[Pkg-zsh-devel] zsh_5.7.1-1+deb10u1_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

Daniel Shahaf d.s at daniel.shahaf.name
Fri Feb 18 11:00:27 GMT 2022


Debian FTP Masters wrote on Wed, Feb 16, 2022 at 13:35:26 +0000:
> Changes:
>  zsh (5.7.1-1+deb10u1) buster-security; urgency=high
>  .
>    * [ce21df9c] Update cherry-pick-CVE-2021-45444_2.patch to use a file
>      name without blanks as actually used in the final 5.8.1 release.

Need this as well on the debian-buster branch:

[[[
diff --git a/debian/patches/cherry-pick-CVE-2021-45444_3.patch b/debian/patches/cherry-pick-CVE-2021-45444_3.patch
index 64d05add4..58559243b 100644
--- a/debian/patches/cherry-pick-CVE-2021-45444_3.patch
+++ b/debian/patches/cherry-pick-CVE-2021-45444_3.patch
@@ -45,7 +45,7 @@ index 964e1633f..d34b3f79e 100644
 +
 +Users who are concerned about an exploit but unable to update their
 +binaries may apply the partial work-around described in the file
-+'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell
++Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell
 +source. [ Reported by RyotaK <security at ryotak.me>. Additional thanks to
 +Marc Cornellà <hello at mcornella.com>. ]
 +
]]]

I haven't committed it to avoid any too-many-cooks-in-the-kitchen
situation.

Sorry about that rename, by the way.  We wouldn't normally have renamed
at the last minute, but the tarball rolling scripts didn't like the name
with spaces.

(Actually, during upstream's pre-disclosure reviews of the patch, one
reviewer deliberately refrained from asking to rename away from a name
with spaces, precisely in order to avoid last-minute churn… a churn
which then was needed after all when the tarballs were rolled, and now
here too.)

Cheers,

Daniel



More information about the Pkg-zsh-devel mailing list