Security fix.
=== v0.9.15.1 15/03/2012 ===
* Corrected security bug allowing user to get out of the restricted
shell. Thank you bui from NBS System for reporting this grave issue!
=== v0.9.15 13/03/2012 ===
* Set the hostname to the "short hostname" in the prompt.
* Corrected traceback when "sudo" command was entered alone. Thank you
Kiran Reddy for reporting this.
* Added support for python2.3 as subprocess is not included by default.
* Corrected the 'strict' behavior when entering a forbidden path.
* Added short path promp support using the 'prompt_short' variable.
* Corrected stacktrace when group did not exist.
* Add support for empty prompt.
* Fixed bugs when using $() and ``.
* Corrected strict behavior to apply to forbidden path.
* Added support for wildcard '*' when using 'cd'.
* Added support for "cd -" to return to previous directory.
* Updated security issue with non printable characters permitting user
to get out of the limited shell.
* Now lshell automatically reload its configuration if the configuration
file is modified.
* Added possibility to have no "intro" when user logs in. (by setting
the intro configuration field to "")
* Corrected multiple commands over ssh, and aliases interpretation.
* Added possibility to use wildcards in path definitions.
* Finally corrected the alias replacement loop.
* new autorehash builtin to control how the internal command hash
table is maintained.
* globstar globbing to allow ** and *** expansions
* euid, euser, egid variables.
* wait built-in is now interruptible
* new anyerror variable to control error handling in pipelines
Upstream changes:
=== v0.9.14 27/10/2010 ===
* Corrected get_aliases function, as it was looping when aliases were
"recursive" (e.g. 'ls':'ls --color=auto')
* Added lsudo built-in command to list allowed sudo commands.
* Corrected completion function when 2 strings collided (e.g. ls and lsudo)
* Corrected the README's installation part (adding --prefix).
* Added possibility to log via syslog.
* Corrected warning counter (was counting minus 1).
* Added the possibility to disable the counter, and just warn the user
(withouht kicking him).
* Added possibility to configure prompt. Thank you bapt for the patch.
* Added possibility to set environment variables to users. Thank you bapt
for the patch.
* Added the 'history' built-in function.
=== v0.9.13 02/09/2010 ===
* Switched from deprecated popen2 to subprocess to be python2.6 compatible.
Thank you Greg Orlowski for the patch.
* Added missing builin commands when 'allowed' list was set to 'all'. For
example, the "cd" command was then missing.
* Added the "export" builtin function to export shell variables. Thank you
Chris for reporting this issue.
Changes: essentially bugfixes.
# [tg] New test.sh `-f' option (same as `-C fastbox')
# [tg] Drop using set -o noglob inside pushd/popd/dirs
# [tg] Use += more in dot.mkshrc and keep strings shorter
# [tg] Correct interworking between local and set -A
# [tg] Fix out-of-bounds memory access on strings of 32 KiB length
# [tg] MKSH_DISABLE_DEPRECATED (for integrators)
# [tg, Jilles Tjoelker] test(1) built-in behaves exactly as POSIX says
# [tg] Move compile-time assertions to Build.sh from misc.c#ifdef DEBUG
# [tg] Invocation documentation is at the bottom of Build.sh
# [tg] test.sh: verbosely look for perl(1) interpreter to use
# [tg] New tests for integers (base 1#36, base unspecified, base OOB)
# [tg] Correct error paths for typeset -n global state
# [tg] Deprecate interpreting "010" as octal number, will go
# [tg] Improvements re. integer handling; more explicit manpage text
# [tg] Do not use caddr_t on Linux, so dietlibc stops bitching
# [tg, Jilles Tjoelker] Catch division/modulo overflow 0x80000000/-1
# [tg] Emacs mode ^O regression fix when the fetched lines are edited
* [tg, Wouter Verhelst] Fix ${foo%\?} in -o sh
* [jonthn, Snader_LB] Fix spelling mistakes
* [cnuke] Fix bugs spotted during porting to OPENSTEP
* [tg, jg71] Unbreak building stristr with MKSH_ASSUME_UTF8 defined
* [tg] Fix most of the issues Jerker Bäck encountered on Interix
* [tg] Wrap access(2) as it may return false positive for X_OK on root
* [OpenBSD] Upper bound Emacs mode command repeat by input line length
* [tg] Improve CPPFLAGS mangling in Build.sh
* [Snader_LB] Several comment, documentation and website fixes/updates
* [tg] Avoid identifiers and cpp(1) macros with two underscores in a row,
and those with a trailing underscore; they are reserved for the OS
* [tg] Fix accidental behavioural change wrt some built-in parameters
* [RT, Chris “ir0nh34d” Sutcliffe] Port to MSYS
* [tg, Markus Duft, Bruno Haible] Interix select(2) bug workaround
* [tg] Manpage fixes
* [tg] Deprecate the “command line begins with ‘!’ for fc -e -” wbx hack
* [tg] Promote x=(a b); x+=(c d) to a core mksh(1) feature
* [tg] Testsuite fixes for Hurd, MSYS; warning fixes for dietlibc
* [tg] Fix R40 regression misparsing $(case x in (x) :; esac)
Changes:
Improved error handling in POSIX emulation, ${NAME:OFFSET:LENGTH}
syntax supports negative LENGTHs, new parameter expansion flag
(g:opts:) which escapes sequences like the echo and print builtins,
the region_highlight array is now updated dynamically as the command
line is edited and the zsh/parameter module has a new array $usergroups
which contains the names of system groups.
