mirror of
git://git.code.sf.net/p/zsh/code
synced 2024-05-12 18:46:16 +02:00
Update NEWS/README
This commit is contained in:
parent
b15bd4aa59
commit
048f40b68b
18
NEWS
18
NEWS
|
@ -4,8 +4,22 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH
|
|||
|
||||
Note also the list of incompatibilities in the README file.
|
||||
|
||||
Changes since 5.7.1
|
||||
-------------------
|
||||
Changes since 5.7.1-test-3
|
||||
--------------------------
|
||||
|
||||
CVE-2019-20044: When unsetting the PRIVILEGED option, the shell sets its
|
||||
effective user and group IDs to match their respective real IDs. On some
|
||||
platforms (including Linux and macOS, but not FreeBSD), when the RUID and
|
||||
EUID were both non-zero, it was possible to regain the shell's former
|
||||
privileges by e.g. assigning to the EUID or EGID parameter. In the course
|
||||
of investigating this issue, it was also found that the setopt built-in
|
||||
did not correctly report errors when unsetting the option, which
|
||||
prevented users from handling them as the documentation recommended.
|
||||
setopt now returns non-zero if it is unable to safely drop privileges.
|
||||
[ Reported by Sam Foxman <samfoxman320@gmail.com>. ]
|
||||
|
||||
Changes from 5.7.1 to 5.7.1-test-3
|
||||
----------------------------------
|
||||
|
||||
The zsh/zutil module's zparseopts builtin learnt an -F option to abort
|
||||
parsing when an unrecognised option-like parameter is encountered.
|
||||
|
|
11
README
11
README
|
@ -5,8 +5,9 @@ THE Z SHELL (ZSH)
|
|||
Version
|
||||
-------
|
||||
|
||||
This is version 5.8 of the shell. This is a stable release. There are
|
||||
a few visible improvements since 5.7 as well as many bugfixes.
|
||||
This is version 5.8 of the shell. This is a security and feature release.
|
||||
There are a few visible improvements since 5.7, as well as many bugfixes.
|
||||
All zsh installations are encouraged to upgrade as soon as possible.
|
||||
|
||||
Note in particular the changes highlighted under "Incompatibilities since
|
||||
5.7.1" below. See NEWS for more information.
|
||||
|
@ -56,6 +57,12 @@ This only affects you if you override that function in your dotfiles.
|
|||
The cd and chdir builtins no longer interpret operands like -1 and +2 as
|
||||
stack entries when POSIX_CD is enabled.
|
||||
|
||||
Dropping privileges with `unsetopt privileged` may fail (with an error
|
||||
message) on some older and uncommon platforms due to library dependency
|
||||
changes made in the course of fixing CVE-2019-20044. Please report this
|
||||
to the zsh-workers mailing list if your system is affected. See NEWS for
|
||||
more.
|
||||
|
||||
Incompatibilities between 5.6.2 and 5.7.1
|
||||
-----------------------------------------
|
||||
|
||||
|
|
Loading…
Reference in New Issue