- update to 5.9:
zsh 5.9 is dedicated to the memory of Sven Guckes, who was, amongst other
things, a long-time zsh advocate. For more information, see:
https://linuxnews.de/2022/02/sven-guckes-verstorben/https://groups.google.com/g/vim_announce/c/MJBKVd-xrEE/m/joVNaDgAAgAJ
When unsetting a hash element, the string enclosed in square brackets is
interpreted literally after any normal command-line-argument expansions.
Thus
unset "hash[$key]"
first expands $key as usual for a double-quoted string, and then interprets
that result as the exact hash element to unset. This differs from previous
versions of the shell, which would also remove a leading backslash for an
unusual subset of characters in the expansion of $key. Note this also
means, for example, that now
unset 'hash[ab]cd]'
unsets the element with key "ab]cd" rather than silently doing nothing.
The function command learnt a -T option to declare a function and enable
tracing for it simultaneously.
The option SHORT_REPEAT was added to enable the short syntax of
SHORT_LOOPS for the repeat command only. It is disabled by default.
The _arguments function now supports NUL-delimiting optargs in the
opt_args array via the -0 option. Developers of completion functions
should find this easier to handle reliably than the default
colon-delimiting behaviour.
The zsh/system module's `zsystem flock` command learnt an -i option to
set the wait interval used with -t. Additionally, -t now supports
fractional seconds.
The option CLOBBER_EMPTY was added to enable the overwrite behaviour
of CLOBBER for empty files only. It is disabled by default.
A (-) expansion flag was added. It works like (n) but correctly sorts
OBS-URL: https://build.opensuse.org/request/show/977384
OBS-URL: https://build.opensuse.org/package/show/shells/zsh?expand=0&rev=234
- update to 5.8.1 (bsc#1196435, CVE-2021-45444):
* CVE-2021-45444: Some prompt expansion sequences, such as %F, support
'arguments' which are themselves expanded in case they contain colour
values, etc. This additional expansion would trigger PROMPT_SUBST
evaluation, if enabled. This could be abused to execute code the user
didn't expect. e.g., given a certain prompt configuration, an attacker
could trick a user into executing arbitrary code by having them check
out a Git branch with a specially crafted name.
This is fixed in the shell itself by no longer performing PROMPT_SUBST
evaluation on these prompt-expansion arguments.
Users who are concerned about an exploit but unable to update their
binaries may apply the partial work-around described in the file
Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell
source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
Marc Cornellà <hello@mcornella.com>. ]
OBS-URL: https://build.opensuse.org/request/show/963340
OBS-URL: https://build.opensuse.org/package/show/shells/zsh?expand=0&rev=232
parsing when an unrecognised option-like parameter is encountered.
* The zsh/files module gained a chmod builtin.
* Several changes have been made to the way completion functions track
'precommands' (such as `command` and `env`) and determine whether the
command being completed for is a shell builtin. Developers of completion
functions may wish to familiarise themselves with `_normal -p` and
`_pick_variant -b`.
* The option CD_SILENT was added to suppress all output from cd (whether
explicit or implicit with AUTO_CD). It is disabled by default.
* The compadd builtin's -o option now takes an optional argument to
specify the order of completion matches. This affects the display
of candidate matches and the order in which they are selected when
cycling between them using menu completion.
* The :h and :t modifiers in parameter expansion (if braces are present),
glob qualifiers and history expansion may take following decimal digit
arguments in order to keep that many leading or trailing path components
instead of the defaults of all but one (:h) and one (:t). In an absolute
path the leading '/' counts as one component.
* The functions builtin gained a -c option to efficiently copy functions.
- See included ChangeLog for the complete list of changes.
OBS-URL: https://build.opensuse.org/package/show/shells/zsh?expand=0&rev=208
- Update to version 5.7
* Support for 24-bit true color terminals has been added.
Hex triplets can be used when specifying colours for prompts
and line editor highlighting. On 88 and 256 colour terminals,
a new zsh/nearcolor module allows colours specified with hex
triplets to be matched against the nearest available colour.
* The zsh/datetime module's strftime builtin now accepts an
argument specifying the nanoseconds time component; both
arguments can be omitted to use the current time.
OBS-URL: https://build.opensuse.org/request/show/668614
OBS-URL: https://build.opensuse.org/package/show/shells/zsh?expand=0&rev=204
- Update to 5.5
* The effect of the NO_INTERACTIVE_COMMENTS option extends into $(...)
and `...` command substitutions when used on the command line.
* Dropped patches, which are included upstream now:
- zsh-CVE-2018-1071.patch
- zsh-CVE-2018-1083.patch
* Fixes a buffer overflow in utils.c:checkmailpath() that can lead to
local arbitrary code execution (CVE-2018-1100 bnc#1089030)
- Added zsh-CVE-2018-1071.patch: Fixed a stack-based buffer overflow
in exec.c:hashcmd() (CVE-2018-1071 bnc#1084656)
- Added zsh-CVE-2018-1083.patch: Fixed a stack-based buffer overflow
in gen_matches_files() at compctl.c (CVE-2018-1083 bnc#1087026)
- Cleaned up spec file with spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/595518
OBS-URL: https://build.opensuse.org/package/show/shells/zsh?expand=0&rev=186
- Updated to 5.4.2
* The 'exec' and 'command' precommand modifiers, and options to
them, are now parsed after parameter expansion.
* Functions executed by ZLE widgets no longer have their standard
input closed, but redirected from /dev/null instead.
* There is an option WARN_NESTED_VAR, a companion to the existing
WARN_CREATE_GLOBAL that causes a warning if a function updates a
variable from an enclosing scope without using typeset -g.
* zmodload now has an option -s to be silent on a failure to find
a module but still print other errors.
- Dropped patch merged upstream:
* fix-patchutils-completion.patch
OBS-URL: https://build.opensuse.org/request/show/580579
OBS-URL: https://build.opensuse.org/package/show/shells/zsh?expand=0&rev=184
* Unicode9 support, this needs support from your terminal to
work correctly.
* The new word modifier ':P' computes the physical path of the
argument.
* The output of "typeset -p" uses "export" commands or the "-g"
option for parameters that are not local to the current scope.
* vi-repeat-change can repeat user-defined widgets if the widget
calls zle -f vichange.
* The parameter $registers now makes the contents of vi register
buffers available to user-defined widgets.
* New vi-up-case and vi-down-case builtin widgets bound to gU/gu
(or U/u in visual mode) for doing case conversion.
* A new select-word-match function provides vim-style text objects
with configurable word boundaries using the existing
match-words-by-style mechanism.
* Support for the conditional expression [[ -v var ]] to test if a
variable is set for compatibility with other shells.
* The print and printf builtins have a new option -v to assign the
output to a variable.
* New x: syntax in completion match specifications make it possible
to disable match specifications hardcoded in completion functions.
- Re-add custom zshrc and zshenv to unbreak compatibility with old
usage (boo#998858).
OBS-URL: https://build.opensuse.org/package/show/shells/zsh?expand=0&rev=177
