Midnight Commander 4.8.27 released

Yury V. Zaytsev yury at shurup.com
Sun Aug 15 14:36:26 UTC 2021


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

I'm glad to announce the immediate availability of mc-4.8.27, a 
maintenance and security release, just in time before leaving all of you 
for a long overdue summer vacation!

This release addresses an important security issue (CVE-2021-36370) in the 
SFTP VFS. Unfortunately, as the VFS was first introduced, the fingerprints 
of remote hosts were computed, but not verified, and the issue reported 
only now by Manfred KAISER from AUT-milCERT during an audit of open source 
software. We would like to thank the team at AUT-milCERT for finding the 
issue and responsibly disclosing it!

Other than that there is a large slew of assorted bugfixes to various 
subsystems. For the detailed list of changes since the last release, 
please refer to the release notes. Everybody is recommended to upgrade to 
immediately benefit from these improvements!

Download page: http://ftp.midnight-commander.org/?C=N;O=D
Release notes: http://www.midnight-commander.org/wiki/NEWS-4.8.27

Unfortunately, the autotools support for Apple M1 has not propagated 
widely enough, so if you need to build mc on such a system, you will have 
to specify the triplets manually - hopefully this will be no longer 
necessary by the time of the next release:

   CFLAGS="-target arm64-apple-macos11" \
   ./configure \
     --host=aarch64-apple-darwin \
     --target=aarch64-apple-darwin \
     --build=aarch64-apple-darwin

As usual, thanks to Andrew Borodin, who was the main driving force behind this 
release, as well as all of our contributors, including translators.

Have fun!

- -- 
Sincerely yours,
Yury V. Zaytsev

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJhGSZwAAoJEPci7nm8u+Dv7tUP/3UZEBUrTcCoY5I6p+9jTZni
2EXvl3qWuKK+2F0WOpztNAct0b6kyMOqtfH2VsRB6Set/8vhY9bx6b48cnZhkUR0
WTlmGq/eK1KTYfac7oYwp7RfknJ4jS99MdJXKUu9tukTD/QP+iBURhC+xTnh/yrJ
fzWn6UEsvHvDoHDFyZi0C8UYIbCd+XNyaxQNtJANf8SAwAtzTEcvhs63DX6DAJm2
uARL1EiKT2D0HCELSRhEAH+XwYEkd+4N8nWBaB1mo3TditY7bbFW/c+TV+Z78Cxq
p2RsoAhEDSPAyPBYpzXvYwQ2OgX56ug+wKMqjlYWtTYSC+Z6jqtZhYb2Mg9beY8e
B6gE5w9h//UA7zPqt01+LN4ErdHUyUejpk6eBYX7z/RABaURGZ41GaCEnxhcULnZ
lwOzU19puEFRIG5L1gXAr5KiTTh5/ALdn7OyxrXIVd4HRosFXSbZVwCAcWPdL2uj
17Na5volVN1VSD225/RJ8BnP0PWNxPlnpfSUEHJnaz0FWrwgE3oHHvMmkPQ6JbOP
ap0uZZyebtaUBHLL3gvriu/SKTWvT/VMGgbDi660mN5pKYgtbYDzqjy4SR38hQmX
27xD6pKFIFM7kQReeqc6sXq+SckuMYs2rpmDYVlj/eIacqAWPArTgDuWZ/sqbS+e
/6JHh/vU7I1JxZXmfl5o
=qJEm
-----END PGP SIGNATURE-----



More information about the mc-devel mailing list