Ubuntu
zsh package

compinit -U in /etc/zsh/zshrc is unfriendly to fpath users

Bug #16759 reported by Jay Berkenbilt on 2005-05-06

4

Affects		Status	Importance	Assigned to	Milestone
	zsh (Ubuntu)	Fix Released	Medium	Tollef Fog Heen

Bug Description

This bug report refers to the zsh in Hoary. I don't see where to indicate that
here. I haven't checked the breezy version, but I know I'm reporting a problem
that is not in the original debian package.

I run compinit with different arguments in files called from my own .zshrc. The
Ubuntu /etc/zsh/zshrc contains the lines

autoload -U compinit
compinit

which are not present in the original debian package. With this here, this
compinit call gets called before my compinit -C -D in my own configuration
files, which results in security warnings when I run as root (since I set fpath
to include directories in my home directory) and a .zcompdump file which causes
problems when sharing a home directory across systems that have different
versions of zsh.

I believe that a call to compinit should not be in /etc/zsh/zshrc because users
should be able to call compinit with different arguments. As far as I can tell,
there is no way around this without losing the rest of /etc/zsh/zshrc (by
setting GLOBAL_RCS as needed to disable this from .zshenv).

Please consider removing these lines, leaving zshrc as in the debian package.
Alternatively, please explain why this is a good idea to have as it is. :-)

Related branches

lp:ubuntu/karmic/zsh

CVE References

2007-6209

Revision history for this message

Matt Zimmerman (mdz) wrote on 2005-05-06:

#1

The completion system is one of the premiere features of zsh, and we would like
to have it enabled by default for new users. If you know of a way to support
this use case, without interfering with configurations such as yours, I see no
problem adapting it.

Revision history for this message

Jay Berkenbilt (ejb) wrote on 2005-05-06:

#2

Oh, yes. Of course. It's been so long since I switched that I forgot
completion wasn't enabled by default without a compinit call.

Would you consider accepting something like the following:

# If you don't want compinit called here, place the line
# ubuntu_skip_compinit=1
# in your .zshenv
if [[ "$ubuntu_skip_compinit" = "" ]]; then
autoload -U compinit
compinit
fi

Revision history for this message

Jay Berkenbilt (ejb) wrote on 2005-05-06:

#3

I'll gladly submit a patch against the breezy version of the source package if
you'd like.

Matt Zimmerman (mdz) on 2006-03-31

Changed in zsh:
assignee:	nobody → tfheen
status:	Unconfirmed → Confirmed

Revision history for this message

Zefram (kcgurdkcaoed) wrote on 2006-07-06:

#4

The way to have fancy shell behaviour enabled for new users is to put
fancy configuration files in /etc/skel. That way they go into new
users' home directories and can be modified if the user is sufficiently
sophisticated.

/etc/profile, /etc/zsh/zshrc, and other files of that ilk should almost
always be empty or non-existent. You have to remember that they're not
merely defaults: they apply to *everyone*. Don't use them.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-05-21:

#5

Download full text (6.9 KiB)

This bug was fixed in the package zsh - 4.3.6-2ubuntu1

---------------
zsh (4.3.6-2ubuntu1) intrepid; urgency=low

  * Merge from debian unstable, remaining changes:
    - Makefile.in: Disable rule which runs autoconf;
                   we don't want it to run during the build.
    - debian/zshenv: Stop setting PATH, depend on new and shiny libpam-modules
                     which sets PATH for us.
    - debian/zshrc: Enable completions by default.
    - Change the maintainer address.
  * remove the patch from debian/zshenv. It does only act if $PATH is
    empty or likely to be unconfigured. If a local administrator really
    wants PATH to default to "/bin:/usr/bin", he can be expected to modify
    /etc/zshenv.
  * debian/zshrc: Enable to local user to prevent enabling completions by
    the global /etc/zshrc by setting the variable "skip_global_compinit=1"
    in his ~/.zshenv. Patch based on proposal by Jay Berkenbilt. LP: #16759

zsh (4.3.6-2) unstable; urgency=medium

  * Complete .spx files after ogg123, thanks to Markus Waldeck. closes:
    #474744.
  * Call configure with --enable-readnullcmd=pager (for when this
    becomes
  * Hardcode default readnullcmd to "pager" instead of "more". closes:
    #477722.

zsh (4.3.6-1) unstable; urgency=medium

  * New upstream version.
  * Unconditionally add zsh and zsh-static to /etc/shells in postinst,
    to ensure smooth transition to lenny+1. closes: #473652.

zsh (4.3.5-8) unstable; urgency=low

  * Avoid removal/readdition of shells in /etc/shells on package
    upgrades, in order to preserve local changes.
    closes: #473199, #473200.
  * Switch build dependency to libcap2-dev.

