pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/editors/emacs Fix two emacs vulnerabilities:
details: https://anonhg.NetBSD.org/pkgsrc/rev/3a3ff72ec22b
branches: trunk
changeset: 541998:3a3ff72ec22b
user: tonnerre <tonnerre%pkgsrc.org@localhost>
date: Tue Apr 29 12:54:56 2008 +0000
description:
Fix two emacs vulnerabilities:
- Fix unsafe handling of local variables iin hack-local-variables
(CVE-2007-5795).
- Prevent symlink attack on arbitrary files using the temp files vcdiff
generates (CVE-2008-1694).
diffstat:
editors/emacs/Makefile | 6 +++---
editors/emacs/distinfo | 4 +++-
editors/emacs/patches/patch-ac | 15 +++++++++++++++
editors/emacs/patches/patch-af | 37 +++++++++++++++++++++++++++++++++++++
4 files changed, 58 insertions(+), 4 deletions(-)
diffs (104 lines):
diff -r 282012698c21 -r 3a3ff72ec22b editors/emacs/Makefile
--- a/editors/emacs/Makefile Tue Apr 29 12:35:33 2008 +0000
+++ b/editors/emacs/Makefile Tue Apr 29 12:54:56 2008 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.107 2008/04/25 16:35:32 jlam Exp $
+# $NetBSD: Makefile,v 1.108 2008/04/29 12:54:56 tonnerre Exp $
PKGNAME?= ${DISTNAME}
COMMENT?= GNU editing macros (editor)
DISTNAME= emacs-22.1
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= editors
MASTER_SITES= ${MASTER_SITE_GNU:=emacs/}
@@ -18,7 +18,7 @@
PKG_DESTDIR_SUPPORT= user-destdir
-USE_TOOLS+= gmake gzip perl:run pkg-config
+USE_TOOLS+= gmake gzip mktemp:run perl:run pkg-config
GNU_CONFIGURE= yes
INFO_FILES= # PLIST
diff -r 282012698c21 -r 3a3ff72ec22b editors/emacs/distinfo
--- a/editors/emacs/distinfo Tue Apr 29 12:35:33 2008 +0000
+++ b/editors/emacs/distinfo Tue Apr 29 12:54:56 2008 +0000
@@ -1,12 +1,14 @@
-$NetBSD: distinfo,v 1.35 2007/06/11 13:57:16 markd Exp $
+$NetBSD: distinfo,v 1.36 2008/04/29 12:54:56 tonnerre Exp $
SHA1 (emacs-22.1.tar.gz) = 327664173eabe5db49d4e7e4a4b1794577af902e
RMD160 (emacs-22.1.tar.gz) = da5360871db8b1d473ff7f0b0937ee6c278c0b19
Size (emacs-22.1.tar.gz) = 38172226 bytes
SHA1 (patch-aa) = d7ae318f2140dbd8f796bfcbb48f299fe6bf2d81
SHA1 (patch-ab) = 0e022290d305fd73ab7aa633f955fca10ac70799
+SHA1 (patch-ac) = 1fc45d38f879c2ae7287bc7f7a9cb868e2db74d8
SHA1 (patch-ad) = 39a11bc214ae3d2f9d634c30b196a46d473ab92f
SHA1 (patch-ae) = 30a31df58bbcae854ded212ad42bde5b855a7318
+SHA1 (patch-af) = 9b2b8c5dfe1b2dc9ca76587cdb323272f8cb103e
SHA1 (patch-aj) = 7707c5f8bb57bbacbd1d3c6f37a34916baacc363
SHA1 (patch-ak) = ef0bf533754e5392c419c251aac8278b5e90b438
SHA1 (patch-am) = 4e068210bcbea638d143bd9fb566795636d77b35
diff -r 282012698c21 -r 3a3ff72ec22b editors/emacs/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/editors/emacs/patches/patch-ac Tue Apr 29 12:54:56 2008 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ac,v 1.16 2008/04/29 12:54:56 tonnerre Exp $
+
+--- lisp/files.el.orig 2007-05-25 13:43:31.000000000 +0100
++++ lisp/files.el 2008-04-29 12:41:52.000000000 +0100
+@@ -2736,8 +2736,8 @@
+ ;; If caller wants only the safe variables,
+ ;; install only them.
+ (dolist (elt result)
+- (unless (or (memq (car elt) unsafe-vars)
+- (memq (car elt) risky-vars))
++ (unless (or (member elt unsafe-vars)
++ (member elt risky-vars))
+ (hack-one-local-variable (car elt) (cdr elt))))
+ ;; Query, except in the case where all are known safe
+ ;; if the user wants no quuery in that case.
diff -r 282012698c21 -r 3a3ff72ec22b editors/emacs/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/editors/emacs/patches/patch-af Tue Apr 29 12:54:56 2008 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-af,v 1.11 2008/04/29 12:54:56 tonnerre Exp $
+
+--- lib-src/vcdiff.orig 2007-01-21 04:49:26.000000000 +0000
++++ lib-src/vcdiff 2008-04-29 12:48:03.000000000 +0100
+@@ -4,13 +4,13 @@
+ # This version is more compatible with rcsdiff(1).
+ #
+ # Copyright (C) 1992, 1993, 1995, 1997, 2001, 2002, 2003, 2004,
+-# 2005, 2006, 2007 Free Software Foundation, Inc.
++# 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+ #
+ # This file is part of GNU Emacs.
+ #
+ # GNU Emacs is free software; you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+-# the Free Software Foundation; either version 2, or (at your option)
++# the Free Software Foundation; either version 3, or (at your option)
+ # any later version.
+ #
+ # GNU Emacs is distributed in the hope that it will be useful,
+@@ -84,14 +84,14 @@
+ case $f in
+ s.* | */s.*)
+ if
+- rev1=/tmp/geta$$
++ rev1=`mktemp /tmp/geta.XXXXXXXX`
+ get -s -p -k $sid1 "$f" > $rev1 &&
+ case $sid2 in
+ '')
+ workfile=`expr " /$f" : '.*/s.\(.*\)'`
+ ;;
+ *)
+- rev2=/tmp/getb$$
++ rev2=`mktemp /tmp/getb.XXXXXXXX`
+ get -s -p -k $sid2 "$f" > $rev2
+ workfile=$rev2
+ esac
Home |
Main Index |
Thread Index |
Old Index