[pkgsrc/pkgsrc-2008Q1]: pkgsrc/editors/emacs pullup ticket #2412 - requested ...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/editors/emacs pullup ticket #2412 - requested ...
From: rtr <rtr%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 05:57:13 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2b2d2ee44ced
branches:  pkgsrc-2008Q1
changeset: 540400:2b2d2ee44ced
user:      rtr <rtr%pkgsrc.org@localhost>
date:      Thu Jun 05 11:49:47 2008 +0000

description:
pullup ticket #2412 - requested by markd
emacs: Fix for CVE-2008-2142

revisions pulled up:
- pkgsrc/editors/emacs/Makefile         1.113
- pkgsrc/editors/emacs/distinfo         1.37
- pkgsrc/editors/emacs/patches/patch-aw 1.4

   Module Name: pkgsrc
   Committed By:        markd
   Date:                Mon Jun  2 21:09:48 UTC 2008

   Modified Files:
        pkgsrc/editors/emacs: Makefile distinfo
   Added Files:
        pkgsrc/editors/emacs/patches: patch-aw

   Log Message:
   Fix for CVE-2008-2142, automatically loading and executing .flc files.

diffstat:

 editors/emacs/Makefile         |   5 +++--
 editors/emacs/distinfo         |   3 ++-
 editors/emacs/patches/patch-aw |  32 ++++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+), 3 deletions(-)

diffs (75 lines):

diff -r bdababf24d8e -r 2b2d2ee44ced editors/emacs/Makefile
--- a/editors/emacs/Makefile    Tue Jun 03 11:21:55 2008 +0000
+++ b/editors/emacs/Makefile    Thu Jun 05 11:49:47 2008 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.106.4.2 2008/05/05 18:20:22 spz Exp $
+# $NetBSD: Makefile,v 1.106.4.3 2008/06/05 11:49:47 rtr Exp $
 
 PKGNAME?=      ${DISTNAME}
 COMMENT?=      GNU editing macros (editor)
 
 DISTNAME=      emacs-22.1
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    editors
 MASTER_SITES=  ${MASTER_SITE_GNU:=emacs/}
 
@@ -63,6 +63,7 @@
 # for patch-ac
 post-build:
        (cd ${WRKSRC}/lisp; ${MAKE_PROGRAM} files.elc)
+       (cd ${WRKSRC}/lisp; ${MAKE_PROGRAM} obsolete/fast-lock.elc)
        touch ${WRKSRC}/etc/DOC
        touch ${WRKSRC}/src/emacs
 
diff -r bdababf24d8e -r 2b2d2ee44ced editors/emacs/distinfo
--- a/editors/emacs/distinfo    Tue Jun 03 11:21:55 2008 +0000
+++ b/editors/emacs/distinfo    Thu Jun 05 11:49:47 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35.8.1 2008/05/01 13:41:33 rtr Exp $
+$NetBSD: distinfo,v 1.35.8.2 2008/06/05 11:49:47 rtr Exp $
 
 SHA1 (emacs-22.1.tar.gz) = 327664173eabe5db49d4e7e4a4b1794577af902e
 RMD160 (emacs-22.1.tar.gz) = da5360871db8b1d473ff7f0b0937ee6c278c0b19
@@ -21,4 +21,5 @@
 SHA1 (patch-at) = 470cbad6632038ff85aa942f74cab601e7f707fe
 SHA1 (patch-au) = e5d90961b4d78c37dec196097a16e0b6ac22e3bb
 SHA1 (patch-av) = 252f3085a1e4986a25b46afa74837ca0562f4f05
+SHA1 (patch-aw) = 456feb2517cad514837b75863336265006c158ee
 SHA1 (patch-xx) = c486e9ca2c9134caf60ec935bf086e29324b1979
diff -r bdababf24d8e -r 2b2d2ee44ced editors/emacs/patches/patch-aw
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/editors/emacs/patches/patch-aw    Thu Jun 05 11:49:47 2008 +0000
@@ -0,0 +1,32 @@
+$NetBSD: patch-aw,v 1.3.36.1 2008/06/05 11:49:47 rtr Exp $
+
+fix for CVE-2008-2142 from post 22.2 cvs.
+
+--- lisp/obsolete/fast-lock.el.orig    2007-01-21 16:53:09.000000000 +1300
++++ lisp/obsolete/fast-lock.el
+@@ -286,7 +286,7 @@ for buffers in Rmail mode, and size is i
+                                     (integer :tag "size")))))
+   :group 'fast-lock)
+ 
+-(defcustom fast-lock-cache-directories '("." "~/.emacs-flc")
++(defcustom fast-lock-cache-directories '("~/.emacs-flc")
+ ; - `internal', keep each file's Font Lock cache file in the same file.
+ ; - `external', keep each file's Font Lock cache file in the same directory.
+   "*Directories in which Font Lock cache files are saved and read.
+@@ -304,12 +304,15 @@ For example:
+  ((\"^/your/true/home/directory/\" . \".\") \"~/.emacs-flc\")
+ 
+ would cause a file's current directory to be used if the file is under your
+-home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'."
++home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'.
++For security reasons, it is not advisable to use the file's current directory
++to avoid the possibility of using the cache of another user."
+   :type '(repeat (radio (directory :tag "directory")
+                       (cons :tag "Matching"
+                             (regexp :tag "regexp")
+                             (directory :tag "directory"))))
+   :group 'fast-lock)
++(put 'fast-lock-cache-directories 'risky-local-variable t)
+ 
+ (defcustom fast-lock-save-events '(kill-buffer kill-emacs)
+   "*Events under which caches will be saved.

Prev by Date: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/mail/evolution Pullup ticket #2423 - requested...
Next by Date: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/bootstrap pullup ticket #2399 - requested by m...
Previous by Thread: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/mail/evolution Pullup ticket #2423 - requested...
Next by Thread: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/bootstrap pullup ticket #2399 - requested by m...
Indexes:

Home | Main Index | Thread Index | Old Index