pool/zsh
SHA256
12
0
Fork 1
Code Issues Pull Requests Activity

Accepting request 977384 from home:dirkmueller:Factory

Browse Source 
- update to 5.9:
  zsh 5.9 is dedicated to the memory of Sven Guckes, who was, amongst other
  things, a long-time zsh advocate.  For more information, see:
    https://linuxnews.de/2022/02/sven-guckes-verstorben/
    https://groups.google.com/g/vim_announce/c/MJBKVd-xrEE/m/joVNaDgAAgAJ
  When unsetting a hash element, the string enclosed in square brackets is
  interpreted literally after any normal command-line-argument expansions.
  Thus
    unset "hash[$key]"
  first expands $key as usual for a double-quoted string, and then interprets
  that result as the exact hash element to unset.  This differs from previous
  versions of the shell, which would also remove a leading backslash for an
  unusual subset of characters in the expansion of $key.  Note this also
  means, for example, that now
    unset 'hash[ab]cd]'
  unsets the element with key "ab]cd" rather than silently doing nothing.
  The function command learnt a -T option to declare a function and enable
  tracing for it simultaneously.
  The option SHORT_REPEAT was added to enable the short syntax of
  SHORT_LOOPS for the repeat command only. It is disabled by default.
  The _arguments function now supports NUL-delimiting optargs in the
  opt_args array via the -0 option. Developers of completion functions
  should find this easier to handle reliably than the default
  colon-delimiting behaviour.
  The zsh/system module's `zsystem flock` command learnt an -i option to
  set the wait interval used with -t. Additionally, -t now supports
  fractional seconds.
  The option CLOBBER_EMPTY was added to enable the overwrite behaviour
  of CLOBBER for empty files only. It is disabled by default.
  A (-) expansion flag was added. It works like (n) but correctly sorts

OBS-URL: https://build.opensuse.org/request/show/977384
OBS-URL: https://build.opensuse.org/package/show/shells/zsh?expand=0&rev=234
This commit is contained in:
Paolo Perego
2022-05-24 17:23:34 +00:00
committed by Git OBS Bridge
parent df7f4da0f6
commit 1a585898c8
7 changed files with 144 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
zsh.changes
View File

