (4.3-10) unstable; urgency=medium
* Apply upstream patches 026 and 027.
* Remove patches CVE-2014-6271 and variables-affix.
bash (4.3-9.2) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Add variables-affix.patch patch.
Apply patch from Florian Weimer to add prefix and suffix for environment
variable names which contain shell functions.
* Add parser-oob.patch patch.
Fixes two out-of-bound array accesses in the bash parser.
bash (4.3-9.1) unstable; urgency=high
* Non-maintainer upload by the security team
* Apply upstream patch bash43-025, fixing CVE-2014-6271.
-- Matthias Klose <email address hidden> Tue, 30 Sep 2014 20:47:35 +0200
-
bash (4.3-9ubuntu4) utopic; urgency=medium
* SECURITY UPDATE: out-of-bounds memory access
- debian/patches/CVE-2014-718x.diff: guard against overflow and fix
off-by-one in parse.y and y.tab.c.
- CVE-2014-7186
- CVE-2014-7187
* SECURITY IMPROVEMENT: use prefixes and suffixes for function exports
- debian/patches/variables-affix.diff: add prefixes and suffixes in
variables.c.
-- Marc Deslauriers <email address hidden> Sat, 27 Sep 2014 05:20:35 -0400
-
bash (4.3-9ubuntu3) utopic; urgency=medium
* SECURITY UPDATE: incomplete fix for CVE-2014-6271 (LP: #1373781)
- debian/patches/CVE-2014-7169.diff: fix logic in parse.y and y.tab.c.
- CVE-2014-7169
-- Marc Deslauriers <email address hidden> Thu, 25 Sep 2014 21:43:10 -0400
-
bash (4.3-9ubuntu2) utopic; urgency=medium
* SECURITY UPDATE: incorrect function parsing
- debian/patches/CVE-2014-6271.diff: fix function parsing in
builtins/common.h, builtins/evalstring.c, subst.c, variables.c.
- CVE-2014-6271
-- Marc Deslauriers <email address hidden> Mon, 22 Sep 2014 15:21:42 -0400
-
bash (4.3-9ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- skel.bashrc:
- Run lesspipe.
- Enable ls aliases.
- Set options in ll alias to -alF.
- Define an alert alias.
- Enabled colored grep aliases.
- etc.bash.bashrc:
- Add sudo hint.
bash (4.3-9) unstable; urgency=medium
* Apply upstream patches 023 - 024, fixing the issues:
- bash does not correctly parse process substitution constructs that
contain unbalanced parentheses as part of the contained command.
- Indirect variable references do not work correctly if the reference
variable expands to an array reference using a subscript other than 0
(e.g., foo='bar[1]' ; echo ${!foo}).
* debian/skel.bashrc: Add GCC_COLORS setting (disabled by default).
-- Matthias Klose <email address hidden> Thu, 21 Aug 2014 23:17:23 +0200
-
bash (4.3-8ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
bash (4.3-8) unstable; urgency=medium
* Apply upstream patches 012 - 022, fixing the issues:
- When a SIGCHLD trap runs a command containing a shell builtin while a
script is running `wait' to wait for all running children to complete,
the SIGCHLD trap will not be run once for each child that terminates.
- Using reverse-i-search when horizontal scrolling is enabled does not
redisplay the entire line containing the successful search results.
- Under certain circumstances, $@ is expanded incorrectly in contexts
where word splitting is not performed.
- When completing directory names, the directory name is dequoted twice.
This causes problems for directories with single and double quotes in
their names.
- An extended glob pattern containing a slash (`/') causes the globbing
code to misinterpret it as a directory separator.
- The code that creates local variables should not clear the `invisible'
attribute when returning an existing local variable. Let the code that
actually assigns a value clear it.
- When assigning an array variable using the compound assignment syntax,
but using `declare' with the rhs of the compound assignment quoted, the
shell did not mark the variable as visible after successfully performing
the assignment.
- The -t timeout option to `read' does not work when the -e option is used.
LP: #1317476.
- When PS2 contains a command substitution, here-documents entered in an
interactive shell can sometimes cause a segmentation fault.
- When the readline `revert-all-at-newline' option is set, pressing newline
when the current line is one retrieved from history results in a double
free and a segmentation fault. Closes: #747341.
- Using nested pipelines within loops with the `lastpipe' option set can
result in a segmentation fault.
* Fix typo in package description. Closes: #707810.
-- Matthias Klose <email address hidden> Mon, 04 Aug 2014 09:35:20 +0200
-
bash (4.3-7ubuntu3) utopic; urgency=medium
* Revert the last change. Upload didn't mention any Ubuntu issues, and
closing issues like lp: #890916 which complain that there are too many
places to set aliases aren't solved by just adding another place to
add these. Requires further discussion as also told before the upload.
-- Matthias Klose <email address hidden> Thu, 08 May 2014 11:58:40 +0200
-
bash (4.3-7ubuntu2) utopic; urgency=medium
* Source profile.d from /etc/bash.bashrc to allow packages ship
integration hooks into interactive shells, same ones they already ship
for login shells. (Closes: #675008)
-- Dimitri John Ledkov <email address hidden> Wed, 07 May 2014 12:12:04 +0100
-
bash (4.3-7ubuntu1) trusty-proposed; urgency=medium
* Merge with Debian, replacing local with upstream patches. LP: #1294669.
bash (4.3-7) unstable; urgency=medium
* Apply upstream patches 009 - 011 (replacing local patches):
- Fix a problem with unsigned sign extension when attempting to reallocate
the input line when it is fewer than 3 characters long and there has been
a history expansion. The sign extension causes the shell to not
reallocate the line, which results in a segmentation fault when it writes
past the end.
- Change the behavior of programmable completion to compensate for two
assumptions made by the bash-completion package.
- The signal handling changes to bash and readline (to avoid running any
code in a signal handler context) cause the cursor to be placed on the
wrong line of a multi-line command after a ^C interrupts editing.
-- Matthias Klose <email address hidden> Wed, 16 Apr 2014 23:22:21 +0200
-
bash (4.3-6ubuntu1) trusty; urgency=medium
* Merge with Debian; remaining changes:
- skel.bashrc:
- Run lesspipe.
- Enable ls aliases.
- Set options in ll alias to -alF.
- Define an alert alias.
- Enabled colored grep aliases.
- etc.bash.bashrc:
- Add sudo hint.
-- Matthias Klose <email address hidden> Mon, 07 Apr 2014 22:47:44 +0200
