pullup ticket #2412 - requested by markd emacs: Fix for CVE-2008-2142 revisions pulled up: - pkgsrc/editors/emacs/Makefile 1.113 - pkgsrc/editors/emacs/distinfo 1.37 - pkgsrc/editors/emacs/patches/patch-aw 1.4 Module Name: pkgsrc Committed By: markd Date: Mon Jun 2 21:09:48 UTC 2008 Modified Files: pkgsrc/editors/emacs: Makefile distinfo Added Files: pkgsrc/editors/emacs/patches: patch-aw Log Message: Fix for CVE-2008-2142, automatically loading and executing .flc files.diff -r1.106.4.2 -r1.106.4.3 pkgsrc/editors/emacs/Makefile
(rtr)
@@ -1,20 +1,20 @@ | @@ -1,20 +1,20 @@ | |||
1 | # $NetBSD: Makefile,v 1.106.4.2 2008/05/05 18:20:22 spz Exp $ | 1 | # $NetBSD: Makefile,v 1.106.4.3 2008/06/05 11:49:47 rtr Exp $ | |
2 | 2 | |||
3 | PKGNAME?= ${DISTNAME} | 3 | PKGNAME?= ${DISTNAME} | |
4 | COMMENT?= GNU editing macros (editor) | 4 | COMMENT?= GNU editing macros (editor) | |
5 | 5 | |||
6 | DISTNAME= emacs-22.1 | 6 | DISTNAME= emacs-22.1 | |
7 | PKGREVISION= 4 | 7 | PKGREVISION= 5 | |
8 | CATEGORIES= editors | 8 | CATEGORIES= editors | |
9 | MASTER_SITES= ${MASTER_SITE_GNU:=emacs/} | 9 | MASTER_SITES= ${MASTER_SITE_GNU:=emacs/} | |
10 | 10 | |||
11 | MAINTAINER= markd@NetBSD.org | 11 | MAINTAINER= markd@NetBSD.org | |
12 | HOMEPAGE= http://www.gnu.org/software/emacs/emacs.html | 12 | HOMEPAGE= http://www.gnu.org/software/emacs/emacs.html | |
13 | 13 | |||
14 | CONFLICTS+= elisp-manual-[0-9]* | 14 | CONFLICTS+= elisp-manual-[0-9]* | |
15 | CONFLICTS+= emacs-[0-9]* | 15 | CONFLICTS+= emacs-[0-9]* | |
16 | CONFLICTS+= emacs-nox11-[0-9]* | 16 | CONFLICTS+= emacs-nox11-[0-9]* | |
17 | CONFLICTS+= mule-[0-9]* | 17 | CONFLICTS+= mule-[0-9]* | |
18 | 18 | |||
19 | PKG_DESTDIR_SUPPORT= user-destdir | 19 | PKG_DESTDIR_SUPPORT= user-destdir | |
20 | 20 | |||
@@ -53,20 +53,21 @@ CONF_FILES_PERMS+= /dev/null ${VARBASE}/ | @@ -53,20 +53,21 @@ CONF_FILES_PERMS+= /dev/null ${VARBASE}/ | |||
53 | SPECIAL_PERMS+= libexec/emacs/${PKGVERSION_NOREV}/${MACHINE_GNU_PLATFORM}/update-game-score ${GAMEOWN:Q} ${GAMEGRP:Q} ${GAMEMODE:Q} | 53 | SPECIAL_PERMS+= libexec/emacs/${PKGVERSION_NOREV}/${MACHINE_GNU_PLATFORM}/update-game-score ${GAMEOWN:Q} ${GAMEGRP:Q} ${GAMEMODE:Q} | |
54 | 54 | |||
55 | .if (${OPSYS} == "DragonFly") && exists(/usr/lib/crtbegin.o) | 55 | .if (${OPSYS} == "DragonFly") && exists(/usr/lib/crtbegin.o) | |
56 | CPPFLAGS+= -DDFLY_PRE_17_CRT | 56 | CPPFLAGS+= -DDFLY_PRE_17_CRT | |
57 | .endif | 57 | .endif | |
58 | 58 | |||
59 | post-extract: | 59 | post-extract: | |
60 | cp ${FILESDIR}/site-init.el ${WRKSRC}/lisp | 60 | cp ${FILESDIR}/site-init.el ${WRKSRC}/lisp | |
61 | cp ${FILESDIR}/dragonfly.h ${WRKSRC}/src/s | 61 | cp ${FILESDIR}/dragonfly.h ${WRKSRC}/src/s | |
