From 2837e10e7888aeabdb7d13b4052a40e6994efcf1 Mon Sep 17 00:00:00 2001
From: Patrick McDermott <patrick.mcdermott@libiquity.com>
Date: Sat, 27 Apr 2019 19:16:49 -0400
Subject: NEWS: List code quality improvements

---
(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index cfc25b2..9bb458d 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,16 @@ feed index file signatures against a validated archive certificate; and
 fetching lists of ProteanOS architectures, platforms, and archive
 mirrors.
 
+Security fix:
+
+  * An unsafe "eval" command has been fixed.  Running prokit's "install"
+    command with an untrusted "root" directory argument, as in the shell
+    command `prokit install dev/trunk "root'; echo hello #"`, allows
+    arbitrary code execution.  This is fixed by Git commit 1ce4ec3.
+    This is considered a low-impact vulnerability, because running
+    prokit's "install" command with untrusted arguments is an unlikely
+    use case.
+
 New dependencies:
 
   * prokit now requires OpenWrt's usign utility, which verifies ed25519
@@ -70,6 +80,11 @@ Build system and code quality:
   * Uses of the non-portable "%s" date format conversion specifier and
     "expr" command have been replaced.
   * The test suite is now based around the TAP protocol.
+  * Code quality has been improved: eval commands are now safer against
+    mistakes in input validation/escaping, echo commands have been
+    replaced, errors are handled (making the shell "-e" option safe), an
+    obselescent [ (test) command option has been removed, and commands
+    are protected from variable arguments beginning with "-".
 
 ProteanOS Development Kit version 1.1.0
 ---------------------------------------
--
cgit v0.9.1