Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/textproc/miller miller: update to 5.9.1.
details: https://anonhg.NetBSD.org/pkgsrc/rev/ebc7a241719e
branches: trunk
changeset: 437920:ebc7a241719e
user: fcambus <fcambus%pkgsrc.org@localhost>
date: Thu Sep 03 08:14:13 2020 +0000
description:
miller: update to 5.9.1.
ChangeLog:
Security update: disallow --prepipe in .mlrrc
As of Miller 5.9.0, you can have a .mlrrc file containing preferred flags.
As reported in #363, it would be possible for someone to prepare a repository
or some other zipfile/tarfile, for example, containing datasets, and send it
to you. They could have a line of the form prepipe do_something_bad; cat in
that repository, so when you ran any mlr commands in there, it would run the
do_something_bad command (whatever that might be).
The fix is (a) disallow prepipe within .mlrrc files; (b) as a consolation,
allow new prepipe-zcat and prepipe-gunzip options which are safe to use.
Fixes CVE-2020-15167.
diffstat:
textproc/miller/Makefile | 4 ++--
textproc/miller/distinfo | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (27 lines):
diff -r 45cb20f34df1 -r ebc7a241719e textproc/miller/Makefile
--- a/textproc/miller/Makefile Thu Sep 03 07:47:54 2020 +0000
+++ b/textproc/miller/Makefile Thu Sep 03 08:14:13 2020 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.19 2020/08/20 14:01:27 fcambus Exp $
+# $NetBSD: Makefile,v 1.20 2020/09/03 08:14:13 fcambus Exp $
-DISTNAME= mlr-5.9.0
+DISTNAME= mlr-5.9.1
PKGNAME= ${DISTNAME:S/mlr/miller/}
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_GITHUB:=johnkerl/}
diff -r 45cb20f34df1 -r ebc7a241719e textproc/miller/distinfo
--- a/textproc/miller/distinfo Thu Sep 03 07:47:54 2020 +0000
+++ b/textproc/miller/distinfo Thu Sep 03 08:14:13 2020 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.18 2020/08/20 14:01:27 fcambus Exp $
+$NetBSD: distinfo,v 1.19 2020/09/03 08:14:13 fcambus Exp $
-SHA1 (mlr-5.9.0.tar.gz) = ed7e896f9d88cc7c9c082d7cc5ed5cd1082ab7be
-RMD160 (mlr-5.9.0.tar.gz) = a8e5e43023c77831301eff884b5d46c41b21c3f0
-SHA512 (mlr-5.9.0.tar.gz) = 45c67b0841417787ed1bd4c96f1d63d695c6b28dc7386eeb167aa5194ae0080c61be2aa69d39f80200bc3787dcfdb74a437005df2474bcd94eda03d510984eae
-Size (mlr-5.9.0.tar.gz) = 1270452 bytes
+SHA1 (mlr-5.9.1.tar.gz) = 5493910bf727141df1aa6c2a2be60ed6e20d3a06
+RMD160 (mlr-5.9.1.tar.gz) = de4c6e1f5f7b1a074d3c30a73be0f5aa5e0b69af
+SHA512 (mlr-5.9.1.tar.gz) = ea16a917c500be442a8a4bff37c5de92a4924f9adc1c121bb28a5b4aba87f9429bf17127718639544a6e83f0e2519e9fe5860ed961c4f83486105970b2be39be
+Size (mlr-5.9.1.tar.gz) = 1270739 bytes
Home |
Main Index |
Thread Index |
Old Index