about summary refs log tree commit diff
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS85
1 files changed, 65 insertions, 20 deletions
diff --git a/NEWS b/NEWS
index 8441610b0..b3a669792 100644
--- a/NEWS
+++ b/NEWS
@@ -4,25 +4,8 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH
 
 Note also the list of incompatibilities in the README file.
 
-Changes since 5.8
------------------
-
-CVE-2021-45444: Some prompt expansion sequences, such as %F, support
-'arguments' which are themselves expanded in case they contain colour
-values, etc. This additional expansion would trigger PROMPT_SUBST
-evaluation, if enabled. This could be abused to execute code the user
-didn't expect. e.g., given a certain prompt configuration, an attacker
-could trick a user into executing arbitrary code by having them check
-out a Git branch with a specially crafted name.
-
-This is fixed in the shell itself by no longer performing PROMPT_SUBST
-evaluation on these prompt-expansion arguments.
-
-Users who are concerned about an exploit but unable to update their
-binaries may apply the partial work-around described in the file
-Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell
-source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
-Marc Cornellà <hello@mcornella.com>. ]
+Changes since 5.8.1
+-------------------
 
 When unsetting a hash element, the string enclosed in square brackets is
 interpreted literally after any normal command-line-argument expansions.
@@ -54,6 +37,9 @@ fractional seconds.
 The option CLOBBER_EMPTY was added to enable the overwrite behaviour
 of CLOBBER for empty files only. It is disabled by default.
 
+A (-) expansion flag was added. It works like (n) but correctly sorts
+negative numbers.
+
 The compinit function learnt a -w option to explain why compdump runs.
 When run without the -i or -u options and compaudit discovers security
 issues, answering "y" to the "Ignore insecure ..." prompt removes the
@@ -69,11 +55,45 @@ widgets.  This corresponds to long-standing behavior of other user ZLE
 widgets.  Use the _complete_debug widget to capture XTRACE output, or
 use "functions -T" to enable tracing of specific completion functions.
 
+The fc builtin learnt an -s option which is a POSIX equivalent to the
+`fc -e-` method of re-executing a command without invoking an editor.
+
+The option CASE_PATHS was added to control how NO_CASE_GLOB behaves.
+NO_CASE_GLOB + NO_CASE_PATHS is equivalent to the current NO_CASE_GLOB
+behaviour. NO_CASE_GLOB + CASE_PATHS treats only path components that
+contain globbing characters as case-insensitive; this behaviour may
+yield more predictable results on case-sensitive file systems.
+NO_CASE_PATHS is the default.
+
 With the new TYPESET_TO_UNSET option set, "typeset foo" leaves foo unset,
 in contrast to the default behavior which assigns foo="".  Any parameter
 attributes such as numeric type, sorting, and padding are retained until
 the parameter is explicitly unset or a conflicting value is assigned.
-This is similar to default behavior of bash and ksh.
+This is similar to default behavior of bash and ksh.  This option is
+disabled by default.
+
+The compadd builtin's -D option can now be specified more than once.
+
+The zsh/zutil module's zformat builtin learnt an -F option which behaves
+like -f except that ternary expressions check for existence instead of
+doing math evaluation.
+
+The conventional syntax used to indicate units, ranges, and default values
+in completion descriptions (e.g. `timeout (seconds) (0-60) [20]`) is now
+recognised by the completion system itself. These components are parsed
+out of the description and can be individually styled. A _numbers helper
+function has been added to help function authors offer rich completion
+for these values.
+
+The log builtin, WATCH parameter, et al., have been broken out into a
+separate module, zsh/watch. The module is enabled by default.
+
+The zsh/watch module's WATCHFMT parameter now supports colours via the
+%F and %K escapes.
+
+The STTY parameter can now be set to an empty string before running a
+command to automatically restore terminal settings after the command
+finishes.
 
 The "jobs" command and "$jobstates" and related parameters can report on
 parent shell jobs even in subshells.  This is a snapshot of the parent
@@ -81,6 +101,31 @@ state, frozen at the point the subshell started.  However, if a subshell
 starts its own background jobs, the parent state is discarded in order
 to report on those new jobs.
 
+Changes from 5.8 to 5.8.1
+-------------------------
+
+CVE-2021-45444: Some prompt expansion sequences, such as %F, support
+'arguments' which are themselves expanded in case they contain colour
+values, etc. This additional expansion would trigger PROMPT_SUBST
+evaluation, if enabled. This could be abused to execute code the user
+didn't expect. e.g., given a certain prompt configuration, an attacker
+could trick a user into executing arbitrary code by having them check
+out a Git branch with a specially crafted name.
+
+This is fixed in the shell itself by no longer performing PROMPT_SUBST
+evaluation on these prompt-expansion arguments.
+
+Users who are concerned about an exploit but unable to update their
+binaries may apply the partial work-around described in the file
+Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell
+source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
+Marc Cornellà <hello@mcornella.com>. ]
+
+A regression was introduced in 5.8.1 in which, when reading a script
+from standard input, zsh itself would consume lines that should otherwise
+have been consumed by commands executed earlier in the script. This was
+not intentional and has been fixed in subsequent versions.
+
 Changes from 5.7.1-test-3 to 5.8
 --------------------------------