From 3039f911f4ae98700925cc6d06fd0231972033fa Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 10 May 2022 03:20:35 -0400 Subject: [PATCH] import zsh-5.5.1-9.el8 --- SOURCES/0005-zsh-5.5.1-CVE-2021-45444.patch | 45 +++++++++++++++++++++ SPECS/zsh.spec | 12 ++++-- 2 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 SOURCES/0005-zsh-5.5.1-CVE-2021-45444.patch diff --git a/SOURCES/0005-zsh-5.5.1-CVE-2021-45444.patch b/SOURCES/0005-zsh-5.5.1-CVE-2021-45444.patch new file mode 100644 index 0000000..5de9e72 --- /dev/null +++ b/SOURCES/0005-zsh-5.5.1-CVE-2021-45444.patch @@ -0,0 +1,45 @@ +From 9ce87af4ced4e21258e6003f1fb65b05ca5a7d14 Mon Sep 17 00:00:00 2001 +From: Oliver Kiddle +Date: Wed, 15 Dec 2021 01:56:40 +0100 +Subject: [PATCH] security/41: Don't perform PROMPT_SUBST evaluation on %F/%K + arguments + +Mitigates CVE-2021-45444 + +Upstream-commit: c187154f47697cdbf822c2f9d714d570ed4a0fd1 +Signed-off-by: Kamil Dudka +--- + Src/prompt.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/Src/prompt.c b/Src/prompt.c +index 95da525..1368f8e 100644 +--- a/Src/prompt.c ++++ b/Src/prompt.c +@@ -244,6 +244,12 @@ parsecolorchar(int arg, int is_fg) + bv->fm += 2; /* skip over F{ */ + if ((ep = strchr(bv->fm, '}'))) { + char oc = *ep, *col, *coll; ++ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG]; ++ int opp = opts[PROMPTPERCENT]; ++ ++ opts[PROMPTPERCENT] = 1; ++ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0; ++ + *ep = '\0'; + /* expand the contents of the argument so you can use + * %v for example */ +@@ -252,6 +258,10 @@ parsecolorchar(int arg, int is_fg) + arg = match_colour((const char **)&coll, is_fg, 0); + free(col); + bv->fm = ep; ++ ++ opts[PROMPTSUBST] = ops; ++ opts[PROMPTBANG] = opb; ++ opts[PROMPTPERCENT] = opp; + } else { + arg = match_colour((const char **)&bv->fm, is_fg, 0); + if (*bv->fm != '}') +-- +2.34.1 + diff --git a/SPECS/zsh.spec b/SPECS/zsh.spec index c9f75b3..bd37d4e 100644 --- a/SPECS/zsh.spec +++ b/SPECS/zsh.spec @@ -1,7 +1,7 @@ Summary: Powerful interactive shell Name: zsh Version: 5.5.1 -Release: 6%{?dist}.2 +Release: 9%{?dist} License: MIT URL: http://zsh.sourceforge.net/ Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz @@ -24,6 +24,9 @@ Patch3: 0003-zsh-5.5.1-parse-error-exit-status.patch # drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) Patch4: 0004-zsh-5.5.1-CVE-2019-20044.patch +# do not perform PROMPT_SUBST evaluation on %F/%K arguments (CVE-2021-45444) +Patch5: 0005-zsh-5.5.1-CVE-2021-45444.patch + BuildRequires: autoconf BuildRequires: coreutils BuildRequires: gawk @@ -179,10 +182,13 @@ fi %doc Doc/*.html %changelog -* Tue Mar 03 2020 Kamil Dudka - 5.5.1-6.el8_1.2 +* Tue Feb 22 2022 Kamil Dudka - 5.5.1-9 +- do not perform PROMPT_SUBST evaluation on %F/%K arguments (CVE-2021-45444) + +* Tue Mar 03 2020 Kamil Dudka - 5.5.1-8 - improve printing of error messages introduced by the fix of CVE-2019-20044 -* Mon Feb 24 2020 Kamil Dudka - 5.5.1-6.el8_1.1 +* Mon Feb 24 2020 Kamil Dudka - 5.5.1-7 - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) * Mon Dec 17 2018 Kamil Dudka - 5.5.1-6