Compare commits
No commits in common. "c8" and "imports/c8s/zsh-5.5.1-6.el8_1.2" have entirely different histories.
c8
...
imports/c8
@ -1,45 +0,0 @@
|
|||||||
From 9ce87af4ced4e21258e6003f1fb65b05ca5a7d14 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Oliver Kiddle <opk@zsh.org>
|
|
||||||
Date: Wed, 15 Dec 2021 01:56:40 +0100
|
|
||||||
Subject: [PATCH] security/41: Don't perform PROMPT_SUBST evaluation on %F/%K
|
|
||||||
arguments
|
|
||||||
|
|
||||||
Mitigates CVE-2021-45444
|
|
||||||
|
|
||||||
Upstream-commit: c187154f47697cdbf822c2f9d714d570ed4a0fd1
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
Src/prompt.c | 10 ++++++++++
|
|
||||||
1 file changed, 10 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/Src/prompt.c b/Src/prompt.c
|
|
||||||
index 95da525..1368f8e 100644
|
|
||||||
--- a/Src/prompt.c
|
|
||||||
+++ b/Src/prompt.c
|
|
||||||
@@ -244,6 +244,12 @@ parsecolorchar(int arg, int is_fg)
|
|
||||||
bv->fm += 2; /* skip over F{ */
|
|
||||||
if ((ep = strchr(bv->fm, '}'))) {
|
|
||||||
char oc = *ep, *col, *coll;
|
|
||||||
+ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
|
|
||||||
+ int opp = opts[PROMPTPERCENT];
|
|
||||||
+
|
|
||||||
+ opts[PROMPTPERCENT] = 1;
|
|
||||||
+ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
|
|
||||||
+
|
|
||||||
*ep = '\0';
|
|
||||||
/* expand the contents of the argument so you can use
|
|
||||||
* %v for example */
|
|
||||||
@@ -252,6 +258,10 @@ parsecolorchar(int arg, int is_fg)
|
|
||||||
arg = match_colour((const char **)&coll, is_fg, 0);
|
|
||||||
free(col);
|
|
||||||
bv->fm = ep;
|
|
||||||
+
|
|
||||||
+ opts[PROMPTSUBST] = ops;
|
|
||||||
+ opts[PROMPTBANG] = opb;
|
|
||||||
+ opts[PROMPTPERCENT] = opp;
|
|
||||||
} else {
|
|
||||||
arg = match_colour((const char **)&bv->fm, is_fg, 0);
|
|
||||||
if (*bv->fm != '}')
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
From 6af0b07cc7950159129156cb85ef3f72fdd828cc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Stephenson <p.w.stephenson@ntlworld.com>
|
|
||||||
Date: Sat, 3 Aug 2019 19:48:18 +0100
|
|
||||||
Subject: [PATCH] 44635: Don't apply STAT_NOPRINT to backgrounded jobs
|
|
||||||
|
|
||||||
Upstream-commit: e0d063a2ade821baf570eb300d4be93692b494f8
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
Src/exec.c | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/Src/exec.c b/Src/exec.c
|
|
||||||
index 8045db2..da089d6 100644
|
|
||||||
--- a/Src/exec.c
|
|
||||||
+++ b/Src/exec.c
|
|
||||||
@@ -1666,7 +1666,8 @@ execpline(Estate state, wordcode slcode, int how, int last1)
|
|
||||||
|
|
||||||
lastwj = thisjob = newjob;
|
|
||||||
|
|
||||||
- if (list_pipe || (pline_level && !(how & Z_TIMED)))
|
|
||||||
+ if (list_pipe || (pline_level && !(how & Z_TIMED) &&
|
|
||||||
+ !(jn->stat & STAT_NOSTTY)))
|
|
||||||
jn->stat |= STAT_NOPRINT;
|
|
||||||
|
|
||||||
if (nowait) {
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Powerful interactive shell
|
Summary: Powerful interactive shell
|
||||||
Name: zsh
|
Name: zsh
|
||||||
Version: 5.5.1
|
Version: 5.5.1
|
||||||
Release: 10%{?dist}
|
Release: 6%{?dist}.2
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: http://zsh.sourceforge.net/
|
URL: http://zsh.sourceforge.net/
|
||||||
Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
|
Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
|
||||||
@ -24,12 +24,6 @@ Patch3: 0003-zsh-5.5.1-parse-error-exit-status.patch
|
|||||||
# drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044)
|
# drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044)
|
||||||
Patch4: 0004-zsh-5.5.1-CVE-2019-20044.patch
|
Patch4: 0004-zsh-5.5.1-CVE-2019-20044.patch
|
||||||
|
|
||||||
# do not perform PROMPT_SUBST evaluation on %F/%K arguments (CVE-2021-45444)
|
|
||||||
Patch5: 0005-zsh-5.5.1-CVE-2021-45444.patch
|
|
||||||
|
|
||||||
# make zsh wait built-in wait properly for all active child processes (#2070342)
|
|
||||||
Patch6: 0006-zsh-5.5.1-fix-wait.patch
|
|
||||||
|
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: coreutils
|
BuildRequires: coreutils
|
||||||
BuildRequires: gawk
|
BuildRequires: gawk
|
||||||
@ -185,16 +179,10 @@ fi
|
|||||||
%doc Doc/*.html
|
%doc Doc/*.html
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Apr 01 2022 Kamil Dudka <kdudka@redhat.com> - 5.5.1-10
|
* Tue Mar 03 2020 Kamil Dudka <kdudka@redhat.com> - 5.5.1-6.el8_1.2
|
||||||
- make zsh wait built-in wait properly for all active child processes (#2070342)
|
|
||||||
|
|
||||||
* Tue Feb 22 2022 Kamil Dudka <kdudka@redhat.com> - 5.5.1-9
|
|
||||||
- do not perform PROMPT_SUBST evaluation on %F/%K arguments (CVE-2021-45444)
|
|
||||||
|
|
||||||
* Tue Mar 03 2020 Kamil Dudka <kdudka@redhat.com> - 5.5.1-8
|
|
||||||
- improve printing of error messages introduced by the fix of CVE-2019-20044
|
- improve printing of error messages introduced by the fix of CVE-2019-20044
|
||||||
|
|
||||||
* Mon Feb 24 2020 Kamil Dudka <kdudka@redhat.com> - 5.5.1-7
|
* Mon Feb 24 2020 Kamil Dudka <kdudka@redhat.com> - 5.5.1-6.el8_1.1
|
||||||
- drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044)
|
- drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044)
|
||||||
|
|
||||||
* Mon Dec 17 2018 Kamil Dudka <kdudka@redhat.com> - 5.5.1-6
|
* Mon Dec 17 2018 Kamil Dudka <kdudka@redhat.com> - 5.5.1-6
|
||||||
|
Loading…
Reference in New Issue
Block a user