From patchwork Fri Aug 23 10:48:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?J=C3=B6rg_Sommer?= X-Patchwork-Id: 48153 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40363C531DC for ; Fri, 23 Aug 2024 10:48:22 +0000 (UTC) Received: from AM0PR83CU005.outbound.protection.outlook.com (AM0PR83CU005.outbound.protection.outlook.com [52.101.69.120]) by mx.groups.io with SMTP id smtpd.web11.13464.1724410097079929825 for ; Fri, 23 Aug 2024 03:48:18 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@navimatix.de header.s=selector1 header.b=ryQku3gT; spf=pass (domain: navimatix.de, ip: 52.101.69.120, mailfrom: joerg.sommer@navimatix.de) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=e/fRNfbqwLGw2yNr/TJ0LgXrMlF0UVBjCpmcJM0gdfXtGo9jhFWhCB8H1Op6mrLvh1bcXweqiiGlSGI9tD6W9r5HOhOUo58927RLWPfn7jB9B+BJFLdTjQCJu2onCqv8fHn2HZOk7Ag55gubKqENy/3m2xjqUebn6IMZahnZS6dW59rb0xxw6quVPjHu2xAkfu2lZ8qG/LR3Ae6xAcoN5g6huOGSetb+WqblOhBDRPwrQGo3nOZ8lpa6Awzqp58n2WoxOBeTiMTX1klkv/nl46VX6CYoMqxOiYZbIakbEIrNynrpysSibJhdKXnM9k68F8ovV6cridLDcyUUvJalww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zzL03eGvwsNrQayzeXaIj07EhRYOj8A7Gctp1QL13kg=; b=iA7ncUKwQW85AnCTEQFKsEQbPiYMH0sO+ebBlYs+KB/+L0IolMGySdyDVWVkvFDxPlPskHv03btSBCJ7T/eTX5wV+bn2GUGQ6h0OUiCvrrk10yRDjEyI7uSx0cRtVW19N1Vfl9Ske8RBpZkNVZDTQRcSrzoeL3nUUIyu7h58pA+/3QVtKH9hLNlhrzzLs5BMuGdFfUJwYH5tISsl/yWm/Bl6AFen7sRZ9jEhDrljSoc3OOqeSH61hHGlDVjL1LbGSAhHwaD5wZWBLKy2uZOL33TMCO2in52ZR91dTmSh+seJi91awkq4O2XbOM7EJsW4UjGP1kKSQ2GK6+gzm2XtAw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=navimatix.de; dmarc=pass action=none header.from=navimatix.de; dkim=pass header.d=navimatix.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=navimatix.de; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zzL03eGvwsNrQayzeXaIj07EhRYOj8A7Gctp1QL13kg=; b=ryQku3gTTfK5ey3Z9N4DNQR1JGDMViu40hkXuF2EZAIaQFAxSAHqkmjXrNzTTNX2YYn0kzJMFQfeZNQiRemiCec5v1kdcosda0aoj6DWOIfUuVRycyw8B9jUx1zB+xdhBZXAO7ZXhj4AjCD2TIylCvXXhH3dJNZMWvvZxfklX98= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=navimatix.de; Received: from DU2PR01MB8293.eurprd01.prod.exchangelabs.com (2603:10a6:10:2d4::5) by DU5PR01MB10485.eurprd01.prod.exchangelabs.com (2603:10a6:10:51b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.18; Fri, 23 Aug 2024 10:48:12 +0000 Received: from DU2PR01MB8293.eurprd01.prod.exchangelabs.com ([fe80::d520:1b9e:a30e:69a7]) by DU2PR01MB8293.eurprd01.prod.exchangelabs.com ([fe80::d520:1b9e:a30e:69a7%4]) with mapi id 15.20.7897.014; Fri, 23 Aug 2024 10:48:12 +0000 Date: Fri, 23 Aug 2024 12:48:11 +0200 From: =?utf-8?b?SsO2cmc=?= Sommer To: openembedded-devel@lists.openembedded.org, joerg.sommer@navimatix.de CC: =?utf-8?b?SsO2cmc=?= Sommer Subject: [PATCH v2] zsh: update 5.8 -> 5.9 Message-ID: <74582799aabab370cdc4643ddd45544438f17aea.1724410090.git.joerg.sommer@navimatix.de> X-Mailer: git-send-email 2.34.1 Content-Disposition: inline X-ClientProxiedBy: BE1P281CA0239.