** Bug fixes
mv could mistakenly fail to preserve hard links when moving two
or more arguments between partitions.
`cp --sparse=always F /dev/hdx' no longer tries to use lseek to create
holes in the destination.
nohup now sets the close-on-exec flag for its copy of the stderr file
descriptor. This avoids some nohup-induced hangs. For example, before
this change, if you ran `ssh localhost', then `nohup sleep 600 </dev/null &',
and then exited that remote shell, the ssh session would hang until the
10-minute sleep terminated. With the fixed nohup, the ssh session
terminates immediately.
`expr' now conforms to POSIX better:
Integers like -0 and 00 are now treated as zero.
The `|' operator now returns 0, not its first argument, if both
arguments are null or zero. E.g., `expr "" \| ""' now returns 0,
not the empty string.
The `|' and `&' operators now use short-circuit evaluation, e.g.,
`expr 1 \| 1 / 0' no longer reports a division by zero.
** New features
`chown user.group file' now has its traditional meaning even when
conforming to POSIX 1003.1-2001, so long as no user has a name
containing `.' that happens to equal `user.group'.
many fixes/new features, among them:
- nohup now always exits with status 127 when it finds an error,
as POSIX requires; formerly it sometimes exited with status 1.
- Several programs (including cut, date, dd, env, hostname, nl, pr,
stty, and tr) now always exit with status 1 when they find an error;
formerly they sometimes exited with status 2.
- chgrp and chown now accept POSIX-mandated -L, -H, and -P options
- du now accepts -P (--no-dereference), for compatibility with du
of NetBSD and for consistency with e.g., chown and chgrp
- date accepts a new option --rfc-2822, an alias for --rfc-822.
- `sha1sum --check' now accepts the BSD format for SHA1 message digests
in addition to the BSD format for MD5 ones.
- md5sum --check now accepts the output of the BSD md5sum program, e.g.,
MD5 (f) = d41d8cd98f00b204e9800998ecf8427e
- date -d DATE can now parse a DATE string like May-23-2003
- chown: `.' is no longer recognized as a separator in the OWNER:GROUP
specifier on POSIX 1003.1-2001 systems. If chown *was not* compiled
on such a system, then it still accepts `.', by default. If chown
was compiled on a POSIX 1003.1-2001 system, then you may enable the
old behavior by setting _POSIX2_VERSION=199209 in your environment.
(see NEWS for a complete list)
1.)
An integer overflow in ls in the fileutils or coreutils packages may allow
local users to cause a denial of service or execute arbitrary code via a
large -w value, which could be remotely exploited via applications that use
ls, such as wu-ftpd.
2.)
ls in the fileutils or coreutils packages allows local users to consume a
large amount of memory via a large -w value, which can be remotely exploited
via applications that use ls, such as wu-ftpd.
See
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854
and the original report
http://www.guninski.com/binls.html
for details.
Patches taken from Red Hat's Security Advisory RHSA-2003:309-01.
reported by reed@
bump PKGREVISION
The GNU Core Utilities are the basic file, shell and text manipulation
utilities of the GNU operating system. These are the core utilities which
are expected to exist on every operating system.
Previously these utilities were offered as three individual sets of GNU
utilities, fileutils, shellutils, and textutils. Those three have been
combined into a single set of utilities called the coreutils.
