Fix for CVE-2014-2906.
Closes a race condition in funced which would allow execution of
arbitrary code; closes a race condition in psub which would allow
alternation of the data stream.
Note that `psub -f` does not work (#1040); a fix should be committed
separately for ease of maintenance.
Closes#1437
The if statement checking the output of hg bookmarks uses two conditions
joined by the or keyword. However, only the first part was being used.
Wrapping the two statements with begin and end properly combines them.
At some point the non-verbose, non-informative variant of the prompt
(e.g. the variant that looks like the bash prompt) was modified to try
and show the behind/ahead counts the same way the informative prompt
does. Besides being wrong, it also didn't work because behind/ahead
weren't defined.
Before this change, fish config used 0 as its address. However, this
isn't a good idea from security point of view, as web service can be
accessed from everywhere, and do anything on the account it was ran on.
This also deals with firewalls which block the access to 0 even from
the host machine itself. It possibly might fix#673, but I'm not sure.
Previously, fish's command_not_found handler would be installed in
__fish_config_interactive. Errors that occured early in startup (e.g. in
config.fish) or in non-interactive mode would therefore not be reported.
With this change, fish now exposes its default cnf handler as
__fish_default_command_not_found_handler . config.fish then installs a
cnfh that invokes the default. When fish goes interactive, the initial
cnfh is overwritten with a fancier one, that may in turn fall back to
invoking the default.
commit d81ae2665f
Author: Max Gonzih <gonzih@gmail.com>
Date: Sun Feb 2 16:22:18 2014 +0300
Check for command-not-found command on suse
commit 004b794c82
Author: Max Gonzih <gonzih@gmail.com>
Date: Sun Feb 2 14:04:41 2014 +0300
Fix cnf handler for Suse and Fedora
fixes#1208
Presently, `isatty` only works on a handful of keywords. Here it
is rewritten to be able to take any path, device or fd number as
an argument, and eliminates errors printed to stdout.
Per discussion in #1228, using `builtin test -c` within a pipe to
test special file descriptors is not viable, so this implementation
specifcially uses `command test`. Additionally, a note has been
added to the documentation of `test` regarding this potential
aberration from the expected output of the test utility under the
'Standards' section.