Release 93u+m/1.0.0

_ _ ___ _____ ___ ___ ___ | | _____| |__ / _ \___ / _ _ _ _ __ ___ / / | / _ \ / _ \ | |/ / __| '_ \ | (_) ||_ \| | | |_| |_| '_ ` _ \ / /| || | | | | | | | <\__ \ | | | \__, |__) | |_| |_ _| | | | | |/ / | || |_| | |_| | |_|\_\___/_| |_| /_/____/ \__,_| |_| |_| |_| |_/_/ |_(_)___(_)___/ It may have taken exactly a decade, but here we are... a proper new ksh release. :) Many thanks to all contributors for their hard work! Compared to an unpatched 93u+, this release has roughly a thousand bugs fixed. It incorporates a fair number of enhancements as well. Not all known bugs have been worked out yet; see the TODO file. Let's hope this release will rekindle interest and attract more bug hunters. This commit also makes some very minor fixes in comments. Notable: src/cmd/ksh93/sh/arith.c: sh_strnum(): - Update a security-related comment. As of b48e5b3, evaluating untrusted arithmetic expressions from the environment should no longer cause CVE-2019-14868. But let's keep disallowing it anyway. Resolves: #491
ksh93 · Aug 1, 2022 · 3a25aa0 · 3a25aa0
1 parent f03e672
commit 3a25aa0
Show file tree

Hide file tree

Showing 7 changed files with 138 additions and 234 deletions.
diff --git a/ANNOUNCE b/ANNOUNCE
diff --git a/COPYRIGHT b/COPYRIGHT
@@ -88,7 +88,7 @@ ast package general copyright notice
 #                       Jeff Korn <@google.com>                        #
 #              Kathleen Fisher <[email protected]>              #
 #                     Ken Church <@microsoft.com>                      #
-#             Brian Kernigham <[email protected]>             #
+#             Brian Kernighan <[email protected]>             #
 #             Dennis Ritchie <[email protected]>              #
 #              Doug McIlroy <[email protected]>              #
 #                   Eduardo Krell <[email protected]>                   #

diff --git a/NEWS b/NEWS
@@ -1,7 +1,16 @@
 This documents significant changes in the 1.0 branch of ksh 93u+m.
 For full details, see the git log at: https://github.com/ksh93/ksh/tree/1.0
+Uppercase BUG_* IDs are shell bug IDs as used by the Modernish shell library.
 
-Any uppercase BUG_* names are modernish shell bug IDs.
+2022-08-01:
+   _        _        ___ _____                          ___   ___   ___
+  | | _____| |__    / _ \___ / _   _   _   _ __ ___    / / | / _ \ / _ \
+  | |/ / __| '_ \  | (_) ||_ \| | | |_| |_| '_ ` _ \  / /| || | | | | | |
+  |   <\__ \ | | |  \__, |__) | |_| |_   _| | | | | |/ / | || |_| | |_| |
+  |_|\_\___/_| |_|    /_/____/ \__,_| |_| |_| |_| |_/_/  |_(_)___(_)___/
+
+- Exactly ten years after ksh 93u+ 2012-08-01, we now have a new ksh release.
+  Many thanks to all the direct and indirect contributors for their hard work!
 
 2022-07-28:
 
@@ -2128,3 +2137,7 @@ Any uppercase BUG_* names are modernish shell bug IDs.
   for reading and writing, you now need '1<>'.
   Ref.:	https://github.com/att/ast/issues/75
 	http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_07_07
+
+2020-05-12:
+
+- ksh development rebooted based on 93u+ 2012-08-01.
diff --git a/TODO b/TODO
@@ -66,11 +66,5 @@ https://github.com/ksh93/ksh/issues/460
 $LINENO incorrect after compound assignment
 https://github.com/ksh93/ksh/issues/484
 
-Tab completion can cause vi mode to switch to "control"
-https://github.com/ksh93/ksh/issues/485
-
 Shell quoting within bracket patterns has no effect
 https://github.com/ksh93/ksh/issues/488
-
-"$*" does pattern matching if the first char of $IFS is a wildcard
-https://github.com/ksh93/ksh/issues/489
diff --git a/src/cmd/ksh93/include/version.h b/src/cmd/ksh93/include/version.h
@@ -17,8 +17,8 @@
 #include <releaseflags.h>
 
 #define SH_RELEASE_FORK	"93u+m"		/* only change if you develop a new ksh93 fork */
-#define SH_RELEASE_SVER	"1.0.0-rc.6"	/* semantic version number: https://semver.org */
-#define SH_RELEASE_DATE	"2022-07-31"	/* must be in this format for $((.sh.version)) */
+#define SH_RELEASE_SVER	"1.0.0"		/* semantic version number: https://semver.org */
+#define SH_RELEASE_DATE	"2022-08-01"	/* must be in this format for $((.sh.version)) */
 #define SH_RELEASE_CPYR	"(c) 2020-2022 Contributors to ksh " SH_RELEASE_FORK
 
 /* Scripts sometimes field-split ${.sh.version}, so don't change amount of whitespace. */

diff --git a/src/cmd/ksh93/sh/arith.c b/src/cmd/ksh93/sh/arith.c
@@ -551,7 +551,7 @@ Sfdouble_t sh_strnum(register const char *str, char** ptr, int mode)
 				/*
 				 * Initializing means importing untrusted env vars. The string does not appear to be
 				 * a recognized numeric literal, so give up. We can't safely call arith_strval(), because
-				 * that allows arbitrary expressions, causing security vulnerability CVE-2019-14868.
+				 * that allows arbitrary expressions, which could be a security vulnerability.
 				 */
 				d = 0.0;
 			else

diff --git a/src/cmd/ksh93/sh/streval.c b/src/cmd/ksh93/sh/streval.c
@@ -928,7 +928,7 @@ Arith_t *arith_compile(const char *string,char **last,Sfdouble_t(*fun)(const cha
 }
 
 /*
- * evaluate an integer arithmetic expression in s
+ * evaluate an arithmetic expression in s
  *
  * (Sfdouble_t)(*convert)(char** end, struct lval* string, int type, Sfdouble_t value)
  *     is a user supplied conversion routine that is called when unknown