mksh R40f fixes a critical bug as well as this:
[tg, RT] Implement fcntl(2)-based advisory locking as an alternative
iff flock(2) is not found (LP: #912691); keep trying in the face of EINTR
[tg] Fix severe regression wrt. initialising tty(4) states
[tg] Improve testsuite, build-time checks and debugging output
[tg, RT, winstonw] Improve portability to BeOS (works), Cygwin (good),
Dell UNIX (works somewhat, but not with gcc), LynxOS (works somewhat),
NeXTstep (works but not OpenStep 4.2), USL C compiler, SCO OpenServer (good),
SCO UnixWare (good), Plan 9 (still broken), Syllable Desktop (broken?)
[tg] rlim_t is supposed to be unsigned
[tg] Some code, warning and spelling cleanup
[tg] New Build.sh environment configurable: AWK (= awk)
[tg, DONG-DONG YANG] Add safety net in the Emacs line editing code
[tg] No longer rely on env(1), id(1), printf(1) in the testsuite, and
strcasecmp(3), strcasestr(3), strncasecmp(3) in the code
[tg, stsc, RT] Reduce system requirements of check.pl further
mksh R40e is another must-have bugfix update:
[tg, Jilles Tjoelker] skip readonly check in unevaluated ternary twig
[tg, anonymous] fix all remaining ifs.sh testcases
[tg] No longer try to build with GCC and C99 extensions
[tg, Jilles Tjoelker] Do not expand aliases in COMSUB twice
[tg] Honour UTF-8 multi-byte character boundaries when doing partial
tab-completion insertions (LP: #909025) to fix RedHat BZ#745702
[tg] Fix R40 (BZ#496791) regression with IOACT in TIF (LP: #907224)
[tg, ft] Darn persistent history code worst offenders (LP: #906914)
[tg] Fix some gc-sections, GCC and Clang/scan-build warnings/issues
[tg, 28C3] dot.mkshrc hash functions: partially address LP: #909818
[tg] Only compile divmod(0x80000000, -1) code in when not unneeded
[tg, RT] Move mirtoconf checks and INCLUDES_ONLY parts of
sh.h around to ensure prerequisites are always available
[tg, RT, ir0nh34d] Pass mksh.exe to testsuite, if such thing is generated,
and deal with Cygwin passing just "mksh" in argv[0] in such cases
[tg] Imply -DMKSH_ASSUME_UTF8=0 on MSYS; optimise checks
[tg, Jb_boin] Fix regression introduced in R35b by jaredy's security
patch where TTIME trashed a non-TCOM string argument (e.g. in TFOR)
[tg] Better support for tcc; fix GCCism that accidentally crept in
[tg] Deal with UTF-8 when reporting jobs' commands
[RT] Add SkyOS to known OS list
[tg, RT] Support Minix in its variants Minix 3 and Ninix 3 better
[tg] Drop some Android-specific unused code (lsmod builtin)
[tg, RT, lewellyn] Support QNX and various versions of BSD/OS better
[tg] More code cleanup and new developer-only debugging functions
[tg, Andrew Kudryashov] Fix some tab completion related escaping bugs
[tg, draenog] Honour COLUMNS and LINES from the environment in scripts
[tg, winstonw] The sleep built-in utility now blocks more signals
[tg] Warn when using another deprecated function that will be removed
Security fix.
=== v0.9.15.1 15/03/2012 ===
* Corrected security bug allowing user to get out of the restricted
shell. Thank you bui from NBS System for reporting this grave issue!
=== v0.9.15 13/03/2012 ===
* Set the hostname to the "short hostname" in the prompt.
* Corrected traceback when "sudo" command was entered alone. Thank you
Kiran Reddy for reporting this.
* Added support for python2.3 as subprocess is not included by default.
* Corrected the 'strict' behavior when entering a forbidden path.
* Added short path promp support using the 'prompt_short' variable.
* Corrected stacktrace when group did not exist.
* Add support for empty prompt.
* Fixed bugs when using $() and ``.