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:8c::14) To DU2PR01MB8293.eurprd01.prod.exchangelabs.com (2603:10a6:10:2d4::5) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR01MB8293:EE_|DU5PR01MB10485:EE_ X-MS-Office365-Filtering-Correlation-Id: 3b80e072-3530-4fa2-f6bf-08dcc36115c4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024; X-Microsoft-Antispam-Message-Info: F28aoUh+CBYVfHRa9jAyDSpQC3T9J5Nlyf7JYIE253rlRSbpp2KtgZ9nj8BbPWzZlJCRdD/rt7wc4DbadbY7WJJ7KEMFiToBYbJ9cBNQGMWu6XLsC337Bc+qEkbfhttIeyJJyJi7Zj3nJYU6UgSDWsE7UVUbQVOUlpnzyM4uF2RBjAkZ5X7Dmgz1biHeZTUZ7sIDsHVQkJq6Q5td3DIly+HJZ48q44Gk7lAuybW6AJfwKpO268KXaS+fBqV+A5Rsnc5l0O4gUsjr8zjE2Gfw6BxRUgUR/BQAMGHReY4ThRrkDEFZ+GcRIi8zfHFq+oAiNsnZASbkp5UYe0L7OVHHYG7PjXaiv/7iMbkvDCbfnA6MXeqhTzrsLlbyPktm48tm1YMGYl61xF5Xck1A4Fmt4PQrQqhJesobabQB9EPWZ9ws+Fr/1qKToJfb0WxCwDAQb2JE0EsN5I1LBDsyNfZHxwFblyEsJNBbsONZIUAwY7UQ8zrKmWV0Yr0k53rq1gjpbYUbYvwg6mkmSFL0DeQislp23GNi01eo0inIXfla1jcCrNZ4l8kyaEyDT8fypmDLi+qK686DSMFezoodsrlMY37AKOX9y9QrZ3C+66y6LsfLkZFDIM8+FP9CiyWbF4uF/HGBy41+Rh2T4nmck7z5+wuKjoPcGz8HzazU+cX90+uZ5fgoA8qovULeSYLyiyXjTFye75mF5L/7b+elvqfsIPoyJkIltRxuj7P3tdN+O0txxdMchqJqtnrKtebZtt2xKVwLtfGmUm4KCbTC0GNRwp213cn48VK2f/1WFzJioBpWcpJYA56qozlFS3DuKHL/pipPywAb3wxr9UMVrImSpP8/MVBA6jBeyDxwEQzqOfchR3VyVqAuDFgV0ZHv6kx4Zx+KT8wW0m8GonP9BJ0V/ra4sEhG3bfH3Sst5CvZ7Kt9lBM5nrE6aEfDH02MCLFZImkprEOYjlOWY0HtFhFO2yoBHFM//570lLMnv97shMAeBJ8PaHxbp1irX/ysME1X5bQBa3eUgzHGyDTa4HMcRlRLPnxeo+gdeRDHzBzfnXOpwIoG7YEMJkHHi4WMOFdpxEABXdIMf5TNq4OperH7ZQXCWzGSnbKhB2oFMfNkY6o00E11t6UkxUzWM3wThbxCpBIL3f8dDp59WJjdW/9p6lEFLHuDHLxct/htDoJR1DOmeonUfCYLlt5a1cVUzGnNKRaA4crXlqlJqHjC7JdA35v1TGCth9QK8iOVY6Blk2IHjJcwNwsc+qW1UbjezABmjrfJlQy1uC1LZJU8ouzRaaY1YT/szh8t82+ZJ4BYcSg= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR01MB8293.eurprd01.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: lm0PtCIDJr1rX0645jdx7NKh3J5AeEhYyU4jfB+VvlM5AlI1zRKJLWIodclYZNDLJz9K3tM60doIszfJV9drDgXppRAQ6lpNDWDknEzfOMvHNBU62HkI06IRJ/onYcWBRSbLNKm4jvUjXBmKYZgcVto+rXT1boVQkZlD2uvFtWHz0vdL56uNnt/i4cClsLqTbdhhqfLeEhjUdLJ8K3JYQh6+BRj0iqWm+deU3jM3XQP/yt69VqSJjrkYdDhEhmzDT835MAgy80OYHg167OZ1CH+SBZl2MYAcMzJ12qxj4d5tWgkyMW3jI0K1wpjWdxbGgKhX5Y+t4HPjIE2xjMt+WLESo97GUfkx+nH1QpCx7odGogcwdWD05xfp3yebnM4oauXbLJqqpHBQw0/2W3jwKSHYguYiS5QSZLP4qZPe89CC5M1H6ZSNVDJcJ9rMFMWZ/wujmfxnEgAc4Z+KlVD2EmxKXAFwEzFlFIoxC4VOYyRpUUuzcBNRoKxQFtvc9vVA2QOXn4NCwUKw/X5sol/DG+6BwYzCONQPlKZNYGna8cDqIBy1iLqcF0+fgt7TafDgy9U3Pzoytjv85PNbSGv/Rg75SyHuP43RZAdYVal7D+HnwOxOI6xxm3Sc9B7HotXRmGpW2zcMlVVeFV/4ROXtO3JwDhCFW4GXCUw/VGwgw346KoQNnuM+BF9HRe+Y4QCuVRPSWsUHDh7AJ9yy2k1ktdlAweDTVODlMfMi3lukhAHG1rc6IZxJGnGkckta0KiTzZiibkU6ZcQRY+4A2VU7VbpZ0Sw1hADL4y462LnSt6flLpvaR04Fx+MQNFiATFXJ4vqVyia0QkjVw9+BGfZ+UBsz8/EkbzltwyO7AATQB8HIBxvEgdi69cmttp/k7tqycI+AfV4LrY6hMz7MXTqptoiEF/5cHm13iQQkqncCQ4fQVcXaHiEhMSVbi2l+X3LZadoputJC6oe/gH/y4j0MB+fpfkJR/IjScKqWppt7bsfHRdsY6UIYJDsxnqzPry/HNCX9Dcl58UhveO5iCE25YeDKOJOhqaNAJp+cAO7ggDjbwiVQCbmLGu9HhcJEVh+ccPsiSBobm07trevA3y9FX+ExsJ09dFffBHoZRENjqWJw6iC04Jr46SsNkgtN8mrLnnNUpUdl558k1eNknDhIHe1hujC/r3BM7X2dehVKOcl6OO3XnI6COdOODCSwST2TR4XXTzRCWgPkKMk6c2bKnS12Lzf3bzoLHxItc/VLY66MJPct0i3aezR2vG1hszhm7lStWP9op0zWScTar3ULsQH9pTUlDmayyOwZVt8ZHCSlcnPis9o3zttIZ64fbGqEU6olFPCMnVF62KmPjB2Z/wo3rIKoVeffoYm4Q/FyUnfseb7NySuVMHNbAXJ7JEiMbvlKJdfpFEHuCRiAexkkb3PsxMn1DI/YNwpMIVOpMvA5i3u/jj4hbmdR1gtlhgvplH4Wo5duYq+vLNiAYKh19E6bWn1yKEklQdd5T5irBO2YEr9eSCDzBsw7OulXEhDb3UoNZuisahxrv91FEa/TqpgcmaOO+teqAPmNGEMNfcGoDd9gxO68Ldlu6qDQrSq4gNIryAgt+zvSYopBHZ7j8w== X-OriginatorOrg: navimatix.de X-MS-Exchange-CrossTenant-Network-Message-Id: 3b80e072-3530-4fa2-f6bf-08dcc36115c4 X-MS-Exchange-CrossTenant-AuthSource: DU2PR01MB8293.eurprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 10:48:12.5685 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: c87b4f54-b992-4813-8f3f-4a876324197f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: f1IXxk4hePz8QH7G1Rzqmky5bvSfPSPZVhFyESpo3TOB8lJhjeRcm1Sc1bRFtmU1d/3PGE0mkO3RieAjSw8tjHzUpVfPqcmih8xIxR0eF1E= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU5PR01MB10485 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 23 Aug 2024 10:48:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/111912 From: Jörg Sommer The patches for CVE-2021-45444 were applied upstream on 2022-02-12. The snipped for do_install was taken from https://salsa.debian.org/debian/zsh/-/blob/8cc745c38fba1d4ec3e5d66cffbeadd8b492c2ce/debian/rules#L132 Signed-off-by: Jörg Sommer --- .../zsh/zsh/CVE-2021-45444_1.patch | 60 -------- .../zsh/zsh/CVE-2021-45444_2.patch | 140 ------------------ .../zsh/zsh/CVE-2021-45444_3.patch | 77 ---------- .../zsh/{zsh_5.8.bb => zsh_5.9.bb} | 28 ++-- 4 files changed, 14 insertions(+), 291 deletions(-) delete mode 100644 meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch delete mode 100644 meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch delete mode 100644 meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch rename meta-oe/recipes-shells/zsh/{zsh_5.8.bb => zsh_5.9.bb} (61%) diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch deleted file mode 100644 index fb8fa3427..000000000 --- a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch +++ /dev/null @@ -1,60 +0,0 @@ -Origin: commit c187154f47697cdbf822c2f9d714d570ed4a0fd1 -From: Oliver Kiddle -Date: Wed, 15 Dec 2021 01:56:40 +0100 -Subject: [PATCH 1/9] security/41: Don't perform PROMPT_SUBST evaluation on - %F/%K arguments - -Mitigates CVE-2021-45444 - -https://salsa.debian.org/debian/zsh/-/raw/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_1.patch?inline=false -Upstream-Status: Backport -CVE: CVE-2021-45444 -Signed-off-by: Chee Yang Lee ---- - ChangeLog | 5 +++++ - Src/prompt.c | 10 ++++++++++ - 2 files changed, 15 insertions(+) - -diff --git a/ChangeLog b/ChangeLog -index 8d7dfc169..eb248ec06 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,8 @@ -+2022-01-27 dana -+ -+ * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive -+ PROMPT_SUBST -+ - 2020-02-14 dana - - * unposted: Config/version.mk: Update for 5.8 -diff --git a/Src/prompt.c b/Src/prompt.c -index b65bfb86b..91e21c8e9 100644 ---- a/Src/prompt.c -+++ b/Src/prompt.c -@@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg) - bv->fm += 2; /* skip over F{ */ - if ((ep = strchr(bv->fm, '}'))) { - char oc = *ep, *col, *coll; -+ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG]; -+ int opp = opts[PROMPTPERCENT]; -+ -+ opts[PROMPTPERCENT] = 1; -+ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0; -+ - *ep = '\0'; - /* expand the contents of the argument so you can use - * %v for example */ -@@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg) - arg = match_colour((const char **)&coll, is_fg, 0); - free(col); - bv->fm = ep; -+ -+ opts[PROMPTSUBST] = ops; -+ opts[PROMPTBANG] = opb; -+ opts[PROMPTPERCENT] = opp; - } else { - arg = match_colour((const char **)&bv->fm, is_fg, 0); - if (*bv->fm != '}') --- -2.34.1 diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch deleted file mode 100644 index e5b6d7cdc..000000000 --- a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 8a4d65ef6d0023ab9b238529410afb433553d2fa Mon Sep 17 00:00:00 2001 -From: Marc Cornellà -Date: Mon, 24 Jan 2022 09:43:28 +0100 -Subject: [PATCH 2/9] security/89: Add patch which can optionally be used to - work around CVE-2021-45444 in VCS_Info -Comment: Updated to use the same file name without blanks as actually - used in the final 5.8.1 release. - - -https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_2.patch -Upstream-Status: Backport -CVE: CVE-2021-45444 -Signed-off-by: Chee Yang Lee ---- - ChangeLog | 5 + - Etc/CVE-2021-45444-VCS_Info-workaround.patch | 98 ++++++++++++++++++++ - 2 files changed, 103 insertions(+) - create mode 100644 Etc/CVE-2021-45444-VCS_Info-workaround.patch - -diff --git a/ChangeLog b/ChangeLog -index eb248ec06..9a05a09e1 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,5 +1,10 @@ - 2022-01-27 dana - -+ * Marc Cornellà: security/89: -+ Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which -+ can optionally be used to work around recursive PROMPT_SUBST -+ issue in VCS_Info -+ - * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive - PROMPT_SUBST - -diff --git a/Etc/CVE-2021-45444-VCS_Info-workaround.patch b/Etc/CVE-2021-45444-VCS_Info-workaround.patch -new file mode 100644 -index 000000000..13e54be77 ---- /dev/null -+++ b/Etc/CVE-2021-45444-VCS_Info-workaround.patch -@@ -0,0 +1,98 @@ -+From 972887bbe5eb6a00e5f0e73781d6d73bfdcafb93 Mon Sep 17 00:00:00 2001 -+From: =?UTF-8?q?Marc=20Cornell=C3=A0?