packages/zsh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 5.9

Browse Source
This commit is contained in:
dillon_chen 2022-10-09 15:39:51 +08:00
parent 275001e5fa
commit 643319342f
6 changed files with 5 additions and 213 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
backport-CVE-2021-45444-1.patch
View File

@ -1,42 +0,0 @@
From c187154f47697cdbf822c2f9d714d570ed4a0fd1 Mon Sep 17 00:00:00 2001
From: Oliver Kiddle <opk@zsh.org>
Date: Wed, 15 Dec 2021 01:56:40 +0100
Subject: [PATCH] security/41: Don't perform PROMPT_SUBST evaluation on %F/%K
arguments
Mitigates CVE-2021-45444
---
Src/prompt.c | 10 ++++++++++
1 files changed, 10 insertions(+)
diff --git a/Src/prompt.c b/Src/prompt.c
index b65bfb8..91e21c8 100644
--- a/Src/prompt.c
+++ b/Src/prompt.c
@@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg)
bv->fm += 2; /* skip over F{ */
if ((ep = strchr(bv->fm, '}'))) {
char oc = *ep, *col, *coll;
+ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
+ int opp = opts[PROMPTPERCENT];
+
+ opts[PROMPTPERCENT] = 1;
+ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
+
*ep = '\0';
/* expand the contents of the argument so you can use
* %v for example */
@@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg)
arg = match_colour((const char **)&coll, is_fg, 0);
free(col);
bv->fm = ep;
+
+ opts[PROMPTSUBST] = ops;
+ opts[PROMPTBANG] = opb;
+ opts[PROMPTPERCENT] = opp;
} else {
arg = match_colour((const char **)&bv->fm, is_fg, 0);
if (*bv->fm != '}')
--
1.8.3.1

98
backport-CVE-2021-45444-2.patch
View File

@ -1,98 +0,0 @@
From 972887bbe5eb6a00e5f0e73781d6d73bfdcafb93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20Cornell=C3=A0?= <hello@mcornella.com>
Date: Mon, 24 Jan 2022 09:43:28 +0100
Subject: [PATCH] security/89: Partially work around CVE-2021-45444 in VCS_Info
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch is a partial, VCS_Info-specific work-around for CVE-2021-45444,
which is mitigated in the shell itself in 5.8.1 and later versions. It is
offered for users who are concerned about an exploit but are unable to update
their binaries to receive the complete fix.
The patch works around the vulnerability by pre-escaping values substituted
into format strings in VCS_Info. Please note that this may break some user
configurations that rely on those values being un-escaped (which is why it was
not included directly in 5.8.1). It may be possible to limit this breakage by
adjusting exactly which ones are pre-escaped, but of course this may leave
them vulnerable again.
If applying the patch to the file system is inconvenient or not possible, the
following script can be used to idempotently patch the relevant function
running in memory (and thus must be re-run when the shell is restarted):
# Impacted versions go from v5.0.3 to v5.8 (v5.8.1 is the first patched version)
autoload -Uz is-at-least
if is-at-least 5.8.1 || ! is-at-least 5.0.3; then
return
fi
# Quote necessary $hook_com[<field>] items just before they are used
# in the line "VCS_INFO_hook 'post-backend'" of the VCS_INFO_formats
# function, where <field> is:
#
# base: the full path of the repository's root directory.
# base-name: the name of the repository's root directory.
# branch: the name of the currently checked out branch.
# revision: an identifier of the currently checked out revision.
# subdir: the path of the current directory relative to the
# repository's root directory.
# misc: a string that may contain anything the vcs_info backend wants.
#
# This patch %-quotes these fields previous to their use in vcs_info hooks and
# the zformat call and, eventually, when they get expanded in the prompt.
# It's important to quote these here, and not later after hooks have modified the
# fields, because then we could be quoting % characters from valid prompt sequences,
# like %F{color}, %B, etc.
#
# 32 │ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})"
# 33 │ hook_com[subdir_orig]="${hook_com[subdir]}"
# 34 │
# 35 + │ for tmp in base base-name branch misc revision subdir; do
# 36 + │ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"
# 37 + │ done
# 38 + │
# 39 │ VCS_INFO_hook 'post-backend'
#
# This is especially important so that no command substitution is performed
# due to malicious input as a consequence of CVE-2021-45444, which affects
# zsh versions from 5.0.3 to 5.8.
#
autoload -Uz +X regexp-replace VCS_INFO_formats
# We use $tmp here because it's already a local variable in VCS_INFO_formats
typeset PATCH='for tmp (base base-name branch misc revision subdir) hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"'
# Unique string to avoid reapplying the patch if this code gets called twice
typeset PATCH_ID=vcs_info-patch-9b9840f2-91e5-4471-af84-9e9a0dc68c1b
# Only patch the VCS_INFO_formats function if not already patched
if [[ "$functions[VCS_INFO_formats]" != *$PATCH_ID* ]]; then
regexp-replace 'functions[VCS_INFO_formats]' \
"VCS_INFO_hook 'post-backend'" \
': ${PATCH_ID}; ${PATCH}; ${MATCH}'
fi
unset PATCH PATCH_ID
---
Functions/VCS_Info/VCS_INFO_formats | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Functions/VCS_Info/VCS_INFO_formats b/Functions/VCS_Info/VCS_INFO_formats
index e0e1dc738..4d88e28b6 100644
--- a/Functions/VCS_Info/VCS_INFO_formats
+++ b/Functions/VCS_Info/VCS_INFO_formats
@@ -32,6 +32,10 @@ hook_com[base-name_orig]="${hook_com[base_name]}"
hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})"
hook_com[subdir_orig]="${hook_com[subdir]}"
+for tmp in base base-name branch misc revision subdir; do
+ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"
+done
+
VCS_INFO_hook 'post-backend'
## description (for backend authors):
--
2.34.1

