Midnight Commander 4.8.27 released
Yury V. Zaytsev
yury at shurup.com
Sun Aug 15 14:36:26 UTC 2021
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi there,
I'm glad to announce the immediate availability of mc-4.8.27, a
maintenance and security release, just in time before leaving all of you
for a long overdue summer vacation!
This release addresses an important security issue (CVE-2021-36370) in the
SFTP VFS. Unfortunately, as the VFS was first introduced, the fingerprints
of remote hosts were computed, but not verified, and the issue reported
only now by Manfred KAISER from AUT-milCERT during an audit of open source
software. We would like to thank the team at AUT-milCERT for finding the
issue and responsibly disclosing it!
Other than that there is a large slew of assorted bugfixes to various
subsystems. For the detailed list of changes since the last release,
please refer to the release notes. Everybody is recommended to upgrade to
immediately benefit from these improvements!
Download page: http://ftp.midnight-commander.org/?C=N;O=D
Release notes: http://www.midnight-commander.org/wiki/NEWS-4.8.27
Unfortunately, the autotools support for Apple M1 has not propagated
widely enough, so if you need to build mc on such a system, you will have
to specify the triplets manually - hopefully this will be no longer
necessary by the time of the next release:
CFLAGS="-target arm64-apple-macos11" \
./configure \
--host=aarch64-apple-darwin \
--target=aarch64-apple-darwin \
--build=aarch64-apple-darwin
As usual, thanks to Andrew Borodin, who was the main driving force behind this
release, as well as all of our contributors, including translators.
Have fun!
- --
Sincerely yours,
Yury V. Zaytsev
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJhGSZwAAoJEPci7nm8u+Dv7tUP/3UZEBUrTcCoY5I6p+9jTZni
2EXvl3qWuKK+2F0WOpztNAct0b6kyMOqtfH2VsRB6Set/8vhY9bx6b48cnZhkUR0
WTlmGq/eK1KTYfac7oYwp7RfknJ4jS99MdJXKUu9tukTD/QP+iBURhC+xTnh/yrJ
fzWn6UEsvHvDoHDFyZi0C8UYIbCd+XNyaxQNtJANf8SAwAtzTEcvhs63DX6DAJm2
uARL1EiKT2D0HCELSRhEAH+XwYEkd+4N8nWBaB1mo3TditY7bbFW/c+TV+Z78Cxq
p2RsoAhEDSPAyPBYpzXvYwQ2OgX56ug+wKMqjlYWtTYSC+Z6jqtZhYb2Mg9beY8e
B6gE5w9h//UA7zPqt01+LN4ErdHUyUejpk6eBYX7z/RABaURGZ41GaCEnxhcULnZ
lwOzU19puEFRIG5L1gXAr5KiTTh5/ALdn7OyxrXIVd4HRosFXSbZVwCAcWPdL2uj
17Na5volVN1VSD225/RJ8BnP0PWNxPlnpfSUEHJnaz0FWrwgE3oHHvMmkPQ6JbOP
ap0uZZyebtaUBHLL3gvriu/SKTWvT/VMGgbDi660mN5pKYgtbYDzqjy4SR38hQmX
27xD6pKFIFM7kQReeqc6sXq+SckuMYs2rpmDYVlj/eIacqAWPArTgDuWZ/sqbS+e
/6JHh/vU7I1JxZXmfl5o
=qJEm
-----END PGP SIGNATURE-----
More information about the mc-devel
mailing list