File CVE-2021-45444.patch of Package zsh.23100
diff --color -ruN zsh-5.6.ori/ChangeLog zsh-5.6/ChangeLog
--- zsh-5.6.ori/ChangeLog 2018-09-03 17:12:30.000000000 +0200
+++ zsh-5.6/ChangeLog 2022-02-25 16:41:04.210444796 +0100
@@ -1,3 +1,8 @@
+2022-01-27 dana <dana@dana.is>
+
+ * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive
+ PROMPT_SUBST
+
2018-09-03 Daniel Shahaf <d.s@daniel.shahaf.name>
* unposted: Config/version.mk: Release 5.6.
@@ -1529,7 +1534,7 @@
* unposted (cf. Sebastian: 41891): Test/D04parameter.ztst:
regression test for 41873
-
+
2017-10-17 Daniel Shahaf <d.s@daniel.shahaf.name>
* unposted: Doc/Zsh/builtins.yo: Document "typeset -p"'s optional
diff --color -ruN zsh-5.6.ori/Src/prompt.c zsh-5.6/Src/prompt.c
--- zsh-5.6.ori/Src/prompt.c 2018-08-12 21:21:30.000000000 +0200
+++ zsh-5.6/Src/prompt.c 2022-02-25 16:43:13.667486156 +0100
@@ -244,6 +244,13 @@
bv->fm += 2; /* skip over F{ */
if ((ep = strchr(bv->fm, '}'))) {
char oc = *ep, *col, *coll;
+
+ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
+ int opp = opts[PROMPTPERCENT];
+
+ opts[PROMPTPERCENT] = 1;
+ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
+
*ep = '\0';
/* expand the contents of the argument so you can use
* %v for example */
@@ -252,6 +259,10 @@
arg = match_colour((const char **)&coll, is_fg, 0);
free(col);
bv->fm = ep;
+
+ opts[PROMPTSUBST] = ops;
+ opts[PROMPTBANG] = opb;
+ opts[PROMPTPERCENT] = opp;
} else {
arg = match_colour((const char **)&bv->fm, is_fg, 0);
if (*bv->fm != '}')