meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch - openbmc/openbmc - Gitiles

 From 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001
 From: dana <dana@dana.is>
 Date: Tue, 21 Dec 2021 13:13:33 -0600
 Subject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README

 https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch
 Upstream-Status: Backport
 CVE: CVE-2021-45444
 Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
 ---
  ChangeLog |  2 ++
  NEWS      | 20 ++++++++++++++++++++
  README    |  6 ++++++
  3 files changed, 28 insertions(+)

 diff --git a/ChangeLog b/ChangeLog
 index 9a05a09e1..93b0bc337 100644
 --- a/ChangeLog
 +++ b/ChangeLog
 @@ -1,5 +1,7 @@
  2022-01-27  dana  <dana@dana.is>

 +	* CVE-2021-45444: NEWS, README: Document preceding two changes
 +
  	* Marc Cornellà: security/89:
  	Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which
  	can optionally be used to work around recursive PROMPT_SUBST
 diff --git a/NEWS b/NEWS
 index 964e1633f..d34b3f79e 100644
 --- a/NEWS
 +++ b/NEWS
 @@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH

  Note also the list of incompatibilities in the README file.

 +Changes since 5.8
 +-----------------
 +
 +CVE-2021-45444: Some prompt expansion sequences, such as %F, support
 +'arguments' which are themselves expanded in case they contain colour
 +values, etc. This additional expansion would trigger PROMPT_SUBST
 +evaluation, if enabled. This could be abused to execute code the user
 +didn't expect. e.g., given a certain prompt configuration, an attacker
 +could trick a user into executing arbitrary code by having them check
 +out a Git branch with a specially crafted name.
 +
 +This is fixed in the shell itself by no longer performing PROMPT_SUBST
 +evaluation on these prompt-expansion arguments.
 +
 +Users who are concerned about an exploit but unable to update their
 +binaries may apply the partial work-around described in the file
 +'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell
 +source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
 +Marc Cornellà <hello@mcornella.com>. ]
 +
  Changes since 5.7.1-test-3
  --------------------------

 diff --git a/README b/README
 index 7f1dd5f92..c9e994ab3 100644
 --- a/README
 +++ b/README
 @@ -31,6 +31,12 @@ Zsh is a shell with lots of features.  For a list of some of these, see the
  file FEATURES, and for the latest changes see NEWS.  For more
  details, see the documentation.

 +Incompatibilities since 5.8
 +---------------------------
 +
 +PROMPT_SUBST expansion is no longer performed on arguments to prompt-
 +expansion sequences such as %F.
 +
  Incompatibilities since 5.7.1
  -----------------------------

 --
 2.34.1
	From 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001
	From: dana <dana@dana.is>
	Date: Tue, 21 Dec 2021 13:13:33 -0600
	Subject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README

	https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch
	Upstream-Status: Backport
	CVE: CVE-2021-45444
	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
	---
	ChangeLog \| 2 ++
	NEWS \| 20 ++++++++++++++++++++
	README \| 6 ++++++
	3 files changed, 28 insertions(+)

	diff --git a/ChangeLog b/ChangeLog
	index 9a05a09e1..93b0bc337 100644
	--- a/ChangeLog
	+++ b/ChangeLog
	@@ -1,5 +1,7 @@
	2022-01-27 dana <dana@dana.is>

	+ * CVE-2021-45444: NEWS, README: Document preceding two changes
	+
	* Marc Cornellà: security/89:
	Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which
	can optionally be used to work around recursive PROMPT_SUBST
	diff --git a/NEWS b/NEWS
	index 964e1633f..d34b3f79e 100644
	--- a/NEWS
	+++ b/NEWS
	@@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH

	Note also the list of incompatibilities in the README file.

	+Changes since 5.8
	+-----------------
	+
	+CVE-2021-45444: Some prompt expansion sequences, such as %F, support
	+'arguments' which are themselves expanded in case they contain colour
	+values, etc. This additional expansion would trigger PROMPT_SUBST
	+evaluation, if enabled. This could be abused to execute code the user
	+didn't expect. e.g., given a certain prompt configuration, an attacker
	+could trick a user into executing arbitrary code by having them check
	+out a Git branch with a specially crafted name.
	+
	+This is fixed in the shell itself by no longer performing PROMPT_SUBST
	+evaluation on these prompt-expansion arguments.
	+
	+Users who are concerned about an exploit but unable to update their
	+binaries may apply the partial work-around described in the file
	+'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell
	+source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
	+Marc Cornellà <hello@mcornella.com>. ]
	+
	Changes since 5.7.1-test-3
	--------------------------

	diff --git a/README b/README
	index 7f1dd5f92..c9e994ab3 100644
	--- a/README
	+++ b/README
	@@ -31,6 +31,12 @@ Zsh is a shell with lots of features. For a list of some of these, see the
	file FEATURES, and for the latest changes see NEWS. For more
	details, see the documentation.

	+Incompatibilities since 5.8
	+---------------------------
	+
	+PROMPT_SUBST expansion is no longer performed on arguments to prompt-
	+expansion sequences such as %F.
	+
	Incompatibilities since 5.7.1
	-----------------------------

	--
	2.34.1