zsh-users
 help / color / mirror / code / Atom feed
* Re: zsh 5.8.1 released (CVE-2021-45444)
       [not found] <3C1F736D-13E7-48FC-A708-EEE0F6E7253C@dana.is>
@ 2022-02-13  8:58 ` david rayner
  2022-02-13 10:10   ` dana
  0 siblings, 1 reply; 3+ messages in thread
From: david rayner @ 2022-02-13  8:58 UTC (permalink / raw)
  To: zsh-users

[-- Attachment #1: Type: text/plain, Size: 438 bytes --]


On 12/02/2022 15:41, dana wrote:

> Hello,
>
> zsh 5.8.1 has been released and made available for download at the
> following locations:

Out of curiosity what is the process by which this will filter out to 
the various Linux & other distributions. Is it ad-hoc (I see you mention 
a security mailing list) ?


Also you say it contains few changes but does it include various patches 
that I often see discussed in this group?


zzapper

[-- Attachment #2: Type: text/html, Size: 852 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: zsh 5.8.1 released (CVE-2021-45444)
  2022-02-13  8:58 ` zsh 5.8.1 released (CVE-2021-45444) david rayner
@ 2022-02-13 10:10   ` dana
  2022-02-13 18:33     ` Daniel Shahaf
  0 siblings, 1 reply; 3+ messages in thread
From: dana @ 2022-02-13 10:10 UTC (permalink / raw)
  To: david rayner; +Cc: zsh-users

On 13 Feb 2022, at 02:58, david rayner <david@rayninfo.co.uk> wrote:
> Out of curiosity what is the process by which this will filter out to the
> various Linux & other distributions. Is it ad-hoc (I see you mention a
> security mailing list) ?

The people who maintain those distributions' zsh packages are generally
subscribed to the mailing list, and they pull down the update when they see
the announcement. Some maintainers even get early notifications when a
security release is coming.

On 13 Feb 2022, at 02:58, david rayner <david@rayninfo.co.uk> wrote:
> Also you say it contains few changes but does it include various patches
> that I often see discussed in this group?

Usually when we release a new version it's based on the master branch, so it
will contain all of the patches that have been discussed on the mailing list
up to that point. In this case, we weren't ready to do that, so we went back
to the last stable version and released a small update based on that.

The README/NEWS files included with the shell (and the Web site which is based
on those files) only contain summaries of major changes and incompatibilities,
not routine bug fixes, so if you want to find out *exactly* what was changed,
you can either look at the ChangeLog file or do a comparison in Git. Here's
ChangeLog for 5.8.1:

  https://github.com/zsh-users/zsh/blob/zsh-5.8.1/ChangeLog
  https://gitlab.com/zsh-org/zsh/-/blob/zsh-5.8.1/ChangeLog
  https://sourceforge.net/p/zsh/code/ci/zsh-5.8.1/tree/ChangeLog

And here's the comparison between 5.8 and 5.8.1:

  https://github.com/zsh-users/zsh/compare/zsh-5.8...zsh-5.8.1
  https://gitlab.com/zsh-org/zsh/-/compare/zsh-5.8...zsh-5.8.1
  (not sure how to do comparisons in the SF interface)

Maybe we could add one of those links to the announcements, or provide a list
of changes some other way, if people want that.

dana



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: zsh 5.8.1 released (CVE-2021-45444)
  2022-02-13 10:10   ` dana
@ 2022-02-13 18:33     ` Daniel Shahaf
  0 siblings, 0 replies; 3+ messages in thread
From: Daniel Shahaf @ 2022-02-13 18:33 UTC (permalink / raw)
  To: zsh-users

dana wrote on Sun, 13 Feb 2022 10:10 +00:00:
> On 13 Feb 2022, at 02:58, david rayner <david@rayninfo.co.uk> wrote:
>> Out of curiosity what is the process by which this will filter out to the
>> various Linux & other distributions. Is it ad-hoc (I see you mention a
>> security mailing list) ?
>
> The people who maintain those distributions' zsh packages are generally
> subscribed to the mailing list, and they pull down the update when they see
> the announcement.

Note that by "the mailing list" dana meant zsh-announce@, not
zsh-security@.  The latter is used exclusively for discussing
vulnerabilities that have not yet been made public.

Cheers,

Daniel


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-02-13 18:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <3C1F736D-13E7-48FC-A708-EEE0F6E7253C@dana.is>
2022-02-13  8:58 ` zsh 5.8.1 released (CVE-2021-45444) david rayner
2022-02-13 10:10   ` dana
2022-02-13 18:33     ` Daniel Shahaf

Code repositories for project(s) associated with this inbox:

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).