67
backport-Simplify-N-cond-test.patch
View File

@ -1,67 +0,0 @@
From 80ddc46e54f6116235e68d3fc039ef775e72d1c5 Mon Sep 17 00:00:00 2001
From: dana <dana@dana.is>
Date: Wed, 11 Mar 2020 21:17:12 -0500
Subject: [PATCH] 45470: C02cond: Simplify '-N cond' test
This fixes an (intermittent?) issue with the test on macOS+APFS, and hopefully
makes it simpler and faster in general
---
Test/C02cond.ztst | 36 ++++++++++++------------------------
1 files changed, 12 insertions(+), 24 deletions(-)
diff --git a/Test/C02cond.ztst b/Test/C02cond.ztst
index 4b1ec02f0..5b105b2a0 100644
--- a/Test/C02cond.ztst
+++ b/Test/C02cond.ztst
@@ -146,39 +146,27 @@
# can't be bothered with -S
- if [[ ${mtab::="$({mount || /sbin/mount || /usr/sbin/mount} 2>/dev/null)"} = *[(]?*[)] ]]; then
- print -u $ZTST_fd 'This test takes two seconds...'
- else
- unmodified_ls="$(ls -lu $unmodified)"
- print -u $ZTST_fd 'This test takes up to 60 seconds...'
- fi
- sleep 2
+ print -ru $ZTST_fd 'This test may take two seconds...'
touch $newnewnew
if [[ $OSTYPE == "cygwin" ]]; then
ZTST_skip="[[ -N file ]] not supported on Cygwin"
elif (( isnfs )); then
ZTST_skip="[[ -N file ]] not supported with NFS"
- elif { (( ! $+unmodified_ls )) &&
- cat $unmodified &&
- { df -k -- ${$(print -r -- "$mtab" |
- awk '/noatime/ {print $1,$3}'):-""} | tr -s ' ' |
- fgrep -- "$(df -k . | tail -1 | tr -s ' ')" } >&/dev/null } ||
- { (( $+unmodified_ls )) && SECONDS=0 &&
- ! until (( SECONDS >= 58 )); do
- ZTST_hashmark; sleep 2; cat $unmodified
- [[ $unmodified_ls != "$(ls -lu $unmodified)" ]] && break
- done }; then
- ZTST_skip="[[ -N file ]] not supported with noatime file system"
+ elif ! zmodload -F zsh/stat b:zstat 2> /dev/null; then
+ ZTST_skip='[[ -N file ]] not tested; zsh/stat not available'
+ elif ! { sleep 2; touch -a $unmodified 2> /dev/null }; then
+ ZTST_skip='[[ -N file ]] not tested; touch failed'
+ elif [[ "$(zstat +atime $unmodified)" == "$(zstat +mtime $unmodified)" ]]; then
+ ZTST_skip='[[ -N file ]] not supported on this file system'
else
[[ -N $newnewnew && ! -N $unmodified ]]
fi
0:-N cond
-F:This test can fail on NFS-mounted filesystems as the access and
-F:modification times are not updated separately. The test will fail
-F:on HFS+ (Apple Mac OS X default) filesystems because access times
-F:are not recorded. Also, Linux ext3 filesystems may be mounted
-F:with the noatime option which does not update access times.
-F:Failures in these cases do not indicate a problem in the shell.
+F:This test relies on the file system supporting atime updates. It
+F:should automatically detect whether this is the case, and skip
+F:without failing if it isn't, but it's possible that some
+F:configurations may elude this detection. Please report this
+F:scenario if you encounter it.
[[ $newnewnew -nt $zlnfs && ! ($unmodified -nt $zlnfs) ]]
0:-nt cond

BIN
zsh-5.8.tar.xz
View File

Binary file not shown.

BIN
zsh-5.9.tar.xz Normal file
View File

Binary file not shown.

11
zsh.spec
View File

@ -1,8 +1,8 @@
%define _bindir /bin %define _bindir /bin
Name: zsh Name: zsh
Version: 5.8 Version: 5.9
Release: 3 Release: 1
Summary: A shell designed for interactive use Summary: A shell designed for interactive use
License: MIT License: MIT
URL: http://zsh.sourceforge.net URL: http://zsh.sourceforge.net
@ -26,10 +26,6 @@ Requires(postun): coreutils grep
Provides: /bin/zsh Provides: /bin/zsh
Patch0: backport-Simplify-N-cond-test.patch
Patch1: backport-CVE-2021-45444-1.patch
Patch2: backport-CVE-2021-45444-2.patch
%description %description
The zsh is a shell designed for interactive use, and it is also a powerful scripting language. Many of The zsh is a shell designed for interactive use, and it is also a powerful scripting language. Many of
the useful features of bash, ksh, and tcsh were incorporated into zsh. It can match files by file extension the useful features of bash, ksh, and tcsh were incorporated into zsh. It can match files by file extension
@ -132,6 +128,9 @@ fi
%{_infodir}/* %{_infodir}/*
%changelog %changelog
* Sun Oct 9 2022 dillon chen < dillon.chen@gmail.com> - 5.9-1
- update to 5.9
* Tue Mar 1 2022 wangjie <wangjie375@h-partners.com> - 5.8-3 * Tue Mar 1 2022 wangjie <wangjie375@h-partners.com> - 5.8-3
- Type: CVE - Type: CVE
- ID: CVE-2021-45444 - ID: CVE-2021-45444