From 4958351fe94d3e3c0f074b5fa4b9aae779d42b8e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 31 2020 09:36:08 +0000 Subject: import zsh-5.0.2-34.el7 --- diff --git a/SOURCES/zsh-5.0.2-CVE-2014-10072.patch b/SOURCES/zsh-5.0.2-CVE-2014-10072.patch index 689e63d..3843fd8 100644 --- a/SOURCES/zsh-5.0.2-CVE-2014-10072.patch +++ b/SOURCES/zsh-5.0.2-CVE-2014-10072.patch @@ -1,7 +1,7 @@ From a787fc5c556cbbc7f3de308d25b7527f9da5a0da Mon Sep 17 00:00:00 2001 From: "Barton E. Schaefer" Date: Sun, 19 Jan 2014 17:41:06 -0800 -Subject: [PATCH] 32294: prevent buffer overflow when scanning very long +Subject: [PATCH 1/3] 32294: prevent buffer overflow when scanning very long directory paths for symbolic links Upstream-commit: 3e06aeabd8a9e8384ebaa8b08996cd1f64737210 @@ -88,3 +88,122 @@ index 20fa59d..a197ef8 100644 -- 2.14.3 + +From a2de3957b1e6f23c593c47df0a850a8272e7c06a Mon Sep 17 00:00:00 2001 +From: "Barton E. Schaefer" +Date: Fri, 15 Aug 2014 10:19:54 -0700 +Subject: [PATCH 2/3] 33012: add an error return value (-1) to xsymlinks() + +Upstream-commit: 47d91c5fba6bc90d79503b7c69c6146abb8825f5 +Signed-off-by: Kamil Dudka +--- + Src/utils.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/Src/utils.c b/Src/utils.c +index a197ef8..d3e5812 100644 +--- a/Src/utils.c ++++ b/Src/utils.c +@@ -717,7 +717,6 @@ slashsplit(char *s) + } + + /* expands symlinks and .. or . expressions */ +-/* if flag = 0, only expand .. and . expressions */ + + /**/ + static int +@@ -754,6 +753,7 @@ xsymlinks(char *s) + strcat(xbuf, *pp); + } else { + *xbuf = 0; ++ ret = -1; + break; + } + } else { +@@ -761,9 +761,11 @@ xsymlinks(char *s) + metafy(xbuf3, t0, META_NOALLOC); + if (*xbuf3 == '/') { + strcpy(xbuf, ""); +- xsymlinks(xbuf3 + 1); ++ if (xsymlinks(xbuf3 + 1) < 0) ++ ret = -1; + } else +- xsymlinks(xbuf3); ++ if (xsymlinks(xbuf3) < 0) ++ ret = -1; + } + } + freearray(opp); +@@ -782,11 +784,10 @@ xsymlink(char *s) + if (*s != '/') + return NULL; + *xbuf = '\0'; +- xsymlinks(s + 1); +- if (!*xbuf) { ++ if (xsymlinks(s + 1) < 0) + zwarn("path expansion failed, using root directory"); ++ if (!*xbuf) + return ztrdup("/"); +- } + return ztrdup(xbuf); + } + +@@ -796,7 +797,7 @@ print_if_link(char *s) + { + if (*s == '/') { + *xbuf = '\0'; +- if (xsymlinks(s + 1)) ++ if (xsymlinks(s + 1) > 0) + printf(" -> "), zputs(*xbuf ? xbuf : "/", stdout); + } + } +-- +2.20.1 + + +From c84057916eb96714c03fb0072ad0929152e48f0a Mon Sep 17 00:00:00 2001 +From: Peter Stephenson +Date: Thu, 13 Nov 2014 19:44:01 +0000 +Subject: [PATCH 3/3] Marc Finet: problems with working directory + rationalisation. + +Ensure the length of the directory is kept up to date. + +Abort following symlinks as soon as there's an error. + +Upstream-commit: c01a178ece6740f719fef81ecdf9283b5c8b71d5 +Signed-off-by: Kamil Dudka +--- + Src/utils.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/Src/utils.c b/Src/utils.c +index d3e5812..e2ffc38 100644 +--- a/Src/utils.c ++++ b/Src/utils.c +@@ -728,7 +728,7 @@ xsymlinks(char *s) + zulong xbuflen = strlen(xbuf); + + opp = pp = slashsplit(s); +- for (; xbuflen < sizeof(xbuf) && *pp; pp++) { ++ for (; xbuflen < sizeof(xbuf) && *pp && ret >= 0; pp++) { + if (!strcmp(*pp, ".")) + continue; + if (!strcmp(*pp, "..")) { +@@ -763,9 +763,13 @@ xsymlinks(char *s) + strcpy(xbuf, ""); + if (xsymlinks(xbuf3 + 1) < 0) + ret = -1; ++ else ++ xbuflen = strlen(xbuf); + } else + if (xsymlinks(xbuf3) < 0) + ret = -1; ++ else ++ xbuflen = strlen(xbuf); + } + } + freearray(opp); +-- +2.20.1 + diff --git a/SOURCES/zsh-5.0.2-CVE-2017-18206.patch b/SOURCES/zsh-5.0.2-CVE-2017-18206.patch index ef0df69..48abeb7 100644 --- a/SOURCES/zsh-5.0.2-CVE-2017-18206.patch +++ b/SOURCES/zsh-5.0.2-CVE-2017-18206.patch @@ -14,7 +14,7 @@ diff --git a/Src/utils.c b/Src/utils.c index a197ef8..13e744e 100644 --- a/Src/utils.c +++ b/Src/utils.c -@@ -724,7 +724,7 @@ static int +@@ -723,7 +723,7 @@ static int xsymlinks(char *s) { char **pp, **opp; @@ -66,7 +66,7 @@ index a197ef8..391d020 100644 /**/ static char ** -@@ -724,9 +724,9 @@ static int +@@ -723,9 +723,9 @@ static int xsymlinks(char *s) { char **pp, **opp; @@ -77,8 +77,8 @@ index a197ef8..391d020 100644 + zulong xbuflen = strlen(xbuf), pplen; opp = pp = slashsplit(s); - for (; xbuflen < sizeof(xbuf) && *pp; pp++) { -@@ -745,10 +745,18 @@ xsymlinks(char *s) + for (; xbuflen < sizeof(xbuf) && *pp && ret >= 0; pp++) { +@@ -744,10 +744,18 @@ xsymlinks(char *s) *p = '\0'; continue; } diff --git a/SOURCES/zsh-5.0.2-CVE-2018-1071.patch b/SOURCES/zsh-5.0.2-CVE-2018-1071.patch index 47ddd1e..06c7e4e 100644 --- a/SOURCES/zsh-5.0.2-CVE-2018-1071.patch +++ b/SOURCES/zsh-5.0.2-CVE-2018-1071.patch @@ -28,7 +28,7 @@ diff --git a/Src/utils.c b/Src/utils.c index 391d020..c6eba63 100644 --- a/Src/utils.c +++ b/Src/utils.c -@@ -2005,10 +2005,10 @@ struncpy(char **s, char *t, int n) +@@ -2010,10 +2010,10 @@ struncpy(char **s, char *t, int n) { char *u = *s; @@ -62,7 +62,7 @@ diff --git a/Src/utils.c b/Src/utils.c index 3989c8c..bac12a9 100644 --- a/Src/utils.c +++ b/Src/utils.c -@@ -2005,7 +2005,8 @@ struncpy(char **s, char *t, int n) +@@ -2010,7 +2010,8 @@ struncpy(char **s, char *t, int n) { char *u = *s; @@ -72,7 +72,7 @@ index 3989c8c..bac12a9 100644 *s = u; if (n > 0) /* just one null-byte will do, unlike strncpy(3) */ *u = '\0'; -@@ -3740,17 +3741,20 @@ spname(char *oldname) +@@ -3745,17 +3746,20 @@ spname(char *oldname) * odd to the human reader, and we may make use of the total * * distance for all corrections at some point in the future. */ if (bestdist < maxthresh) { diff --git a/SOURCES/zsh-5.0.2-CVE-2018-1100.patch b/SOURCES/zsh-5.0.2-CVE-2018-1100.patch index 3ff1e51..f430c59 100644 --- a/SOURCES/zsh-5.0.2-CVE-2018-1100.patch +++ b/SOURCES/zsh-5.0.2-CVE-2018-1100.patch @@ -13,7 +13,7 @@ diff --git a/Src/utils.c b/Src/utils.c index c6eba63..41ec45c 100644 --- a/Src/utils.c +++ b/Src/utils.c -@@ -1414,7 +1414,7 @@ checkmailpath(char **s) +@@ -1419,7 +1419,7 @@ checkmailpath(char **s) LinkList l; DIR *lock = opendir(unmeta(*s)); char buf[PATH_MAX * 2], **arr, **ap; @@ -22,7 +22,7 @@ index c6eba63..41ec45c 100644 if (lock) { char *fn; -@@ -1423,9 +1423,11 @@ checkmailpath(char **s) +@@ -1428,9 +1428,11 @@ checkmailpath(char **s) l = newlinklist(); while ((fn = zreaddir(lock, 1)) && !errflag) { if (u) diff --git a/SOURCES/zsh-5.0.2-CVE-2019-20044.patch b/SOURCES/zsh-5.0.2-CVE-2019-20044.patch deleted file mode 100644 index 7e70713..0000000 --- a/SOURCES/zsh-5.0.2-CVE-2019-20044.patch +++ /dev/null @@ -1,1369 +0,0 @@ -From e6dea148252c9d8cb3de0965f2e558ac13e12f06 Mon Sep 17 00:00:00 2001 -From: Daniel Shahaf -Date: Thu, 26 Dec 2019 11:49:45 +0000 -Subject: [PATCH 1/7] internal: Allow %L in zerrmsg() in non-debug builds, too. - -This will let error messages include long integers. - -Upstream-commit: 81185f4c6106d7ea2f7beaabbec7360c08e400d2 -Signed-off-by: Kamil Dudka ---- - Src/utils.