Mon Aug 13 11:50:52 2012 UTC ()
Pullup ticket #3898 - requested by wiz
editors/emacs24-nox11: security patch
editors/emacs24: security patch
Revisions pulled up:
- editors/emacs24-nox11/Makefile 1.3
- editors/emacs24-nox11/version.mk 1.2
- editors/emacs24/Makefile 1.4
- editors/emacs24/distinfo 1.3-1.4
- editors/emacs24/patches/patch-aa 1.2
- editors/emacs24/patches/patch-ab 1.2
- editors/emacs24/patches/patch-lisp_files.el 1.1
---
Module Name: pkgsrc
Committed By: marino
Date: Fri Aug 10 10:08:14 UTC 2012
Modified Files:
pkgsrc/editors/emacs24: distinfo
pkgsrc/editors/emacs24/patches: patch-aa patch-ab
Log Message:
editors/emacs24: update configure* patches for DragonFly
DragonFly needs libc explicitly defined for its linker.
The temacs utility still segfaults, but at least it builds now.
---
Module Name: pkgsrc
Committed By: jmmv
Date: Sat Aug 11 17:21:04 UTC 2012
Modified Files:
pkgsrc/editors/emacs24-nox11: version.mk
Log Message:
Fix the build of emacs modules when EMACS_TYPE=emacs24nox.
The emacs flavor is 'emacs' and the package dependency is 'emacs-nox11',
not 'emacs24' nor 'emacs24-nox11' (respectively).
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 13 06:38:50 UTC 2012
Modified Files:
pkgsrc/editors/emacs24: Makefile distinfo
pkgsrc/editors/emacs24-nox11: Makefile
Log Message:
Fix CVE-2012-3479:
When the Emacs user option `enable-local-variables' is set to `:safe'
(the default value is t), Emacs should automatically refuse to evaluate
`eval' forms in file-local variable sections. Due to the bug, Emacs
instead automatically evaluates such `eval' forms. Thus, if the user
changes the value of `enable-local-variables' to `:safe', visiting a
malicious file can cause automatic execution of arbitrary Emacs Lisp
code with the permissions of the user.
Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 13 06:39:06 UTC 2012
Added Files:
pkgsrc/editors/emacs24/patches: patch-lisp_files.el
Log Message:
Fix CVE-2012-3479:
When the Emacs user option `enable-local-variables' is set to `:safe'
(the default value is t), Emacs should automatically refuse to evaluate
`eval' forms in file-local variable sections. Due to the bug, Emacs
instead automatically evaluates such `eval' forms. Thus, if the user
changes the value of `enable-local-variables' to `:safe', visiting a
malicious file can cause automatic execution of arbitrary Emacs Lisp
code with the permissions of the user.
Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
(tron)
diff -r1.3 -r1.3.2.1 pkgsrc/editors/emacs24/Makefile
diff -r1.2 -r1.2.2.1 pkgsrc/editors/emacs24/distinfo
diff -r1.2 -r1.2.2.1 pkgsrc/editors/emacs24-nox11/Makefile
diff -r1.1 -r1.1.2.1 pkgsrc/editors/emacs24-nox11/version.mk
diff -r1.1 -r1.1.2.1 pkgsrc/editors/emacs24/patches/patch-aa
diff -r1.1 -r1.1.2.1 pkgsrc/editors/emacs24/patches/patch-ab
diff -r0 -r1.1.2.2 pkgsrc/editors/emacs24/patches/patch-lisp_files.el
--- pkgsrc/editors/emacs24/Attic/Makefile 2012/06/29 06:31:35 1.3
+++ pkgsrc/editors/emacs24/Attic/Makefile 2012/08/13 11:50:52 1.3.2.1
| @@ -1,17 +1,17 @@ | | | @@ -1,17 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.3 2012/06/29 06:31:35 wiz Exp $ | | 1 | # $NetBSD: Makefile,v 1.3.2.1 2012/08/13 11:50:52 tron Exp $ |
