Bug 1729997

Summary: Regression introduced by CVE-2017-18206
Product: Red Hat Enterprise Linux 7 Reporter: Renaud Métrich <rmetrich>
Component: zshAssignee: Kamil Dudka <kdudka>
Status: CLOSED ERRATA QA Contact: Karel Volný <kvolny>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.6CC: kdudka, kvolny
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: zsh-5.0.2-34.el7 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-31 19:38:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Renaud Métrich 2019-07-15 14:23:39 UTC 
Description of problem:

A customer reported a regression in zsh-5.0.2-31.el7.x86_64 compared to zsh-5.0.2-28.el7.x86_64 around "chaselinks" option:

$ unsetopt chaselinks; cd /
$ setopt chaselinks; cd /
zsh: path expansion failed, using root directory


Version-Release number of selected component (if applicable):

zsh-5.0.2-31.el7.x86_64


How reproducible:

Always, see above with zsh-5.0.2-31.el7.x86_64


Additional info:

Patch 34 (zsh-5.0.2-CVE-2014-10072.patch) introduces the regression.
I was able to fix it by backporting some additional code.
Comment 3 Kamil Dudka 2019-07-15 15:14:13 UTC 
Thank you for debugging it and providing the patch!  It looks good to me.
Comment 9 errata-xmlrpc 2020-03-31 19:38:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0985