openSUSE Recommended Update: Recommended update for mksh ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:1208-1 Rating: moderate References: #1023419 #1029664 #1035233 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides mksh R50f, which brings several fixes and enhancements: - Fix printing of negative integer values with 'print -R'. (bsc#1023419) - Make unset HISTFILE actually work. (bsc#1029664) - Do not permit += from environment. (bsc#1029664) - Handle integer base out of band like ksh93 does. - Protect standard code (predefined aliases, internal code, aliases and functions in dot.mkshrc) from being overridden by aliases and, in some cases, shell functions. - Implement GNU bash's enable for dot.mkshrc using magic aliases to redirect the builtins to external utilities; this differs from GNU bash in that enable takes precedence over functions. - Move unaliasing an identifier when defining a POSIX-style function with the same name into lksh, for compatibility. - Korn shell style functions now have locally scoped shell options. - Fix read -n-1 to not be identical to read -N-1. - Several fixes and improvements to lksh(1) and mksh(1) man pages. - Fix issues with IFS='\' read. - Fix integer overflows related to file descriptor parsing, reduce memory usage for I/O redirs. - Fix miscalculating required memory for encoding the double-quoted parts of a here document or here string delimiter, leading to a buffer overflow. - Add options -a argv0 and -c to exec. - Prevent use-after-free when hitting multiple errors unwinding. - Fix use of $* and $@ in scalar context: within [[ ... ]] and after case and in here documents. - Fix set -x in PS4 expansion infinite loop. - Fix rare infinite loop with invalid UTF-8 in the edit buffer. - Make the cat(1) builtin also interruptible in the write loop, not just in the read loop. - We use update-alternatives so there is no need to obsolete ksh. For a comprehensive list of changes please refer to the package's change log. This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-552=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-552=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): mksh-50f-6.3.1 mksh-debuginfo-50f-6.3.1 mksh-debugsource-50f-6.3.1 - openSUSE Leap 42.1 (i586 x86_64): mksh-50f-6.1 mksh-debuginfo-50f-6.1 mksh-debugsource-50f-6.1 References: https://bugzilla.suse.com/1023419 https://bugzilla.suse.com/1029664 https://bugzilla.suse.com/1035233