2 | | | 2 | |
3 | CONFLICTS+= emacs-nox11-[0-9]* | | 3 | CONFLICTS+= emacs-nox11-[0-9]* |
4 | | | 4 | |
5 | .include "../../editors/emacs24/Makefile.common" | | 5 | .include "../../editors/emacs24/Makefile.common" |
6 | PKGREVISION= 1 | | 6 | PKGREVISION= 2 |
7 | | | 7 | |
8 | .include "options.mk" | | 8 | .include "options.mk" |
9 | | | 9 | |
10 | SUBST_CLASSES+= prefix | | 10 | SUBST_CLASSES+= prefix |
11 | SUBST_STAGE.prefix= pre-configure | | 11 | SUBST_STAGE.prefix= pre-configure |
12 | SUBST_VARS.prefix= PREFIX | | 12 | SUBST_VARS.prefix= PREFIX |
13 | SUBST_FILES.prefix= src/s/netbsd.h | | 13 | SUBST_FILES.prefix= src/s/netbsd.h |
14 | | | 14 | |
15 | .include "../../graphics/hicolor-icon-theme/buildlink3.mk" | | 15 | .include "../../graphics/hicolor-icon-theme/buildlink3.mk" |
16 | .include "../../sysutils/desktop-file-utils/desktopdb.mk" | | 16 | .include "../../sysutils/desktop-file-utils/desktopdb.mk" |
17 | .include "../../mk/bsd.pkg.mk" | | 17 | .include "../../mk/bsd.pkg.mk" |
--- pkgsrc/editors/emacs24/Attic/distinfo 2012/06/26 17:02:31 1.2
+++ pkgsrc/editors/emacs24/Attic/distinfo 2012/08/13 11:50:52 1.2.2.1
| @@ -1,9 +1,10 @@ | | | @@ -1,9 +1,10 @@ |
1 | $NetBSD: distinfo,v 1.2 2012/06/26 17:02:31 asau Exp $ | | 1 | $NetBSD: distinfo,v 1.2.2.1 2012/08/13 11:50:52 tron Exp $ |
2 | | | 2 | |
3 | SHA1 (emacs-24.1.tar.gz) = f064396724a27c83b79b2d890d188abebaa5975e | | 3 | SHA1 (emacs-24.1.tar.gz) = f064396724a27c83b79b2d890d188abebaa5975e |
4 | RMD160 (emacs-24.1.tar.gz) = 0fed00042339f46b29449bd561d2f881d13d8d38 | | 4 | RMD160 (emacs-24.1.tar.gz) = 0fed00042339f46b29449bd561d2f881d13d8d38 |
5 | Size (emacs-24.1.tar.gz) = 51473111 bytes | | 5 | Size (emacs-24.1.tar.gz) = 51473111 bytes |
6 | SHA1 (patch-aa) = af6b26c47c3c9f4d444365945fa866001c7c28b7 | | 6 | SHA1 (patch-aa) = dc41270debcdeba46056590ff99e72e79bd04729 |
7 | SHA1 (patch-ab) = 5b724343be52905f51e15f425295686205776e30 | | 7 | SHA1 (patch-ab) = 3021afead5011aa864a2734eeb72136c36580fb2 |
8 | SHA1 (patch-ad) = adc347ccd6edeb6e7ad96eeb98d6ee64176fb143 | | 8 | SHA1 (patch-ad) = adc347ccd6edeb6e7ad96eeb98d6ee64176fb143 |
9 | SHA1 (patch-ag) = 3e6ee4774189185af10eada9c935120491318313 | | 9 | SHA1 (patch-ag) = 3e6ee4774189185af10eada9c935120491318313 |
| | | 10 | SHA1 (patch-lisp_files.el) = 9963e3b6485ae569818f64ab878c3eb46895333d |
--- pkgsrc/editors/emacs24-nox11/Attic/Makefile 2012/06/26 17:02:31 1.2
+++ pkgsrc/editors/emacs24-nox11/Attic/Makefile 2012/08/13 11:50:52 1.2.2.1
| @@ -1,17 +1,17 @@ | | | @@ -1,17 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.2 2012/06/26 17:02:31 asau Exp $ | | 1 | # $NetBSD: Makefile,v 1.2.2.1 2012/08/13 11:50:52 tron Exp $ |
2 | | | 2 | |
3 | PKGNAME= ${DISTNAME:S/-/-nox11-/} | | 3 | PKGNAME= ${DISTNAME:S/-/-nox11-/} |
4 | PKGREVISION= 1 | | 4 | PKGREVISION= 2 |
5 | | | 5 | |
6 | CONFLICTS+= emacs-[0-9]* | | 6 | CONFLICTS+= emacs-[0-9]* |
7 | | | 7 | |
8 | FILESDIR= ${.CURDIR}/../../editors/emacs24/files | | 8 | FILESDIR= ${.CURDIR}/../../editors/emacs24/files |
9 | PATCHDIR= ${.CURDIR}/../../editors/emacs24/patches | | 9 | PATCHDIR= ${.CURDIR}/../../editors/emacs24/patches |
10 | PKGDIR= ${.CURDIR}/../../editors/emacs24 | | 10 | PKGDIR= ${.CURDIR}/../../editors/emacs24 |
