pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/editors/emacs21 emacs21: fix for CVE-2017-14482



details:   https://anonhg.NetBSD.org/pkgsrc/rev/217592ab34d0
branches:  trunk
changeset: 370164:217592ab34d0
user:      tez <tez%pkgsrc.org@localhost>
date:      Thu Oct 12 17:30:24 2017 +0000

description:
emacs21: fix for CVE-2017-14482

adapted from upstream 9ad0fcc54442a9a01d41be19880250783426db70

diffstat:

 editors/emacs21/Makefile                     |   4 +-
 editors/emacs21/distinfo                     |   3 +-
 editors/emacs21/patches/patch-CVE-2017-14482 |  79 ++++++++++++++++++++++++++++
 3 files changed, 83 insertions(+), 3 deletions(-)

diffs (110 lines):

diff -r 718eb79fa5a8 -r 217592ab34d0 editors/emacs21/Makefile
--- a/editors/emacs21/Makefile  Thu Oct 12 16:38:00 2017 +0000
+++ b/editors/emacs21/Makefile  Thu Oct 12 17:30:24 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.39 2017/07/23 18:47:09 dholland Exp $
+# $NetBSD: Makefile,v 1.40 2017/10/12 17:30:24 tez Exp $
 
-PKGREVISION=   38
+PKGREVISION=   39
 CATEGORIES=    editors
 
 CONFLICTS+=    emacs21-nox11-[0-9]*
diff -r 718eb79fa5a8 -r 217592ab34d0 editors/emacs21/distinfo
--- a/editors/emacs21/distinfo  Thu Oct 12 16:38:00 2017 +0000
+++ b/editors/emacs21/distinfo  Thu Oct 12 17:30:24 2017 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.23 2017/06/17 19:40:18 joerg Exp $
+$NetBSD: distinfo,v 1.24 2017/10/12 17:30:24 tez Exp $
 
 SHA1 (emacs-21.4a.tar.gz) = cdb33731180fe4a912838af805dd35e3f55394d4
 RMD160 (emacs-21.4a.tar.gz) = c312e739935b56d08783bbfe97992297a363cb8a
 SHA512 (emacs-21.4a.tar.gz) = 6932db498e7b6b904d90f817e335690c5c681510812332c514af1d84d91b9841ea3eff0357429c7bf866a55ab94d03193fc9cdbf403a9fe4b71d2673c23b863e
 Size (emacs-21.4a.tar.gz) = 20403483 bytes
+SHA1 (patch-CVE-2017-14482) = b0e11974076dcb1cad83841c949d0f35fdaa2ca2
 SHA1 (patch-aa) = a7146ff6cc24de8d0caf56a0bc0ce057f659f536
 SHA1 (patch-ab) = 884b8fe5643b06340948c1f10b7c5d643fad2bf6
 SHA1 (patch-ac) = a2de7619fece50cb42b0e23b1651b5bf742ff69a
diff -r 718eb79fa5a8 -r 217592ab34d0 editors/emacs21/patches/patch-CVE-2017-14482
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/editors/emacs21/patches/patch-CVE-2017-14482      Thu Oct 12 17:30:24 2017 +0000
@@ -0,0 +1,79 @@
+$NetBSD: patch-CVE-2017-14482,v 1.1 2017/10/12 17:30:24 tez Exp $
+
+CVE-2017-14482 fix
+From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001
+From: Lars Ingebrigtsen <larsi%gnus.org@localhost>
+Date: Fri, 8 Sep 2017 20:23:31 -0700
+Subject: Remove unsafe enriched mode translations
+
+* lisp/gnus/mm-view.el (mm-inline-text):
+Do not worry about enriched or richtext type.
+* lisp/textmodes/enriched.el (enriched-translations):
+Remove translations for FUNCTION, display (Bug#28350).
+(enriched-handle-display-prop, enriched-decode-display-prop): Remove.
+
+--- lisp/gnus/mm-view.el.orig  2002-02-07 15:55:05.000000000 +0000
++++ lisp/gnus/mm-view.el
+@@ -184,10 +184,6 @@
+           (goto-char (point-max))))
+       (save-restriction
+         (narrow-to-region b (point))
+-        (set-text-properties (point-min) (point-max) nil)
+-        (when (or (equal type "enriched")
+-                  (equal type "richtext"))
+-          (enriched-decode (point-min) (point-max)))
+         (mm-handle-set-undisplayer
+          handle
+          `(lambda ()
+
+--- lisp/enriched.el.orig      2017-10-11 22:06:02.627530400 +0000
++++ lisp/enriched.el
+@@ -119,12 +119,7 @@ expression, which is evaluated to get th
+                  (full        "flushboth")
+                  (center      "center")) 
+     (PARAMETER     (t           "param")) ; Argument of preceding annotation
+-    ;; The following are not part of the standard:
+-    (FUNCTION      (enriched-decode-foreground "x-color")
+-                 (enriched-decode-background "x-bg-color")
+-                 (enriched-decode-display-prop "x-display"))
+     (read-only     (t           "x-read-only"))
+-    (display     (nil         enriched-handle-display-prop))
+     (unknown       (nil         format-annotate-value))
+ ;   (font-size     (2           "bigger")       ; unimplemented
+ ;                (-2          "smaller"))
+@@ -468,35 +463,6 @@ Return value is \(begin end name positiv
+ 
+ 
+ 
+-;;; Handling the `display' property.
+-
+-
+-(defun enriched-handle-display-prop (old new)
+-  "Return a list of annotations for a change in the `display' property.
+-OLD is the old value of the property, NEW is the new value.  Value
+-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+-close and OPEN a list of annotations to open.  Each of these lists
+-has the form `(ANNOTATION PARAM ...)'."
+-  (let ((annotation "x-display")
+-      (param (prin1-to-string (or old new)))
+-      close open)
+-    (if (null old)
+-      (list nil (list annotation param))
+-      (list (list annotation param)))))
+-
+-
+-(defun enriched-decode-display-prop (start end &optional param)
+-  "Decode a `display' property for text between START and END.
+-PARAM is a `<param>' found for the property.
+-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+-the range of text to assign text property SYMBOL with value VALUE "
+-  (let ((prop (when (stringp param)
+-              (condition-case ()
+-                  (car (read-from-string param))
+-                (error nil)))))
+-    (unless prop
+-      (message "Warning: invalid <x-display> parameter %s" param))
+-    (list start end 'display prop)))
+              
+          
+ ;;; enriched.el ends here



Home | Main Index | Thread Index | Old Index