zsh/zsh/CVE-2021-45444_3.patch

*4882a593SmuzhiyunFrom 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001
*4882a593SmuzhiyunFrom: dana <dana@dana.is>
*4882a593SmuzhiyunDate: Tue, 21 Dec 2021 13:13:33 -0600
*4882a593SmuzhiyunSubject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README
*4882a593Smuzhiyun
*4882a593Smuzhiyunhttps://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch
*4882a593SmuzhiyunUpstream-Status: Backport
*4882a593SmuzhiyunCVE: CVE-2021-45444
*4882a593SmuzhiyunSigned-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
*4882a593Smuzhiyun---
*4882a593Smuzhiyun ChangeLog |  2 ++
*4882a593Smuzhiyun NEWS      | 20 ++++++++++++++++++++
*4882a593Smuzhiyun README    |  6 ++++++
*4882a593Smuzhiyun 3 files changed, 28 insertions(+)
*4882a593Smuzhiyun
*4882a593Smuzhiyundiff --git a/ChangeLog b/ChangeLog
*4882a593Smuzhiyunindex 9a05a09e1..93b0bc337 100644
*4882a593Smuzhiyun--- a/ChangeLog
*4882a593Smuzhiyun+++ b/ChangeLog
*4882a593Smuzhiyun@@ -1,5 +1,7 @@
*4882a593Smuzhiyun 2022-01-27  dana  <dana@dana.is>
*4882a593Smuzhiyun
*4882a593Smuzhiyun+	* CVE-2021-45444: NEWS, README: Document preceding two changes
*4882a593Smuzhiyun+
*4882a593Smuzhiyun 	* Marc Cornellà: security/89:
*4882a593Smuzhiyun 	Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which
*4882a593Smuzhiyun 	can optionally be used to work around recursive PROMPT_SUBST
*4882a593Smuzhiyundiff --git a/NEWS b/NEWS
*4882a593Smuzhiyunindex 964e1633f..d34b3f79e 100644
*4882a593Smuzhiyun--- a/NEWS
*4882a593Smuzhiyun+++ b/NEWS
*4882a593Smuzhiyun@@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH
*4882a593Smuzhiyun
*4882a593Smuzhiyun Note also the list of incompatibilities in the README file.
*4882a593Smuzhiyun
*4882a593Smuzhiyun+Changes since 5.8
*4882a593Smuzhiyun+-----------------
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+CVE-2021-45444: Some prompt expansion sequences, such as %F, support
*4882a593Smuzhiyun+'arguments' which are themselves expanded in case they contain colour
*4882a593Smuzhiyun+values, etc. This additional expansion would trigger PROMPT_SUBST
*4882a593Smuzhiyun+evaluation, if enabled. This could be abused to execute code the user
*4882a593Smuzhiyun+didn't expect. e.g., given a certain prompt configuration, an attacker
*4882a593Smuzhiyun+could trick a user into executing arbitrary code by having them check
*4882a593Smuzhiyun+out a Git branch with a specially crafted name.
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+This is fixed in the shell itself by no longer performing PROMPT_SUBST
*4882a593Smuzhiyun+evaluation on these prompt-expansion arguments.
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+Users who are concerned about an exploit but unable to update their
*4882a593Smuzhiyun+binaries may apply the partial work-around described in the file
*4882a593Smuzhiyun+'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell
*4882a593Smuzhiyun+source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
*4882a593Smuzhiyun+Marc Cornellà <hello@mcornella.com>. ]
*4882a593Smuzhiyun+
*4882a593Smuzhiyun Changes since 5.7.1-test-3
*4882a593Smuzhiyun --------------------------
*4882a593Smuzhiyun
*4882a593Smuzhiyundiff --git a/README b/README
*4882a593Smuzhiyunindex 7f1dd5f92..c9e994ab3 100644
*4882a593Smuzhiyun--- a/README
*4882a593Smuzhiyun+++ b/README
*4882a593Smuzhiyun@@ -31,6 +31,12 @@ Zsh is a shell with lots of features.  For a list of some of these, see the
*4882a593Smuzhiyun file FEATURES, and for the latest changes see NEWS.  For more
*4882a593Smuzhiyun details, see the documentation.
*4882a593Smuzhiyun
*4882a593Smuzhiyun+Incompatibilities since 5.8
*4882a593Smuzhiyun+---------------------------
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+PROMPT_SUBST expansion is no longer performed on arguments to prompt-
*4882a593Smuzhiyun+expansion sequences such as %F.
*4882a593Smuzhiyun+
*4882a593Smuzhiyun Incompatibilities since 5.7.1
*4882a593Smuzhiyun -----------------------------
*4882a593Smuzhiyun
*4882a593Smuzhiyun--
*4882a593Smuzhiyun2.34.1