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/Src/utils.c b/Src/utils.c -index 32f6008..2ddc596 100644 ---- a/Src/utils.c -+++ b/Src/utils.c -@@ -304,12 +304,10 @@ zerrmsg(FILE *file, const char *fmt, va_list ap) - nicezputs(s, file); - break; - } --#ifdef DEBUG - case 'L': - lnum = va_arg(ap, long); - fprintf(file, "%ld", lnum); - break; --#endif - case 'd': - num = va_arg(ap, int); - fprintf(file, "%d", num); --- -2.21.1 - - -From 4907caaf15e5a054088e05534c5500679c15b105 Mon Sep 17 00:00:00 2001 -From: dana -Date: Thu, 26 Dec 2019 14:57:07 -0600 -Subject: [PATCH 2/7] unposted: zerrmsg(): Fix macro guard missed in previous - commit - -Upstream-commit: ed21a7b70068b4250a25dcdc5b7213a789b0d0ca -Signed-off-by: Kamil Dudka ---- - Src/utils.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/Src/utils.c b/Src/utils.c -index 2ddc596..4a1dcc4 100644 ---- a/Src/utils.c -+++ b/Src/utils.c -@@ -266,9 +266,7 @@ zerrmsg(FILE *file, const char *fmt, va_list ap) - { - const char *str; - int num; --#ifdef DEBUG - long lnum; --#endif - #ifdef HAVE_STRERROR_R - #define ERRBUFSIZE (80) - int olderrno; --- -2.21.1 - - -From 6b5d2276f9a8a30e7a62d542f092793575f0ae97 Mon Sep 17 00:00:00 2001 -From: Sam Foxman -Date: Sun, 22 Dec 2019 17:30:28 -0500 -Subject: [PATCH 3/7] Drop privileges securely - -Upstream-commit: 24e993db62cf146fb76ebcf677a4a7aa3766fc74 -Signed-off-by: Kamil Dudka ---- - Src/options.c | 138 ++++++++++++++++++++++++++++++++++++++++++++------ - configure.ac | 4 +- - 2 files changed, 126 insertions(+), 16 deletions(-) - -diff --git a/Src/options.c b/Src/options.c -index b36bd99..3a0edab 100644 ---- a/Src/options.c -+++ b/Src/options.c -@@ -565,6 +565,7 @@ int - bin_setopt(char *nam, char **args, UNUSED(Options ops), int isun) - { - int action, optno, match = 0; -+ int retval = 0; - - /* With no arguments or options, display options. */ - if (!*args) { -@@ -592,18 +593,28 @@ bin_setopt(char *nam, char **args, UNUSED(Options ops), int isun) - inittyptab(); - return 1; - } -- if(!(optno = optlookup(*args))) -+ if(!(optno = optlookup(*args))) { - zwarnnam(nam, "no such option: %s", *args); -- else if(dosetopt(optno, action, 0, opts)) -- zwarnnam(nam, "can't change option: %s", *args); -+ retval = 1; -+ } else { -+ retval = !!dosetopt(optno, action, 0, opts); -+ if (retval) { -+ zwarnnam(nam, "can't change option: %s", *args); -+ } -+ } - break; - } else if(**args == 'm') { - match = 1; - } else { -- if (!(optno = optlookupc(**args))) -+ if (!(optno = optlookupc(**args))) { - zwarnnam(nam, "bad option: -%c", **args); -- else if(dosetopt(optno, action, 0, opts)) -- zwarnnam(nam, "can't change option: -%c", **args); -+ retval = 1; -+ } else { -+ retval = !!dosetopt(optno, action, 0, opts); -+ if (retval) { -+ zwarnnam(nam, "can't change option: -%c", **args); -+ } -+ } - } - } - args++; -@@ -613,10 +624,15 @@ bin_setopt(char *nam, char **args, UNUSED(Options ops), int isun) - if (!match) { - /* Not globbing the arguments -- arguments are simply option names. */ - while (*args) { -- if(!(optno = optlookup(*args++))) -+ if(!(optno = optlookup(*args++))) { - zwarnnam(nam, "no such option: %s", args[-1]); -- else if(dosetopt(optno, !isun, 0, opts)) -- zwarnnam(nam, "can't change option: %s", args[-1]); -+ retval = 1; -+ } else { -+ retval = !!dosetopt(optno, !isun, 0, opts); -+ if (retval) { -+ zwarnnam(nam, "can't change option: %s", args[-1]); -+ } -+ } - } - } else { - /* Globbing option (-m) set. */ -@@ -639,7 +655,8 @@ bin_setopt(char *nam, char **args, UNUSED(Options ops), int isun) - tokenize(s); - if (!(pprog = patcompile(s, PAT_STATIC, NULL))) { - zwarnnam(nam, "bad pattern: %s", *args); -- continue; -+ retval = 1; -+ break; - } - /* Loop over expansions. */ - scanmatchtable(optiontab, pprog, 0, 0, OPT_ALIAS, -@@ -648,7 +665,7 @@ bin_setopt(char *nam, char **args, UNUSED(Options ops), int isun) - } - } - inittyptab(); -- return 0; -+ return retval; - } - - /* Identify an option name */ -@@ -757,10 +774,101 @@ dosetopt(int optno, int value, int force, char *new_opts) - return -1; - } else if(optno == PRIVILEGED && !value) { - /* unsetting PRIVILEGED causes the shell to make itself unprivileged */ --#ifdef HAVE_SETUID -- setuid(getuid()); -- setgid(getgid()); --#endif /* HAVE_SETUID */ -+ -+ int skip_setuid = 0; -+ int skip_setgid = 0; -+ -+#if defined(HAVE_GETEGID) && defined(HAVE_SETGID) && defined(HAVE_GETUID) -+ int orig_egid = getegid(); -+#endif -+ -+#if defined(HAVE_GETEUID) && defined(HAVE_GETUID) -+ if (geteuid() == getuid()) { -+ skip_setuid = 1; -+ } -+#endif -+ -+#if defined(HAVE_GETEGID) && defined(HAVE_GETGID) -+ if (getegid() == getgid()) { -+ skip_setgid = 1; -+ } -+#endif -+ -+ if (!skip_setgid) { -+ int setgid_err; -+#ifdef HAVE_SETRESGID -+ setgid_err = setresgid(getgid(), getgid(), getgid()); -+#elif defined(HAVE_SETREGID) -+#if defined(HAVE_GETEGID) && defined(HAVE_SETGID) && defined(HAVE_GETUID) -+ setgid_err = setregid(getgid(), getgid()); -+#else -+ zwarnnam("unsetopt", -+ "PRIVILEGED: can't drop privileges; setregid available, but cannot check if saved gid changed"); -+ return -1; -+#endif -+#else -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresgid and setregid not available"); -+ return -1; -+#endif -+ if (setgid_err) { -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; failed to change group ID: %e", errno); -+ return -1; -+ } -+ } -+ -+ if (!skip_setuid) { -+#if defined(HAVE_GETEUID) && defined(HAVE_SETUID) -+ int orig_euid = geteuid(); -+#endif -+ int setuid_err; -+#if defined(HAVE_GETEUID) && defined(HAVE_INITGROUPS) && defined(HAVE_GETPWUID) -+ if (geteuid() == 0) { -+ struct passwd *pw = getpwuid(getuid()); -+ if (pw == NULL) { -+ zwarnnam("unsetopt", "can't drop privileges; failed to get user information for uid %d: %e", -+ getuid(), errno); -+ return -1; -+ } -+ if (initgroups(pw->pw_name, pw->pw_gid)) { -+ zwarnnam("unsetopt", "can't drop privileges; failed to set supplementary group list: %e", errno); -+ return -1; -+ } -+ } -+#endif -+ -+#ifdef HAVE_SETRESUID -+ setuid_err = setresuid(getuid(), getuid(), getuid()); -+#elif defined(HAVE_SETREUID) -+#if defined(HAVE_GETEUID) && defined(HAVE_SETUID) && defined(HAVE_GETUID) -+ setuid_err = setreuid(getuid(), getuid()); -+#else -+ zwarnnam("unsetopt", -+ "PRIVILEGED: can't drop privileges; setreuid available, but cannot check if saved uid changed"); -+ return -1; -+#endif -+#else -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresuid and setreuid not available"); -+ return -1; -+#endif -+ if (setuid_err) { -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; failed to change user ID: %e", errno); -+ return -1; -+ } -+#if defined(HAVE_GETEUID) && defined(HAVE_SETUID) && defined(HAVE_GETUID) -+ if (getuid() != 0 && !setuid(orig_euid)) { -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; was able to restore the euid"); -+ return -1; -+ } -+#endif -+ } -+ -+#if defined(HAVE_GETEGID) && defined(HAVE_SETGID) && defined(HAVE_GETUID) -+ if (getuid() != 0 && !skip_setgid && !setgid(orig_egid)) { -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; was able to restore the egid"); -+ return -1; -+ } -+#endif -+ - #ifdef JOB_CONTROL - } else if (!force && optno == MONITOR && value) { - if (new_opts[optno] == value) -diff --git a/configure.ac b/configure.ac -index 5528597..47f174e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1217,7 +1217,9 @@ AC_CHECK_FUNCS(strftime strptime mktime timelocal \ - inet_aton inet_pton inet_ntop \ - getlogin getpwent getpwnam getpwuid getgrgid