* Re: zsh 5.8.1 released (CVE-2021-45444) [not found] <3C1F736D-13E7-48FC-A708-EEE0F6E7253C@dana.is> @ 2022-02-13 8:58 ` david rayner 2022-02-13 10:10 ` dana 0 siblings, 1 reply; 3+ messages in thread From: david rayner @ 2022-02-13 8:58 UTC (permalink / raw) To: zsh-users [-- Attachment #1: Type: text/plain, Size: 438 bytes --] On 12/02/2022 15:41, dana wrote: > Hello, > > zsh 5.8.1 has been released and made available for download at the > following locations: Out of curiosity what is the process by which this will filter out to the various Linux & other distributions. Is it ad-hoc (I see you mention a security mailing list) ? Also you say it contains few changes but does it include various patches that I often see discussed in this group? zzapper [-- Attachment #2: Type: text/html, Size: 852 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: zsh 5.8.1 released (CVE-2021-45444) 2022-02-13 8:58 ` zsh 5.8.1 released (CVE-2021-45444) david rayner @ 2022-02-13 10:10 ` dana 2022-02-13 18:33 ` Daniel Shahaf 0 siblings, 1 reply; 3+ messages in thread From: dana @ 2022-02-13 10:10 UTC (permalink / raw) To: david rayner; +Cc: zsh-users On 13 Feb 2022, at 02:58, david rayner <david@rayninfo.co.uk> wrote: > Out of curiosity what is the process by which this will filter out to the > various Linux & other distributions. Is it ad-hoc (I see you mention a > security mailing list) ? The people who maintain those distributions' zsh packages are generally subscribed to the mailing list, and they pull down the update when they see the announcement. Some maintainers even get early notifications when a security release is coming. On 13 Feb 2022, at 02:58, david rayner <david@rayninfo.co.uk> wrote: > Also you say it contains few changes but does it include various patches > that I often see discussed in this group? Usually when we release a new version it's based on the master branch, so it will contain all of the patches that have been discussed on the mailing list up to that point. In this case, we weren't ready to do that, so we went back to the last stable version and released a small update based on that. The README/NEWS files included with the shell (and the Web site which is based on those files) only contain summaries of major changes and incompatibilities, not routine bug fixes, so if you want to find out *exactly* what was changed, you can either look at the ChangeLog file or do a comparison in Git. Here's ChangeLog for 5.8.1: https://github.com/zsh-users/zsh/blob/zsh-5.8.1/ChangeLog https://gitlab.com/zsh-org/zsh/-/blob/zsh-5.8.1/ChangeLog https://sourceforge.net/p/zsh/code/ci/zsh-5.8.1/tree/ChangeLog And here's the comparison between 5.8 and 5.8.1: https://github.com/zsh-users/zsh/compare/zsh-5.8...zsh-5.8.1 https://gitlab.com/zsh-org/zsh/-/compare/zsh-5.8...zsh-5.8.1 (not sure how to do comparisons in the SF interface) Maybe we could add one of those links to the announcements, or provide a list of changes some other way, if people want that. dana ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: zsh 5.8.1 released (CVE-2021-45444) 2022-02-13 10:10 ` dana @ 2022-02-13 18:33 ` Daniel Shahaf 0 siblings, 0 replies; 3+ messages in thread From: Daniel Shahaf @ 2022-02-13 18:33 UTC (permalink / raw) To: zsh-users dana wrote on Sun, 13 Feb 2022 10:10 +00:00: > On 13 Feb 2022, at 02:58, david rayner <david@rayninfo.co.uk> wrote: >> Out of curiosity what is the process by which this will filter out to the >> various Linux & other distributions. Is it ad-hoc (I see you mention a >> security mailing list) ? > > The people who maintain those distributions' zsh packages are generally > subscribed to the mailing list, and they pull down the update when they see > the announcement. Note that by "the mailing list" dana meant zsh-announce@, not zsh-security@. The latter is used exclusively for discussing vulnerabilities that have not yet been made public. Cheers, Daniel ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-02-13 18:34 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <3C1F736D-13E7-48FC-A708-EEE0F6E7253C@dana.is> 2022-02-13 8:58 ` zsh 5.8.1 released (CVE-2021-45444) david rayner 2022-02-13 10:10 ` dana 2022-02-13 18:33 ` Daniel Shahaf
Code repositories for project(s) associated with this public inbox https://git.vuxu.org/mirror/zsh/ This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).