pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/editors/emacs21 emacs21: fix for CVE-2017-14482
details: https://anonhg.NetBSD.org/pkgsrc/rev/217592ab34d0
branches: trunk
changeset: 370164:217592ab34d0
user: tez <tez%pkgsrc.org@localhost>
date: Thu Oct 12 17:30:24 2017 +0000
description:
emacs21: fix for CVE-2017-14482
adapted from upstream 9ad0fcc54442a9a01d41be19880250783426db70
diffstat:
editors/emacs21/Makefile | 4 +-
editors/emacs21/distinfo | 3 +-
editors/emacs21/patches/patch-CVE-2017-14482 | 79 ++++++++++++++++++++++++++++
3 files changed, 83 insertions(+), 3 deletions(-)
diffs (110 lines):
diff -r 718eb79fa5a8 -r 217592ab34d0 editors/emacs21/Makefile
--- a/editors/emacs21/Makefile Thu Oct 12 16:38:00 2017 +0000
+++ b/editors/emacs21/Makefile Thu Oct 12 17:30:24 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.39 2017/07/23 18:47:09 dholland Exp $
+# $NetBSD: Makefile,v 1.40 2017/10/12 17:30:24 tez Exp $
-PKGREVISION= 38
+PKGREVISION= 39
CATEGORIES= editors
CONFLICTS+= emacs21-nox11-[0-9]*
diff -r 718eb79fa5a8 -r 217592ab34d0 editors/emacs21/distinfo
--- a/editors/emacs21/distinfo Thu Oct 12 16:38:00 2017 +0000
+++ b/editors/emacs21/distinfo Thu Oct 12 17:30:24 2017 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.23 2017/06/17 19:40:18 joerg Exp $
+$NetBSD: distinfo,v 1.24 2017/10/12 17:30:24 tez Exp $
SHA1 (emacs-21.4a.tar.gz) = cdb33731180fe4a912838af805dd35e3f55394d4
RMD160 (emacs-21.4a.tar.gz) = c312e739935b56d08783bbfe97992297a363cb8a
SHA512 (emacs-21.4a.tar.gz) = 6932db498e7b6b904d90f817e335690c5c681510812332c514af1d84d91b9841ea3eff0357429c7bf866a55ab94d03193fc9cdbf403a9fe4b71d2673c23b863e
Size (emacs-21.4a.tar.gz) = 20403483 bytes
+SHA1 (patch-CVE-2017-14482) = b0e11974076dcb1cad83841c949d0f35fdaa2ca2
SHA1 (patch-aa) = a7146ff6cc24de8d0caf56a0bc0ce057f659f536
SHA1 (patch-ab) = 884b8fe5643b06340948c1f10b7c5d643fad2bf6
SHA1 (patch-ac) = a2de7619fece50cb42b0e23b1651b5bf742ff69a
diff -r 718eb79fa5a8 -r 217592ab34d0 editors/emacs21/patches/patch-CVE-2017-14482
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/editors/emacs21/patches/patch-CVE-2017-14482 Thu Oct 12 17:30:24 2017 +0000
@@ -0,0 +1,79 @@
+$NetBSD: patch-CVE-2017-14482,v 1.1 2017/10/12 17:30:24 tez Exp $
+
+CVE-2017-14482 fix
+From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001
+From: Lars Ingebrigtsen <larsi%gnus.org@localhost>
+Date: Fri, 8 Sep 2017 20:23:31 -0700
+Subject: Remove unsafe enriched mode translations
+
+* lisp/gnus/mm-view.el (mm-inline-text):
+Do not worry about enriched or richtext type.
+* lisp/textmodes/enriched.el (enriched-translations):
+Remove translations for FUNCTION, display (Bug#28350).
+(enriched-handle-display-prop, enriched-decode-display-prop): Remove.
+
+--- lisp/gnus/mm-view.el.orig 2002-02-07 15:55:05.000000000 +0000
++++ lisp/gnus/mm-view.el
+@@ -184,10 +184,6 @@
+ (goto-char (point-max))))
+ (save-restriction
+ (narrow-to-region b (point))
+- (set-text-properties (point-min) (point-max) nil)
+- (when (or (equal type "enriched")
+- (equal type "richtext"))
+- (enriched-decode (point-min) (point-max)))
+ (mm-handle-set-undisplayer
+ handle
+ `(lambda ()
+
+--- lisp/enriched.el.orig 2017-10-11 22:06:02.627530400 +0000
++++ lisp/enriched.el
+@@ -119,12 +119,7 @@ expression, which is evaluated to get th
+ (full "flushboth")
+ (center "center"))
+ (PARAMETER (t "param")) ; Argument of preceding annotation
+- ;; The following are not part of the standard:
+- (FUNCTION (enriched-decode-foreground "x-color")
+- (enriched-decode-background "x-bg-color")
+- (enriched-decode-display-prop "x-display"))
+ (read-only (t "x-read-only"))
+- (display (nil enriched-handle-display-prop))
+ (unknown (nil format-annotate-value))
+ ; (font-size (2 "bigger") ; unimplemented
+ ; (-2 "smaller"))
+@@ -468,35 +463,6 @@ Return value is \(begin end name positiv
+
+
+
+-;;; Handling the `display' property.
+-
+-
+-(defun enriched-handle-display-prop (old new)
+- "Return a list of annotations for a change in the `display' property.
+-OLD is the old value of the property, NEW is the new value. Value
+-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+-close and OPEN a list of annotations to open. Each of these lists
+-has the form `(ANNOTATION PARAM ...)'."
+- (let ((annotation "x-display")
+- (param (prin1-to-string (or old new)))
+- close open)
+- (if (null old)
+- (list nil (list annotation param))
+- (list (list annotation param)))))
+-
+-
+-(defun enriched-decode-display-prop (start end &optional param)
+- "Decode a `display' property for text between START and END.
+-PARAM is a `<param>' found for the property.
+-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+-the range of text to assign text property SYMBOL with value VALUE "
+- (let ((prop (when (stringp param)
+- (condition-case ()
+- (car (read-from-string param))
+- (error nil)))))
+- (unless prop
+- (message "Warning: invalid <x-display> parameter %s" param))
+- (list start end 'display prop)))
+
+
+ ;;; enriched.el ends here
Home |
Main Index |
Thread Index |
Old Index