62 | 62 | |||
63 | # for patch-ac | 63 | # for patch-ac | |
64 | post-build: | 64 | post-build: | |
65 | (cd ${WRKSRC}/lisp; ${MAKE_PROGRAM} files.elc) | 65 | (cd ${WRKSRC}/lisp; ${MAKE_PROGRAM} files.elc) | |
66 | (cd ${WRKSRC}/lisp; ${MAKE_PROGRAM} obsolete/fast-lock.elc) | |||
66 | touch ${WRKSRC}/etc/DOC | 67 | touch ${WRKSRC}/etc/DOC | |
67 | touch ${WRKSRC}/src/emacs | 68 | touch ${WRKSRC}/src/emacs | |
68 | 69 | |||
69 | .include "../../mk/oss.buildlink3.mk" | 70 | .include "../../mk/oss.buildlink3.mk" | |
70 | .include "../../mk/termcap.buildlink3.mk" | 71 | .include "../../mk/termcap.buildlink3.mk" | |
71 | 72 | |||
72 | .include "../../mk/bsd.pkg.mk" | 73 | .include "../../mk/bsd.pkg.mk" |
@@ -1,24 +1,25 @@ | @@ -1,24 +1,25 @@ | |||
1 | $NetBSD: distinfo,v 1.35.8.1 2008/05/01 13:41:33 rtr Exp $ | 1 | $NetBSD: distinfo,v 1.35.8.2 2008/06/05 11:49:47 rtr Exp $ | |
2 | 2 | |||
3 | SHA1 (emacs-22.1.tar.gz) = 327664173eabe5db49d4e7e4a4b1794577af902e | 3 | SHA1 (emacs-22.1.tar.gz) = 327664173eabe5db49d4e7e4a4b1794577af902e | |
4 | RMD160 (emacs-22.1.tar.gz) = da5360871db8b1d473ff7f0b0937ee6c278c0b19 | 4 | RMD160 (emacs-22.1.tar.gz) = da5360871db8b1d473ff7f0b0937ee6c278c0b19 | |
5 | Size (emacs-22.1.tar.gz) = 38172226 bytes | 5 | Size (emacs-22.1.tar.gz) = 38172226 bytes | |
6 | SHA1 (patch-aa) = d7ae318f2140dbd8f796bfcbb48f299fe6bf2d81 | 6 | SHA1 (patch-aa) = d7ae318f2140dbd8f796bfcbb48f299fe6bf2d81 | |
7 | SHA1 (patch-ab) = 0e022290d305fd73ab7aa633f955fca10ac70799 | 7 | SHA1 (patch-ab) = 0e022290d305fd73ab7aa633f955fca10ac70799 | |
8 | SHA1 (patch-ac) = 1fc45d38f879c2ae7287bc7f7a9cb868e2db74d8 | 8 | SHA1 (patch-ac) = 1fc45d38f879c2ae7287bc7f7a9cb868e2db74d8 | |
9 | SHA1 (patch-ad) = 39a11bc214ae3d2f9d634c30b196a46d473ab92f | 9 | SHA1 (patch-ad) = 39a11bc214ae3d2f9d634c30b196a46d473ab92f | |
10 | SHA1 (patch-ae) = 30a31df58bbcae854ded212ad42bde5b855a7318 | 10 | SHA1 (patch-ae) = 30a31df58bbcae854ded212ad42bde5b855a7318 | |
11 | SHA1 (patch-af) = 9b2b8c5dfe1b2dc9ca76587cdb323272f8cb103e | 11 | SHA1 (patch-af) = 9b2b8c5dfe1b2dc9ca76587cdb323272f8cb103e | |
12 | SHA1 (patch-aj) = 7707c5f8bb57bbacbd1d3c6f37a34916baacc363 | 12 | SHA1 (patch-aj) = 7707c5f8bb57bbacbd1d3c6f37a34916baacc363 | |
13 | SHA1 (patch-ak) = ef0bf533754e5392c419c251aac8278b5e90b438 | 13 | SHA1 (patch-ak) = ef0bf533754e5392c419c251aac8278b5e90b438 | |
14 | SHA1 (patch-am) = 4e068210bcbea638d143bd9fb566795636d77b35 | 14 | SHA1 (patch-am) = 4e068210bcbea638d143bd9fb566795636d77b35 | |
15 | SHA1 (patch-an) = b541a2e78398aba03a43bf5b38140661dd959e76 | 15 | SHA1 (patch-an) = b541a2e78398aba03a43bf5b38140661dd959e76 | |
16 | SHA1 (patch-ao) = a843f4d7dde6e1d701cf65b87458c44d6a8fa7d1 | 16 | SHA1 (patch-ao) = a843f4d7dde6e1d701cf65b87458c44d6a8fa7d1 | |
17 | SHA1 (patch-ap) = faad589de5971460b65ee9c0c4f01b035fb74b44 | 17 | SHA1 (patch-ap) = faad589de5971460b65ee9c0c4f01b035fb74b44 | |
18 | SHA1 (patch-aq) = 5d040fa79de68ec4a673db93caf3a9434c22a029 | 18 | SHA1 (patch-aq) = 5d040fa79de68ec4a673db93caf3a9434c22a029 | |
19 | SHA1 (patch-ar) = d681a5e6daef094da957f198ab1607dca95a306a | 19 | SHA1 (patch-ar) = d681a5e6daef094da957f198ab1607dca95a306a | |
20 | SHA1 (patch-as) = 15ab1dcc2d6a445b119b7f2bb8a8331b4aa1fbd0 | 20 | SHA1 (patch-as) = 15ab1dcc2d6a445b119b7f2bb8a8331b4aa1fbd0 | |
21 | SHA1 (patch-at) = 470cbad6632038ff85aa942f74cab601e7f707fe | 21 | SHA1 (patch-at) = 470cbad6632038ff85aa942f74cab601e7f707fe | |
22 | SHA1 (patch-au) = e5d90961b4d78c37dec196097a16e0b6ac22e3bb | 22 | SHA1 (patch-au) = e5d90961b4d78c37dec196097a16e0b6ac22e3bb | |
23 | SHA1 (patch-av) = 252f3085a1e4986a25b46afa74837ca0562f4f05 | 23 | SHA1 (patch-av) = 252f3085a1e4986a25b46afa74837ca0562f4f05 | |
24 | SHA1 (patch-aw) = 456feb2517cad514837b75863336265006c158ee | |||
24 | SHA1 (patch-xx) = c486e9ca2c9134caf60ec935bf086e29324b1979 | 25 | SHA1 (patch-xx) = c486e9ca2c9134caf60ec935bf086e29324b1979 |
$NetBSD: patch-aw,v 1.3.36.1 2008/06/05 11:49:47 rtr Exp $
fix for CVE-2008-2142 from post 22.2 cvs.
--- lisp/obsolete/fast-lock.el.orig 2007-01-21 16:53:09.000000000 +1300
+++ lisp/obsolete/fast-lock.el
@@ -286,7 +286,7 @@ for buffers in Rmail mode, and size is i
(integer :tag "size")))))
:group 'fast-lock)
-(defcustom fast-lock-cache-directories '("." "~/.emacs-flc")
+(defcustom fast-lock-cache-directories '("~/.emacs-flc")
; - `internal', keep each file's Font Lock cache file in the same file.
; - `external', keep each file's Font Lock cache file in the same directory.
"*Directories in which Font Lock cache files are saved and read.
@@ -304,12 +304,15 @@ For example:
((\"^/your/true/home/directory/\" . \".\") \"~/.emacs-flc\")
would cause a file's current directory to be used if the file is under your
-home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'."
+home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'.
+For security reasons, it is not advisable to use the file's current directory
+to avoid the possibility of using the cache of another user."
:type '(repeat (radio (directory :tag "directory")
(cons :tag "Matching"
(regexp :tag "regexp")
(directory :tag "directory"))))
:group 'fast-lock)
+(put 'fast-lock-cache-directories 'risky-local-variable t)
(defcustom fast-lock-save-events '(kill-buffer kill-emacs)
"*Events under which caches will be saved.