11 | | | 11 | |
12 | .include "../../editors/emacs24/Makefile.common" | | 12 | .include "../../editors/emacs24/Makefile.common" |
13 | | | 13 | |
14 | CONFIGURE_ARGS+= --without-dbus --without-m17n-flt --without-otf \ | | 14 | CONFIGURE_ARGS+= --without-dbus --without-m17n-flt --without-otf \ |
15 | --without-rsvg --without-x --without-xft \ | | 15 | --without-rsvg --without-x --without-xft \ |
16 | --without-gif --without-jpeg --without-png \ | | 16 | --without-gif --without-jpeg --without-png \ |
17 | --without-tiff --without-xpm | | 17 | --without-tiff --without-xpm |
--- pkgsrc/editors/emacs24-nox11/Attic/version.mk 2012/06/16 21:04:16 1.1
+++ pkgsrc/editors/emacs24-nox11/Attic/version.mk 2012/08/13 11:50:52 1.1.2.1
| @@ -1,7 +1,7 @@ | | | @@ -1,7 +1,7 @@ |
1 | # $NetBSD: version.mk,v 1.1 2012/06/16 21:04:16 dholland Exp $ | | 1 | # $NetBSD: version.mk,v 1.1.2.1 2012/08/13 11:50:52 tron Exp $ |
2 | | | 2 | |
3 | _EMACS_FLAVOR= emacs24 | | 3 | _EMACS_FLAVOR= emacs |
4 | _EMACS_REQD= emacs24-nox11>=24.1<25 | | 4 | _EMACS_REQD= emacs-nox11>=24.1<25 |
5 | | | 5 | |
6 | _EMACS_VERSION_MAJOR= 24 | | 6 | _EMACS_VERSION_MAJOR= 24 |
7 | _EMACS_VERSION_MINOR= 1 | | 7 | _EMACS_VERSION_MINOR= 1 |
--- pkgsrc/editors/emacs24/patches/Attic/patch-aa 2012/06/16 21:03:42 1.1
+++ pkgsrc/editors/emacs24/patches/Attic/patch-aa 2012/08/13 11:50:52 1.1.2.1
| @@ -1,21 +1,31 @@ | | | @@ -1,21 +1,31 @@ |
1 | $NetBSD: patch-aa,v 1.1 2012/06/16 21:03:42 dholland Exp $ | | 1 | $NetBSD: patch-aa,v 1.1.2.1 2012/08/13 11:50:52 tron Exp $ |
2 | | | 2 | |
3 | Add DrgonFly | | 3 | Add DragonFly |
4 | | | 4 | |
5 | --- configure.in.orig 2012-06-09 13:15:01.000000000 +0900 | | 5 | --- configure.in.orig 2012-06-01 06:17:13.000000000 +0000 |
6 | +++ configure.in 2012-06-09 13:18:11.000000000 +0900 | | 6 | +++ configure.in |
7 | @@ -469,6 +469,14 @@ | | 7 | @@ -469,6 +469,14 @@ case "${canonical}" in |
8 | vax-*) machine=vax ;; | | 8 | vax-*) machine=vax ;; |
9 | esac | | 9 | esac |
10 | ;; | | 10 | ;; |
11 | + ## DragonFly ports | | 11 | + ## DragonFly ports |
12 | + *-*-dragonfly*) | | 12 | + *-*-dragonfly*) |
13 | + opsys=dragonfly | | 13 | + opsys=dragonfly |
14 | + case "${canonical}" in | | 14 | + case "${canonical}" in |
15 | + i[3456]86-*-dragonfly*) machine=intel386 ;; | | 15 | + i[3456]86-*-dragonfly*) machine=intel386 ;; |
16 | + amd64-*-dragonfly*|x86_64-*-dragonfly*) machine=amdx86-64 ;; | | 16 | + amd64-*-dragonfly*|x86_64-*-dragonfly*) machine=amdx86-64 ;; |
17 | + esac | | 17 | + esac |
18 | + ;; | | 18 | + ;; |
19 | | | 19 | |
20 | ## OpenBSD ports | | 20 | ## OpenBSD ports |
21 | *-*-openbsd* ) | | 21 | *-*-openbsd* ) |
| | | 22 | @@ -998,6 +1006,9 @@ case $opsys in |
| | | 23 | LIB_MATH= |
| | | 24 | START_FILES='pre-crt0.o' |
| | | 25 | ;; |
| | | 26 | + dragonfly ) |
| | | 27 | + LIB_STANDARD=-lc |
| | | 28 | + ;; |
| | | 29 | freebsd ) |
| | | 30 | LIB_STANDARD='-lgcc -lc -lgcc $(CRT_DIR)/crtend.o $(CRT_DIR)/crtn.o' |
| | | 31 | START_FILES='pre-crt0.o $(CRT_DIR)/crt1.o $(CRT_DIR)/crti.o $(CRT_DIR)/crtbegin.o' |
--- pkgsrc/editors/emacs24/patches/Attic/patch-ab 2012/06/16 21:03:42 1.1
+++ pkgsrc/editors/emacs24/patches/Attic/patch-ab 2012/08/13 11:50:52 1.1.2.1
