Accepting request 979023 from shells

OBS-URL: https://build.opensuse.org/request/show/979023 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/zsh?expand=0&rev=97
2022-05-25 18:34:07 +00:00 · 2022-05-25 18:34:07 +00:00 · cab5200bed
commit cab5200bed
parent e0f6d7fb9c 1a585898c8
7 changed files with 144 additions and 86 deletions
--- a/ncurses-fix.patch
+++ b/ncurses-fix.patch
@ -1,52 +0,0 @@
 From c6a85163619ed1cee89ab047a0d98108ed46828d Mon Sep 17 00:00:00 2001
 From: Daniel Shahaf <d.s@daniel.shahaf.name>
 Date: Fri, 28 Aug 2020 02:36:35 +0000
 Subject: [PATCH] github #64: Fix a build-time error when building against
 ncurses that hadn't been built with --enable-wgetch-events.
 The --enable-wgetch-events codepath is experimental (according to
 ncurses-6.2/INSTALL) and off by default (according to
 ncurses-6.2/configure.in).  With that codepath disabled, the macro
 KEY_EVENT is not provided, which (before this commit) manifested as a
 build-time error:
    [  245s] gcc -c -I. -I../../Src -I../../Src -I../../Src/Zle -I.  -DHAVE_CONFIG_H -DMODULE -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -g -fPIE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -I/usr/include/ncursesw -fPIC -o curses..o curses.c
    [  246s] In file included from curses.c:210:
    [  246s] curses_keys.h:93:15: error: 'KEY_EVENT' undeclared here (not in a function); did you mean 'KEY_RESET'?
    [  246s]    93 |     {"EVENT", KEY_EVENT},
    [  246s]       |               ^~~~~~~~~
    [  246s]       |               KEY_RESET
 curses_keys.h is only used for setting the "kevent" output parameter of
 'zcurses input' (and the associated $zcurses_keycodes special variable),
 so there's no harm in just leaving KEY_EVENT out of it.  (That codepath
 deals gracefully with numeric values that don't correspond to any of the
 known compile-time values, as that can happen whenever the build- and
 run-time versions of ncurses don't provide the same set of KEY_* macros,
 with or without relation to that configure flag.)
 Reported by Martin Liska.
 ---
 ChangeLog                   | 6 ++++++
 Src/Modules/curses_keys.awk | 7 ++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)
 diff --git a/Src/Modules/curses_keys.awk b/Src/Modules/curses_keys.awk
 index ffb182c35..25bd63c7e 100644
 --- a/Src/Modules/curses_keys.awk
 +++ b/Src/Modules/curses_keys.awk
@@ -12,8 +12,13 @@ BEGIN {nkeydefs = 0}
 END {
     printf("static const struct zcurses_namenumberpair keypad_names[] = {\n")
 -    for (i = 0; i < 0 + nkeydefs; i++)
 +    for (i = 0; i < 0 + nkeydefs; i++) {
 +        if (name[i] == "EVENT")
 +            printf("#ifdef KEY_EVENT\n")
         printf("    {\"%s\", KEY_%s},\n", name[i], name[i])
 +        if (name[i] == "EVENT")
 +            printf("#endif\n")
 +    }
     printf("    {NULL, 0}\n")
     printf("};\n")
 }
--- a/zsh-5.8.1.tar.xz
+++ b/zsh-5.8.1.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:b6973520bace600b4779200269b1e5d79e5f505ac4952058c11ad5bbf0dd9919
 size 3200540
--- a/zsh-5.8.1.tar.xz.asc
+++ b/zsh-5.8.1.tar.xz.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCAAdFiEEfKfsqvBiFrkPiUFGrPgUbK6Mu8QFAmIHy2YACgkQrPgUbK6M
 u8RlaAgAxhHK9+kn+yzsS2/eED+VjLjCNcyPqdVdBl+bS4xeN5v2Ga0D36TfYJ4J
 3n6INHTeR8gpocFyY5RRxZcDeGPtsPV4JQlmAJMa43piLP1LZvbgKAVeooWWeIKk
 JMzXXAKWhZQ2+IG+OXlLNaHSLy6YBJ//Kj3lUkI7NHLSjOhce9ER1QwrHyeHmsKV
 RmjeKlu4gwCPtXGgRmRihnIYJNI38db9Hc2vjunasGaM30l+8ymeVBjH395EDXL7
 bfn8Vb0rN6TQY5q+4kVkG9J6m7kfgozcbCuiygsDG7zPdbI6Iwgzx+WmMoKWFfX6
 y5MZIeVwkWUscDcghU8uUhQ2mu3pmw==
 =2cR1
 -----END PGP SIGNATURE-----
--- a/zsh-5.9.tar.xz
+++ b/zsh-5.9.tar.xz
--- a/zsh-5.9.tar.xz.asc
+++ b/zsh-5.9.tar.xz.asc
@ -0,0 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCAAdFiEEfKfsqvBiFrkPiUFGrPgUbK6Mu8QFAmJ///QACgkQrPgUbK6M
 u8RgPgf+N/yJ+ltJouICaa8fYiYxN0uuYhCeBDVmHuPdwFBPl/Fa5npXkuvo2s/0
 1ho5VfuU08B856GcBpraeuNqN74WNaaZ1E2P8ZFFg1Uw3xjxyg1lqjvkJZrrYURm
 tZNoov33jeyKbyTaNxTHgIujyBE3Uu40wpLoIOL3jO4PV0useJyw1jj5CsnvhN1b
 3S4X99gre3J0SahNDTGltmCwtO/nL3uZh0+FYNagJMF9ZTV9/BQEjBlozBWU+sPa
 rBpbr9A4p/AY2GQti03EmP/HXicaX397aRlBqgfjSRkMJpvaDnVnuXY53uLVOKdW
