pkgsrc/shells/zsh
kim 9200af3c4a shells/zsh: Update to 5.8.1
Changes between 5.8 and 5.8.1

Incompatibilities

    PROMPT_SUBST expansion is no longer performed on arguments to
    prompt-expansion sequences such as %F.

Changes

    CVE-2021-45444: Some prompt expansion sequences, such as %F,
    support 'arguments' which are themselves expanded in case they
    contain colour values, etc. This additional expansion would trigger
    PROMPT_SUBST evaluation, if enabled. This could be abused to
    execute code the user didn't expect. e.g., given a certain prompt
    configuration, an attacker could trick a user into executing
    arbitrary code by having them check out a Git branch with a
    specially crafted name.

    This is fixed in the shell itself by no longer performing
    PROMPT_SUBST evaluation on these prompt-expansion arguments.

    Users who are concerned about an exploit but unable to update their
    binaries may apply the partial work-around described in the file
    Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell
    source. [ Reported by RyotaK. Additional thanks to Marc Cornellà. ]
2022-03-12 06:07:48 +00:00
..
patches shells/zsh: Improve completions of pkg_* on Darwin 2022-02-18 09:48:44 +00:00
DESCR
distinfo shells/zsh: Update to 5.8.1 2022-03-12 06:07:48 +00:00
Makefile shells/zsh: Update to 5.8.1 2022-03-12 06:07:48 +00:00
options.mk zsh: remove --enable-zsh-mem from default arguments. 2019-03-16 14:01:45 +00:00
PLIST zsh: Update to 5.8 2020-02-27 03:05:37 +00:00