getgrnam \ - initgroups nis_list \ -- setuid seteuid setreuid setresuid setsid \ -+ getuid setuid seteuid setreuid setresuid setsid \ -+ getgid setgid setegid setregid setresgid \ -+ geteuid getegid \ - memcpy memmove strstr strerror strtoul \ - getrlimit getrusage \ - setlocale \ --- -2.21.1 - - -From 2544b32ecbb2493aa99e65599176be43d6064a78 Mon Sep 17 00:00:00 2001 -From: Daniel Shahaf -Date: Thu, 26 Dec 2019 09:16:19 +0000 -Subject: [PATCH 4/7] Improve PRIVILEGED fixes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -- Fix retval handling in bin_setopt() - -- Don't skip_setuid / skip_setgid. It's not our place to optimize away noops - (that might not even _be_ noops; they might change the saved uid…). - -- Remove HAVE_* guard checks around functions that are used unguarded elsewhere. - -- Use bsd-setres_id.c from OpenSSH to provide setresuid() / setresgid() - everywhere, and thus simplify the ifdef soup. Fix some preëxisting - bugs in the macro definitions of setuid() (do we still need that one?). - -- Fix zwarning() format codes for variadic arguments type safety - -- Restored a comment from HEAD - -- Fix failure modes around initgroups() - -- Compared privilege restoration code with OpenSSH's permanently_drop_uid() and - updated as needed - -- Add E01 PRIVILEGED sanity checks - -Upstream-commit: 8250c5c168f07549ed646e6848e6dda118271e23 -Signed-off-by: Kamil Dudka ---- - Src/openssh_bsd_setres_id.c | 129 +++++++++++++++++++++++++++++++ - Src/options.c | 148 ++++++++++++++++-------------------- - Src/zsh.mdd | 3 +- - Src/zsh_system.h | 94 ++++++++++++++++++----- - Test/E01options.ztst | 15 ++++ - configure.ac | 5 +- - 6 files changed, 292 insertions(+), 102 deletions(-) - create mode 100644 Src/openssh_bsd_setres_id.c - -diff --git a/Src/openssh_bsd_setres_id.c b/Src/openssh_bsd_setres_id.c -new file mode 100644 -index 0000000..65e91a4 ---- /dev/null -+++ b/Src/openssh_bsd_setres_id.c -@@ -0,0 +1,129 @@ -+/* -+ * Copyright (c) 2012 Darren Tucker (dtucker at zip com au). -+ * -+ * Permission to use, copy, modify, and distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+/* -+ * openssh_bsd_setres_id.c - setresuid() and setresgid() wrappers -+ * -+ * This file is part of zsh, the Z shell. -+ * -+ * It is based on the file openbsd-compat/bsd-setres_id.c in OpenSSH 7.9p1, -+ * which is subject to the copyright notice above. The zsh modifications are -+ * licensed as follows: -+ * -+ * Copyright (c) 2019 Daniel Shahaf -+ * All rights reserved. -+ * -+ * Permission is hereby granted, without written agreement and without -+ * license or royalty fees, to use, copy, modify, and distribute this -+ * software and to distribute modified versions of this software for any -+ * purpose, provided that the above copyright notice and the following -+ * two paragraphs appear in all copies of this software. -+ * -+ * In no event shall Daniel Shahaf or the Zsh Development Group be liable -+ * to any party for direct, indirect, special, incidental, or consequential -+ * damages arising out of the use of this software and its documentation, -+ * even if Daniel Shahaf and the Zsh Development Group have been advised of -+ * the possibility of such damage. -+ * -+ * Daniel Shahaf and the Zsh Development Group specifically disclaim any -+ * warranties, including, but not limited to, the implied warranties of -+ * merchantability and fitness for a particular purpose. The software -+ * provided hereunder is on an "as is" basis, and Daniel Shahaf and the -+ * Zsh Development Group have no obligation to provide maintenance, -+ * support, updates, enhancements, or modifications. -+ * -+ */ -+ -+ -+#include -+ -+#include -+#include -+#include -+ -+#include "zsh.mdh" -+ -+#if defined(ZSH_IMPLEMENT_SETRESGID) || defined(BROKEN_SETRESGID) -+int -+setresgid(gid_t rgid, gid_t egid, gid_t sgid) -+{ -+ int ret = 0, saved_errno; -+ -+ if (rgid != sgid) { -+ errno = ENOSYS; -+ return -1; -+ } -+#if defined(ZSH_HAVE_NATIVE_SETREGID) && !defined(BROKEN_SETREGID) -+ if (setregid(rgid, egid) < 0) { -+ saved_errno = errno; -+ zwarnnam("setregid", "to gid %L: %e", (long)rgid, errno); -+ errno = saved_errno; -+ ret = -1; -+ } -+#else -+ if (setegid(egid) < 0) { -+ saved_errno = errno; -+ zwarnnam("setegid", "to gid %L: %e", (long)(unsigned int)egid, errno); -+ errno = saved_errno; -+ ret = -1; -+ } -+ if (setgid(rgid) < 0) { -+ saved_errno = errno; -+ zwarnnam("setgid", "to gid %L: %e", (long)rgid, errno); -+ errno = saved_errno; -+ ret = -1; -+ } -+#endif -+ return ret; -+} -+#endif -+ -+#if defined(ZSH_IMPLEMENT_SETRESUID) || defined(BROKEN_SETRESUID) -+int -+setresuid(uid_t ruid, uid_t euid, uid_t suid) -+{ -+ int ret = 0, saved_errno; -+ -+ if (ruid != suid) { -+ errno = ENOSYS; -+ return -1; -+ } -+#if defined(ZSH_HAVE_NATIVE_SETREUID) && !defined(BROKEN_SETREUID) -+ if (setreuid(ruid, euid) < 0) { -+ saved_errno = errno; -+ zwarnnam("setreuid", "to uid %L: %e", (long)ruid, errno); -+ errno = saved_errno; -+ ret = -1; -+ } -+#else -+ -+# ifndef SETEUID_BREAKS_SETUID -+ if (seteuid(euid) < 0) { -+ saved_errno = errno; -+ zwarnnam("seteuid", "to uid %L: %e", (long)euid, errno); -+ errno = saved_errno; -+ ret = -1; -+ } -+# endif -+ if (setuid(ruid) < 0) { -+ saved_errno = errno; -+ zwarnnam("setuid", "to uid %L: %e", (long)ruid, errno); -+ errno = saved_errno; -+ ret = -1; -+ } -+#endif -+ return ret; -+} -+#endif -diff --git a/Src/options.c b/Src/options.c -index 3a0edab..b10a53e 100644 ---- a/Src/options.c -+++ b/Src/options.c -@@ -595,25 +595,21 @@ bin_setopt(char *nam, char **args, UNUSED(Options ops), int isun) - } - if(!(optno = optlookup(*args))) { - zwarnnam(nam, "no such option: %s", *args); -- retval = 1; -- } else { -- retval = !!dosetopt(optno, action, 0, opts); -- if (retval) { -- zwarnnam(nam, "can't change option: %s", *args); -- } -+ retval |= 1; -+ } else if (dosetopt(optno, action, 0, opts)) { -+ zwarnnam(nam, "can't change option: %s", *args); -+ retval |= 1; - } - break; - } else if(**args == 'm') { - match = 1; - } else { -- if (!(optno = optlookupc(**args))) { -+ if (!(optno = optlookupc(**args))) { - zwarnnam(nam, "bad option: -%c", **args); -- retval = 1; -- } else { -- retval = !!dosetopt(optno, action, 0, opts); -- if (retval) { -- zwarnnam(nam, "can't change option: -%c", **args); -- } -+ retval |= 1; -+ } else if (dosetopt(optno, action, 0, opts)) { -+ zwarnnam(nam, "can't change option: -%c", **args); -+ retval |= 1; - } - } - } -@@ -626,12 +622,10 @@ bin_setopt(char *nam, char **args, UNUSED(Options ops), int isun) - while (*args) { - if(!(optno = optlookup(*args++))) { - zwarnnam(nam, "no such option: %s", args[-1]); -- retval = 1; -- } else { -- retval = !!dosetopt(optno, !isun, 0, opts); -- if (retval) { -- zwarnnam(nam, "can't change option: %s", args[-1]); -- } -+ retval |= 1; -+ } else if (dosetopt(optno, !isun, 0, opts)) { -+ zwarnnam(nam, "can't change option: %s", args[-1]); -+ retval |= 1; - } - } - } else { -@@ -655,7 +649,7 @@ bin_setopt(char *nam, char **args, UNUSED(Options ops), int isun) - tokenize(s); - if (!