- Require all requests to use a session path.
- Use a redirect file to avoid exposing the URL on the command line, as
it contains the session path.
Fix for CVE-2014-2914.
Closes#1438.
- Change fishd_path to std::string
- Warn, rather than exiting with an error, if the universal variable
server path is not available, and provide more useful advice.
- Export the new __fishd_runtime_dir variable.
- Use a secure path for sockets (some code used under license from
tmux).
- Provide the secure path in the environment as $__fish_runtime_dir.
- Link the new path to the old path to ease migration from earlier
versions.
Closes#1359.
After installing fish built from or after this commit, you MUST
terminate all running fishd processes (`killall fishd`, `pkill fishd`
or similar). Distributors are encouraged to do this from within their
packaging scripts. fishd will restart automatically, and no data should
be lost.
Fix for CVE-2014-2906.
Closes a race condition in funced which would allow execution of
arbitrary code; closes a race condition in psub which would allow
alternation of the data stream.
Note that `psub -f` does not work (#1040); a fix should be committed
separately for ease of maintenance.
Large list of changes, including formatting and typos for most commands.
More substantive changes have been made to alias, bind, block, break,
builtin, case, cd, commandline, count, else, emit, fish_config, funced,
function, functions, history, math, mimedb, nextd, not, popd, prevd,
pushd, pwd, random, read, set, set_color, switch, test, trap, type,
ulimit, umask, and while.
Since set_color was changed to a built-in command, the entire shell will
exit in the event that setupterm() fails for some reason since ncurses
does an exit() if an errret was not passed in.
setupterm() can fail if the TERM environment variable is not set. This can
cause the shell to die prematurely if set_color is called from a startup
file like config.fish (such as vi-mode.fish which caches the results of
set_color when it is loaded) and fish is started without a TERM set
(e.g. when started from .xsession, or when being used as a remote shell
by a command such as rsync, scp or git)
A simple repro case for this issue is:
ian@delenn~ [i]> echo set_color normal > ~/.config/fish/config.fish
ian@delenn~ [i]> scp localhost:test .
TERM environment variable not set.
ian@delenn~ [i]>
This patch passes in an errret variable to setupterm(), which causes
ncurses to return the error to builtin_set_color() rather than calling
exit():
ian@delenn~ [i]> scp localhost:test .
test 100% 0 0.0KB/s 00:00
ian@delenn~ [i]>
Signed-off-by: Ian Munsie <darkstarsword@gmail.com>
- Clarify wording in functions section
- Use the term aliases rather than wrappers
- Clarification of concepts and better? examples in variable expansion
- Likewise in environment variables
- Using the phrase builtin commands rather than builtins
- Tidy up keybindings a bit
- Another example in the history section
- Remove TODO section in favour of mailing list, GitHub and IRC link
