zsh-workers
 help / color / mirror / Atom feed
* I've caught up on pending commits; how about you?
@ 2021-05-15 21:32 Bart Schaefer
  2021-05-15 23:20 ` Daniel Shahaf
  0 siblings, 1 reply; 4+ messages in thread
From: Bart Schaefer @ 2021-05-15 21:32 UTC (permalink / raw)
  To: Zsh hackers list

Everything I've recently noted as needing attention, or that was
hanging around in my git stashes, and was a complete patch, has now
been committed and pushed.

Since the zsh-5.8 release tag there have been 416 commits dating back
to Dec 22, 2019.  If we can tie off the thread about endless loops in
exit traps, perhaps it's time to do another release.


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: I've caught up on pending commits; how about you?
  2021-05-15 21:32 I've caught up on pending commits; how about you? Bart Schaefer
@ 2021-05-15 23:20 ` Daniel Shahaf
  2021-05-16  0:40   ` Bart Schaefer
  0 siblings, 1 reply; 4+ messages in thread
From: Daniel Shahaf @ 2021-05-15 23:20 UTC (permalink / raw)
  To: Zsh hackers list

Bart Schaefer wrote on Sat, 15 May 2021 21:32 +00:00:
> Everything I've recently noted as needing attention, or that was
> hanging around in my git stashes, and was a complete patch, has now
> been committed and pushed.
> 
> Since the zsh-5.8 release tag there have been 416 commits dating back
> to Dec 22, 2019.  If we can tie off the thread about endless loops in
> exit traps, perhaps it's time to do another release.

It does sound like time for 5.9.  We'll need someone to RM, though.

And we'll need to solve some logistics around upload permissions (IIRC, only
Oliver and I have upload access to both sf.net and ftp.zsh.org right now).

And there's the ctags patch that has been committed with some review
points outstanding.  A glance at _ctags in master shows that external
command output is passed to _values' «spec» arguments unsanitized.
I think that should be fixed (it shouldn't be possible and was pointed out in
real time).  I haven't checked whether there are any other issues in the
file as it stands.



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: I've caught up on pending commits; how about you?
  2021-05-15 23:20 ` Daniel Shahaf
@ 2021-05-16  0:40   ` Bart Schaefer
  2021-05-18  0:31     ` Daniel Shahaf
  0 siblings, 1 reply; 4+ messages in thread
From: Bart Schaefer @ 2021-05-16  0:40 UTC (permalink / raw)
  To: Zsh hackers list

On Sat, May 15, 2021 at 4:22 PM Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
>
> And there's the ctags patch that has been committed with some review
> points outstanding.  A glance at _ctags in master shows that external
> command output is passed to _values' «spec» arguments unsanitized.

I don't have access to the ctags variant that supports
--list-languages, but I presume you're referring to

  _values -s , languages $languages

The value of $languages comes from _ctags_languages which produces
only strings matching the sed pattern
[A-Za-z][A-Za-z0-9#_+]*

What additional sanitation do you feel is needed?  This was done in
response to your previous criticism of this point.

As far as I can tell the only un-address review points are from
Oliver's workers/48296


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: I've caught up on pending commits; how about you?
  2021-05-16  0:40   ` Bart Schaefer
@ 2021-05-18  0:31     ` Daniel Shahaf
  0 siblings, 0 replies; 4+ messages in thread
From: Daniel Shahaf @ 2021-05-18  0:31 UTC (permalink / raw)
  To: zsh-workers

Bart Schaefer wrote on Sat, May 15, 2021 at 17:40:28 -0700:
> On Sat, May 15, 2021 at 4:22 PM Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
> >
> > And there's the ctags patch that has been committed with some review
> > points outstanding.  A glance at _ctags in master shows that external
> > command output is passed to _values' «spec» arguments unsanitized.
> 
> I don't have access to the ctags variant that supports
> --list-languages, but I presume you're referring to
> 
>   _values -s , languages $languages

Yes.

> The value of $languages comes from _ctags_languages which produces
> only strings matching the sed pattern
> [A-Za-z][A-Za-z0-9#_+]*
> 
> What additional sanitation do you feel is needed?  This was done in
> response to your previous criticism of this point.

None, sorry, this seems fine.  I'd missed the sed, sorry.

> As far as I can tell the only un-address review points are from
> Oliver's workers/48296

Thanks.

Daniel


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-05-18  0:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-15 21:32 I've caught up on pending commits; how about you? Bart Schaefer
2021-05-15 23:20 ` Daniel Shahaf
2021-05-16  0:40   ` Bart Schaefer
2021-05-18  0:31     ` Daniel Shahaf

zsh-workers

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/zsh-workers

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 zsh-workers zsh-workers/ http://inbox.vuxu.org/zsh-workers \
		zsh-workers@zsh.org
	public-inbox-index zsh-workers

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.zsh.workers


code repositories for the project(s) associated with this inbox:

	https://git.vuxu.org/mirror/zsh/

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git