(pprog = patcompile(s, PAT_STATIC, NULL))) { - zwarnnam(nam, "bad pattern: %s", *args); -- retval = 1; -+ retval |= 1; - break; - } - /* Loop over expansions. */ -@@ -775,100 +769,92 @@ dosetopt(int optno, int value, int force, char *new_opts) - } else if(optno == PRIVILEGED && !value) { - /* unsetting PRIVILEGED causes the shell to make itself unprivileged */ - -- int skip_setuid = 0; -- int skip_setgid = 0; -- --#if defined(HAVE_GETEGID) && defined(HAVE_SETGID) && defined(HAVE_GETUID) -- int orig_egid = getegid(); --#endif -+ /* If set, return -1 so lastval will be non-zero. */ -+ int failed = 0; - --#if defined(HAVE_GETEUID) && defined(HAVE_GETUID) -- if (geteuid() == getuid()) { -- skip_setuid = 1; -- } -+#ifdef HAVE_SETUID -+ const int orig_euid = geteuid(); - #endif -+ const int orig_egid = getegid(); - --#if defined(HAVE_GETEGID) && defined(HAVE_GETGID) -- if (getegid() == getgid()) { -- skip_setgid = 1; -- } --#endif -- -- if (!skip_setgid) { -- int setgid_err; --#ifdef HAVE_SETRESGID -- setgid_err = setresgid(getgid(), getgid(), getgid()); --#elif defined(HAVE_SETREGID) --#if defined(HAVE_GETEGID) && defined(HAVE_SETGID) && defined(HAVE_GETUID) -- setgid_err = setregid(getgid(), getgid()); --#else -- zwarnnam("unsetopt", -- "PRIVILEGED: can't drop privileges; setregid available, but cannot check if saved gid changed"); -+ /* -+ * Set the GID first as if we set the UID to non-privileged it -+ * might be impossible to restore the GID. -+ */ -+ { -+#ifndef HAVE_SETRESGID -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresgid() and friends not available"); - return -1; --#endif - #else -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresgid and setregid not available"); -- return -1; --#endif -+ int setgid_err; -+ setgid_err = setresgid(getgid(), getgid(), getgid()); - if (setgid_err) { - zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; failed to change group ID: %e", errno); - return -1; - } -+#endif - } - -- if (!skip_setuid) { --#if defined(HAVE_GETEUID) && defined(HAVE_SETUID) -- int orig_euid = geteuid(); --#endif -+ /* Set the UID second. */ -+ { -+#ifndef HAVE_SETRESUID -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresuid() and friends not available"); -+ return -1; -+#else - int setuid_err; --#if defined(HAVE_GETEUID) && defined(HAVE_INITGROUPS) && defined(HAVE_GETPWUID) -+ -+# ifdef HAVE_INITGROUPS -+ /* Set the supplementary groups list. */ - if (geteuid() == 0) { - struct passwd *pw = getpwuid(getuid()); - if (pw == NULL) { -- zwarnnam("unsetopt", "can't drop privileges; failed to get user information for uid %d: %e", -- getuid(), errno); -- return -1; -- } -- if (initgroups(pw->pw_name, pw->pw_gid)) { -+ zwarnnam("unsetopt", "can't drop privileges; failed to get user information for uid %L: %e", -+ (long)getuid(), errno); -+ failed = 1; -+ } else if (initgroups(pw->pw_name, pw->pw_gid)) { - zwarnnam("unsetopt", "can't drop privileges; failed to set supplementary group list: %e", errno); - return -1; - } -+ } else if (getuid() != 0 && -+ (geteuid() != getuid() || orig_egid != getegid())) { -+ zwarnnam("unsetopt", "PRIVILEGED: supplementary group list not changed due to lack of permissions: EUID=%L", -+ (long)geteuid()); -+ failed = 1; - } --#endif -+# else -+ /* initgroups() isn't in POSIX. If it's not available on the system, -+ * we silently skip it. */ -+# endif - --#ifdef HAVE_SETRESUID - setuid_err = setresuid(getuid(), getuid(), getuid()); --#elif defined(HAVE_SETREUID) --#if defined(HAVE_GETEUID) && defined(HAVE_SETUID) && defined(HAVE_GETUID) -- setuid_err = setreuid(getuid(), getuid()); --#else -- zwarnnam("unsetopt", -- "PRIVILEGED: can't drop privileges; setreuid available, but cannot check if saved uid changed"); -- return -1; --#endif --#else -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresuid and setreuid not available"); -- return -1; --#endif - if (setuid_err) { - zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; failed to change user ID: %e", errno); - return -1; - } --#if defined(HAVE_GETEUID) && defined(HAVE_SETUID) && defined(HAVE_GETUID) -- if (getuid() != 0 && !setuid(orig_euid)) { -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; was able to restore the euid"); -- return -1; -- } - #endif - } - --#if defined(HAVE_GETEGID) && defined(HAVE_SETGID) && defined(HAVE_GETUID) -- if (getuid() != 0 && !skip_setgid && !setgid(orig_egid)) { -+#ifdef HAVE_SETGID -+ if (getuid() != 0 && orig_egid != getegid() && -+ (setgid(orig_egid) != -1 || setegid(orig_egid) != -1)) { - zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; was able to restore the egid"); - return -1; - } - #endif - -+#ifdef HAVE_SETUID -+ if (getuid() != 0 && orig_euid != geteuid() && -+ (setuid(orig_euid) != -1 || seteuid(orig_euid) != -1)) { -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; was able to restore the euid"); -+ return -1; -+ } -+#endif -+ -+ if (failed) { -+ /* A warning message has been printed. */ -+ return -1; -+ } -+ - #ifdef JOB_CONTROL - } else if (!force && optno == MONITOR && value) { - if (new_opts[optno] == value) -diff --git a/Src/zsh.mdd b/Src/zsh.mdd -index 6e90776..292821a 100644 ---- a/Src/zsh.mdd -+++ b/Src/zsh.mdd -@@ -12,7 +12,8 @@ alwayslink=1 - objects="builtin.o compat.o cond.o exec.o glob.o hashtable.o hashnameddir.o \ - hist.o init.o input.o jobs.o lex.o linklist.o loop.o math.o \ - mem.o module.o options.o params.o parse.o pattern.o prompt.o signals.o \ --signames.o sort.o string.o subst.o text.o utils.o watch.o" -+signames.o sort.o string.o subst.o text.o utils.o watch.o \ -+openssh_bsd_setres_id.o" - - headers="../config.h zsh_system.h zsh.h sigcount.h signals.h \ - prototypes.h hashtable.h ztype.h" -diff --git a/Src/zsh_system.h b/Src/zsh_system.h -index 427c25f..4a95d0a 100644 ---- a/Src/zsh_system.h -+++ b/Src/zsh_system.h -@@ -457,30 +457,90 @@ struct timezone { - # define setpgrp setpgid - #endif - --/* can we set the user/group id of a process */ -+/* compatibility wrappers */ - --#ifndef HAVE_SETUID -+/* Our strategy is as follows: -+ * -+ * - Ensure that either setre[ug]id() or set{e,}[ug]id() is available. -+ * - If setres[ug]id() are missing, provide them in terms of either -+ * setre[ug]id() or set{e,}[ug]id(), whichever is available. -+ * - Provide replacement setre[ug]id() or set{e,}[ug]id() if they are not -+ * available natively. -+ * -+ * There isn't a circular dependency because, right off the bat, we check that -+ * there's an end condition, and #error out otherwise. -+ */ -+#if !defined(HAVE_SETREUID) && !(defined(HAVE_SETEUID) && defined(HAVE_SETUID)) -+ /* -+ * If you run into this error, you have two options: -+ * - Teach zsh how to do the equivalent of setreuid() on your system -+ * - Remove support for PRIVILEGED option, and then remove the #error. -+ */ -+# error "Don't know how to change UID" -+#endif -+#if !defined(HAVE_SETREGID) && !