On Sat Mar 14, 2020 at 04:31:00PM -0500, Matthew Martin wrote: > On Sat, Mar 14, 2020 at 08:21:10PM +0100, Rafael Sadowski wrote: > > "Security and bug fix release with a few user visible additions." > > Changelog: http://zsh.sourceforge.net/releases.html > > > > This release fixes CVE-2019-20044. (Not tested on OpenBSD) > > > > OK? Should it go into -stable without the @so changes? > > I have the same diff locally; however, I didn't send it because make > test hangs in V08zpty and I haven't had time to look into it yet (the
./V08zpty.ztst: starting. ./V08zpty.ztst: all tests successful. with OpenBSD 6.6-current (GENERIC.MP) #80: Thu Mar 26 22:10:03 MDT 2020 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > failure in D07multibyte is normal on OpenBSD). Does it not hang for you? > > Personally I think CVE-2019-20044 and the PRIVILEGED option are dumb and > one shouldn't write security critical things in shell scripts, but I'm > not against backporting it. >