CVS commit: pkgsrc/shells/zsh

["Kimmo Suominen" <kim%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   kim
Date:           Sat Mar 12 06:07:48 UTC 2022

Modified Files:
        pkgsrc/shells/zsh: Makefile distinfo

Log Message:
shells/zsh: Update to 5.8.1

Changes between 5.8 and 5.8.1

Incompatibilities

    PROMPT_SUBST expansion is no longer performed on arguments to
    prompt-expansion sequences such as %F.

Changes

    CVE-2021-45444: Some prompt expansion sequences, such as %F,
    support 'arguments' which are themselves expanded in case they
    contain colour values, etc. This additional expansion would trigger
    PROMPT_SUBST evaluation, if enabled. This could be abused to
    execute code the user didn't expect. e.g., given a certain prompt
    configuration, an attacker could trick a user into executing
    arbitrary code by having them check out a Git branch with a
    specially crafted name.

    This is fixed in the shell itself by no longer performing
    PROMPT_SUBST evaluation on these prompt-expansion arguments.

    Users who are concerned about an exploit but unable to update their
    binaries may apply the partial work-around described in the file
    Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell
    source. [ Reported by RyotaK. Additional thanks to Marc Cornellà. ]


To generate a diff of this commit:
cvs rdiff -u -r1.101 -r1.102 pkgsrc/shells/zsh/Makefile
cvs rdiff -u -r1.75 -r1.76 pkgsrc/shells/zsh/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/shells/zsh/Makefile
diff -u pkgsrc/shells/zsh/Makefile:1.101 pkgsrc/shells/zsh/Makefile:1.102
--- pkgsrc/shells/zsh/Makefile:1.101    Fri Feb 18 09:48:44 2022
+++ pkgsrc/shells/zsh/Makefile  Sat Mar 12 06:07:48 2022
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.101 2022/02/18 09:48:44 pho Exp $
+# $NetBSD: Makefile,v 1.102 2022/03/12 06:07:48 kim Exp $
 
-DISTNAME=      zsh-5.8
-PKGREVISION=   4
+DISTNAME=      zsh-5.8.1
 CATEGORIES=    shells
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=zsh/}
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/shells/zsh/distinfo
diff -u pkgsrc/shells/zsh/distinfo:1.75 pkgsrc/shells/zsh/distinfo:1.76
--- pkgsrc/shells/zsh/distinfo:1.75     Fri Feb 18 09:48:44 2022
+++ pkgsrc/shells/zsh/distinfo  Sat Mar 12 06:07:48 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.75 2022/02/18 09:48:44 pho Exp $
+$NetBSD: distinfo,v 1.76 2022/03/12 06:07:48 kim Exp $
 
-BLAKE2s (zsh-5.8.tar.xz) = 3f0edcbb7b47f43f04cd373e98257702a1cfdc4efddcec12172cc1a34ac3b3da
-SHA512 (zsh-5.8.tar.xz) = 96198ecef498b7d7945fecebbe6bf14065fa8c5d81a7662164579eba8206b79575812d292adea1864bc7487ac0818ba900e25f9ab3802449340de80417c2c533
-Size (zsh-5.8.tar.xz) = 3193284 bytes
+BLAKE2s (zsh-5.8.1.tar.xz) = 4ee16432bdb40c9f7c79da389ca32d5e45c339608425214f84075a3cea8f3e9b
+SHA512 (zsh-5.8.1.tar.xz) = f54a5a47ed15d134902613f6169c985680afc45a67538505e11b66b348fcb367145e9b8ae2d9eac185e07ef5f97254b85df01ba97294002a8c036fd02ed5e76d
+Size (zsh-5.8.1.tar.xz) = 3200540 bytes
 SHA1 (patch-Completion_BSD_Command___bsd__pkg) = c15924342b827b0ee490ac01a89fe06d439fef0f
 SHA1 (patch-Completion_Unix_Command___gpg) = 226b6025e646f8c74e7e648f33a1001310c9ce3e
 SHA1 (patch-Config_installfns.sh) = ef0b250a0121c0e4925022e02553aefa23e6cc8d