pullup ticket #2359 - requested by tonnerre
emacs, emacs-nox11: fix for security issue
revisions pulled up:
- pkgsrc/editors/emacs/Makefile 1.107,1.108
- pkgsrc/editors/emacs/Makefile.common r0
- pkgsrc/editors/emacs/distinfo 1.36
- pkgsrc/editors/emacs/options.mk 1.7
- pkgsrc/editors/emacs/patches/patch-ac 1.16
- pkgsrc/editors/emacs/patches/patch-af 1.11
- pkgsrc/editors/emacs-nox11/DESCR r0
- pkgsrc/editors/emacs-nox11/Makefile 1.28
Module Name: pkgsrc
Committed By: jlam
Date: Fri Apr 25 16:35:32 UTC 2008
Modified Files:
pkgsrc/editors/emacs: Makefile options.mk
pkgsrc/editors/emacs-nox11: Makefile
Removed Files:
pkgsrc/editors/emacs: Makefile.common
pkgsrc/editors/emacs-nox11: DESCR
Log Message:
Make emacs and emacs-nox11 look more like xemacs and xemacs-nox11 in
terms of file structure. Also add DESTDIR support.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue Apr 29 12:54:56 UTC 2008
Modified Files:
pkgsrc/editors/emacs: Makefile distinfo
Added Files:
pkgsrc/editors/emacs/patches: patch-ac patch-af
Log Message:
Fix two emacs vulnerabilities:
- Fix unsafe handling of local variables iin hack-local-variables
(CVE-2007-5795).
- Prevent symlink attack on arbitrary files using the temp files vcdiff
generates (CVE-2008-1694).
(rtr)
diff -r1.106 -r1.106.4.1 pkgsrc/editors/emacs/Makefile| @@ -1,14 +1,66 @@ | @@ -1,14 +1,66 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.106 2007/12/06 12:10:32 markd Exp $ | 1 | # $NetBSD: Makefile,v 1.106.4.1 2008/05/01 13:41:33 rtr Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= emacs-${EMACSVERSION} | 3 | PKGNAME?= ${DISTNAME} | |
| 4 | PKGREVISION= 2 | 4 | COMMENT?= GNU editing macros (editor) | |
| 5 | ||||
| 6 | DISTNAME= emacs-22.1 | |||
| 7 | PKGREVISION= 3 | |||
| 5 | CATEGORIES= editors | 8 | CATEGORIES= editors | |
| 6 | COMMENT= GNU editing macros (editor)${COMMENT_EXTRA} | 9 | MASTER_SITES= ${MASTER_SITE_GNU:=emacs/} | |
| 7 | 10 | |||
| 8 | .include "../../editors/emacs/Makefile.common" | 11 | MAINTAINER= markd@NetBSD.org | |
| 12 | HOMEPAGE= http://www.gnu.org/software/emacs/emacs.html | |||
| 9 | 13 | |||
| 14 | CONFLICTS+= elisp-manual-[0-9]* | |||
| 15 | CONFLICTS+= emacs-[0-9]* | |||
| 10 | CONFLICTS+= emacs-nox11-[0-9]* | 16 | CONFLICTS+= emacs-nox11-[0-9]* | |
| 17 | CONFLICTS+= mule-[0-9]* | |||
| 18 | ||||
| 19 | PKG_DESTDIR_SUPPORT= user-destdir | |||
| 20 | ||||
| 21 | USE_TOOLS+= gmake gzip mktemp:run perl:run pkg-config | |||
| 22 | GNU_CONFIGURE= yes | |||
| 23 | INFO_FILES= # PLIST | |||
| 11 | 24 | |||