(defined(HAVE_SETEGID) && defined(HAVE_SETGID)) -+ /* See above comment. */ -+# error "Don't know how to change GID" -+#endif -+ -+/* Provide setresuid(). */ -+#ifndef HAVE_SETRESUID -+int setresuid(uid_t, uid_t, uid_t); -+# define HAVE_SETRESUID -+# define ZSH_IMPLEMENT_SETRESUID - # ifdef HAVE_SETREUID --# define setuid(X) setreuid(X,X) --# define setgid(X) setregid(X,X) --# define HAVE_SETUID -+# define ZSH_HAVE_NATIVE_SETREUID - # endif - #endif - --/* can we set the effective user/group id of a process */ -+/* Provide setresgid(). */ -+#ifndef HAVE_SETRESGID -+int setresgid(gid_t, gid_t, gid_t); -+# define HAVE_SETRESGID -+# define ZSH_IMPLEMENT_SETRESGID -+# ifdef HAVE_SETREGID -+# define ZSH_HAVE_NATIVE_SETREGID -+# endif -+#endif - -+/* Provide setreuid(). */ -+#ifndef HAVE_SETREUID -+# define setreuid(X, Y) setresuid((X), (Y), -1) -+# define HAVE_SETREUID -+#endif -+ -+/* Provide setregid(). */ -+#ifndef HAVE_SETREGID -+# define setregid(X, Y) setresgid((X), (Y), -1) -+# define HAVE_SETREGID -+#endif -+ -+/* Provide setuid(). */ -+/* ### TODO: Either remove this (this function has been standard since 1985), -+ * ### or rewrite this without multiply-evaluating the argument */ -+#ifndef HAVE_SETUID -+# define setuid(X) setreuid((X), (X)) -+# define HAVE_SETUID -+#endif -+ -+/* Provide setgid(). */ -+#ifndef HAVE_SETGID -+/* ### TODO: Either remove this (this function has been standard since 1985), -+ * ### or rewrite this without multiply-evaluating the argument */ -+# define setgid(X) setregid((X), (X)) -+# define HAVE_SETGID -+#endif -+ -+/* Provide seteuid(). */ - #ifndef HAVE_SETEUID --# ifdef HAVE_SETREUID --# define seteuid(X) setreuid(-1,X) --# define setegid(X) setregid(-1,X) --# define HAVE_SETEUID --# else --# ifdef HAVE_SETRESUID --# define seteuid(X) setresuid(-1,X,-1) --# define setegid(X) setresgid(-1,X,-1) --# define HAVE_SETEUID --# endif --# endif -+# define seteuid(X) setreuid(-1, (X)) -+# define HAVE_SETEUID -+#endif -+ -+/* Provide setegid(). */ -+#ifndef HAVE_SETEGID -+# define setegid(X) setregid(-1, (X)) -+# define HAVE_SETEGID - #endif - - #ifdef HAVE_SYS_RESOURCE_H -diff --git a/Test/E01options.ztst b/Test/E01options.ztst -index bcb34c3..38ae17e 100644 ---- a/Test/E01options.ztst -+++ b/Test/E01options.ztst -@@ -1096,3 +1096,18 @@ - 0:IGNORE_CLOSE_BRACES option - >this is OK - >6 -+ -+# There are further tests for PRIVILEGED in P01privileged.ztst. -+ if [[ -o privileged ]]; then -+ unsetopt privileged -+ fi -+ unsetopt privileged -+0:PRIVILEGED sanity check: unsetting is idempotent -+F:If this test fails at the first unsetopt, refer to P01privileged.ztst. -+ -+ if [[ -o privileged ]]; then -+ (( UID != EUID )) -+ else -+ (( UID == EUID )) -+ fi -+0:PRIVILEGED sanity check: default value is correct -diff --git a/configure.ac b/configure.ac -index 47f174e..cc050a9 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1217,9 +1217,8 @@ AC_CHECK_FUNCS(strftime strptime mktime timelocal \ - inet_aton inet_pton inet_ntop \ - getlogin getpwent getpwnam getpwuid getgrgid getgrnam \ - initgroups nis_list \ -- getuid setuid seteuid setreuid setresuid setsid \ -- getgid setgid setegid setregid setresgid \ -- geteuid getegid \ -+ setuid seteuid setreuid setresuid setsid \ -+ setgid setegid setregid setresgid \ - memcpy memmove strstr strerror strtoul \ - getrlimit getrusage \ - setlocale \ --- -2.21.1 - - -From 1754f070a8ac6953eb27f13e4df4a95b90bfe6a1 Mon Sep 17 00:00:00 2001 -From: dana -Date: Sun, 29 Dec 2019 02:41:11 +0000 -Subject: [PATCH 5/7] Improve PRIVILEGED fixes (again) - -* Pass RGID instead of passwd GID to initgroups() - -* Clean up #ifdefs, avoid unnecessary checks - -* Flatten conditions - -Upstream-commit: 26d02efa7a9b0a6b32e1a8bbc6aca6c544b94211 -Signed-off-by: Kamil Dudka ---- - Src/options.c | 92 ++++++++++++++++++++++++--------------------------- - 1 file changed, 43 insertions(+), 49 deletions(-) - -diff --git a/Src/options.c b/Src/options.c -index b10a53e..223cc24 100644 ---- a/Src/options.c -+++ b/Src/options.c -@@ -769,91 +769,85 @@ dosetopt(int optno, int value, int force, char *new_opts) - } else if(optno == PRIVILEGED && !value) { - /* unsetting PRIVILEGED causes the shell to make itself unprivileged */ - -+/* For simplicity's sake, require both setresgid() and setresuid() up-front. */ -+#if !defined(HAVE_SETRESGID) -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresgid() and friends not available"); -+ return -1; -+#elif !defined(HAVE_SETRESUID) -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresuid() and friends not available"); -+ return -1; -+#else - /* If set, return -1 so lastval will be non-zero. */ - int failed = 0; -- --#ifdef HAVE_SETUID - const int orig_euid = geteuid(); --#endif - const int orig_egid = getegid(); - - /* - * Set the GID first as if we set the UID to non-privileged it - * might be impossible to restore the GID. - */ -- { --#ifndef HAVE_SETRESGID -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresgid() and friends not available"); -+ if (setresgid(getgid(), getgid(), getgid())) { -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; failed to change group ID: %e", errno); - return -1; --#else -- int setgid_err; -- setgid_err = setresgid(getgid(), getgid(), getgid()); -- if (setgid_err) { -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; failed to change group ID: %e", errno); -- return -1; -- } --#endif - } - -- /* Set the UID second. */ -- { --#ifndef HAVE_SETRESUID -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresuid() and friends not available"); -- return -1; --#else -- int setuid_err; -- - # ifdef HAVE_INITGROUPS -- /* Set the supplementary groups list. */ -- if (geteuid() == 0) { -- struct passwd *pw = getpwuid(getuid()); -- if (pw == NULL) { -- zwarnnam("unsetopt", "can't drop privileges; failed to get user information for uid %L: %e", -- (long)getuid(), errno); -- failed = 1; -- } else if (initgroups(pw->pw_name, pw->pw_gid)) { -- zwarnnam("unsetopt", "can't drop privileges; failed to set supplementary group list: %e", errno); -- return -1; -- } -- } else if (getuid() != 0 && -- (geteuid() != getuid() || orig_egid != getegid())) { -- zwarnnam("unsetopt", "PRIVILEGED: supplementary group list not changed due to lack of permissions: EUID=%L", -- (long)geteuid()); -+ /* Set the supplementary groups list. -+ * -+ * Note that on macOS, FreeBSD, and possibly some other platforms, -+ * initgroups() resets the EGID to its second argument (see setgroups(2) for -+ * details). This has the potential to leave the EGID in an unexpected -+ * state. However, it seems common in other projects that do this dance to -+ * simply re-use the same GID that's going to become the EGID anyway, in -+ * which case it doesn't matter. That's what we do here. It's therefore -+ * possible, in some probably uncommon cases, that the shell ends up not -+ * having the privileges of the RUID user's primary/passwd group. */ -+ if (geteuid() == 0) { -+ struct passwd *pw = getpwuid(getuid()); -+ if (pw == NULL) { -+ zwarnnam("unsetopt", "can't drop privileges; failed to get user information for uid %L: %e", -+ (long)getuid(), errno); - failed = 1; -+ /* This may behave strangely in the unlikely event that the same user -+ * name appears with multiple UIDs in the passwd database */ -+ } else if (initgroups(pw->pw_name, getgid())) { -+ zwarnnam("unsetopt", "can't drop privileges; failed to set supplementary group list: %e", errno); -+ return -1; - } -+ } else if (getuid() != 0 && -+ (geteuid() != getuid() || orig_egid != getegid())) { -+ zwarnnam("unsetopt", "PRIVILEGED: supplementary group list not changed due to lack of permissions: EUID=%L", -+ (long)geteuid()); -+ failed = 1; -+ } - # else -- /* initgroups() isn't in POSIX. If it's not available on the system, -- * we silently skip it. */ -+ /* initgroups() isn't in POSIX. If it's not available on the system, -+ * we silently skip it. */ - # endif - -- setuid_err = setresuid(getuid(), getuid(), getuid()); -- if (setuid_err) { -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; failed to change user ID: %e", errno); -- return -1; -- } --#endif -+ /* Set the UID second. */ -+ if (setresuid(getuid(), getuid(), getuid())) { -+ zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; failed to change user ID: %e", errno); -+ return -1; - } - --#ifdef HAVE_SETGID - if (getuid() != 0 && orig_egid != getegid() && - (setgid(orig_egid) != -1 || setegid(orig_egid) != -1)) { - zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; was able to restore the egid"); - return -1; - } --#endif - --#ifdef HAVE_SETUID - if (getuid() != 0 && orig_euid != geteuid() && - (setuid(orig_euid) != -1 || seteuid(orig_euid) != -1)) { - zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; was able to restore the euid"); - return -1; - } --#endif - - if (failed) { - /* A warning message has been printed. */ - return -1; - } -+#endif /* HAVE_SETRESGID && HAVE_SETRESUID */ - - #ifdef JOB_CONTROL - } else if (!force && optno == MONITOR && value) { --- -2.21.1 - - -From dc66d410f09ff1db86f774f273fee14a3feb4ffd Mon Sep 17 00:00:00 2001 -From: dana -Date: Sun, 29 Dec 2019 02:43:14 +0000 -Subject: [PATCH 6/7] Clean up error-message white space - -Upstream-commit: 4ce66857b71b40a0661df3780ff557f2b0f4cb13 -Signed-off-by: Kamil Dudka ---- - Src/options.c | 30 +++++++++++++++++++++--------- - 1 file changed, 21 insertions(+), 9 deletions(-) - -diff --git a/Src/options.c b/Src/options.c -index 223cc24..a2e629f 100644 ---- a/Src/options.c -+++ b/Src/options.c -@@ -771,10 +771,12 @@ dosetopt(int optno, int value, int force, char *new_opts) - - /* For simplicity's sake, require both setresgid() and setresuid() up-front. */ - #if !defined(HAVE_SETRESGID) -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresgid() and friends not available"); -+ zwarnnam("unsetopt", -+ "PRIVILEGED: can't drop privileges; setresgid() and friends not available"); - return -1; - #elif !defined(HAVE_SETRESUID) -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; setresuid() and friends not available"); -+ zwarnnam("unsetopt", -+ "PRIVILEGED: can't drop privileges; setresuid() and friends not available"); - return -1; - #else - /* If set, return -1 so lastval will be non-zero. */ -@@ -787,7 +789,9 @@ dosetopt(int optno, int value, int force, char *new_opts) - * might be impossible to restore the GID. - */ - if (setresgid(getgid(), getgid(), getgid())) { -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; failed to change group ID: %e", errno); -+ zwarnnam("unsetopt", -+ "PRIVILEGED: can't drop privileges; failed to change group ID: %e", -+ errno); - return -1; - } - -@@ -805,18 +809,22 @@ dosetopt(int optno, int value, int force, char *new_opts) - if (geteuid() == 0) { - struct passwd *pw = getpwuid(getuid()); - if (pw == NULL) { -- zwarnnam("unsetopt", "can't drop privileges; failed to get user information for uid %L: %e", -+ zwarnnam("unsetopt", -+ "can't drop privileges; failed to get user information for uid %L: %e", - (long)getuid(), errno); - failed = 1; - /* This may behave strangely in the unlikely event that the same user - * name appears with multiple UIDs in the passwd database */ - } else if (initgroups(pw->pw_name, getgid())) { -- zwarnnam("unsetopt", "can't drop privileges; failed to set supplementary group list: %e", errno); -+ zwarnnam("unsetopt", -+ "can't drop privileges; failed to set supplementary group list: %e", -+ errno); - return -1; - } - } else if (getuid() != 0 && - (geteuid() != getuid() || orig_egid != getegid())) { -- zwarnnam("unsetopt", "PRIVILEGED: supplementary group list not changed due to lack of permissions: EUID=%L", -+ zwarnnam("unsetopt", -+ "PRIVILEGED: supplementary group list not changed due to lack of permissions: EUID=%L", - (long)geteuid()); - failed = 1; - } -@@ -827,19 +835,23 @@ dosetopt(int optno, int value, int force, char *new_opts) - - /* Set the UID second. */ - if (setresuid(getuid(), getuid(), getuid())) { -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; failed to change user ID: %e", errno); -+ zwarnnam("unsetopt", -+ "PRIVILEGED: can't drop privileges; failed to change user ID: %e", -+ errno); - return -1; - } - - if (getuid() != 0 && orig_egid != getegid() && - (setgid(orig_egid) != -1 || setegid(orig_egid) != -1)) { -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; was able to restore the egid"); -+ zwarnnam("unsetopt", -+ "PRIVILEGED: can't drop privileges; was able to restore the egid"); - return -1; - } - - if (getuid() != 0 && orig_euid != geteuid() && - (setuid(orig_euid) != -1 || seteuid(orig_euid) != -1)) { -- zwarnnam("unsetopt", "PRIVILEGED: can't drop privileges; was able to restore the euid"); -+ zwarnnam("unsetopt", -+ "PRIVILEGED: can't drop privileges; was able to restore the euid"); - return -1; - } - --- -2.21.1 - - -From ec2a5a5fa71103e20d62afa843a953863a2e1f97 Mon Sep 17 00:00:00 2001 -From: dana -Date: Sat, 28 Dec 2019 20:45:55 -0600 -Subject: [PATCH 7/7] Add unsetopt/PRIVILEGED tests - -Upstream-commit: b15bd4aa590db8087d1e8f2eb1af2874f5db814d -Signed-off-by: Kamil Dudka ---- - Test/E01options.ztst | 10 +- - Test/P01privileged.ztst | 197 ++++++++++++++++++++++++++++++++++++++++ - Test/README | 1 + - 3 files changed, 207 insertions(+), 1 deletion(-) - create mode 100644 Test/P01privileged.ztst - -diff --git a/Test/E01options.ztst b/Test/E01options.ztst -index 38ae17e..4dcae2c 100644 ---- a/Test/E01options.ztst -+++ b/Test/E01options.ztst -@@ -74,7 +74,6 @@ - # HASH_LIST_ALL ) - # PRINT_EXIT_STATUS haven't worked out what this does yet, although - # Bart suggested a fix. --# PRIVILEGED (similar to GLOBAL_RCS) - # RCS ( " " " " ) - # SH_OPTION_LETTERS even I found this too dull to set up a test for - # SINGLE_COMMAND kills shell -@@ -94,6 +93,15 @@ - - %test - -+ # setopt should move on to the next operation in the face of an error, but -+ # preserve the >0 return code -+ unsetopt aliases -+ setopt not_a_real_option aliases && return 2 -+ print -r - $options[aliases] -+0:setopt error handling -+?