zsh (4.3.5-7) unstable; urgency=medium

  * Complete packages for aptitude why and why-not. closes: #472193.
  * Make git completion cope with user configs setting colors to
    "always". closes: #469588.
  * Move doc-base section to 'Shells' in accordance with doc-base 0.8.10
    policy.
  * Add PDF format to the doc-base control file.

zsh (4.3.5-6) unstable; urgency=low

  * Completion for calendar.
  * Update git completion (bisect skip and run, copying with the
    situation wherein git is an alias to a wrapper).

zsh (4.3.5-5) unstable; urgency=medium

* Fix completion of rsync -e ssh remote pathnames containing spaces.
closes: #468654.

zsh (4.3.5-4) unstable; urgency=low

* ZW#24611: fix ${+array[...]} with empty range matches.
closes: #466655.

zsh (4.3.5-3) unstable; urgency=medium

  * ZU#12632: fix bug unexporting special parameter after
    "SPECIAL=stuff funccall". closes: #317773.
  * Drop --print-gnu-build-architecture from dpkg completion.
    closes: #466904.
  * Patch documentation to reflect that global rc files are
    in /etc/zsh. closes: #466596.
  * Add Vcs-Git and Vcs-Browser control headers.

zsh (4.3.5-2) unstable; urgency=low

  * Add Homepage control field.
  * Apply patches from A Costa to fix documentation typos.
    closes: #463613, #463614, #463615, #463616, #463617, #463619,
    #463620, #463621, #463622.
  * Drop debconf-related dependencies and all vestiges of the
    debconf note. closes: #463916.
  * Remove conffile movement code from postinst.

zsh ...

This bug was fixed in the package zsh - 4.3.6-2ubuntu1

---------------
zsh (4.3.6-2ubuntu1) intrepid; urgency=low

* Merge from debian unstable, remaining changes:
    - Makefile.in: Disable rule which runs autoconf;
                   we don't want it to run during the build.
    - debian/zshenv: Stop setting PATH, depend on new and shiny libpam-modules
                     which sets PATH for us.
    - debian/zshrc: Enable completions by default.
    - Change the maintainer address.
  * remove the patch from debian/zshenv. It does only act if $PATH is
    empty or likely to be unconfigured. If a local administrator really
    wants PATH to default to "/bin:/usr/bin", he can be expected to modify
    /etc/zshenv.
  * debian/zshrc: Enable to local user to prevent enabling completions by
    the global /etc/zshrc by setting the variable "skip_global_compinit=1"
    in his ~/.zshenv. Patch based on proposal by  Jay Berkenbilt. LP: #16759

zsh (4.3.6-2) unstable; urgency=medium

* Complete .spx files after ogg123, thanks to Markus Waldeck.  closes:
    #474744.
  * Call configure with --enable-readnullcmd=pager (for when this
    becomes
  * Hardcode default readnullcmd to "pager" instead of "more".  closes:
    #477722.

zsh (4.3.6-1) unstable; urgency=medium

* New upstream version.
  * Unconditionally add zsh and zsh-static to /etc/shells in postinst,
    to ensure smooth transition to lenny+1.  closes: #473652.

zsh (4.3.5-8) unstable; urgency=low

* Avoid removal/readdition of shells in /etc/shells on package
    upgrades, in order to preserve local changes.
    closes: #473199, #473200.
  * Switch build dependency to libcap2-dev.

zsh (4.3.5-7) unstable; urgency=medium

* Complete packages for aptitude why and why-not.  closes: #472193.
  * Make git completion cope with user configs setting colors to
    "always".  closes: #469588.
  * Move doc-base section to 'Shells' in accordance with doc-base 0.8.10
    policy.
  * Add PDF format to the doc-base control file.

zsh (4.3.5-6) unstable; urgency=low

* Completion for calendar.
  * Update git completion (bisect skip and run, copying with the
    situation wherein git is an alias to a wrapper).

zsh (4.3.5-5) unstable; urgency=medium

* Fix completion of rsync -e ssh remote pathnames containing spaces.
    closes: #468654.

zsh (4.3.5-4) unstable; urgency=low

* ZW#24611: fix ${+array[...]} with empty range matches.
    closes: #466655.

zsh (4.3.5-3) unstable; urgency=medium

* ZU#12632: fix bug unexporting special parameter after
    "SPECIAL=stuff funccall".  closes: #317773.
  * Drop --print-gnu-build-architecture from dpkg completion.
    closes: #466904.
  * Patch documentation to reflect that global rc files are
    in /etc/zsh.  closes: #466596.
  * Add Vcs-Git and Vcs-Browser control headers.

zsh (4.3.5-2) unstable; urgency=low

* Add Homepage control field.
  * Apply patches from A Costa to fix documentation typos.
    closes: #463613, #463614, #463615, #463616, #463617, #463619,
    #463620, #463621, #463622.
  * Drop debconf-related dependencies and all vestiges of the
    debconf note.  closes: #463916.
  * Remove conffile movement code from postinst.