| 12 | .include "options.mk" | 25 | .include "options.mk" | |
| 13 | 26 | |||
| 27 | MAKEFLAGS+= EMACSLOADPATH=${WRKSRC}/lisp | |||
| 28 | ||||
| 29 | CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q} | |||
| 30 | CONFIGURE_ENV+= GAMEOWN=${GAMEOWN:Q} | |||
| 31 | ||||
| 32 | BUILD_DEFS+= VARBASE | |||
| 33 | BUILD_DEFS+= GAMEDATAMODE | |||
| 34 | ||||
| 35 | # build PATH in the dumped emacs is not a problem | |||
| 36 | CHECK_WRKREF_SKIP+= bin/emacs | |||
| 37 | CHECK_WRKREF_SKIP+= bin/emacs-[0-9]* | |||
| 38 | ||||
| 39 | REPLACE_PERL= lib-src/grep-changelog | |||
| 40 | ||||
| 41 | SUBST_CLASSES+= test_equal | |||
| 42 | SUBST_STAGE.test_equal= pre-configure | |||
| 43 | SUBST_MESSAGE.test_equal= Fixing bashisms in test(1) usage. | |||
| 44 | SUBST_FILES.test_equal= mac/make-package | |||
| 45 | SUBST_SED.test_equal= -e 's/ == / = /g' | |||
| 46 | ||||
| 47 | MAKE_DIRS_PERMS+= ${VARBASE}/games/emacs \ | |||
| 48 | ${GAMEOWN:Q} ${GAMEGRP} ${GAMEDIRMODE:Q} | |||
| 49 | CONF_FILES_PERMS+= /dev/null ${VARBASE}/games/emacs/snake-scores \ | |||
| 50 | ${GAMEOWN:Q} ${GAMEGRP:Q} ${GAMEDATAMODE:Q} | |||
| 51 | CONF_FILES_PERMS+= /dev/null ${VARBASE}/games/emacs/tetris-scores \ | |||
| 52 | ${GAMEOWN:Q} ${GAMEGRP:Q} ${GAMEDATAMODE:Q} | |||
| 53 | SPECIAL_PERMS+= libexec/emacs/${PKGVERSION_NOREV}/${MACHINE_GNU_PLATFORM}/update-game-score ${GAMEOWN:Q} ${GAMEGRP:Q} ${GAMEMODE:Q} | |||
| 54 | ||||
| 55 | .if (${OPSYS} == "DragonFly") && exists(/usr/lib/crtbegin.o) | |||
| 56 | CPPFLAGS+= -DDFLY_PRE_17_CRT | |||
| 57 | .endif | |||
| 58 | ||||
| 59 | post-extract: | |||
| 60 | cp ${FILESDIR}/site-init.el ${WRKSRC}/lisp | |||
| 61 | cp ${FILESDIR}/dragonfly.h ${WRKSRC}/src/s | |||
| 62 | ||||
| 63 | .include "../../mk/oss.buildlink3.mk" | |||
| 64 | .include "../../mk/termcap.buildlink3.mk" | |||
| 65 | ||||
| 14 | .include "../../mk/bsd.pkg.mk" | 66 | .include "../../mk/bsd.pkg.mk" |
| @@ -1,22 +1,24 @@ | @@ -1,22 +1,24 @@ | |||
| 1 | $NetBSD: distinfo,v 1.35 2007/06/11 13:57:16 markd Exp $ | 1 | $NetBSD: distinfo,v 1.35.8.1 2008/05/01 13:41:33 rtr Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (emacs-22.1.tar.gz) = 327664173eabe5db49d4e7e4a4b1794577af902e | 3 | SHA1 (emacs-22.1.tar.gz) = 327664173eabe5db49d4e7e4a4b1794577af902e | |
| 4 | RMD160 (emacs-22.1.tar.gz) = da5360871db8b1d473ff7f0b0937ee6c278c0b19 | 4 | RMD160 (emacs-22.1.tar.gz) = da5360871db8b1d473ff7f0b0937ee6c278c0b19 | |
| 5 | Size (emacs-22.1.tar.gz) = 38172226 bytes | 5 | Size (emacs-22.1.tar.gz) = 38172226 bytes | |
