From: dana <dana@dana.is>
To: david rayner <david@rayninfo.co.uk>
Cc: zsh-users@zsh.org
Subject: Re: zsh 5.8.1 released (CVE-2021-45444)
Date: Sun, 13 Feb 2022 04:10:06 -0600 [thread overview]
Message-ID: <2864ED24-62C9-4B2B-AA73-6D667C912DF8@dana.is> (raw)
In-Reply-To: <07a9d039-38c6-e98b-2af0-a0da44b7ad96@rayninfo.co.uk>
On 13 Feb 2022, at 02:58, david rayner <david@rayninfo.co.uk> wrote:
> Out of curiosity what is the process by which this will filter out to the
> various Linux & other distributions. Is it ad-hoc (I see you mention a
> security mailing list) ?
The people who maintain those distributions' zsh packages are generally
subscribed to the mailing list, and they pull down the update when they see
the announcement. Some maintainers even get early notifications when a
security release is coming.
On 13 Feb 2022, at 02:58, david rayner <david@rayninfo.co.uk> wrote:
> Also you say it contains few changes but does it include various patches
> that I often see discussed in this group?
Usually when we release a new version it's based on the master branch, so it
will contain all of the patches that have been discussed on the mailing list
up to that point. In this case, we weren't ready to do that, so we went back
to the last stable version and released a small update based on that.
The README/NEWS files included with the shell (and the Web site which is based
on those files) only contain summaries of major changes and incompatibilities,
not routine bug fixes, so if you want to find out *exactly* what was changed,
you can either look at the ChangeLog file or do a comparison in Git. Here's
ChangeLog for 5.8.1:
https://github.com/zsh-users/zsh/blob/zsh-5.8.1/ChangeLog
https://gitlab.com/zsh-org/zsh/-/blob/zsh-5.8.1/ChangeLog
https://sourceforge.net/p/zsh/code/ci/zsh-5.8.1/tree/ChangeLog
And here's the comparison between 5.8 and 5.8.1:
https://github.com/zsh-users/zsh/compare/zsh-5.8...zsh-5.8.1
https://gitlab.com/zsh-org/zsh/-/compare/zsh-5.8...zsh-5.8.1
(not sure how to do comparisons in the SF interface)
Maybe we could add one of those links to the announcements, or provide a list
of changes some other way, if people want that.
dana
next prev parent reply other threads:[~2022-02-13 10:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <3C1F736D-13E7-48FC-A708-EEE0F6E7253C@dana.is>
2022-02-13 8:58 ` david rayner
2022-02-13 10:10 ` dana [this message]
2022-02-13 18:33 ` Daniel Shahaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2864ED24-62C9-4B2B-AA73-6D667C912DF8@dana.is \
--to=dana@dana.is \
--cc=david@rayninfo.co.uk \
--cc=zsh-users@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).