Global-6.6.13 released.

Mon, 01 Jul 2024 17:57:38 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello hackers,

It is my great pleasure to announce the release of Global-6.6.13.
Global-6.6.13 is a bug fix release, which includes the fix for
CVE-2024-38448.

Global is a source code tagging system that works the same way
across diverse environments, for example, emacs, vi, less, bash,
web browser and etc. It is useful for hacking a large project.

[FIXED BUGS]
o htags: took the input provided in the dbpath option (-d) and
  appended it to a command string that will later be executed by
  system() function, without any escaping, leading to a command
  injection vulnerability (CVE-2024-38448).

        $ rm -f /tmp/w
        $ htags -g -q -d '$(pwd>/tmp/w)'
        $ cat /tmp/w
        /tmp/global/htags

  Now it just outputs an error:

        $ rm -f /tmp/w
        $ htags -g -q -d '$(pwd>/tmp/w)'
        gtags: directory '/tmp/global/htags/$(pwd>' not found.
        $ cat /tmp/w
        cat: /tmp/w: No such file or directory

o gtags: Pygments plug-in parser with Python3 does not work,
  if 'ctagscom' is not set. If it is not set, default path obtained
  by configure script should be used.

        $ cat > gtags.conf
        default:\
                :ctagscom=:\
                :langmap=C\:.c.h:\
                :gtags_parser=C\:/usr/local/lib/gtags/pygments-parser.la:
        $ gtags
        $ global -x '.*'
        $ _                             # no tags

        Now it works.

You can download it from here:
  http://www.gnu.org/software/global/download.html
More detailed information:
  http://www.gnu.org/software/global/.

Enjoy!

Shigio YAMAGUCHI <shi...@gnu.org>
-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org

iQEzBAEBCAAdFiEEfbo3OesTjKdebKVeKvmXe9peQbEFAmaDRC0ACgkQKvmXe9pe
QbEwfQf/eFn0y9MXMUkOgkGPPikKedb5guSTxUI4jkbYCGvyZeBUsIJjKgQoRx1E
ohwgWhEnKLdioTeP/qfBudgm1VtX7h0fzkHdqOj17ZZNC6Qqo+e2A68YtOEEI0+B
uBXUpVRvxzgu8g6wUqK1qHi5AJjMSuBvjM6pJ8CODtNthhR9IuOuDh0sUzcKaTTx
60V1CTtX/wDXRjYlr7126sfuRWVhh0mRy/SS2FyvIefrCH6gNkFF8EBVeKmXXyrk
IA6GQTZAjfzbwESHYuGbQb+hets9dtTA+sZ6CRPDsCLyGNkroLs0HKcJhKcQHO5A
LsfCem89zCDknAaD/T93CumeXdx9Qw==
=MVhu
-----END PGP SIGNATURE-----

-- 
Shigio YAMAGUCHI <shi...@gnu.org>
PGP fingerprint:
26F6 31B4 3D62 4A92 7E6F  1C33 969C 3BE3 89DD A6EB

Reply via email to