 sg6FYiIrO54Q6bEzJV9JfhdvqQtU4A==
 =BNV9
 -----END PGP SIGNATURE-----
--- a/zsh.changes
+++ b/zsh.changes
@ -1,23 +1,135 @@
 -------------------------------------------------------------------
 Sun May 15 17:44:40 UTC 2022 - Dirk Müller <dmueller@suse.com>
 - update to 5.9:
  zsh 5.9 is dedicated to the memory of Sven Guckes, who was, amongst other
  things, a long-time zsh advocate.  For more information, see:
    https://linuxnews.de/2022/02/sven-guckes-verstorben/
    https://groups.google.com/g/vim_announce/c/MJBKVd-xrEE/m/joVNaDgAAgAJ
  When unsetting a hash element, the string enclosed in square brackets is
  interpreted literally after any normal command-line-argument expansions.
  Thus
    unset "hash[$key]"
  first expands $key as usual for a double-quoted string, and then interprets
  that result as the exact hash element to unset.  This differs from previous
  versions of the shell, which would also remove a leading backslash for an
  unusual subset of characters in the expansion of $key.  Note this also
  means, for example, that now
    unset 'hash[ab]cd]'
  unsets the element with key "ab]cd" rather than silently doing nothing.
  The function command learnt a -T option to declare a function and enable
  tracing for it simultaneously.
  The option SHORT_REPEAT was added to enable the short syntax of
  SHORT_LOOPS for the repeat command only. It is disabled by default.
  The _arguments function now supports NUL-delimiting optargs in the
  opt_args array via the -0 option. Developers of completion functions
  should find this easier to handle reliably than the default
  colon-delimiting behaviour.
  The zsh/system module's `zsystem flock` command learnt an -i option to
  set the wait interval used with -t. Additionally, -t now supports
  fractional seconds.
  The option CLOBBER_EMPTY was added to enable the overwrite behaviour
  of CLOBBER for empty files only. It is disabled by default.
  A (-) expansion flag was added. It works like (n) but correctly sorts
  negative numbers.
  The (*) expansion flag enables EXTENDED_GLOB for pattern matching.
  For example, ${(*)sample/(#b)*(pat)*/${match[1]}} uses backreferences
  even if EXTENDED_GLOB is not otherwise set.  However, this does not
  descend into nested exapansions, and doubling as (**) does not disable
  EXTENDED_GLOB.
  The compinit function learnt a -w option to explain why compdump runs.
  When run without the -i or -u options and compaudit discovers security
  issues, answering "y" to the "Ignore insecure ..." prompt removes the
  insecure elements (like the -i option) where previously it ignored the
  result (thus formerly like the -u option).  Further, removing those
  elements includes dropping directories from the $fpath array.
  The zsh/datetime module's strftime builtin learnt an -n option to omit
  the trailing newline when printing a formatted time.
  The XTRACE option is now disabled while running user-defined completion
  widgets.  This corresponds to long-standing behavior of other user ZLE
  widgets.  Use the _complete_debug widget to capture XTRACE output, or
  use "functions -T" to enable tracing of specific completion functions.
  The fc builtin learnt an -s option which is a POSIX equivalent to the
  `fc -e-` method of re-executing a command without invoking an editor.
  The option CASE_PATHS was added to control how NO_CASE_GLOB behaves.
  NO_CASE_GLOB + NO_CASE_PATHS is equivalent to the current NO_CASE_GLOB
  behaviour. NO_CASE_GLOB + CASE_PATHS treats only path components that
  contain globbing characters as case-insensitive; this behaviour may
   yield more predictable results on case-sensitive file systems.
  NO_CASE_PATHS is the default.
  With the new TYPESET_TO_UNSET option set, "typeset foo" leaves foo unset,
  in contrast to the default behavior which assigns foo="".  Any parameter
  attributes such as numeric type, sorting, and padding are retained until
  the parameter is explicitly unset or a conflicting value is assigned.
  This is similar to default behavior of bash and ksh.  This option is
  disabled by default.