| @@ -1,22 +1,32 @@ | | | @@ -1,22 +1,32 @@ |
1 | $NetBSD: patch-ab,v 1.1 2012/06/16 21:03:42 dholland Exp $ | | 1 | $NetBSD: patch-ab,v 1.1.2.1 2012/08/13 11:50:52 tron Exp $ |
2 | | | 2 | |
3 | Add DragonFly | | 3 | Add DragonFly |
4 | | | 4 | |
5 | --- configure.orig 2012-06-01 15:21:49.000000000 +0900 | | 5 | --- configure.orig 2012-06-10 07:29:35.000000000 +0000 |
6 | +++ configure 2012-06-09 13:19:56.000000000 +0900 | | 6 | +++ configure |
7 | @@ -4476,6 +4476,15 @@ | | 7 | @@ -4476,6 +4476,15 @@ case "${canonical}" in |
8 | esac | | 8 | esac |
9 | ;; | | 9 | ;; |
10 | | | 10 | |
11 | + ## DragonFly ports | | 11 | + ## DragonFly ports |
12 | + *-*-dragonfly*) | | 12 | + *-*-dragonfly*) |
13 | + opsys=dragonfly | | 13 | + opsys=dragonfly |
14 | + case "${canonical}" in | | 14 | + case "${canonical}" in |
15 | + i[3456]86-*-dragonfly*) machine=intel386 ;; | | 15 | + i[3456]86-*-dragonfly*) machine=intel386 ;; |
16 | + amd64-*-dragonfly*|x86_64-*-dragonfly*) machine=amdx86-64 ;; | | 16 | + amd64-*-dragonfly*|x86_64-*-dragonfly*) machine=amdx86-64 ;; |
17 | + esac | | 17 | + esac |
18 | + ;; | | 18 | + ;; |
19 | + | | 19 | + |
20 | ## OpenBSD ports | | 20 | ## OpenBSD ports |
21 | *-*-openbsd* ) | | 21 | *-*-openbsd* ) |
22 | opsys=openbsd | | 22 | opsys=openbsd |
| | | 23 | @@ -8088,6 +8097,9 @@ case $opsys in |
| | | 24 | LIB_MATH= |
| | | 25 | START_FILES='pre-crt0.o' |
| | | 26 | ;; |
| | | 27 | + dragonfly ) |
| | | 28 | + LIB_STANDARD=-lc |
| | | 29 | + ;; |
| | | 30 | freebsd ) |
| | | 31 | LIB_STANDARD='-lgcc -lc -lgcc $(CRT_DIR)/crtend.o $(CRT_DIR)/crtn.o' |
| | | 32 | START_FILES='pre-crt0.o $(CRT_DIR)/crt1.o $(CRT_DIR)/crti.o $(CRT_DIR)/crtbegin.o' |
$NetBSD: patch-lisp_files.el,v 1.1.2.2 2012/08/13 11:50:52 tron Exp $
CVE-2012-3479:
When the Emacs user option `enable-local-variables' is set to `:safe'
(the default value is t), Emacs should automatically refuse to evaluate
`eval' forms in file-local variable sections. Due to the bug, Emacs
instead automatically evaluates such `eval' forms. Thus, if the user
changes the value of `enable-local-variables' to `:safe', visiting a
malicious file can cause automatic execution of arbitrary Emacs Lisp
code with the permissions of the user.
Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
--- lisp/files.el.orig 2012-05-14 12:00:02.000000000 +0000
+++ lisp/files.el
@@ -3107,11 +3107,16 @@ DIR-NAME is the name of the associated d
;; Obey `enable-local-eval'.
((eq var 'eval)
(when enable-local-eval
- (push elt all-vars)
- (or (eq enable-local-eval t)
- (hack-one-local-variable-eval-safep (eval (quote val)))
- (safe-local-variable-p var val)
- (push elt unsafe-vars))))
+ (let ((safe (or (hack-one-local-variable-eval-safep
+ (eval (quote val)))
+ ;; In case previously marked safe (bug#5636).
+ (safe-local-variable-p var val))))
+ ;; If not safe and e-l-v = :safe, ignore totally.
+ (when (or safe (not (eq enable-local-variables :safe)))
+ (push elt all-vars)
+ (or (eq enable-local-eval t)
+ safe
+ (push elt unsafe-vars))))))
;; Ignore duplicates (except `mode') in the present list.
((and (assq var all-vars) (not (eq var 'mode))) nil)
;; Accept known-safe variables.