The code before this commit happened to have done the right thing:
"exec" lines were handled by the catchall forward compatibility case,
which happened to have had virtually the same effect as the correct
case. However, that was merely an accidental result. This patch makes
the code do the right thing deliberately, rather than by accident.
* Update _command_names to add **/sbin to PATH when not otherwise overridden
and _comp_priv_prefix is set. This ensures that, on systems where
unprivileged users don't have **/sbin in their PATHs, we can still complete
those commands when they try to run them with e.g. sudo
* Update functions for privilege-gaining commands to use the aforementioned
mechanism
* Fix some other minor issues in _pfexec and _doas
Changes from the posted diff:
* Fix a minor redundancy in _doas
* Add _c_p_p=( '' ) hack to _su
* origin/5.9:
unposted: Move a new incompatibility notice.
unposted: Fix trailing whitespace in test expectations.
45342: Add tests for interaction between autoloadable parameters and module loading.
45313: _git: Support completion from outside of a worktree when --git-dir/--work-tree are specified on the command line
45304: Do execute the always block even when the try/always block itself is the last command.
45292: D02glob: Add regression test for macOS stat(2) misbehaviour
45291: A glob with a trailing slash will now match unreadable/unexecutable directories.
45288: _git: Complete bisect/new as well as bisect/bad.
45246: Make --disable-multibyte warn, since the test suite fails in that configuration.
45213: Make --enable-gdbm default to false, rather than default to true with an unavoidable warning.
unposted (follow-up to 45131): Extra testing by Mikael
45137: zformat: Allow the specifying minimum width and a dot with an empty maximum width.
45138: Add zformat unit tests.
45131: Make a function that redefines itself preserve its tracedness.
The change in question was (deliberately) not merged to master before the 5.8
release. Therefore, it is a "post 5.8" change, even though it was written
when 5.7.1 was the latest release.
* Test/D02glob.ztst:
On the "unreadable directories can be globbed (users/24619, users/24626)"
test, resolve conflicts by removing the Cygwin-only skip that has been added
in master, since the test is passing on this branch. This effectively reverts
workers/45492. See discussion starting in workers/45504.
* origin/master:
unposted: Remove 'sgi', as that OpenBSD port has been discontinued.
45509: fix typos in B01cd.ztst
45490 (+45495 and a test): refactor rlimits.c
github #49: Fix typo: longson should be loongson
users/24710: Fix job control problem with sudo.
45492: skip test added by users/24633 on Cygwin
45488: COMP_WORDS for bash need "$@"-style quoting
45487: Missing mod_export declarations for AIX
45447: Complete vcs_info_hookadd and vcs_info_hookdel. Expose _vcs_info_hooks as a top-level helper function.
45463: test: kill: Document why we use SIGURG
45453: builtins: kill: Do not signal current process group when pid is empty
45452: builtins: kill: Add `kill ''` regression test with explicit sigspec
45451: builtins: kill: Add basic test suite
github #48/0002: vcs_info git: properly detect bare repositories
github #48/0001: vcs_info git: avoid warnings in bare repositories
unposted: Post-release version bump
unposted: Release 5.8
CVE-2019-20044: Update change log for preceding commits
Update NEWS/README
Add unsetopt/PRIVILEGED tests
Clean up error-message white space
Improve PRIVILEGED fixes (again)
Improve PRIVILEGED fixes
Drop privileges securely
unposted: V01zmodload: Fix failing test from workers/45385
45423: _su: Improve arg handling, shell look-ups
unposted: _zip: Recognise '--'
45385: Add a test for 'zmodload -Fa' preemptively disabling ("blacklisting"?) features.
unposted: Test release: 5.7.1-test-3
zsh/system: Fix infinite loop in sysread
_diff_options: Restore -w completion lost in workers/43351
unposted: Fix ChangeLog typo.
45368: Add tests for workers/45367's issue about double slashes in 'cd -P' and /home/daniel/in/zsh.
45373: Fix ERR_EXIT bug in else branch of if.
