From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jim Porter Newsgroups: gmane.emacs.devel Subject: Re: Request to backport fix for CVE-2022-45939 to Emacs 28 Date: Thu, 16 Feb 2023 12:41:47 -0800 Message-ID: <9ba805cb-e5e9-86e3-97da-bd3087fae705@gmail.com> References: <85f35c42-cfe8-44a7-a9c1-307acc5c17d4@Spark> <09998122-0110-454f-94d1-e29c37b833f4@Spark> <83sff9e1is.fsf@gnu.org> <838rh0e64j.fsf@gnu.org> <86ttzougu2.fsf@gmail.com> <83cz692xav.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="10622"; mail-complaints-to="usenet@ciao.gmane.io" Cc: theophilusx@gmail.com, emacs-devel@gnu.org To: Eli Zaretskii , rms@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Feb 16 21:42:25 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pSl5F-0002eZ-J1 for ged-emacs-devel@m.gmane-mx.org; Thu, 16 Feb 2023 21:42:25 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSl4n-0000Mu-34; Thu, 16 Feb 2023 15:41:57 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSl4l-0000Lx-C0 for emacs-devel@gnu.org; Thu, 16 Feb 2023 15:41:55 -0500 Original-Received: from mail-pj1-x1034.google.com ([2607:f8b0:4864:20::1034]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pSl4j-000376-7r; Thu, 16 Feb 2023 15:41:55 -0500 Original-Received: by mail-pj1-x1034.google.com with SMTP id z14-20020a17090abd8e00b00233bb9d6bdcso3340340pjr.4; Thu, 16 Feb 2023 12:41:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:mime-version:date:message-id:from:to:cc :subject:date:message-id:reply-to; bh=QQ/rZZ+SQDghWeEyxaHOvNO6Gj/3+se0X54S3vBw6ww=; b=ZoC2ekns226PJgKePkthgtlwCEekg67wwxUm33OfFFthC0v/QxZsqbQfmLNktahHbP dFe0kAzfZn2QZsDgSLC5NdATalafMrKDm8WgPvcuIlj7r2lpbbKmCfIpqt6D4w79QBXl +des3Kdp+No/hySfPQV6vpe6NoRZli5Vo2uKLkkpmfbhxnwxY8Shy2CZEot3mnCeD45E DI09NQopuzK0sZMOfwkRWY34XfbHW3oGR+v3Ndl4hCLs67iXF7NlD8SgElP70EnzP3YN ZPPR9u5Lh6EJ4YcXnG0m88OGrb855zV9WmNV+qyzgbAF6T4wlTJggByG5Ykj7AqkAUJn p+wg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QQ/rZZ+SQDghWeEyxaHOvNO6Gj/3+se0X54S3vBw6ww=; b=g5eX8paIlX+BL5NpaEYEwe20eoORCOkBqK8Omv4B1XcyABCVbuApYd2oQFNu9kC6VC 7r6fby38eXluD1CCFBN3dPF5wq9KUAMGiZHUVjFo65a68ibNK1CBKeTDsp1vfJw5iXrE +FJaj21cvGsimcCn8ReeA3cZXwDXyeXo2I5DHgBspEofX90MCJFTgGByB97xIONgqm9c OkLzFmIPf3K9xSr3vY9RurcGO++Ha5E4H3qg4XHbAGjbKekARGWvsH8+Rpl27SjFJbHv CHmM+Oq2wdWw59MWpexaISsteW7q51g8v2g2MUNKVULFPMoOd6H4Px9rXGxi8UzDPfBL iViA== X-Gm-Message-State: AO0yUKV3Qn8DfIooEjZvW+65x6YTeFOD3rcm0UcH/0XSUtHNRX21/wN4 PVnB3RbpdTx2XcaE73nNRAPgMiMq7Tk= X-Google-Smtp-Source: AK7set/Hg3TgrMdATK40uO5DvD6HvolW87rZkYRH1Nrmrfrnn9WeaZ3J4sNSBNR9MjkPLKIfXe0bng== X-Received: by 2002:a17:90b:4d84:b0:233:f990:d646 with SMTP id oj4-20020a17090b4d8400b00233f990d646mr8279391pjb.35.1676580109864; Thu, 16 Feb 2023 12:41:49 -0800 (PST) Original-Received: from [192.168.1.2] (cpe-76-168-148-233.socal.res.rr.com. [76.168.148.233]) by smtp.googlemail.com with ESMTPSA id ev7-20020a17090aeac700b001fde655225fsm6707022pjb.2.2023.02.16.12.41.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 16 Feb 2023 12:41:49 -0800 (PST) Content-Language: en-US In-Reply-To: <83cz692xav.fsf@gnu.org> Received-SPF: pass client-ip=2607:f8b0:4864:20::1034; envelope-from=jporterbugs@gmail.com; helo=mail-pj1-x1034.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:303439 Archived-At: On 2/16/2023 12:02 PM, Eli Zaretskii wrote: >> From: Richard Stallman >> Cc: eliz@gnu.org, emacs-devel@gnu.org >> Date: Thu, 16 Feb 2023 12:50:08 -0500 >> >> What makes it a ontrivial job to release one? Is it because there >> other fixes have been committed to the Emacs 28 branch since the last >> release? Would including them in a release call for some additioal >> work? > > The whole process takes a non-trivial amount of work. It is described > in make-tarball.txt. If someone wants to do it, they are welcome. Would it help to turn make-tarball.txt into an executable script? Looking through the document, I believe most of it could be automated. Even if we only automated the easiest parts, that would still cut down on the amount of manual effort required. Eventually, we could even use EMBA to produce these tarballs if we can get the script to the point where it requires no human intervention. Then (assuming permissions are set up properly and some various other handwaving), all a maintainer would have to do to publish a new Emacs release would be to tag a revision and push the tag to Savannah. If there's interest in any of this, I'm happy to help work on it.