= -+Date: Mon, 24 Jan 2022 09:43:28 +0100 -+Subject: [PATCH] security/89: Partially work around CVE-2021-45444 in VCS_Info -+MIME-Version: 1.0 -+Content-Type: text/plain; charset=UTF-8 -+Content-Transfer-Encoding: 8bit -+ -+This patch is a partial, VCS_Info-specific work-around for CVE-2021-45444, -+which is mitigated in the shell itself in 5.8.1 and later versions. It is -+offered for users who are concerned about an exploit but are unable to update -+their binaries to receive the complete fix. -+ -+The patch works around the vulnerability by pre-escaping values substituted -+into format strings in VCS_Info. Please note that this may break some user -+configurations that rely on those values being un-escaped (which is why it was -+not included directly in 5.8.1). It may be possible to limit this breakage by -+adjusting exactly which ones are pre-escaped, but of course this may leave -+them vulnerable again. -+ -+If applying the patch to the file system is inconvenient or not possible, the -+following script can be used to idempotently patch the relevant function -+running in memory (and thus must be re-run when the shell is restarted): -+ -+ -+# Impacted versions go from v5.0.3 to v5.8 (v5.8.1 is the first patched version) -+autoload -Uz is-at-least -+if is-at-least 5.8.1 || ! is-at-least 5.0.3; then -+ return -+fi -+ -+# Quote necessary $hook_com[] items just before they are used -+# in the line "VCS_INFO_hook 'post-backend'" of the VCS_INFO_formats -+# function, where is: -+# -+# base: the full path of the repository's root directory. -+# base-name: the name of the repository's root directory. -+# branch: the name of the currently checked out branch. -+# revision: an identifier of the currently checked out revision. -+# subdir: the path of the current directory relative to the -+# repository's root directory. -+# misc: a string that may contain anything the vcs_info backend wants. -+# -+# This patch %-quotes these fields previous to their use in vcs_info hooks and -+# the zformat call and, eventually, when they get expanded in the prompt. -+# It's important to quote these here, and not later after hooks have modified the -+# fields, because then we could be quoting % characters from valid prompt sequences, -+# like %F{color}, %B, etc. -+# -+# 32 │ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})" -+# 33 │ hook_com[subdir_orig]="${hook_com[subdir]}" -+# 34 │ -+# 35 + │ for tmp in base base-name branch misc revision subdir; do -+# 36 + │ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}" -+# 37 + │ done -+# 38 + │ -+# 39 │ VCS_INFO_hook 'post-backend' -+# -+# This is especially important so that no command substitution is performed -+# due to malicious input as a consequence of CVE-2021-45444, which affects -+# zsh versions from 5.0.3 to 5.8. -+# -+autoload -Uz +X regexp-replace VCS_INFO_formats -+ -+# We use $tmp here because it's already a local variable in VCS_INFO_formats -+typeset PATCH='for tmp (base base-name branch misc revision subdir) hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"' -+# Unique string to avoid reapplying the patch if this code gets called twice -+typeset PATCH_ID=vcs_info-patch-9b9840f2-91e5-4471-af84-9e9a0dc68c1b -+# Only patch the VCS_INFO_formats function