On Sat, Mar 14, 2020 at 08:21:10PM +0100, Rafael Sadowski wrote: > "Security and bug fix release with a few user visible additions." > Changelog: http://zsh.sourceforge.net/releases.html > > This release fixes CVE-2019-20044. (Not tested on OpenBSD) > > OK? Should it go into -stable without the @so changes?
I have the same diff locally; however, I didn't send it because make test hangs in V08zpty and I haven't had time to look into it yet (the failure in D07multibyte is normal on OpenBSD). Does it not hang for you? Personally I think CVE-2019-20044 and the PRIVILEGED option are dumb and one shouldn't write security critical things in shell scripts, but I'm not against backporting it.
