head	1.2;
access;
symbols
	pkgsrc-2018Q1:1.1.0.2
	pkgsrc-2018Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2018.04.29.20.41.04;	author ryoon;	state dead;
branches;
next	1.1;
commitid	VhdhTPdoLEJ2xnAA;

1.1
date	2018.03.30.20.56.42;	author spz;	state Exp;
branches;
next	;
commitid	1L4SSfCpakZ9zwwA;


desc
@@


1.2
log
@Update to 5.5.1

Changelog:
Changes from %.5 to 5.5.1
-------------------------

Apart from a fix for a configuration problem finding singal names from
(some) recent versions of glibc, there are only minor changes.

Changes from 5.4.2 to 5.5
-------------------------

The effect of the NO_INTERACTIVE_COMMENTS option extends into $(...) and
`...` command substitutions when used on the command line.  Previously,
comments were always recognized within command substitutions unless the
comment character "#" was disabled via reset of $histchars.

An alternative assignment syntax for indicating indices for arrays
and keys for associative arrays:

typeset -a array=([1]=first [2]=second)
typeset -A assoc=([key1]=val1 [key2]=val2)

is allowed for compatibility with other shells.  In the case of normal
arrays the new syntax can be mixed with the old.
@
text
@$NetBSD: patch-CVE-2018-1071,v 1.1 2018/03/30 20:56:42 spz Exp $

patch for CVE-2018-1071 from
https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4/

--- Src/exec.c.orig	2017-08-27 19:28:43.000000000 +0000
+++ Src/exec.c	2018-03-30 20:10:46.000000000 +0000
@@@@ -920,7 +920,7 @@@@
     for (; *pp; pp++)
 	if (**pp == '/') {
 	    s = buf;
-	    strucpy(&s, *pp);
+	    struncpy(&s, *pp, PATH_MAX);
 	    *s++ = '/';
 	    if ((s - buf) + strlen(arg0) >= PATH_MAX)
 		continue;
--- Src/utils.c.orig	2017-08-08 18:02:32.000000000 +0000
+++ Src/utils.c	2018-03-30 20:13:16.000000000 +0000
@@@@ -2283,10 +2283,10 @@@@
 {
     char *u = *s;
 
-    while (n--)
-	*u++ = *t++;
+    while (n-- && (*u++ = *t++));
     *s = u;
-    *u = '\0';
+    if (n > 0) /* just one null-byte will do, unlike strncpy(3) */
+        *u = '\0';
 }
 
 /* Return the number of elements in an array of pointers. *
@


1.1
log
@add security patches for CVE-2018-1071, CVE-2018-1083, CVE-2018-7548
and CVE-2018-7549 from the zsh repo. one pullup less, w00t. :-P
@
text
@d1 1
a1 1
$NetBSD: $
@