if not already patched -+if [[ "$functions[VCS_INFO_formats]" != *$PATCH_ID* ]]; then -+ regexp-replace 'functions[VCS_INFO_formats]' \ -+ "VCS_INFO_hook 'post-backend'" \ -+ ': ${PATCH_ID}; ${PATCH}; ${MATCH}' -+fi -+unset PATCH PATCH_ID -+ -+ -+--- -+ Functions/VCS_Info/VCS_INFO_formats | 4 ++++ -+ 1 file changed, 4 insertions(+) -+ -+diff --git a/Functions/VCS_Info/VCS_INFO_formats b/Functions/VCS_Info/VCS_INFO_formats -+index e0e1dc738..4d88e28b6 100644 -+--- a/Functions/VCS_Info/VCS_INFO_formats -++++ b/Functions/VCS_Info/VCS_INFO_formats -+@@ -32,6 +32,10 @@ hook_com[base-name_orig]="${hook_com[base_name]}" -+ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})" -+ hook_com[subdir_orig]="${hook_com[subdir]}" -+ -++for tmp in base base-name branch misc revision subdir; do -++ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}" -++done -++ -+ VCS_INFO_hook 'post-backend' -+ -+ ## description (for backend authors): -+-- -+2.34.1 --- -2.34.1 diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch deleted file mode 100644 index adfc00ae5..000000000 --- a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001 -From: dana -Date: Tue, 21 Dec 2021 13:13:33 -0600 -Subject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README - -https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch -Upstream-Status: Backport -CVE: CVE-2021-45444 -Signed-off-by: Chee Yang Lee ---- - ChangeLog | 2 ++ - NEWS | 20 ++++++++++++++++++++ - README | 6 ++++++ - 3 files changed, 28 insertions(+) - -diff --git a/ChangeLog b/ChangeLog -index 9a05a09e1..93b0bc337 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,5 +1,7 @@ - 2022-01-27 dana - -+ * CVE-2021-45444: NEWS, README: Document preceding two changes -+ - * Marc Cornellà: security/89: - Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which - can optionally be used to work around recursive PROMPT_SUBST -diff --git a/NEWS b/NEWS -index 964e1633f..d34b3f79e 100644 ---- a/NEWS -+++ b/NEWS -@@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH - - Note also the list of incompatibilities in the README file. - -+Changes since 5.8 -+----------------- -+ -+CVE-2021-45444: Some prompt expansion sequences, such as %F, support -+'arguments' which are themselves expanded in case they contain colour -+values, etc. This additional expansion would trigger PROMPT_SUBST -+evaluation, if enabled. This could be abused to execute code the user -+didn't expect. e.g., given a certain prompt configuration, an attacker -+could trick a user into executing arbitrary code by having them check -+out a Git branch with a specially crafted name. -+ -+This is fixed in the shell itself by no longer performing PROMPT_SUBST -+evaluation on these prompt-expansion arguments. -+ -+Users who are concerned about an exploit but unable to update their -+binaries may apply the partial work-around described in the file -+'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell -+source. [ Reported by RyotaK . Additional thanks to -+Marc Cornellà . ] -+ - Changes since 5.7.1-test-3 - -------------------------- - -diff --git a/README b/README -index 7f1dd5f92..c9e994ab3 100644 ---- a/README -+++ b/README -@@ -31,6 +31,12 @@ Zsh is a shell with lots of features. For a list of some of these, see the - file FEATURES, and for the latest changes see NEWS. For more - details, see the documentation. - -+Incompatibilities since 5.8 -+--------------------------- -+ -+PROMPT_SUBST expansion is no longer performed on arguments to prompt- -+expansion sequences such as %F. -+ - Incompatibilities since 5.7.1 - ----------------------------- - --- -2.34.1 diff --git a/meta-oe/recipes-shells/zsh/zsh_5.8.bb b/meta-oe/recipes-shells/zsh/zsh_5.9.bb similarity index 61% rename from meta-oe/recipes-shells/zsh/zsh_5.8.bb rename to meta-oe/recipes-shells/zsh/zsh_5.9.bb index 7602ff9f6..033feb208 100644 --- a/meta-oe/recipes-shells/zsh/zsh_5.8.bb +++ b/meta-oe/recipes-shells/zsh/zsh_5.9.bb @@ -10,12 +10,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=1a4c4cda3e8096d2fd483ff2f4514fec" DEPENDS = "ncurses bison-native libcap libpcre gdbm groff-native" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz \ - file://CVE-2021-45444_1.patch \ - file://CVE-2021-45444_2.patch \ - file://CVE-2021-45444_3.patch \ - " -SRC_URI[sha256sum] = "dcc4b54cc5565670a65581760261c163d720991f0d06486da61f8d839b52de27" +SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.xz" +SRC_URI[sha256sum] = "9b8d1ecedd5b5e81fbf1918e876752a7dd948e05c1a0dba10ab863842d45acd5" inherit autotools-brokensep gettext update-alternatives manpages @@ -50,13 +46,17 @@ do_configure () { oe_runconf } -pkg_postinst:${PN} () { - touch $D${sysconfdir}/shells - grep -q "bin/zsh" $D${sysconfdir}/shells || echo /bin/zsh >> $D${sysconfdir}/shells - grep -q "bin/sh" $D${sysconfdir}/shells || echo /bin/sh >> $D${sysconfdir}/shells +do_install:append() { + sed -i -e '1!b; s:^#!.*[ /]zsh:#!${bindir}/zsh:; s#/usr/local/bin#${bindir}#;' \ + `find ${D}/usr/share/zsh/${PV}/functions -type f` } -# work around QA failures with usrmerge installing zsh in /usr/bin/zsh instead of /bin/zsh -# ERROR: QA Issue: /usr/share/zsh/5.8/functions/zed contained in package zsh requires /bin/zsh, but no providers found in RDEPENDS:zsh? [file-rdeps] -# like bash does since https://git.openembedded.org/openembedded-core/commit/?id=4759408677a4e60c5fa7131afcb5bc184cf2f90a -RPROVIDES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', '/bin/zsh', '', d)}" +pkg_postinst:${PN} () { + touch $D${sysconfdir}/shells + grep -q "bin/zsh" $D${sysconfdir}/shells || echo /bin/zsh \ + ${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', '/usr/bin/zsh', '', d)} \ + >> $D${sysconfdir}/shells + grep -q "bin/sh" $D${sysconfdir}/shells || echo /bin/sh \ + ${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', '/usr/bin/sh', '', d)} \ + >> $D${sysconfdir}/shells +}