| 6 | SHA1 (patch-aa) = d7ae318f2140dbd8f796bfcbb48f299fe6bf2d81 | 6 | SHA1 (patch-aa) = d7ae318f2140dbd8f796bfcbb48f299fe6bf2d81 | |
| 7 | SHA1 (patch-ab) = 0e022290d305fd73ab7aa633f955fca10ac70799 | 7 | SHA1 (patch-ab) = 0e022290d305fd73ab7aa633f955fca10ac70799 | |
| 8 | SHA1 (patch-ac) = 1fc45d38f879c2ae7287bc7f7a9cb868e2db74d8 | |||
| 8 | SHA1 (patch-ad) = 39a11bc214ae3d2f9d634c30b196a46d473ab92f | 9 | SHA1 (patch-ad) = 39a11bc214ae3d2f9d634c30b196a46d473ab92f | |
| 9 | SHA1 (patch-ae) = 30a31df58bbcae854ded212ad42bde5b855a7318 | 10 | SHA1 (patch-ae) = 30a31df58bbcae854ded212ad42bde5b855a7318 | |
| 11 | SHA1 (patch-af) = 9b2b8c5dfe1b2dc9ca76587cdb323272f8cb103e | |||
| 10 | SHA1 (patch-aj) = 7707c5f8bb57bbacbd1d3c6f37a34916baacc363 | 12 | SHA1 (patch-aj) = 7707c5f8bb57bbacbd1d3c6f37a34916baacc363 | |
| 11 | SHA1 (patch-ak) = ef0bf533754e5392c419c251aac8278b5e90b438 | 13 | SHA1 (patch-ak) = ef0bf533754e5392c419c251aac8278b5e90b438 | |
| 12 | SHA1 (patch-am) = 4e068210bcbea638d143bd9fb566795636d77b35 | 14 | SHA1 (patch-am) = 4e068210bcbea638d143bd9fb566795636d77b35 | |
| 13 | SHA1 (patch-an) = b541a2e78398aba03a43bf5b38140661dd959e76 | 15 | SHA1 (patch-an) = b541a2e78398aba03a43bf5b38140661dd959e76 | |
| 14 | SHA1 (patch-ao) = a843f4d7dde6e1d701cf65b87458c44d6a8fa7d1 | 16 | SHA1 (patch-ao) = a843f4d7dde6e1d701cf65b87458c44d6a8fa7d1 | |
| 15 | SHA1 (patch-ap) = faad589de5971460b65ee9c0c4f01b035fb74b44 | 17 | SHA1 (patch-ap) = faad589de5971460b65ee9c0c4f01b035fb74b44 | |
| 16 | SHA1 (patch-aq) = 5d040fa79de68ec4a673db93caf3a9434c22a029 | 18 | SHA1 (patch-aq) = 5d040fa79de68ec4a673db93caf3a9434c22a029 | |
| 17 | SHA1 (patch-ar) = d681a5e6daef094da957f198ab1607dca95a306a | 19 | SHA1 (patch-ar) = d681a5e6daef094da957f198ab1607dca95a306a | |
| 18 | SHA1 (patch-as) = 15ab1dcc2d6a445b119b7f2bb8a8331b4aa1fbd0 | 20 | SHA1 (patch-as) = 15ab1dcc2d6a445b119b7f2bb8a8331b4aa1fbd0 | |
| 19 | SHA1 (patch-at) = 470cbad6632038ff85aa942f74cab601e7f707fe | 21 | SHA1 (patch-at) = 470cbad6632038ff85aa942f74cab601e7f707fe | |
| 20 | SHA1 (patch-au) = e5d90961b4d78c37dec196097a16e0b6ac22e3bb | 22 | SHA1 (patch-au) = e5d90961b4d78c37dec196097a16e0b6ac22e3bb | |
| 21 | SHA1 (patch-av) = 252f3085a1e4986a25b46afa74837ca0562f4f05 | 23 | SHA1 (patch-av) = 252f3085a1e4986a25b46afa74837ca0562f4f05 | |
| 22 | SHA1 (patch-xx) = c486e9ca2c9134caf60ec935bf086e29324b1979 | 24 | SHA1 (patch-xx) = c486e9ca2c9134caf60ec935bf086e29324b1979 |
| @@ -1,37 +1,39 @@ | @@ -1,37 +1,39 @@ | |||
