summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk4
-rw-r--r--gnu/packages/patches/zsh-CVE-2018-7548.patch48
-rw-r--r--gnu/packages/patches/zsh-CVE-2018-7549.patch56
-rw-r--r--gnu/packages/shells.scm10
4 files changed, 5 insertions, 113 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 639dd943d6..6065d4c96b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1196,9 +1196,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/xinetd-CVE-2013-4342.patch		\
   %D%/packages/patches/xmodmap-asprintf.patch 			\
   %D%/packages/patches/libyaml-CVE-2014-9130.patch 		\
-  %D%/packages/patches/zathura-plugindir-environment-variable.patch	\
-  %D%/packages/patches/zsh-CVE-2018-7548.patch			\
-  %D%/packages/patches/zsh-CVE-2018-7549.patch
+  %D%/packages/patches/zathura-plugindir-environment-variable.patch
 
 MISC_DISTRO_FILES =				\
   %D%/packages/ld-wrapper.in
diff --git a/gnu/packages/patches/zsh-CVE-2018-7548.patch b/gnu/packages/patches/zsh-CVE-2018-7548.patch
deleted file mode 100644
index 1ee15fad73..0000000000
--- a/gnu/packages/patches/zsh-CVE-2018-7548.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Fix CVE-2018-7548:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548
-
-Patch copied from upstream source repository:
-
-https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
-
-From 110b13e1090bc31ac1352b28adc2d02b6d25a102 Mon Sep 17 00:00:00 2001
-From: Joey Pabalinas <joeypabalinas@gmail.com>
-Date: Tue, 23 Jan 2018 22:28:08 -0800
-Subject: [PATCH] 42313: avoid null-pointer deref when using ${(PA)...} on an
- empty array result
-
----
- ChangeLog   | 5 +++++
- Src/subst.c | 2 +-
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-#diff --git a/ChangeLog b/ChangeLog
-#index d2ba94afc..3037edda4 100644
-#--- a/ChangeLog
-#+++ b/ChangeLog
-#@@ -1,3 +1,8 @@
-#+2018-01-23  Barton E. Schaefer  <schaefer@zsh.org>
-#+
-#+       * Joey Pabalinas: 42313: Src/subst.c: avoid null-pointer deref
-#+       when using ${(PA)...} on an empty array result
-#+
-# 2018-01-23  Oliver Kiddle  <okiddle@yahoo.co.uk>
-# 
-#        * 42317: Completion/Linux/Command/_cryptsetup,
-diff --git a/Src/subst.c b/Src/subst.c
-index d027e3d83..a265a187e 100644
---- a/Src/subst.c
-+++ b/Src/subst.c
-@@ -2430,7 +2430,7 @@ paramsubst(LinkList l, LinkNode n, char **str, int qt, int pf_flags,
- 		val = aval[0];
- 		isarr = 0;
- 	    }
--	    s = dyncat(val, s);
-+	    s = val ? dyncat(val, s) : dupstring(s);
- 	    /* Now behave po-faced as if it was always like that... */
- 	    subexp = 0;
- 	    /*
--- 
-2.16.2
-
diff --git a/gnu/packages/patches/zsh-CVE-2018-7549.patch b/gnu/packages/patches/zsh-CVE-2018-7549.patch
deleted file mode 100644
index abefcdf2f9..0000000000
--- a/gnu/packages/patches/zsh-CVE-2018-7549.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Fix CVE-2018-7549:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7549
-
-Patch copied from upstream source repository:
-
-https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd
-
-From c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd Mon Sep 17 00:00:00 2001
-From: Stephane Chazelas <stephane.chazelas@gmail.com>
-Date: Fri, 22 Dec 2017 22:17:09 +0000
-Subject: [PATCH] Avoid crash copying empty hash table.
-
-Visible with typeset -p.
----
- ChangeLog    |  2 ++
- Src/params.c | 11 +++++++----
- 2 files changed, 9 insertions(+), 4 deletions(-)
-
-#diff --git a/ChangeLog b/ChangeLog
-#index f74c26b88..e3628cfa7 100644
-#--- a/ChangeLog
-#+++ b/ChangeLog
-#@@ -1,5 +1,7 @@
-# 2018-01-04  Peter Stephenson  <p.stephenson@samsung.com>
-# 
-#+       * Stephane: 42159: Src/params.c: avoid crash copying empty hash table.
-#+
-#        * Sebastian: 42188: Src/Modules/system.c: It is necessary to
-#        close the lock descriptor in some failure cases.
-#
-diff --git a/Src/params.c b/Src/params.c
-index 31ff0445b..de7730ae7 100644
---- a/Src/params.c
-+++ b/Src/params.c
-@@ -549,10 +549,13 @@ scancopyparams(HashNode hn, UNUSED(int flags))
- HashTable
- copyparamtable(HashTable ht, char *name)
- {
--    HashTable nht = newparamtable(ht->hsize, name);
--    outtable = nht;
--    scanhashtable(ht, 0, 0, 0, scancopyparams, 0);
--    outtable = NULL;
-+    HashTable nht = 0;
-+    if (ht) {
-+	nht = newparamtable(ht->hsize, name);
-+	outtable = nht;
-+	scanhashtable(ht, 0, 0, 0, scancopyparams, 0);
-+	outtable = NULL;
-+    }
-     return nht;
- }
- 
--- 
-2.16.2
-
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 8f3aa9b5f1..f0f25a0120 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -291,20 +291,18 @@ history mechanism, job control and a C-like syntax.")
 (define-public zsh
   (package
     (name "zsh")
-    (version "5.4.2")
+    (version "5.5.1")
     (source (origin
               (method url-fetch)
               (uri (list (string-append
                            "http://www.zsh.org/pub/zsh-" version
-                           ".tar.gz")
+                           ".tar.xz")
                          (string-append
                            "http://www.zsh.org/pub/old/zsh-" version
-                           ".tar.gz")))
-              (patches (search-patches "zsh-CVE-2018-7548.patch"
-                                       "zsh-CVE-2018-7549.patch"))
+                           ".tar.xz")))
               (sha256
                (base32
-                "1jdcfinzmki2w963msvsanv29vqqfmdfm4rncwpw0r3zqnrcsywm"))))
+                "105aqkdfsdxc4531anrj2zis2ywz6icagjam9lsc235yzh48ihz1"))))
     (build-system gnu-build-system)
     (arguments `(#:configure-flags '("--with-tcsetpgrp" "--enable-pcre")
                  #:phases