[pkgsrc/trunk]: pkgsrc/shells/zsh shells/zsh: Update to 5.8.1

[kim <kim%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ca605b9c4025
branches:  trunk
changeset: 375310:ca605b9c4025
user:      kim <kim%pkgsrc.org@localhost>
date:      Sat Mar 12 06:07:48 2022 +0000

description:
shells/zsh: Update to 5.8.1

Changes between 5.8 and 5.8.1

Incompatibilities

    PROMPT_SUBST expansion is no longer performed on arguments to
    prompt-expansion sequences such as %F.

Changes

    CVE-2021-45444: Some prompt expansion sequences, such as %F,
    support 'arguments' which are themselves expanded in case they
    contain colour values, etc. This additional expansion would trigger
    PROMPT_SUBST evaluation, if enabled. This could be abused to
    execute code the user didn't expect. e.g., given a certain prompt
    configuration, an attacker could trick a user into executing
    arbitrary code by having them check out a Git branch with a
    specially crafted name.

    This is fixed in the shell itself by no longer performing
    PROMPT_SUBST evaluation on these prompt-expansion arguments.

    Users who are concerned about an exploit but unable to update their
    binaries may apply the partial work-around described in the file
    Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell
    source. [ Reported by RyotaK. Additional thanks to Marc Cornellà. ]

diffstat:

 shells/zsh/Makefile |  5 ++---
 shells/zsh/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 7 deletions(-)

diffs (29 lines):

diff -r 469432fe2d96 -r ca605b9c4025 shells/zsh/Makefile
--- a/shells/zsh/Makefile       Fri Mar 11 21:42:41 2022 +0000
+++ b/shells/zsh/Makefile       Sat Mar 12 06:07:48 2022 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.101 2022/02/18 09:48:44 pho Exp $
+# $NetBSD: Makefile,v 1.102 2022/03/12 06:07:48 kim Exp $
 
-DISTNAME=      zsh-5.8
-PKGREVISION=   4
+DISTNAME=      zsh-5.8.1
 CATEGORIES=    shells
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=zsh/}
 EXTRACT_SUFX=  .tar.xz
diff -r 469432fe2d96 -r ca605b9c4025 shells/zsh/distinfo
--- a/shells/zsh/distinfo       Fri Mar 11 21:42:41 2022 +0000
+++ b/shells/zsh/distinfo       Sat Mar 12 06:07:48 2022 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.75 2022/02/18 09:48:44 pho Exp $
+$NetBSD: distinfo,v 1.76 2022/03/12 06:07:48 kim Exp $
 
-BLAKE2s (zsh-5.8.tar.xz) = 3f0edcbb7b47f43f04cd373e98257702a1cfdc4efddcec12172cc1a34ac3b3da
-SHA512 (zsh-5.8.tar.xz) = 96198ecef498b7d7945fecebbe6bf14065fa8c5d81a7662164579eba8206b79575812d292adea1864bc7487ac0818ba900e25f9ab3802449340de80417c2c533
-Size (zsh-5.8.tar.xz) = 3193284 bytes
+BLAKE2s (zsh-5.8.1.tar.xz) = 4ee16432bdb40c9f7c79da389ca32d5e45c339608425214f84075a3cea8f3e9b
+SHA512 (zsh-5.8.1.tar.xz) = f54a5a47ed15d134902613f6169c985680afc45a67538505e11b66b348fcb367145e9b8ae2d9eac185e07ef5f97254b85df01ba97294002a8c036fd02ed5e76d
+Size (zsh-5.8.1.tar.xz) = 3200540 bytes
 SHA1 (patch-Completion_BSD_Command___bsd__pkg) = c15924342b827b0ee490ac01a89fe06d439fef0f
 SHA1 (patch-Completion_Unix_Command___gpg) = 226b6025e646f8c74e7e648f33a1001310c9ce3e
 SHA1 (patch-Config_installfns.sh) = ef0b250a0121c0e4925022e02553aefa23e6cc8d