zsh (4.3.5-1) unstable; urgency=low

* New upstream version.

zsh (4.3.4-dev-8-1) unstable; urgency=low

* New upstream development release.

zsh (4.3.4-dev-7-4) unstable; urgency=low

* Add symlink for zsh4-static man page.
  * Reduce testsuite verbosity back to normal.
  * Update dpkg completion.  closes: #460566.
  * Fix sed completion for multiple input files.  closes: #461143.

zsh (4.3.4-dev-7-3) unstable; urgency=low

* Remove leading spaces from Texinfo direntry, since they cause
    dpkg's broken install-info to break.  closes: #460158.

zsh (4.3.4-dev-7-2) unstable; urgency=medium

* ZW#24384: eliminate invalid pointer causing segfault when
    trying to complete 'apt-c('.  closes: #459896.

zsh (4.3.4-dev-7-1) unstable; urgency=low

* New upstream development release.

zsh (4.3.4-dev-6-10) unstable; urgency=medium

* Update completion for xpdf.  closes: #458422.
  * Update run-help to CVS version.

zsh (4.3.4-dev-6-9) unstable; urgency=low

* Update completion for metaflac.

zsh (4.3.4-dev-6-8) unstable; urgency=low

* Drop Debian run-help fork and modify upstream run-help at build
    time with sed.
  * Reduce testsuite verbosity to level 1.

zsh (4.3.4-dev-6-7) unstable; urgency=low

* Tweak run-help so that it runs man on tails and not full
    pathnames.
  * Increase testsuite verbosity.

zsh (4.3.4-dev-6-6) unstable; urgency=low

* Ignore testsuite failures.

zsh (4.3.4-dev-6-5) unstable; urgency=low

* Add extra diagnostic to test harness to track down potential
    problem with V01zmodload test on the buildds.

zsh (4.3.4-dev-6-4) unstable; urgency=low

* Remove leading spaces from Texinfo direntry, since they cause
    a "fixed" makeinfo to break.  closes: #457741, #457743.

zsh (4.3.4-dev-6-3) unstable; urgency=low

* Tweak test suite so that skipped tests are not counted as failures.

zsh (4.3.4-dev-6-2) unstable; urgency=low

* Move zsh-doc to section 'doc'.
  * Set HOME to a directory guaranteed to exist while running the
    test suite.

zsh (4.3.4-dev-6-1) unstable; urgency=low

* New upstream development release.
  * Drop version number from the function directory.  closes: #455891.
  * Switch to ncursesw.

zsh (4.3.4-dev-5-1) unstable; urgency=low

* New upstream development release.

zsh (4.3.4-dev-4-2) unstable; urgency=low

* Drop module linking patch.

zsh (4.3.4-dev-4-1) unstable; urgency=low

* New upstream development release.

zsh (4.3.4-dev-3-3) unstable; urgency=low

* Use LDFLAGS=-Wl,--as-needed for zsh binary and modules.
  * Bump to Standards-Version 3.7.3.
  * Add completion for id.  closes: #454990.
  * Add completion for members.  closes: #454994.
  * Apply patch from Vincent Lefevre to handle "-include" in make
    completion.  closes: #455070.

zsh (4.3.4-dev-3-2) unstable; urgency=high

* Stop shipping difflog.pl in the binary package.  closes: #454073.
    [CVE-2007-6209].

zsh (4.3.4-dev-3-1) unstable; urgency=medium

* New upstream development release.
    - fixes segfault when doing
      `export TERM=dumb; export TERM=xterm; export TERM=dumb`.
      closes: #452915.

zsh (4.3.4-dev-2-1) unstable; urgency=low

* New upstream development release.
    - properly handles negative zero.  closes: #448732.
    - default to POSIX symlink dereferencing behavior in chgrp
      builtin.  closes: #439036.

zsh (4.3.4-27) unstable; urgency=low

* Fix two issues with `git push` completion, thanks to Sean Finney.
  * Fix typo in the "clint" prompt.

zsh (4.3.4-26) unstable; urgency=low

* Add completion for cut, from Dr. Markus Waldeck.
    closes: #448465.
  * Only run $(MAKE) distclean if Makefile exists.
  * Don't install any of the completion function files +x.

zsh (4.3.4-25) unstable; urgency=low

* Add completion for dpkg-repack, from Dr. Markus Waldeck.
    closes: #448182.

-- Reinhard Tartler <siretart@tauware.de>   Wed, 21 May 2008 09:17:09 +0200

Changed in zsh:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

ubuntu-bugzilla #10465 Edit

Bug watches keep track of this bug in other bug trackers.