  The compadd builtin's -D option can now be specified more than once.
  The zsh/zutil module's zformat builtin learnt an -F option which behaves
  like -f except that ternary expressions check for existence instead of
  doing math evaluation.
  The conventional syntax used to indicate units, ranges, and default values
  in completion descriptions (e.g. `timeout (seconds) (0-60) [20]`) is now
  recognised by the completion system itself. These components are parsed
  out of the description and can be individually styled. A _numbers helper
  function has been added to help function authors offer rich completion
  for these values.
  The log builtin, WATCH parameter, et al., have been broken out into a
  separate module, zsh/watch. The module is enabled by default.
  The zsh/watch module's WATCHFMT parameter now supports colours via the
  %F and %K escapes.
  The STTY parameter can now be set to an empty string before running a
  command to automatically restore terminal settings after the command
  finishes.
  The "jobs" command and "$jobstates" and related parameters can report on
  parent shell jobs even in subshells.  This is a snapshot of the parent
  state, frozen at the point the subshell started.  However, if a subshell
  starts its own background jobs, the parent state is discarded in order
  to report on those new jobs.
 - drop ncurses-fix.patch: upstream
 -------------------------------------------------------------------
 Sun Mar 20 20:03:32 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 5.8.1 (bsc#1196435, CVE-2021-45444):
+  - update to 5.8.1 (bsc#1196435, CVE-2021-45444):
-  * CVE-2021-45444: Some prompt expansion sequences, such as %F, support
+    * CVE-2021-45444: Some prompt expansion sequences, such as %F, support
-    'arguments' which are themselves expanded in case they contain colour
+      'arguments' which are themselves expanded in case they contain colour
-    values, etc. This additional expansion would trigger PROMPT_SUBST
+      values, etc. This additional expansion would trigger PROMPT_SUBST
-    evaluation, if enabled. This could be abused to execute code the user
+      evaluation, if enabled. This could be abused to execute code the user
-    didn't expect. e.g., given a certain prompt configuration, an attacker
+      didn't expect. e.g., given a certain prompt configuration, an attacker
-    could trick a user into executing arbitrary code by having them check
+      could trick a user into executing arbitrary code by having them check
-    out a Git branch with a specially crafted name.
+      out a Git branch with a specially crafted name.
-    This is fixed in the shell itself by no longer performing PROMPT_SUBST
+      This is fixed in the shell itself by no longer performing PROMPT_SUBST
-    evaluation on these prompt-expansion arguments.
+      evaluation on these prompt-expansion arguments.
-    Users who are concerned about an exploit but unable to update their
+      Users who are concerned about an exploit but unable to update their
-    binaries may apply the partial work-around described in the file
+      binaries may apply the partial work-around described in the file
-    Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell
+      Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell
-    source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
+      source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
-    Marc Cornellà <hello@mcornella.com>. ] 
+      Marc Cornellà <hello@mcornella.com>. ] 
 -------------------------------------------------------------------
 Fri Oct 16 10:27:34 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
--- a/zsh.spec
+++ b/zsh.spec
@ -25,12 +25,12 @@ BuildRequires:  texi2html
 BuildRequires:  texinfo
 %endif
 Name:           zsh
-Version:        5.8.1
+Version:        5.9
 Release:        0%{?dist}
 Summary:        Shell with comprehensive completion
 License:        MIT
 Group:          System/Shells
-URL:            http://www.zsh.org
+URL:            https://www.zsh.org
 Source0:        https://downloads.sourceforge.net/project/zsh/zsh/%{version}/zsh-%{version}.tar.xz
 Source1:        https://downloads.sourceforge.net/project/zsh/zsh/%{version}/zsh-%{version}.tar.xz.asc
 Source2:        %{name}.keyring
@ -40,7 +40,6 @@ Source5:        zprofile
 Patch1:         trim-unneeded-completions.patch
 # PATCH-FIX-OPENSUSE zsh-osc-completion.patch -- Fix openSUSE versions in osc completion
 Patch2:         zsh-osc-completion.patch
 Patch3:         ncurses-fix.patch
 BuildRequires:  groff
 BuildRequires:  libcap-devel
 BuildRequires:  ncurses-devel
@ -100,7 +99,6 @@ This package contains the Zsh manual in HTML format.
 %patch1 -p1
 %endif
 %patch2 -p1
 %patch3 -p1
 # Remove executable bit
 chmod 0644 Etc/changelog2html.pl
@ -109,7 +107,7 @@ chmod 0644 Etc/changelog2html.pl
 perl -p -i -e 's|%{_prefix}/local/bin|%{_bindir}|' \
    Doc/intro.ms Misc/globtests.ksh Misc/globtests \
    Misc/lete2ctl Util/check_exports Util/helpfiles \
-    Util/reporter
+    Util/reporter Functions/VCS_Info/test-repo-git-rebase-*
 %build