| 1 | # $NetBSD: options.mk,v 1.6 2007/11/01 06:44:08 uebayasi Exp $ | 1 | # $NetBSD: options.mk,v 1.6.4.1 2008/05/01 13:41:33 rtr Exp $ | |
| 2 | 2 | |||
| 3 | PKG_OPTIONS_VAR= PKG_OPTIONS.emacs | 3 | PKG_OPTIONS_VAR= PKG_OPTIONS.emacs | |
| 4 | PKG_SUPPORTED_OPTIONS= x11 | 4 | PKG_SUPPORTED_OPTIONS= x11 | |
| 5 | PKG_OPTIONS_OPTIONAL_GROUPS= toolkit | 5 | PKG_OPTIONS_OPTIONAL_GROUPS= toolkit | |
| 6 | PKG_OPTIONS_GROUP.toolkit= gtk motif xaw | 6 | PKG_OPTIONS_GROUP.toolkit= gtk motif xaw | |
| 7 | PKG_SUGGESTED_OPTIONS= x11 | 7 | PKG_SUGGESTED_OPTIONS= x11 | |
| 8 | 8 | |||
| 9 | .include "../../mk/bsd.options.mk" | 9 | .include "../../mk/bsd.options.mk" | |
| 10 | 10 | |||
| 11 | ### | 11 | ### | |
| 12 | ### Any of the "toolkit" options implies "x11". | 12 | ### Any of the "toolkit" options implies "x11". | |
| 13 | ### | 13 | ### | |
| 14 | .if !empty(PKG_OPTIONS:Mgtk) || !empty(PKG_OPTIONS:Mmotif) || !empty(PKG_OPTIONS:Mxaw) | 14 | .if !empty(PKG_OPTIONS:Mgtk) || !empty(PKG_OPTIONS:Mmotif) || \ | |
| 15 | !empty(PKG_OPTIONS:Mxaw) | |||
| 15 | . if empty(PKG_OPTIONS:Mx11) | 16 | . if empty(PKG_OPTIONS:Mx11) | |
| 16 | PKG_OPTIONS+= x11 | 17 | PKG_OPTIONS+= x11 | |
| 17 | . endif | 18 | . endif | |
| 18 | .endif | 19 | .endif | |
| 19 | 20 | |||
| 20 | ### | 21 | ### | |
| 21 | ### Default to using the Xaw X11 toolkit if none is specified. | 22 | ### Default to using the Athena X11 toolkit if none is specified. | |
| 22 | ### | 23 | ### | |
| 23 | .if !empty(PKG_OPTIONS:Mx11) | 24 | .if !empty(PKG_OPTIONS:Mx11) | |
| 24 | . if empty(PKG_OPTIONS:Mgtk) && empty(PKG_OPTIONS:Mmotif) && empty(PKG_OPTIONS:Mxaw) | 25 | . if empty(PKG_OPTIONS:Mgtk) && empty(PKG_OPTIONS:Mmotif) && \ | |
| 26 | empty(PKG_OPTIONS:Mxaw) | |||
| 25 | PKG_OPTIONS+= xaw | 27 | PKG_OPTIONS+= xaw | |
| 26 | . endif | 28 | . endif | |
| 27 | .endif | 29 | .endif | |
| 28 | 30 | |||
| 29 | ### | 31 | ### | |
| 30 | ### Support drawing pretty X11 widgets. | 32 | ### Support drawing pretty X11 widgets. | |
| 31 | ### | 33 | ### | |
| 32 | .if !empty(PKG_OPTIONS:Mx11) | 34 | .if !empty(PKG_OPTIONS:Mx11) | |
| 33 | . include "../../graphics/jpeg/buildlink3.mk" | 35 | . include "../../graphics/jpeg/buildlink3.mk" | |
| 34 | . include "../../graphics/tiff/buildlink3.mk" | 36 | . include "../../graphics/tiff/buildlink3.mk" | |
| 35 | . include "../../graphics/png/buildlink3.mk" | 37 | . include "../../graphics/png/buildlink3.mk" | |
| 36 | . include "../../x11/libXpm/buildlink3.mk" | 38 | . include "../../x11/libXpm/buildlink3.mk" | |