* Corrected strict behavior to apply to forbidden path.
* Added support for wildcard '*' when using 'cd'.
* Added support for "cd -" to return to previous directory.
* Updated security issue with non printable characters permitting user
to get out of the limited shell.
* Now lshell automatically reload its configuration if the configuration
file is modified.
* Added possibility to have no "intro" when user logs in. (by setting
the intro configuration field to "")
* Corrected multiple commands over ssh, and aliases interpretation.
* Added possibility to use wildcards in path definitions.
* Finally corrected the alias replacement loop.
* new autorehash builtin to control how the internal command hash
table is maintained.
* globstar globbing to allow ** and *** expansions
* euid, euser, egid variables.
* wait built-in is now interruptible
* new anyerror variable to control error handling in pipelines
Upstream changes:
=== v0.9.14 27/10/2010 ===
* Corrected get_aliases function, as it was looping when aliases were
"recursive" (e.g. 'ls':'ls --color=auto')
* Added lsudo built-in command to list allowed sudo commands.
* Corrected completion function when 2 strings collided (e.g. ls and lsudo)
* Corrected the README's installation part (adding --prefix).
* Added possibility to log via syslog.
* Corrected warning counter (was counting minus 1).
* Added the possibility to disable the counter, and just warn the user
(withouht kicking him).
* Added possibility to configure prompt. Thank you bapt for the patch.
* Added possibility to set environment variables to users. Thank you bapt
for the patch.
* Added the 'history' built-in function.
=== v0.9.13 02/09/2010 ===
* Switched from deprecated popen2 to subprocess to be python2.6 compatible.
Thank you Greg Orlowski for the patch.
* Added missing builin commands when 'allowed' list was set to 'all'. For
example, the "cd" command was then missing.
* Added the "export" builtin function to export shell variables. Thank you
Chris for reporting this issue.
Changes: essentially bugfixes.
# [tg] New test.sh `-f' option (same as `-C fastbox')
# [tg] Drop using set -o noglob inside pushd/popd/dirs
# [tg] Use += more in dot.mkshrc and keep strings shorter
# [tg] Correct interworking between local and set -A
# [tg] Fix out-of-bounds memory access on strings of 32 KiB length
# [tg] MKSH_DISABLE_DEPRECATED (for integrators)
# [tg, Jilles Tjoelker] test(1) built-in behaves exactly as POSIX says
# [tg] Move compile-time assertions to Build.sh from misc.c#ifdef DEBUG
# [tg] Invocation documentation is at the bottom of Build.sh
# [tg] test.sh: verbosely look for perl(1) interpreter to use
# [tg] New tests for integers (base 1#36, base unspecified, base OOB)
# [tg] Correct error paths for typeset -n global state
# [tg] Deprecate interpreting "010" as octal number, will go
# [tg] Improvements re. integer handling; more explicit manpage text
# [tg] Do not use caddr_t on Linux, so dietlibc stops bitching
# [tg, Jilles Tjoelker] Catch division/modulo overflow 0x80000000/-1
# [tg] Emacs mode ^O regression fix when the fetched lines are edited
* [tg, Wouter Verhelst] Fix ${foo%\?} in -o sh
* [jonthn, Snader_LB] Fix spelling mistakes
* [cnuke] Fix bugs spotted during porting to OPENSTEP
* [tg, jg71] Unbreak building stristr with MKSH_ASSUME_UTF8 defined
* [tg] Fix most of the issues Jerker Bäck encountered on Interix
* [tg] Wrap access(2) as it may return false positive for X_OK on root
* [OpenBSD] Upper bound Emacs mode command repeat by input line length
* [tg] Improve CPPFLAGS mangling in Build.sh
* [Snader_LB] Several comment, documentation and website fixes/updates
* [tg] Avoid identifiers and cpp(1) macros with two underscores in a row,
and those with a trailing underscore; they are reserved for the OS
* [tg] Fix accidental behavioural change wrt some built-in parameters
* [RT, Chris “ir0nh34d” Sutcliffe] Port to MSYS
* [tg, Markus Duft, Bruno Haible] Interix select(2) bug workaround
* [tg] Manpage fixes
* [tg] Deprecate the “command line begins with ‘!’ for fc -e -” wbx hack
* [tg] Promote x=(a b); x+=(c d) to a core mksh(1) feature
* [tg] Testsuite fixes for Hurd, MSYS; warning fixes for dietlibc
* [tg] Fix R40 regression misparsing $(case x in (x) :; esac)
Changes:
Improved error handling in POSIX emulation, ${NAME:OFFSET:LENGTH}
syntax supports negative LENGTHs, new parameter expansion flag
(g:opts:) which escapes sequences like the echo and print builtins,
the region_highlight array is now updated dynamically as the command
line is edited and the zsh/parameter module has a new array $usergroups
which contains the names of system groups.