45372: Record a symlink loop bug involving :P
45365: _git: Fix __git_recent_branches for the case when a commit has an empty message
45343: Queue signals around arithmetic evaluations
45344: Document where third-party completion functions should be installed.
45345: internal: ztst.vim: Fix highlighting of zsh comments in test payload
unposted: internal: Add some comments and fix indentation. No functional change.
45340: internal: Document the difference between paramtab and realparamtab.
45332: _git: add completion for git-version
_brace_parameter: add missing \
Conflicts:
ChangeLog
Test/D02glob.ztst
Test/V01zmodload.ztst
If we use kill to test for continued existence of a process group,
we should check on failure that the error is ESRCH, as EPERM
indicates the group still has memebers but running privileged
so should be left alone.
The following case was encountered in the wild:
% zsh; echo "$?"
% trap 'exit 5' TERM
% kill ''
5
This behaviour seems more likely to be the result of bugs in programs
(e.g. `kill -9 "$unsetvar") rather than being desirable
behaviour to me. It also seems unintentional judging by the code and
documentation, since it comes about as a result of the fact that:
- `isanum` returns true for empty strings (since an empty string
technically only consists of digits and minuses...);
- `atoi`, when passed a pointer to an invalid number, returns 0;
- `kill(0, signal)` sends the signal in question to all processes in the
current process group.
There are (at least) two ways to solve this issue:
1. Add special handling to `kill` to avoid this case. See this patch[0]
for a version that does that.
2. Change how isanum behaves. Since the only two call sites that use it
both seem like they should handle the case where the input char array
is empty, that seems like a reasonable overall change to me.[1]
After this patch:
% trap 'exit 5' TERM
% kill ''
kill: illegal pid:
The regression test for `kill` without a sigspec is also included in
this commit, as previously it's not possible to test it trivially as it
would still kill the test runner in expected-to-fail mode; see
discussion in workers/45449.
0: workers/45426: https://www.zsh.org/mla/workers/2020/msg00251.html
1: The other call site using isanum() is the fg builtin, but in that
case we just fail later since we can't find any job named '', so no
big deal either way. It's the kill case which is more concerning.
The version without a sigspec can't be added yet because it would still
kill the test runner even in expected-to-fail mode; see workers/45449
for discussion. For the same reason, we use a signal which is non-fatal
by default and unlikely to be sent by someone else, SIGURG, to do the
expected-to-fail case prior to the fix.
This is not totally comprehensive, but at least it's a start for the
core functionality. In the next commits, we'll also use this base to add
some regression tests.
We currently detect Git repositories by finding the top level of the
working tree, and if we fail to detect it, assume that we're not in a
repository. However, there's a case we don't consider: a bare
repository.
Let's detect if the user is in a bare repository by checking if gitdir
is set, and if so, using that if there is no working tree. We now
detect bare Git repositories with vcs_info, as expected.
Git 2.25 introduced a change to how git rev-parse --show-toplevel
behaves. Traditionally, it succeeded with no output if the user was
in a bare repository. Now it dies, printing an error to standard error.
Consequently, when the user is in a bare repository with a newer Git,
vcs_info prints noisily to standard error.
While this is functionally harmless, it is annoying for the shell to
print messages from Git every time the prompt is printed, so let's
silence the error message.
- Fix retval handling in bin_setopt()
- Don't skip_setuid / skip_setgid. It's not our place to optimize away noops
(that might not even _be_ noops; they might change the saved uid…).
- Remove HAVE_* guard checks around functions that are used unguarded elsewhere.
- Use bsd-setres_id.c from OpenSSH to provide setresuid() / setresgid()
everywhere, and thus simplify the ifdef soup. Fix some preëxisting
bugs in the macro definitions of setuid() (do we still need that one?).
- Fix zwarning() format codes for variadic arguments type safety
- Restored a comment from HEAD
- Fix failure modes around initgroups()
- Compared privilege restoration code with OpenSSH's permanently_drop_uid() and
updated as needed
- Add E01 PRIVILEGED sanity checks
