From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 16960 invoked from network); 13 Feb 2022 10:11:03 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 13 Feb 2022 10:11:03 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1644747063; b=MkEj3PyyfyuiCQixYnDn098kNf5miyBDy3ONU1bkDTUSIPIUA6sLitekIg39JyoUdWw9i0MW8e 2CPglc3KpJGGftI0N82g/UGpwT5b4pRdlUx8fyrk2ZACiYtpAHJXucLSdXJ4qYytK8/60w6u8e f+CZoLTNCddcG/vKpODJn2sk7qlN5gqB+CNBddK51ajsxoxAd+ifMZRd/l0E56g8usF6u/QU8j wcau4Oz3PRy1zmH/WE6HUr6oxJN5M0FdJXzSF6dYI2R3o3S5/yXYqLL+JoZkaxi7NBFrLeQTQo C6abYd++2zWpzDsGQxnGXfO10HMNTY72+NEJObLfLZHBWw==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (mail-io1-f45.google.com) smtp.remote-ip=209.85.166.45; dkim=pass header.d=dana.is header.s=google header.a=rsa-sha256; dmarc=pass header.from=dana.is; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1644747063; bh=ZVNc6TJFL9Hkuwo3oUj7vIB1nHC0AceLndytoY+VeQk=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:To:References:Message-ID:Content-Transfer-Encoding:Cc:Date: In-Reply-To:From:Subject:MIME-Version:Content-Type:DKIM-Signature: DKIM-Signature; b=cjuUkAAHaLQIadFfn0pWYXdH8GRoiujrOS0Q0J69MhDtgeJxeyPHSvweWRakYGs2HSqgGOUem/ XY8/LlRkCNuIlKYkj+T7WGxit70w7dTsrL6Ywh6/giRqEljnZIxWJZqm7deM3eHsOTz8a3kyR3 /9FLw5GaiGfM/ZI34bqnuJFnUoRh5OgR30YgrgwRGHjSmEpvmf9iMQvVPowN6gPYN7KoElIATC TS51kZZJTsGaC2DPTayK2Th3Gb+LaPndOoSu9OB/wB5Wm7wQnTck1Cb05fj8XQDYuJ/PP5m1d2 25e0itWAYyOQFp5aVtlqSJxSuKH9hcoxLs1LnA1SbZHzIg==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=PoIyV7DvQo3kR+k7gzEY2t0zyca5VniUFvrE2AMMJ5A=; b=dJ/2KvPX4c++l0cJx0i6VJB3QI giYNIj9xoJ/0DKZqy2UBLSEN8QrtP2nWNV+ahgJNmCDdo/Q9XmgBVHOoU6E3U0C7x6PSK087jkPFo jQzY3rTX5WOezKgR0tRwf9UEqBvb3KjvjIoT4gSG37OB0t4V7u2PTJrUbauLM326yqLpsrtojsfYt khxkAkCa2AO3ZIqdyq/PsgIzB69a7yAgZxRvnGb3FTiO0A71gQE9vwib0G2CpIHs1oY5G3FJrV6tX pZ0o9ADkRaJdyDzB7yKsBleFxBcEEYMWkhUzJaoMdY6xFlk2Ft3II+LKjUue+BMQsLDiiLkCpg7ES iHaBfteQ==; Received: from authenticated user by zero.zsh.org with local id 1nJBqR-000H9a-0F; Sun, 13 Feb 2022 10:11:03 +0000 Authentication-Results: zsh.org; iprev=pass (mail-io1-f45.google.com) smtp.remote-ip=209.85.166.45; dkim=pass header.d=dana.is header.s=google header.a=rsa-sha256; dmarc=pass header.from=dana.is; arc=none Received: from mail-io1-f45.google.com ([209.85.166.45]:39800) by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128) id 1nJBpY-000GBK-Rf; Sun, 13 Feb 2022 10:10:10 +0000 Received: by mail-io1-f45.google.com with SMTP id c188so16613018iof.6 for ; Sun, 13 Feb 2022 02:10:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dana.is; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PoIyV7DvQo3kR+k7gzEY2t0zyca5VniUFvrE2AMMJ5A=; b=kerK/VUe5QvhumwAnz2azfD78qdDVA9HHXom1B5cI0Vtkr8mq8pFnTx6g8BqtF56h9 G2mbNFxOmwxgaUnUaWgMGugfBjSSM8/dWefu/os1F7cu5VUCmzDQhXwcFdmvlQZFecEh iNAZGw5q9OKf7G7PS0UMVxfxFf0agcQwh5WHU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PoIyV7DvQo3kR+k7gzEY2t0zyca5VniUFvrE2AMMJ5A=; b=sG1zSelgk9anWipQ/dR5wXTzZimVLEV4TEl9B3LFs2UsQZ9l/kSW1NEQD2UkCCl9o6 n5TinTVfrX65sJswelZu3ovrittu77MvdM7MkCiBBmOqa6SyODNqtgK2vCGnmLqgGpdP SeMLVdD5zQIO1pNuEhOXyVd/wV06FGcqoDB1W/dgSeDTuzcbAQDgBZ2kUX0Zh8r5MNXm XPJUSrQ4yMp65ND8KTVeX/g6s4RAGxJwySsf965fdIBnUSmbDk0JL4ty1Pk02a+ajGoK