1. New Features in Bash
a. `exec -a foo' now sets $0 to `foo' in an executable shell script without a
leading #!.
b. Subshells begun to execute command substitutions or run shell functions or
builtins in subshells do not reset trap strings until a new trap is
specified. This allows $(trap) to display the caller's traps and the
trap strings to persist until a new trap is set.
c. `trap -p' will now show signals ignored at shell startup, though their
disposition still cannot be modified.
d. $'...', echo, and printf understand \uXXXX and \UXXXXXXXX escape sequences.
e. declare/typeset has a new `-g' option, which creates variables in the
global scope even when run in a shell function.
f. test/[/[[ have a new -v variable unary operator, which returns success if
`variable' has been set.
g. Posix parsing changes to allow `! time command' and multiple consecutive
instances of `!' (which toggle) and `time' (which have no cumulative
effect).
h. Posix change to allow `time' as a command by itself to print the elapsed
user, system, and real times for the shell and its children.
j. $((...)) is always parsed as an arithmetic expansion first, instead of as
a potential nested command substitution, as Posix requires.
k. A new FUNCNEST variable to allow the user to control the maximum shell
function nesting (recursive execution) level.
l. The mapfile builtin now supplies a third argument to the callback command:
the line about to be assigned to the supplied array index.
m. The printf builtin has a new %(fmt)T specifier, which allows time values
to use strftime-like formatting.
n. There is a new `compat41' shell option.
o. The cd builtin has a new Posix-mandated `-e' option.
p. Negative subscripts to indexed arrays, previously errors, now are treated
as offsets from the maximum assigned index + 1.
q. Negative length specifications in the ${var:offset:length} expansion,
previously errors, are now treated as offsets from the end of the variable.
r. Parsing change to allow `time -p --'.
s. Posix-mode parsing change to not recognize `time' as a keyword if the
following token begins with a `-'. This means no more Posix-mode
`time -p'. Posix interpretation 267.
t. There is a new `lastpipe' shell option that runs the last command of a
pipeline in the current shell context. The lastpipe option has no
effect if job control is enabled.
u. History expansion no longer expands the `$!' variable expansion.
v. Posix mode shells no longer exit if a variable assignment error occurs
with an assignment preceding a command that is not a special builtin.
w. Non-interactive mode shells exit if -u is enabled and an attempt is made
to use an unset variable with the % or # expansions, the `//', `^', or
`,' expansions, or the parameter length expansion.
x. Posix-mode shells use the argument passed to `.' as-is if a $PATH search
fails, effectively searching the current directory. Posix-2008 change.
2. New Features in Readline
a. The history library does not try to write the history filename in the
current directory if $HOME is unset. This closes a potential security
problem if the application does not specify a history filename.
b. New bindable variable `completion-display-width' to set the number of
columns used when displaying completions.
c. New bindable variable `completion-case-map' to cause case-insensitive
completion to treat `-' and `_' as identical.
d. There are new bindable vi-mode command names to avoid readline's case-
insensitive matching not allowing them to be bound separately.
e. New bindable variable `menu-complete-display-prefix' causes the menu
completion code to display the common prefix of the possible completions
before cycling through the list, instead of after.
