gnu: zsh: Fix CVE-2018-{7548,7549}.

* gnu/packages/patches/zsh-CVE-2018-7548.patch,
gnu/packages/patches/zsh-CVE-2018-7549.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/shells.scm (zsh)[source]: Use them.

1 files changed, 48 insertions, 0 deletions

diff --git a/gnu/packages/patches/zsh-CVE-2018-7548.patch b/gnu/packages/patches/zsh-CVE-2018-7548.patch
new file mode 100644
index 0000000000..1ee15fad73
--- /dev/null
+++ b/gnu/packages/patches/zsh-CVE-2018-7548.patch
@@ -0,0 +1,48 @@
+Fix CVE-2018-7548:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
+
+From 110b13e1090bc31ac1352b28adc2d02b6d25a102 Mon Sep 17 00:00:00 2001
+From: Joey Pabalinas <joeypabalinas@gmail.com>
+Date: Tue, 23 Jan 2018 22:28:08 -0800
+Subject: [PATCH] 42313: avoid null-pointer deref when using ${(PA)...} on an
+ empty array result
+
+---
+ ChangeLog   | 5 +++++
+ Src/subst.c | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+#diff --git a/ChangeLog b/ChangeLog
+#index d2ba94afc..3037edda4 100644
+#--- a/ChangeLog
+#+++ b/ChangeLog
+#@@ -1,3 +1,8 @@
+#+2018-01-23  Barton E. Schaefer  <schaefer@zsh.org>
+#+
+#+       * Joey Pabalinas: 42313: Src/subst.c: avoid null-pointer deref
+#+       when using ${(PA)...} on an empty array result
+#+
+# 2018-01-23  Oliver Kiddle  <okiddle@yahoo.co.uk>
+# 
+#        * 42317: Completion/Linux/Command/_cryptsetup,
+diff --git a/Src/subst.c b/Src/subst.c
+index d027e3d83..a265a187e 100644
+--- a/Src/subst.c
++++ b/Src/subst.c
+@@ -2430,7 +2430,7 @@ paramsubst(LinkList l, LinkNode n, char **str, int qt, int pf_flags,
+ 		val = aval[0];
+ 		isarr = 0;
+ 	    }
+-	    s = dyncat(val, s);
++	    s = val ? dyncat(val, s) : dupstring(s);
+ 	    /* Now behave po-faced as if it was always like that... */
+ 	    subexp = 0;
+ 	    /*
+-- 
+2.16.2
+