Updated: zsh-5.8-1

Peter A. Castro doctor@fruitbat.org
Fri Jun 26 06:59:15 GMT 2020

An updated version of zsh (zsh-5.8-1) has been released and should be at a
mirror near you real soon.  This is an upstream release.


Version 5.8 has just been released for both 32-bit and 64-bit Cygwin.
(Versions 5.6* & 5.7* were skipped for stability reasons, but the
change/release info is included for history).


(From the release notes: http://zsh.sourceforge.net/releases.html)

Changes between 5.7 and 5.8


  * The history expansion !:1:t2 used to be interpreted such that the 2
was a separate character added after the history expansion. Now it is an
argument to the :t modifier. The behaviour of :h has similarly changed.

  * The vcs_info function VCS_INFO_quilt-dirfind now returns a string
value by setting $REPLY. Previously it printed the value to standard

  * The cd and chdir builtins no longer interpret operands like -1 and
+2 as stack entries when POSIX_CD is enabled.

  * Dropping privileges with `unsetopt privileged` may fail (with an
error message) on some older and uncommon platforms due to library
dependency changes made in the course of fixing CVE-2019-20044 (see
below). Please report this to the zsh-workers mailing list if your
system is affected.


  * CVE-2019-20044: When unsetting the PRIVILEGED option, the shell sets
its effective user and group IDs to match their respective real IDs. On
some platforms (including Linux and macOS, but not FreeBSD), when the
RUID and EUID were both non-zero, it was possible to regain the shell's
former privileges by e.g. assigning to the EUID or EGID parameter. In
the course of investigating this issue, it was also found that the
setopt built-in did not correctly report errors when unsetting the
option, which prevented users from handling them as the documentation
recommended. setopt now returns non-zero if it is unable to safely drop
privileges. [ Reported by Sam Foxman. ]

  * The zsh/zutil module's zparseopts builtin learnt an -F option to
abort parsing when an unrecognised option-like parameter is encountered.

  * The zsh/files module gained a chmod builtin.

  * Several changes have been made to the way completion functions track
'precommands' (such as `command` and `env`) and determine whether the
command being completed for is a shell builtin. Developers of completion
functions may wish to familiarise themselves with `_normal -p` and
`_pick_variant -b`.

  * The option CD_SILENT was added to suppress all output from cd
(whether explicit or implicit with AUTO_CD). It is disabled by default.

  * The compadd builtin's -o option now takes an optional argument to
specify the order of completion matches. This affects the display of
candidate matches and the order in which they are selected when cycling
between them using menu completion.

  * The :h and :t modifiers in parameter expansion (if braces are
present), glob qualifiers and history expansion may take following
decimal digit arguments in order to keep that many leading or trailing
path components instead of the defaults of all but one (:h) and one
(:t). In an absolute path the leading '/' counts as one component.

  * The functions builtin gained a -c option to efficiently copy

  * The zshmisc(1) manual page incorrectly stated that when 'exit' is
used in a `try' block inside a function, the corresponding `always'
block will be executed. The manual page has been corrected. The shell's
behaviour has not changed.

Changes between 5.6.2 and 5.7


  * vcs_info git: The gen-unapplied-string hook receives the patches in
order (next to be applied first). This is consistent with the hg backend
and with one of two contradictory claims in the documentation (the other
one has been corrected). In zsh through 5.6.2, the patches were passed
in reverse order, next to be applied being last in the array. The
gen-applied-string hook is unaffected; it still receives the patches in
reverse order, from last applied to first applied.

  * The option NO_UNSET now also applies when reading values from
variables without a preceding '$' sign in shell arithmetic expansion and
in the double-parentheses and 'let' arithmetic commands.


  * Support for 24-bit true color terminals has been added. Hex triplets
can be used when specifying colours for prompts and line editor
highlighting. On 88 and 256 colour terminals, a new zsh/nearcolor module
allows colours specified with hex triplets to be matched against the
nearest available colour.

  * The zsh/datetime module's strftime builtin now accepts an argument
specifying the nanoseconds time component; both arguments can be omitted
to use the current time.

Changes between 5.5.1 and 5.6.2


  * The completion helper _remote_files, typically used after a hostname
with scp-style completion, now uses remote-files instead of files as a
tag. This makes it easier to restrict completions with the tag-order


  * CVE-2018-0502: Data from the second line of a #! script file might
be passed to execve(). For example, in the following situation -

    printf '#!foo\nbar' > baz

    the shell might take "bar" rather than "foo" for the argv[0] to be
passed to execve(). [ Reported by Anthony Sottile and Buck Evan. ]

  * CVE-2018-13259: A shebang line longer than 64 characters would be
truncated. For example, in the following situation:

    ( printf '#!'; repeat 64 printf 'x'; printf 'y' ) > foo

    the shell might execute x...x (64 repetitions) rather than x...xy
(64 x's, one y). [ Reported by Daniel Shahaf. ]

  * Non-stop IEEE 754 arithmetic support - Inf and NaN are now returned
from floating point operations where errors were printed before. Inf and
NaN are also recognised in arithmetic expressions.

  * In shell patterns, [[:blank:]] now honours the locale instead of
matching exclusively on space and tab, like for the other POSIX
character classes or for extended regular expressions.

  * The zsh/system module now provides the PID of the last process
substitution via $sysparams[procsubstpid].

  * Time formatting via the %D prompt escape now offers nanosecond
precision with the %. and %N format specifiers. Additionally, nanosecond
precision on file times is supported in the module zsh/stat.

  * The zsh/mathfunc module now includes a log2() function.

  * The parameter ZLE_RECURSIVE has been added to indicate the current
ZLE recursion level.


See ChangeLogs for full details.



Zsh is a UNIX command interpreter (shell) usable as an interactive login
shell and as a shell script command processor.  Of the standard shells,
zsh most closely resembles `ksh' but includes many enhancements.  Zsh has
command line editing, builtin spelling correction, programmable command
completion, shell functions (with autoloading), a history mechanism, and
a host of other features.

To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your system.
Save it and run setup, answer the questions and pick up 'zsh' in the
'Shell' category (you will have select it).

Note that downloads from sources.redhat.com (aka cygwin.com) aren't
allowed due to bandwidth limitations.  This means that you will need to
find a mirror which has this update, please choose the one nearest to you:

If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

To unsubscribe from the cygwin-announce mailing list, look at the
"List-Unsubscribe: " tag in the email header of this message.  Send email
to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-YOU=YOURDOMAIN.COM at cygwin.com

If you need more information on unsubscribing, start reading here:


Please read *all* of the information on unsubscribing that is available
starting at that URL.

--=> Peter A. Castro
Email: doctor at fruitbat dot org / Peter dot Castro at oracle dot com
	"Cats are just autistic Dogs" -- Dr. Tony Attwood

More information about the Cygwin-announce mailing list