diff --git a/gnu/local.mk b/gnu/local.mk index 639dd943d6..6065d4c96b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1196,9 +1196,7 @@ dist_patch_DATA = \ %D%/packages/patches/xinetd-CVE-2013-4342.patch \ %D%/packages/patches/xmodmap-asprintf.patch \ %D%/packages/patches/libyaml-CVE-2014-9130.patch \ - %D%/packages/patches/zathura-plugindir-environment-variable.patch \ - %D%/packages/patches/zsh-CVE-2018-7548.patch \ - %D%/packages/patches/zsh-CVE-2018-7549.patch + %D%/packages/patches/zathura-plugindir-environment-variable.patch MISC_DISTRO_FILES = \ %D%/packages/ld-wrapper.in diff --git a/gnu/packages/patches/zsh-CVE-2018-7548.patch b/gnu/packages/patches/zsh-CVE-2018-7548.patch deleted file mode 100644 index 1ee15fad73..0000000000 --- a/gnu/packages/patches/zsh-CVE-2018-7548.patch +++ /dev/null @@ -1,48 +0,0 @@ -Fix CVE-2018-7548: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548 - -Patch copied from upstream source repository: - -https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102 - -From 110b13e1090bc31ac1352b28adc2d02b6d25a102 Mon Sep 17 00:00:00 2001 -From: Joey Pabalinas -Date: Tue, 23 Jan 2018 22:28:08 -0800 -Subject: [PATCH] 42313: avoid null-pointer deref when using ${(PA)...} on an - empty array result - ---- - ChangeLog | 5 +++++ - Src/subst.c | 2 +- - 2 files changed, 6 insertions(+), 1 deletion(-) - -#diff --git a/ChangeLog b/ChangeLog -#index d2ba94afc..3037edda4 100644 -#--- a/ChangeLog -#+++ b/ChangeLog -#@@ -1,3 +1,8 @@ -#+2018-01-23 Barton E. Schaefer -#+ -#+ * Joey Pabalinas: 42313: Src/subst.c: avoid null-pointer deref -#+ when using ${(PA)...} on an empty array result -#+ -# 2018-01-23 Oliver Kiddle -# -# * 42317: Completion/Linux/Command/_cryptsetup, -diff --git a/Src/subst.c b/Src/subst.c -index d027e3d83..a265a187e 100644 ---- a/Src/subst.c -+++ b/Src/subst.c -@@ -2430,7 +2430,7 @@ paramsubst(LinkList l, LinkNode n, char **str, int qt, int pf_flags, - val = aval[0]; - isarr = 0; - } -- s = dyncat(val, s); -+ s = val ? dyncat(val, s) : dupstring(s); - /* Now behave po-faced as if it was always like that... */ - subexp = 0; - /* --- -2.16.2 - diff --git a/gnu/packages/patches/zsh-CVE-2018-7549.patch b/gnu/packages/patches/zsh-CVE-2018-7549.patch deleted file mode 100644 index abefcdf2f9..0000000000 --- a/gnu/packages/patches/zsh-CVE-2018-7549.patch +++ /dev/null @@ -1,56 +0,0 @@ -Fix CVE-2018-7549: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7549 - -Patch copied from upstream source repository: - -https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd - -From c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd Mon Sep 17 00:00:00 2001 -From: Stephane Chazelas -Date: Fri, 22 Dec 2017 22:17:09 +0000 -Subject: [PATCH] Avoid crash copying empty hash table. - -Visible with typeset -p. ---- - ChangeLog | 2 ++ - Src/params.c | 11 +++++++---- - 2 files changed, 9 insertions(+), 4 deletions(-) - -#diff --git a/ChangeLog b/ChangeLog -#index f74c26b88..e3628cfa7 100644 -#--- a/ChangeLog -#+++ b/ChangeLog -#@@ -1,5 +1,7 @@ -# 2018-01-04 Peter Stephenson -# -#+ * Stephane: 42159: Src/params.c: avoid crash copying empty hash table. -#+ -# * Sebastian: 42188: Src/Modules/system.c: It is necessary to -# close the lock descriptor in some failure cases. -# -diff --git a/Src/params.c b/Src/params.c -index 31ff0445b..de7730ae7 100644 ---- a/Src/params.c -+++ b/Src/params.c -@@ -549,10 +549,13 @@ scancopyparams(HashNode hn, UNUSED(int flags)) - HashTable - copyparamtable(HashTable ht, char *name) - { -- HashTable nht = newparamtable(ht->hsize, name); -- outtable = nht; -- scanhashtable(ht, 0, 0, 0, scancopyparams, 0); -- outtable = NULL; -+ HashTable nht = 0; -+ if (ht) { -+ nht = newparamtable(ht->hsize, name); -+ outtable = nht; -+ scanhashtable(ht, 0, 0, 0, scancopyparams, 0); -+ outtable = NULL; -+ } - return nht; - } - --- -2.16.2 - diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm index 8f3aa9b5f1..f0f25a0120 100644 --- a/gnu/packages/shells.scm +++ b/gnu/packages/shells.scm @@ -291,20 +291,18 @@ history mechanism, job control and a C-like syntax.") (define-public zsh (package (name "zsh") - (version "5.4.2") + (version "5.5.1") (source (origin (method url-fetch) (uri (list (string-append "http://www.zsh.org/pub/zsh-" version - ".tar.gz") + ".tar.xz") (string-append "http://www.zsh.org/pub/old/zsh-" version - ".tar.gz"))) - (patches (search-patches "zsh-CVE-2018-7548.patch" - "zsh-CVE-2018-7549.patch")) + ".tar.xz"))) (sha256 (base32 - "1jdcfinzmki2w963msvsanv29vqqfmdfm4rncwpw0r3zqnrcsywm")))) + "105aqkdfsdxc4531anrj2zis2ywz6icagjam9lsc235yzh48ihz1")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--with-tcsetpgrp" "--enable-pcre") #:phases