(eval):setopt:4: no such option: not_a_real_option -+>on -+ - alias echo='print foo' - unsetopt aliases - # use eval else aliases are all parsed at start -diff --git a/Test/P01privileged.ztst b/Test/P01privileged.ztst -new file mode 100644 -index 0000000..c54112b ---- /dev/null -+++ b/Test/P01privileged.ztst -@@ -0,0 +1,197 @@ -+# This file contains tests related to the PRIVILEGED option. In order to run, -+# it requires that the test process itself have super-user privileges (or that -+# one of the environment variables described below be set). This can be achieved -+# via, e.g., `sudo make check TESTNUM=P`. -+# -+# Optionally, the environment variables ZSH_TEST_UNPRIVILEGED_UID and/or -+# ZSH_TEST_UNPRIVILEGED_GID may be set to UID:EUID or GID:EGID pairs, where the -+# two IDs in each pair are different, non-0 IDs valid on the system being used -+# to run the tests. (The UIDs must both be non-0 to effectively test downgrading -+# of privileges, and they must be non-matching to test auto-enabling of -+# PRIVILEGED and to ensure that disabling PRIVILEGED correctly resets the saved -+# UID. Technically GID 0 is not special, but for simplicity's sake we apply the -+# same requirements here.) -+# -+# If either of the aforementioned environment variables is not set, the test -+# script will try to pick the first two >0 IDs from the passwd/group databases -+# on the current system. -+# -+# If either variable is set, the tests will run, but they will likely fail -+# without super-user privileges. -+ -+%prep -+ -+ # Mind your empty lines here. The logic in this %prep section is somewhat -+ # complex compared to most others; to avoid lots of nested/duplicated -+ # conditions we need to make sure that this all gets executed as a single -+ # function from which we can return early -+ [[ $EUID == 0 || -n $ZSH_TEST_UNPRIVILEGED_UID$ZSH_TEST_UNPRIVILEGED_GID ]] || { -+ ZTST_unimplemented='PRIVILEGED tests require super-user privileges (or env var)' -+ return 1 -+ } -+ (( $+commands[perl] )) || { # @todo Eliminate this dependency with a C wrapper? -+ ZTST_unimplemented='PRIVILEGED tests require Perl' -+ return 1 -+ } -+ grep -qE '#define HAVE_SETRES?UID' $ZTST_testdir/../config.h || { -+ ZTST_unimplemented='PRIVILEGED tests require setreuid()/setresuid()' -+ return 1 -+ } -+ # -+ ruid= euid= rgid= egid= -+ # -+ if [[ -n $ZSH_TEST_UNPRIVILEGED_UID ]]; then -+ ruid=${ZSH_TEST_UNPRIVILEGED_UID%%:*} -+ euid=${ZSH_TEST_UNPRIVILEGED_UID##*:} -+ else -+ print -ru$ZTST_fd 'Selecting unprivileged UID:EUID pair automatically' -+ local tmp=$( getent passwd 2> /dev/null || < /etc/passwd ) -+ # Note: Some awks require -v and its argument to be separate -+ ruid=$( awk -F: '$3 > 0 { print $3; exit; }' <<< $tmp ) -+ euid=$( awk -F: -v u=$ruid '$3 > u { print $3; exit; }' <<< $tmp ) -+ fi -+ # -+ if [[ -n $ZSH_TEST_UNPRIVILEGED_GID ]]; then -+ rgid=${ZSH_TEST_UNPRIVILEGED_GID%%:*} -+ egid=${ZSH_TEST_UNPRIVILEGED_GID##*:} -+ else -+ print -ru$ZTST_fd 'Selecting unprivileged GID:EGID pair automatically' -+ local tmp=$( getent group 2> /dev/null || < /etc/group ) -+ # Note: Some awks require -v and its argument to be separate -+ rgid=$( awk -F: '$3 > 0 { print $3; exit; }' <<< $tmp ) -+ egid=$( awk -F: -v g=$rgid '$3 > g { print $3; exit; }' <<< $tmp ) -+ fi -+ # -+ [[ $ruid/$euid == <1->/<1-> && $ruid != $euid ]] || ruid= euid= -+ [[ $rgid/$egid == <1->/<1-> && $rgid != $egid ]] || rgid= egid= -+ # -+ [[ -n $ruid && -n $euid ]] || { -+ ZTST_unimplemented='PRIVILEGED tests require unprivileged UID:EUID' -+ return 1 -+ } -+ [[ -n $rgid || -n $egid ]] || { -+ ZTST_unimplemented='PRIVILEGED tests require unprivileged GID:EGID' -+ return 1 -+ } -+ # -+ print -ru$ZTST_fd \ -+ "Using unprivileged UID $ruid, EUID $euid, GID $rgid, EGID $egid" -+ # -+ # Execute process with specified UID and EUID -+ # $1 => Real UID -+ # $2 => Effective UID -+ # $3 => Real GID -+ # $4 => Effective GID -+ # $5 ... => Command + args to execute (must NOT be a shell command string) -+ re_exec() { -+ perl -e ' -+ die("re_exec: not enough arguments") unless (@ARGV >= 5); -+ my ($ruid, $euid, $rgid, $egid, @cmd) = @ARGV; -+ foreach my $id ($ruid, $euid, $rgid, $egid) { -+ die("re_exec: invalid ID: $id") unless ($id =~ /^(-1|\d+)$/a); -+ } -+ $< = 0 + $ruid if ($ruid >= 0); -+ $> = 0 + $euid if ($euid >= 0); -+ $( = 0 + $rgid if ($rgid >= 0); -+ $) = 0 + $egid if ($egid >= 0); -+ exec(@cmd); -+ die("re_exec: exec failed: $!"); -+ ' -- "$@" -+ } -+ # -+ # Convenience wrapper for re_exec to call `zsh -c` -+ # -* ... => (optional) Command-line options to zsh -+ # $1 => Real UID -+ # $2 => Effective UID -+ # $3 => Real GID -+ # $4 => Effective GID -+ # $5 ... => zsh command string; multiple strings are joined by \n -+ re_zsh() { -+ local -a opts -+ while [[ $1 == -[A-Za-z-]* ]]; do -+ opts+=( $1 ) -+ shift -+ done -+ re_exec "$1" "$2" "$3" "$4" $ZTST_exe $opts -fc \ -+ "MODULE_PATH=${(q)MODULE_PATH}; ${(F)@[5,-1]}" -+ } -+ # -+ # Return one or more random unused UIDs -+ # $1 ... => Names of parameters to store UIDs in -+ get_unused_uid() { -+ while (( $# )); do -+ local i_=0 uid_= -+ until [[ -n $uid_ ]]; do -+ (( ++i_ > 99 )) && return 1 -+ uid_=$RANDOM -+ id $uid_ &> /dev/null || break -+ uid_= -+ done -+ : ${(P)1::=$uid_} -+ shift -+ done -+ } -+ -+%test -+ -+ re_zsh $ruid $ruid -1 -1 'echo $UID/$EUID $options[privileged]' -+ re_zsh $euid $euid -1 -1 'echo $UID/$EUID $options[privileged]' -+ re_zsh $ruid $euid -1 -1 'echo $UID/$EUID $options[privileged]' -+0q:PRIVILEGED automatically enabled when RUID != EUID -+>$ruid/$ruid off -+>$euid/$euid off -+>$ruid/$euid on -+ -+ re_zsh -1 -1 $rgid $rgid 'echo $GID/$EGID $options[privileged]' -+ re_zsh -1 -1 $egid $egid 'echo $GID/$EGID $options[privileged]' -+ re_zsh -1 -1 $rgid $egid 'echo $GID/$EGID $options[privileged]' -+0q:PRIVILEGED automatically enabled when RGID != EGID -+>$rgid/$rgid off -+>$egid/$egid off -+>$rgid/$egid on -+ -+ re_zsh $ruid $euid -1 -1 'unsetopt privileged; echo $UID/$EUID' -+0q:EUID set to RUID after disabling PRIVILEGED -+*?zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed * -+*?zsh:unsetopt:1: can't change option: privileged -+>$ruid/$ruid -+ -+ re_zsh 0 $euid -1 -1 'unsetopt privileged && echo $UID/$EUID' -+0:RUID/EUID set to 0/0 when privileged after disabling PRIVILEGED -+>0/0 -+ -+ re_zsh $ruid $euid -1 -1 "unsetopt privileged; UID=$euid" || -+ re_zsh $ruid $euid -1 -1 "unsetopt privileged; EUID=$euid" -+1:not possible to regain EUID when unprivileged after disabling PRIVILEGED -+*?zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed * -+*?zsh:unsetopt:1: can't change option: privileged -+*?zsh:1: failed to change user ID: * -+*?zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed * -+*?zsh:unsetopt:1: can't change option: privileged -+*?zsh:1: failed to change effective user ID: * -+ -+ re_zsh -1 -1 $rgid $egid 'unsetopt privileged && echo $GID/$EGID' -+0q:EGID set to RGID after disabling PRIVILEGED -+>$rgid/$rgid -+ -+# This test also confirms that we can't revert to the original EUID's primary -+# GID, which initgroups() may reset the EGID to on some systems -+ re_zsh $ruid 0 $rgid 0 'unsetopt privileged; GID=0' || -+ re_zsh $ruid 0 $rgid 0 'unsetopt privileged; EGID=0' -+1:not possible to regain EGID when unprivileged after disabling PRIVILEGED -+*?zsh:1: failed to change group ID: * -+*?zsh:1: failed to change effective group ID: * -+ -+ local rruid -+ grep -qF '#define HAVE_INITGROUPS' $ZTST_testdir/../config.h || { -+ ZTST_skip='initgroups() not available' -+ return 1 -+ } -+ get_unused_uid rruid || { -+ ZTST_skip="Can't get unused UID" -+ return 1 -+ } -+ re_zsh $rruid 0 -1 -1 'unsetopt privileged' -+1:getpwuid() fails with non-existent RUID and 0 EUID -+*?zsh:unsetopt:1: can't drop privileges; failed to get user information * -+*?zsh:unsetopt:1: can't change option: privileged -diff --git a/Test/README b/Test/README -index d012277..726d68e 100644 ---- a/Test/README -+++ b/Test/README -@@ -6,6 +6,7 @@ scripts names: - C: shell commands with special syntax - D: substititution - E: options -+ P: privileged (needs super-user privileges) - V: modules - W: builtin interactive commands and constructs - X: line editing --- -2.21.1 - diff --git a/SOURCES/zsh-5.0.2-PATH_MAX-extra-byte.patch b/SOURCES/zsh-5.0.2-PATH_MAX-extra-byte.patch new file mode 100644 index 0000000..26fae02 --- /dev/null +++ b/SOURCES/zsh-5.0.2-PATH_MAX-extra-byte.patch @@ -0,0 +1,199 @@ +From d670cfc55d96b65e124b09430d8f43909939fc55 Mon Sep 17 00:00:00 2001 +From: Peter Stephenson +Date: Thu, 17 Nov 2016 19:49:17 +0000 +Subject: [PATCH] 39958: Add extra byte to PATH_MAX allocations. + +This ensures we've got enough space for a null, although this +isn't always needed. + +Upstream-commit: a62e1640bcafbb82d86ea8d8ce057a83c4683d60 +Signed-off-by: Kamil Dudka +--- + Src/builtin.c | 2 +- + Src/compat.c | 4 ++-- + Src/exec.c | 16 ++++++++-------- + Src/glob.c | 4 ++-- + Src/hist.c | 2 +- + Src/utils.c | 6 +++--- + 6 files changed, 17 insertions(+), 17 deletions(-) + +diff --git a/Src/builtin.c b/Src/builtin.c +index caa4b64..86d7d9a 100644 +--- a/Src/builtin.c ++++ b/Src/builtin.c +@@ -945,7 +945,7 @@ cd_do_chdir(char *cnam, char *dest, int hard) + * Normalize path under Cygwin to avoid messing with + * DOS style names with drives in them + */ +- static char buf[PATH_MAX]; ++ static char buf[PATH_MAX+1]; + #ifndef _SYS_CYGWIN_H + void cygwin_conv_to_posix_path(const char *, char *); + #endif +diff --git a/Src/compat.c b/Src/compat.c +index cc4e876..d81e3d6 100644 +--- a/Src/compat.c ++++ b/Src/compat.c +@@ -270,7 +270,7 @@ zgetdir(struct dirsav *d) + int len; + #endif + +- buf = zhalloc(bufsiz = PATH_MAX); ++ buf = zhalloc(bufsiz = PATH_MAX+1); + pos = bufsiz - 1; + buf[pos] = '\0'; + strcpy(nbuf, "../"); +@@ -439,7 +439,7 @@ zgetcwd(void) + free(cwd); + } + #else +- char *cwdbuf = zalloc(PATH_MAX); ++ char *cwdbuf = zalloc(PATH_MAX+1); + ret = getcwd(cwdbuf, PATH_MAX); + if (ret) + ret = dupstring(ret); +diff --git a/Src/exec.c b/Src/exec.c +index c95667e..03716ba 100644 +--- a/Src/exec.c ++++ b/Src/exec.c +@@ -434,7 +434,7 @@ static int + zexecve(char *pth, char **argv, char **newenvp) + { + int eno; +- static char buf[PATH_MAX * 2]; ++ static char buf[PATH_MAX * 2+1]; + char **eep; + + unmetafy(pth, NULL); +@@ -575,7 +575,7 @@ static void + execute(LinkList args, int flags, int defpath) + { + Cmdnam cn; +- char buf[MAXCMDLEN], buf2[MAXCMDLEN]; ++ char buf[MAXCMDLEN+1], buf2[MAXCMDLEN+1]; + char *s, *z, *arg0; + char **argv, **pp, **newenvp = NULL; + int eno = 0, ee; +@@ -656,7 +656,7 @@ execute(LinkList args, int flags, int defpath) + + /* for command -p, search the default path */ + if (defpath) { +- char *s, pbuf[PATH_MAX]; ++ char *s, pbuf[PATH_MAX+1]; + char *dptr, *pe, *ps = DEFAULT_PATH; + + for(;ps;ps = pe ? pe+1 : NULL) { +@@ -693,7 +693,7 @@ execute(LinkList args, int flags, int defpath) + } else { + + if ((cn = (Cmdnam) cmdnamtab->getnode(cmdnamtab, arg0))) { +- char nn[PATH_MAX], *dptr; ++ char nn[PATH_MAX+1], *dptr; + + if (cn->node.flags & HASHED) + strcpy(nn, cn->u.cmd); +@@ -778,7 +778,7 @@ findcmd(char *arg0, int docopy) + break; + } + if (cn) { +- char nn[PATH_MAX]; ++ char nn[PATH_MAX+1]; + + if (cn->node.flags & HASHED) + strcpy(nn, cn->u.cmd); +@@ -859,7 +859,7 @@ mod_export Cmdnam + hashcmd(char *arg0, char **pp) + { + Cmdnam cn; +- char *s, buf[PATH_MAX]; ++ char *s, buf[PATH_MAX+1]; + char **pq; + + for (; *pp; pp++) +@@ -4919,7 +4919,7 @@ runshfunc(Eprog prog, FuncWrap wrap, char *name) + Eprog + getfpfunc(char *s, int *ksh, char **fname) + { +- char **pp, buf[PATH_MAX]; ++ char **pp, buf[PATH_MAX+1]; + off_t len; + off_t rlen; + char *d; +@@ -5047,7 +5047,7 @@ cancd(char *s) + char *t; + + if (*s != '/') { +- char sbuf[PATH_MAX], **cp; ++ char sbuf[PATH_MAX+1], **cp; + + if (cancd2(s)) + return s; +diff --git a/Src/glob.c b/Src/glob.c +index 9135fce..92ed8b5 100644 +--- a/Src/glob.c ++++ b/Src/glob.c +@@ -271,7 +271,7 @@ addpath(char *s, int l) + static int + statfullpath(const char *s, struct stat *st, int l) + { +- char buf[PATH_MAX]; ++ char buf[PATH_MAX+1]; + + DPUTS(strlen(s) + !*s + pathpos - pathbufcwd >= PATH_MAX, + "BUG: statfullpath(): pathname too long"); +@@ -775,7 +775,7 @@ parsepat(char *str) + + /* Now there is no (#X) in front, we can check the path. */ + if (!pathbuf) +- pathbuf = zalloc(pathbufsz = PATH_MAX); ++ pathbuf = zalloc(pathbufsz = PATH_MAX+1); + DPUTS(pathbufcwd, "BUG: glob changed directory"); + if (*str == '/') { /* pattern has absolute path */ + str++; +diff --git a/Src/hist.c b/Src/hist.c +index 9a63c15..6764eaf 100644 +--- a/Src/hist.c ++++ b/Src/hist.c +@@ -1658,7 +1658,7 @@ chrealpath(char **junkptr) + char *lastpos, *nonreal, *real; + #else + # ifdef HAVE_REALPATH +- char *lastpos, *nonreal, real[PATH_MAX]; ++ char *lastpos, *nonreal, real[PATH_MAX+1]; + # endif + #endif + +diff --git a/Src/utils.c b/Src/utils.c +index 05eeda4..13910a4 100644 +--- a/Src/utils.c ++++ b/Src/utils.c +@@ -930,7 +930,7 @@ finddir(char *s) + if(homenode.diff==1) + homenode.diff = 0; + if(!finddir_full) +- finddir_full = zalloc(ffsz = PATH_MAX); ++ finddir_full = zalloc(ffsz = PATH_MAX+1); + finddir_full[0] = 0; + return finddir_last = NULL; + } +@@ -1418,7 +1418,7 @@ checkmailpath(char **s) + } else if (S_ISDIR(st.st_mode)) { + LinkList l; + DIR *lock = opendir(unmeta(*s)); +- char buf[PATH_MAX * 2], **arr, **ap; ++ char buf[PATH_MAX * 2 + 1], **arr, **ap; + int buflen, ct = 1; + + if (lock) { +@@ -5828,7 +5828,7 @@ strsfx(char *s, char *t) + static int + upchdir(int n) + { +- char buf[PATH_MAX]; ++ char buf[PATH_MAX+1]; + char *s; + int err = -1; + +-- +2.20.1 + diff --git a/SPECS/zsh.spec b/SPECS/zsh.spec index 334bb3b..70266e2 100644 --- a/SPECS/zsh.spec +++ b/SPECS/zsh.spec @@ -3,7 +3,7 @@ Summary: Powerful interactive shell Name: zsh Version: 5.0.2 -Release: 34%{?dist}.2 +Release: 34%{?dist} License: MIT URL: http://zsh.sourceforge.net/ Group: System Environment/Shells @@ -106,9 +106,8 @@ Patch40: zsh-5.0.2-CVE-2018-1100.patch # fix improper handling of shebang line longer than 64 bytes (CVE-2018-13259) Patch41: zsh-5.0.2-CVE-2018-13259.patch -# drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) -Patch43: zsh-5.0.2-CVE-2019-20044.patch -BuildRequires: autoconf +# fix off-by-one error in buffer allocation to avoid stack smashing (#1722486) +Patch42: zsh-5.0.2-PATH_MAX-extra-byte.patch BuildRequires: coreutils sed ncurses-devel libcap-devel BuildRequires: texinfo texi2html gawk hostname @@ -173,9 +172,7 @@ This package contains the Zsh manual in html format. %patch39 -p1 %patch40 -p1 %patch41 -p1 - -%patch43 -p1 -autoreconf -fiv +%patch42 -p1 cp -p %SOURCE7 . @@ -292,11 +289,9 @@ fi %doc Doc/*.html %changelog -* Tue Mar 03 2020 Kamil Dudka - 5.0.2-34.el7_7.2 -- improve printing of error messages introduced by the fix of CVE-2019-20044 - -* Mon Feb 24 2020 Kamil Dudka - 5.0.2-33.el7_7.1 -- drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) +* Tue Aug 06 2019 Kamil Dudka - 5.0.2-34 +- make the chaselinks option work again (#1729997) +- fix off-by-one error in buffer allocation to avoid stack smashing (#1722486) * Mon Mar 04 2019 Kamil Dudka - 5.0.2-33 - fix regression in oh-my-zsh vcs_info hooks introduced in -30 (#1677696)