1. New Features in Bash
a. `exec -a foo' now sets $0 to `foo' in an executable shell script without a
leading #!.
b. Subshells begun to execute command substitutions or run shell functions or
builtins in subshells do not reset trap strings until a new trap is
specified. This allows $(trap) to display the caller's traps and the
trap strings to persist until a new trap is set.
c. `trap -p' will now show signals ignored at shell startup, though their
disposition still cannot be modified.
d. $'...', echo, and printf understand \uXXXX and \UXXXXXXXX escape sequences.
e. declare/typeset has a new `-g' option, which creates variables in the
global scope even when run in a shell function.
f. test/[/[[ have a new -v variable unary operator, which returns success if
`variable' has been set.
g. Posix parsing changes to allow `! time command' and multiple consecutive
instances of `!' (which toggle) and `time' (which have no cumulative
effect).
h. Posix change to allow `time' as a command by itself to print the elapsed
user, system, and real times for the shell and its children.
j. $((...)) is always parsed as an arithmetic expansion first, instead of as
a potential nested command substitution, as Posix requires.
k. A new FUNCNEST variable to allow the user to control the maximum shell
function nesting (recursive execution) level.
l. The mapfile builtin now supplies a third argument to the callback command:
the line about to be assigned to the supplied array index.
m. The printf builtin has a new %(fmt)T specifier, which allows time values
to use strftime-like formatting.
n. There is a new `compat41' shell option.
o. The cd builtin has a new Posix-mandated `-e' option.
p. Negative subscripts to indexed arrays, previously errors, now are treated
as offsets from the maximum assigned index + 1.
q. Negative length specifications in the ${var:offset:length} expansion,
previously errors, are now treated as offsets from the end of the variable.
r. Parsing change to allow `time -p --'.
s. Posix-mode parsing change to not recognize `time' as a keyword if the
following token begins with a `-'. This means no more Posix-mode
`time -p'. Posix interpretation 267.
t. There is a new `lastpipe' shell option that runs the last command of a
pipeline in the current shell context. The lastpipe option has no
effect if job control is enabled.
u. History expansion no longer expands the `$!' variable expansion.
v. Posix mode shells no longer exit if a variable assignment error occurs
with an assignment preceding a command that is not a special builtin.
w. Non-interactive mode shells exit if -u is enabled and an attempt is made
to use an unset variable with the % or # expansions, the `//', `^', or
`,' expansions, or the parameter length expansion.
x. Posix-mode shells use the argument passed to `.' as-is if a $PATH search
fails, effectively searching the current directory. Posix-2008 change.
2. New Features in Readline
a. The history library does not try to write the history filename in the
current directory if $HOME is unset. This closes a potential security
problem if the application does not specify a history filename.
b. New bindable variable `completion-display-width' to set the number of
columns used when displaying completions.
c. New bindable variable `completion-case-map' to cause case-insensitive
completion to treat `-' and `_' as identical.
d. There are new bindable vi-mode command names to avoid readline's case-
insensitive matching not allowing them to be bound separately.
e. New bindable variable `menu-complete-display-prefix' causes the menu
completion code to display the common prefix of the possible completions
before cycling through the list, instead of after.