| 37 | 39 | |||
| @@ -43,33 +45,31 @@ CONFIGURE_ARGS+= --with-gif | @@ -43,33 +45,31 @@ CONFIGURE_ARGS+= --with-gif | |||
| 43 | CONFIGURE_ARGS+= --with-jpeg | 45 | CONFIGURE_ARGS+= --with-jpeg | |
| 44 | CONFIGURE_ARGS+= --with-png | 46 | CONFIGURE_ARGS+= --with-png | |
| 45 | CONFIGURE_ARGS+= --with-tiff | 47 | CONFIGURE_ARGS+= --with-tiff | |
| 46 | CONFIGURE_ARGS+= --with-x | 48 | CONFIGURE_ARGS+= --with-x | |
| 47 | CONFIGURE_ARGS+= --with-xpm | 49 | CONFIGURE_ARGS+= --with-xpm | |
| 48 | .else | 50 | .else | |
| 49 | CONFIGURE_ARGS+= --without-gif | 51 | CONFIGURE_ARGS+= --without-gif | |
| 50 | CONFIGURE_ARGS+= --without-jpeg | 52 | CONFIGURE_ARGS+= --without-jpeg | |
| 51 | CONFIGURE_ARGS+= --without-png | 53 | CONFIGURE_ARGS+= --without-png | |
| 52 | CONFIGURE_ARGS+= --without-tiff | 54 | CONFIGURE_ARGS+= --without-tiff | |
| 53 | CONFIGURE_ARGS+= --without-x | 55 | CONFIGURE_ARGS+= --without-x | |
| 54 | CONFIGURE_ARGS+= --without-xpm | 56 | CONFIGURE_ARGS+= --without-xpm | |
| 55 | . if exists(/System/Library/Frameworks/Carbon.framework) | 57 | . if exists(/System/Library/Frameworks/Carbon.framework) | |
| 56 | APPLICATIONS_DIR= Applications | |||
| 57 | CONFIGURE_ARGS+= --with-carbon | 58 | CONFIGURE_ARGS+= --with-carbon | |
| 58 | CONFIGURE_ARGS+= --enable-carbon-app=${PREFIX}/${APPLICATIONS_DIR} | 59 | CONFIGURE_ARGS+= --enable-carbon-app=${PREFIX}/Applications | |
| 59 | PLIST_SRC+= PLIST.carbon | 60 | PLIST_SRC+= PLIST.carbon | |
| 60 | PLIST_SUBST+= APPLIDATIONS_DIR=${APPLICATIONS_DIR:Q} | 61 | INSTALLATION_DIRS+= Applications | |
| 61 | INSTALLATION_DIRS+= ${APPLICATIONS_DIR} | 62 | CHECK_WRKREF_SKIP+= Applications/Emacs.app/Contents/MacOS/Emacs | |
| 62 | CHECK_WRKREF_SKIP+= ${APPLICATIONS_DIR}/Emacs.app/Contents/MacOS/Emacs | |||
| 63 | . endif | 63 | . endif | |
| 64 | .endif | 64 | .endif | |
| 65 | 65 | |||
| 66 | ### | 66 | ### | |
| 67 | ### Support using GTK X11 widgets. | 67 | ### Support using GTK X11 widgets. | |
| 68 | ### | 68 | ### | |
| 69 | .if !empty(PKG_OPTIONS:Mgtk) | 69 | .if !empty(PKG_OPTIONS:Mgtk) | |
| 70 | . include "../../x11/gtk2/buildlink3.mk" | 70 | . include "../../x11/gtk2/buildlink3.mk" | |
| 71 | CONFIGURE_ARGS+= --with-x-toolkit=gtk | 71 | CONFIGURE_ARGS+= --with-x-toolkit=gtk | |
| 72 | .endif | 72 | .endif | |
| 73 | 73 | |||
| 74 | ### | 74 | ### | |
| 75 | ### Support using Motif X11 widgets. | 75 | ### Support using Motif X11 widgets. |
