Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:13.1:Update
patchinfo.2500
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.2500
<patchinfo> <issue id="855340" tracker="bnc">CVE-2013-7069: ack: potential remote code execution via per-project .ackrc files</issue> <issue id="CVE-2013-7069" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>AndreasStieger</packager> <description> - update to ack 2.12: fixes potential remote code execution via per-project .ackrc files [bnc#855340] [CVE-2013-7069] * prevents the --pager, --regex and --output options from being used from project-level ackrc files, preventing possible code execution when using ack through malicious files * --pager, --regex and --output options may still be used from the global /etc/ackrc, your own private ~/.ackrc, the ACK_OPTIONS environment variable, and of course from the command line. * Now ignores Eclipse .metadata directory. - includes changes form 2.11_02: * upstream source mispackaging fix - includes changes from 2.11_01 * Fixed a race condition in t/file-permission.t that was causing failures if tests were run in parallel. - includes changes from 2.10: * Add --perltest for *.t files * Added Matlab support * More compatibility fixes for Perl 5.8.8. - includes changes from 2.08 * ack now ignores CMake's build/cache directories by default * Add shebang matching for --lua files * Add documentation for --ackrc * Add Elixir filetype * Add --cathy option * Add some helpful debugging tips when an invalid option is found * Ignore PDF files by default, because Perl will detect them as text * Ignore .gif, .jpg, .jpeg and .png files. They won't normally be selected, but this is an optimization so that ack doesn't have to open them to know * Ack's colorizing of output would get confused with multiple sets of parentheses * Ack would get confused when trying to colorize the output in DOS-format files - includes changes from 2.05_01 * We now ignore the node_modules directories created by npm * --pager without an argument implies --pager=$PAGER * --perl now recognizes Plack-style .psgi files * Added filetypes for Coffescript, JSON, LESS, and Sass. * Command-line options now override options set in ackrc files * ACK_PAGER and ACK_PAGER_COLOR now work as advertised. * Fix a bug resulting in uninitialized variable warnings when more than one capture group was specified in the search pattern * Make sure ack is happy to build and test under cron and other console-less environments. - packaging changes: * run more rests with IO::Pty * refresh ack-ignore-osc.patch for upstream changes * update project URL - port changes from devel:languages:perl ack by daxim@cpan.org: * correct metadata: licence, CPAN download, homepage * unset forced prefix - let Perl configuration and toolchain determine the prefix/install_base which will DTRT * bash completion is gone, remove dead code - modified patches: * ack-ignore-osc.patch adjust for upstream source changes </description> <summary>update for ack</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor