Mon Aug 13 11:50:52 2012 UTC ()

Pullup ticket #3898 - requested by wiz
editors/emacs24-nox11: security patch
editors/emacs24: security patch

Revisions pulled up:
- editors/emacs24-nox11/Makefile                                1.3
- editors/emacs24-nox11/version.mk                              1.2
- editors/emacs24/Makefile                                      1.4
- editors/emacs24/distinfo                                      1.3-1.4
- editors/emacs24/patches/patch-aa                              1.2
- editors/emacs24/patches/patch-ab                              1.2
- editors/emacs24/patches/patch-lisp_files.el                   1.1

---
   Module Name:	pkgsrc
   Committed By:	marino
   Date:		Fri Aug 10 10:08:14 UTC 2012

   Modified Files:
   	pkgsrc/editors/emacs24: distinfo
   	pkgsrc/editors/emacs24/patches: patch-aa patch-ab

   Log Message:
   editors/emacs24: update configure* patches for DragonFly

   DragonFly needs libc explicitly defined for its linker.
   The temacs utility still segfaults, but at least it builds now.

---
   Module Name:	pkgsrc
   Committed By:	jmmv
   Date:		Sat Aug 11 17:21:04 UTC 2012

   Modified Files:
   	pkgsrc/editors/emacs24-nox11: version.mk

   Log Message:
   Fix the build of emacs modules when EMACS_TYPE=emacs24nox.

   The emacs flavor is 'emacs' and the package dependency is 'emacs-nox11',
   not 'emacs24' nor 'emacs24-nox11' (respectively).

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Aug 13 06:38:50 UTC 2012

   Modified Files:
   	pkgsrc/editors/emacs24: Makefile distinfo
   	pkgsrc/editors/emacs24-nox11: Makefile

   Log Message:
   Fix CVE-2012-3479:
   When the Emacs user option `enable-local-variables' is set to `:safe'
   (the default value is t), Emacs should automatically refuse to evaluate
   `eval' forms in file-local variable sections.  Due to the bug, Emacs
   instead automatically evaluates such `eval' forms.  Thus, if the user
   changes the value of `enable-local-variables' to `:safe', visiting a
   malicious file can cause automatic execution of arbitrary Emacs Lisp
   code with the permissions of the user.

   Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155

   Bump PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Aug 13 06:39:06 UTC 2012

   Added Files:
   	pkgsrc/editors/emacs24/patches: patch-lisp_files.el

   Log Message:
   Fix CVE-2012-3479:
   When the Emacs user option `enable-local-variables' is set to `:safe'
   (the default value is t), Emacs should automatically refuse to evaluate
   `eval' forms in file-local variable sections.  Due to the bug, Emacs
   instead automatically evaluates such `eval' forms.  Thus, if the user
   changes the value of `enable-local-variables' to `:safe', visiting a
   malicious file can cause automatic execution of arbitrary Emacs Lisp
   code with the permissions of the user.

   Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155


(tron)

diff -r1.3 -r1.3.2.1 pkgsrc/editors/emacs24/Makefile
diff -r1.2 -r1.2.2.1 pkgsrc/editors/emacs24/distinfo
diff -r1.2 -r1.2.2.1 pkgsrc/editors/emacs24-nox11/Makefile
diff -r1.1 -r1.1.2.1 pkgsrc/editors/emacs24-nox11/version.mk
diff -r1.1 -r1.1.2.1 pkgsrc/editors/emacs24/patches/patch-aa
diff -r1.1 -r1.1.2.1 pkgsrc/editors/emacs24/patches/patch-ab
diff -r0 -r1.1.2.2 pkgsrc/editors/emacs24/patches/patch-lisp_files.el

--- pkgsrc/editors/emacs24/Attic/Makefile 2012/06/29 06:31:35 1.3
+++ pkgsrc/editors/emacs24/Attic/Makefile 2012/08/13 11:50:52 1.3.2.1

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.3 2012/06/29 06:31:35 wiz Exp $
+# $NetBSD: Makefile,v 1.3.2.1 2012/08/13 11:50:52 tron Exp $
 CONFLICTS+=	emacs-nox11-[0-9]*
 .include "../../editors/emacs24/Makefile.common"
-PKGREVISION=	1
+PKGREVISION=	2
 .include "options.mk"
 SUBST_CLASSES+=		prefix
 SUBST_STAGE.prefix=	pre-configure
 SUBST_VARS.prefix=	PREFIX
 SUBST_FILES.prefix=	src/s/netbsd.h
 .include "../../graphics/hicolor-icon-theme/buildlink3.mk"
 .include "../../sysutils/desktop-file-utils/desktopdb.mk"
 .include "../../mk/bsd.pkg.mk"

--- pkgsrc/editors/emacs24/Attic/distinfo 2012/06/26 17:02:31 1.2
+++ pkgsrc/editors/emacs24/Attic/distinfo 2012/08/13 11:50:52 1.2.2.1

 @@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.2 2012/06/26 17:02:31 asau Exp $
+$NetBSD: distinfo,v 1.2.2.1 2012/08/13 11:50:52 tron Exp $
 SHA1 (emacs-24.1.tar.gz) = f064396724a27c83b79b2d890d188abebaa5975e
 RMD160 (emacs-24.1.tar.gz) = 0fed00042339f46b29449bd561d2f881d13d8d38
 Size (emacs-24.1.tar.gz) = 51473111 bytes
-SHA1 (patch-aa) = af6b26c47c3c9f4d444365945fa866001c7c28b7
+SHA1 (patch-aa) = dc41270debcdeba46056590ff99e72e79bd04729
-SHA1 (patch-ab) = 5b724343be52905f51e15f425295686205776e30
+SHA1 (patch-ab) = 3021afead5011aa864a2734eeb72136c36580fb2
 SHA1 (patch-ad) = adc347ccd6edeb6e7ad96eeb98d6ee64176fb143
 SHA1 (patch-ag) = 3e6ee4774189185af10eada9c935120491318313
 SHA1 (patch-lisp_files.el) = 9963e3b6485ae569818f64ab878c3eb46895333d

--- pkgsrc/editors/emacs24-nox11/Attic/Makefile 2012/06/26 17:02:31 1.2
+++ pkgsrc/editors/emacs24-nox11/Attic/Makefile 2012/08/13 11:50:52 1.2.2.1

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.2 2012/06/26 17:02:31 asau Exp $
+# $NetBSD: Makefile,v 1.2.2.1 2012/08/13 11:50:52 tron Exp $
 PKGNAME=	${DISTNAME:S/-/-nox11-/}
-PKGREVISION=	1
+PKGREVISION=	2
 CONFLICTS+=	emacs-[0-9]*
 FILESDIR=	${.CURDIR}/../../editors/emacs24/files
 PATCHDIR=	${.CURDIR}/../../editors/emacs24/patches
 PKGDIR=		${.CURDIR}/../../editors/emacs24
 .include "../../editors/emacs24/Makefile.common"
 CONFIGURE_ARGS+=	--without-dbus --without-m17n-flt --without-otf \
 			--without-rsvg --without-x --without-xft \
 			--without-gif --without-jpeg --without-png \
 			--without-tiff --without-xpm

--- pkgsrc/editors/emacs24-nox11/Attic/version.mk 2012/06/16 21:04:16 1.1
+++ pkgsrc/editors/emacs24-nox11/Attic/version.mk 2012/08/13 11:50:52 1.1.2.1

 @@ -1,7 +1,7 @@
-# $NetBSD: version.mk,v 1.1 2012/06/16 21:04:16 dholland Exp $
+# $NetBSD: version.mk,v 1.1.2.1 2012/08/13 11:50:52 tron Exp $
-_EMACS_FLAVOR=	emacs24
+_EMACS_FLAVOR=	emacs
-_EMACS_REQD=	emacs24-nox11>=24.1<25
+_EMACS_REQD=	emacs-nox11>=24.1<25
 _EMACS_VERSION_MAJOR=	24
 _EMACS_VERSION_MINOR=	1

--- pkgsrc/editors/emacs24/patches/Attic/patch-aa 2012/06/16 21:03:42 1.1
+++ pkgsrc/editors/emacs24/patches/Attic/patch-aa 2012/08/13 11:50:52 1.1.2.1

 @@ -1,21 +1,31 @@
-$NetBSD: patch-aa,v 1.1 2012/06/16 21:03:42 dholland Exp $
+$NetBSD: patch-aa,v 1.1.2.1 2012/08/13 11:50:52 tron Exp $
-Add DrgonFly
+Add DragonFly
---- configure.in.orig	2012-06-09 13:15:01.000000000 +0900
+--- configure.in.orig	2012-06-01 06:17:13.000000000 +0000
-+++ configure.in	2012-06-09 13:18:11.000000000 +0900
++++ configure.in
-@@ -469,6 +469,14 @@
+@@ -469,6 +469,14 @@ case "${canonical}" in
        vax-*)       machine=vax ;;
      esac
    ;;
 +  ## DragonFly ports
 +  *-*-dragonfly*)
 +    opsys=dragonfly
 +    case "${canonical}" in
 +      i[3456]86-*-dragonfly*)     machine=intel386 ;;
 +      amd64-*-dragonfly*|x86_64-*-dragonfly*) machine=amdx86-64 ;;
 +    esac
 +  ;;
    ## OpenBSD ports
    *-*-openbsd* )
@@ -998,6 +1006,9 @@ case $opsys in
      LIB_MATH=
      START_FILES='pre-crt0.o'
      ;;
 +  dragonfly )
 +    LIB_STANDARD=-lc
 +    ;;
    freebsd )
      LIB_STANDARD='-lgcc -lc -lgcc $(CRT_DIR)/crtend.o $(CRT_DIR)/crtn.o'
      START_FILES='pre-crt0.o $(CRT_DIR)/crt1.o $(CRT_DIR)/crti.o $(CRT_DIR)/crtbegin.o'

--- pkgsrc/editors/emacs24/patches/Attic/patch-ab 2012/06/16 21:03:42 1.1
+++ pkgsrc/editors/emacs24/patches/Attic/patch-ab 2012/08/13 11:50:52 1.1.2.1

 @@ -1,22 +1,32 @@
-$NetBSD: patch-ab,v 1.1 2012/06/16 21:03:42 dholland Exp $
+$NetBSD: patch-ab,v 1.1.2.1 2012/08/13 11:50:52 tron Exp $
 Add DragonFly
---- configure.orig	2012-06-01 15:21:49.000000000 +0900
+--- configure.orig	2012-06-10 07:29:35.000000000 +0000
-+++ configure	2012-06-09 13:19:56.000000000 +0900
++++ configure
-@@ -4476,6 +4476,15 @@
+@@ -4476,6 +4476,15 @@ case "${canonical}" in
      esac
    ;;
 +  ## DragonFly ports
 +  *-*-dragonfly*)
 +    opsys=dragonfly
 +    case "${canonical}" in
 +      i[3456]86-*-dragonfly*)     machine=intel386 ;;
 +      amd64-*-dragonfly*|x86_64-*-dragonfly*) machine=amdx86-64 ;;
 +    esac
 +  ;;
++
    ## OpenBSD ports
    *-*-openbsd* )
      opsys=openbsd
@@ -8088,6 +8097,9 @@ case $opsys in
      LIB_MATH=
      START_FILES='pre-crt0.o'
      ;;
 +  dragonfly )
 +    LIB_STANDARD=-lc
 +    ;;
    freebsd )
      LIB_STANDARD='-lgcc -lc -lgcc $(CRT_DIR)/crtend.o $(CRT_DIR)/crtn.o'
      START_FILES='pre-crt0.o $(CRT_DIR)/crt1.o $(CRT_DIR)/crti.o $(CRT_DIR)/crtbegin.o'

$NetBSD: patch-lisp_files.el,v 1.1.2.2 2012/08/13 11:50:52 tron Exp $

CVE-2012-3479:
When the Emacs user option `enable-local-variables' is set to `:safe'
(the default value is t), Emacs should automatically refuse to evaluate
`eval' forms in file-local variable sections.  Due to the bug, Emacs
instead automatically evaluates such `eval' forms.  Thus, if the user
changes the value of `enable-local-variables' to `:safe', visiting a
malicious file can cause automatic execution of arbitrary Emacs Lisp
code with the permissions of the user.

Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155

--- lisp/files.el.orig	2012-05-14 12:00:02.000000000 +0000
+++ lisp/files.el
@@ -3107,11 +3107,16 @@ DIR-NAME is the name of the associated d
 	      ;; Obey `enable-local-eval'.
 	      ((eq var 'eval)
 	       (when enable-local-eval
-		 (push elt all-vars)
-		 (or (eq enable-local-eval t)
-		     (hack-one-local-variable-eval-safep (eval (quote val)))
-		     (safe-local-variable-p var val)
-		     (push elt unsafe-vars))))
+		 (let ((safe (or (hack-one-local-variable-eval-safep
+				  (eval (quote val)))
+				 ;; In case previously marked safe (bug#5636).
+				 (safe-local-variable-p var val))))
+		   ;; If not safe and e-l-v = :safe, ignore totally.
+		   (when (or safe (not (eq enable-local-variables :safe)))
+		     (push elt all-vars)
+		     (or (eq enable-local-eval t)
+			 safe
+			 (push elt unsafe-vars))))))
 	      ;; Ignore duplicates (except `mode') in the present list.
 	      ((and (assq var all-vars) (not (eq var 'mode))) nil)
 	      ;; Accept known-safe variables.