@@ -1,23 +1,135 @@
-------------------------------------------------------------------
Sun May 15 17:44:40 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 5.9:
zsh 5.9 is dedicated to the memory of Sven Guckes, who was, amongst other
things, a long-time zsh advocate. For more information, see:
https://linuxnews.de/2022/02/sven-guckes-verstorben/
https://groups.google.com/g/vim_announce/c/MJBKVd-xrEE/m/joVNaDgAAgAJ
When unsetting a hash element, the string enclosed in square brackets is
interpreted literally after any normal command-line-argument expansions.
Thus
unset "hash[$key]"
first expands $key as usual for a double-quoted string, and then interprets
that result as the exact hash element to unset. This differs from previous
versions of the shell, which would also remove a leading backslash for an
unusual subset of characters in the expansion of $key. Note this also
means, for example, that now
unset 'hash[ab]cd]'
unsets the element with key "ab]cd" rather than silently doing nothing.
The function command learnt a -T option to declare a function and enable
tracing for it simultaneously.
The option SHORT_REPEAT was added to enable the short syntax of
SHORT_LOOPS for the repeat command only. It is disabled by default.
The _arguments function now supports NUL-delimiting optargs in the
opt_args array via the -0 option. Developers of completion functions
should find this easier to handle reliably than the default
colon-delimiting behaviour.
The zsh/system module's `zsystem flock` command learnt an -i option to
set the wait interval used with -t. Additionally, -t now supports
fractional seconds.
The option CLOBBER_EMPTY was added to enable the overwrite behaviour
of CLOBBER for empty files only. It is disabled by default.
A (-) expansion flag was added. It works like (n) but correctly sorts
negative numbers.
The (*) expansion flag enables EXTENDED_GLOB for pattern matching.
For example, ${(*)sample/(#b)*(pat)*/${match[1]}} uses backreferences
even if EXTENDED_GLOB is not otherwise set. However, this does not
descend into nested exapansions, and doubling as (**) does not disable
EXTENDED_GLOB.
The compinit function learnt a -w option to explain why compdump runs.
When run without the -i or -u options and compaudit discovers security
issues, answering "y" to the "Ignore insecure ..." prompt removes the
insecure elements (like the -i option) where previously it ignored the
result (thus formerly like the -u option). Further, removing those
elements includes dropping directories from the $fpath array.
The zsh/datetime module's strftime builtin learnt an -n option to omit
the trailing newline when printing a formatted time.
The XTRACE option is now disabled while running user-defined completion
widgets. This corresponds to long-standing behavior of other user ZLE
widgets. Use the _complete_debug widget to capture XTRACE output, or
use "functions -T" to enable tracing of specific completion functions.
The fc builtin learnt an -s option which is a POSIX equivalent to the
`fc -e-` method of re-executing a command without invoking an editor.
The option CASE_PATHS was added to control how NO_CASE_GLOB behaves.
NO_CASE_GLOB + NO_CASE_PATHS is equivalent to the current NO_CASE_GLOB
behaviour. NO_CASE_GLOB + CASE_PATHS treats only path components that
contain globbing characters as case-insensitive; this behaviour may
yield more predictable results on case-sensitive file systems.
NO_CASE_PATHS is the default.
With the new TYPESET_TO_UNSET option set, "typeset foo" leaves foo unset,
in contrast to the default behavior which assigns foo="". Any parameter
attributes such as numeric type, sorting, and padding are retained until
the parameter is explicitly unset or a conflicting value is assigned.
This is similar to default behavior of bash and ksh. This option is
disabled by default.
The compadd builtin's -D option can now be specified more than once.
The zsh/zutil module's zformat builtin learnt an -F option which behaves
like -f except that ternary expressions check for existence instead of
doing math evaluation.
The conventional syntax used to indicate units, ranges, and default values
in completion descriptions (e.g. `timeout (seconds) (0-60) [20]`) is now
recognised by the completion system itself. These components are parsed
out of the description and can be individually styled. A _numbers helper
function has been added to help function authors offer rich completion
for these values.
The log builtin, WATCH parameter, et al., have been broken out into a
separate module, zsh/watch. The module is enabled by default.
The zsh/watch module's WATCHFMT parameter now supports colours via the
%F and %K escapes.
The STTY parameter can now be set to an empty string before running a
command to automatically restore terminal settings after the command
finishes.
The "jobs" command and "$jobstates" and related parameters can report on
parent shell jobs even in subshells. This is a snapshot of the parent
state, frozen at the point the subshell started. However, if a subshell
starts its own background jobs, the parent state is discarded in order
to report on those new jobs.
- drop ncurses-fix.patch: upstream
-------------------------------------------------------------------
Sun Mar 20 20:03:32 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 5.8.1 (bsc#1196435, CVE-2021-45444):
* CVE-2021-45444: Some prompt expansion sequences, such as %F, support
'arguments' which are themselves expanded in case they contain colour
values, etc. This additional expansion would trigger PROMPT_SUBST
evaluation, if enabled. This could be abused to execute code the user
didn't expect. e.g., given a certain prompt configuration, an attacker
could trick a user into executing arbitrary code by having them check
out a Git branch with a specially crafted name.
- update to 5.8.1 (bsc#1196435, CVE-2021-45444):
* CVE-2021-45444: Some prompt expansion sequences, such as %F, support
'arguments' which are themselves expanded in case they contain colour
values, etc. This additional expansion would trigger PROMPT_SUBST
evaluation, if enabled. This could be abused to execute code the user
didn't expect. e.g., given a certain prompt configuration, an attacker
could trick a user into executing arbitrary code by having them check
out a Git branch with a specially crafted name.
This is fixed in the shell itself by no longer performing PROMPT_SUBST
evaluation on these prompt-expansion arguments.
This is fixed in the shell itself by no longer performing PROMPT_SUBST
evaluation on these prompt-expansion arguments.
Users who are concerned about an exploit but unable to update their
binaries may apply the partial work-around described in the file
Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell
source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
Marc Cornellà <hello@mcornella.com>. ]
Users who are concerned about an exploit but unable to update their
binaries may apply the partial work-around described in the file
Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell
source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
Marc Cornellà <hello@mcornella.com>. ]
-------------------------------------------------------------------
Fri Oct 16 10:27:34 UTC 2020 - Ludwig Nussel <lnussel@suse.de>