ub3OULxtwkgE6lwpH9YJ7FAFM67R7sNqrRhUhpw6BjjlbLMREo42/NshQn8u1mwXNuHz uYUQ== X-Gm-Message-State: AOAM531h03S3dZx0s5hhWc1ZA0D8NFTRCvjurUW+jHiHR85oSqvm1Jvn EJheVlQjyFChDxzOKg33OiMfTM86Glm3gg== X-Google-Smtp-Source: ABdhPJwGQOkEYL0+udEeXlrgbFylqBajPTHLaUTsZzbKiveZPQ65zzN0Acu5uppACgqdXP29N39Tpg== X-Received: by 2002:a05:6602:2e90:: with SMTP id m16mr4786310iow.74.1644747007640; Sun, 13 Feb 2022 02:10:07 -0800 (PST) Received: from heartswap.lan.dana.is ([173.17.84.59]) by smtp.gmail.com with ESMTPSA id q9sm17267375iop.30.2022.02.13.02.10.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 13 Feb 2022 02:10:07 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\)) Subject: Re: zsh 5.8.1 released (CVE-2021-45444) From: dana In-Reply-To: <07a9d039-38c6-e98b-2af0-a0da44b7ad96@rayninfo.co.uk> Date: Sun, 13 Feb 2022 04:10:06 -0600 Cc: zsh-users@zsh.org Content-Transfer-Encoding: quoted-printable Message-Id: <2864ED24-62C9-4B2B-AA73-6D667C912DF8@dana.is> References: <3C1F736D-13E7-48FC-A708-EEE0F6E7253C@dana.is> <07a9d039-38c6-e98b-2af0-a0da44b7ad96@rayninfo.co.uk> To: david rayner X-Mailer: Apple Mail (2.3608.120.23.2.7) X-Seq: 27521 Archived-At: X-Loop: zsh-users@zsh.org Errors-To: zsh-users-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-users-request@zsh.org X-no-archive: yes List-Id: List-Help: List-Subscribe: List-Unsubscribe: List-Post: List-Owner: List-Archive: On 13 Feb 2022, at 02:58, david rayner wrote: > Out of curiosity what is the process by which this will filter out to = the > various Linux & other distributions. Is it ad-hoc (I see you mention a > security mailing list) ? The people who maintain those distributions' zsh packages are generally subscribed to the mailing list, and they pull down the update when they = see the announcement. Some maintainers even get early notifications when a security release is coming. On 13 Feb 2022, at 02:58, david rayner wrote: > Also you say it contains few changes but does it include various = patches > that I often see discussed in this group? Usually when we release a new version it's based on the master branch, = so it will contain all of the patches that have been discussed on the mailing = list up to that point. In this case, we weren't ready to do that, so we went = back to the last stable version and released a small update based on that. The README/NEWS files included with the shell (and the Web site which is = based on those files) only contain summaries of major changes and = incompatibilities, not routine bug fixes, so if you want to find out *exactly* what was = changed, you can either look at the ChangeLog file or do a comparison in Git. = Here's ChangeLog for 5.8.1: https://github.com/zsh-users/zsh/blob/zsh-5.8.1/ChangeLog https://gitlab.com/zsh-org/zsh/-/blob/zsh-5.8.1/ChangeLog https://sourceforge.net/p/zsh/code/ci/zsh-5.8.1/tree/ChangeLog And here's the comparison between 5.8 and 5.8.1: https://github.com/zsh-users/zsh/compare/zsh-5.8...zsh-5.8.1 https://gitlab.com/zsh-org/zsh/-/compare/zsh-5.8...zsh-5.8.1 (not sure how to do comparisons in the SF interface) Maybe we could add one of those links to the announcements, or provide a = list of changes some other way, if people want that. dana