| @@ -1,13 +1,16 @@ | @@ -1,13 +1,16 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.27 2007/08/13 12:40:57 jlam Exp $ | 1 | # $NetBSD: Makefile,v 1.27.6.1 2008/05/01 13:41:33 rtr Exp $ | |
| 2 | 2 | |||
| 3 | PKGNAME= emacs-nox11-${EMACSVERSION} | 3 | PKGNAME= ${DISTNAME:S/-/-nox11-/} | |
| 4 | COMMENT_EXTRA= : non-X11 version | |||
| 5 | 4 | |||
| 6 | CONFLICTS+= emacs-[0-9]* | 5 | FILESDIR= ${.CURDIR}/../../editors/emacs/files | |
| 6 | PATCHDIR= ${.CURDIR}/../../editors/emacs/patches | |||
| 7 | PKGDIR= ${.CURDIR}/../../editors/emacs | |||
| 8 | ||||
| 9 | # Mirror PKG_DESTDIR_SUPPORT setting from emacs/Makefile. | |||
| 10 | PKG_DESTDIR_SUPPORT= user-destdir | |||
| 7 | 11 | |||
| 8 | .include "../../mk/bsd.prefs.mk" | 12 | .include "../../mk/bsd.prefs.mk" | |
| 9 | 13 | |||
| 10 | # Forcibly remove any "x11" options. | |||
| 11 | PKG_OPTIONS.emacs+= -x11 -gtk -motif -xaw | 14 | PKG_OPTIONS.emacs+= -x11 -gtk -motif -xaw | |
| 12 | 15 | |||
| 13 | .include "../../editors/emacs/Makefile" | 16 | .include "../../editors/emacs/Makefile" |
$NetBSD: patch-ac,v 1.15.8.1 2008/05/01 13:41:33 rtr Exp $
--- lisp/files.el.orig 2007-05-25 13:43:31.000000000 +0100
+++ lisp/files.el 2008-04-29 12:41:52.000000000 +0100
@@ -2736,8 +2736,8 @@
;; If caller wants only the safe variables,
;; install only them.
(dolist (elt result)
- (unless (or (memq (car elt) unsafe-vars)
- (memq (car elt) risky-vars))
+ (unless (or (member elt unsafe-vars)
+ (member elt risky-vars))
(hack-one-local-variable (car elt) (cdr elt))))
;; Query, except in the case where all are known safe
;; if the user wants no quuery in that case.
$NetBSD: patch-af,v 1.10.8.1 2008/05/01 13:41:33 rtr Exp $
--- lib-src/vcdiff.orig 2007-01-21 04:49:26.000000000 +0000
+++ lib-src/vcdiff 2008-04-29 12:48:03.000000000 +0100
@@ -4,13 +4,13 @@
# This version is more compatible with rcsdiff(1).
#
# Copyright (C) 1992, 1993, 1995, 1997, 2001, 2002, 2003, 2004,
-# 2005, 2006, 2007 Free Software Foundation, Inc.
+# 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
#
# This file is part of GNU Emacs.
#
# GNU Emacs is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
+# the Free Software Foundation; either version 3, or (at your option)
# any later version.
#
# GNU Emacs is distributed in the hope that it will be useful,
@@ -84,14 +84,14 @@
case $f in
s.* | */s.*)
if
- rev1=/tmp/geta$$
+ rev1=`mktemp /tmp/geta.XXXXXXXX`
get -s -p -k $sid1 "$f" > $rev1 &&
case $sid2 in
'')
workfile=`expr " /$f" : '.*/s.\(.*\)'`
;;
*)
- rev2=/tmp/getb$$
+ rev2=`mktemp /tmp/getb.XXXXXXXX`
get -s -p -k $sid2 "$f" > $rev2
workfile=$rev2
esac