pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/editors Update emacs25 and emacs25-nox11 to 25.3
details: https://anonhg.NetBSD.org/pkgsrc/rev/e505727d2fd8
branches: trunk
changeset: 368205:e505727d2fd8
user: ryoon <ryoon%pkgsrc.org@localhost>
date: Tue Sep 12 03:19:02 2017 +0000
description:
Update emacs25 and emacs25-nox11 to 25.3
Changelog:
This is an emergency release to fix a security vulnerability in Emacs.
Enriched Text mode has its support for decoding 'x-display' disabled.
This feature allows saving 'display' properties as part of text.
Emacs 'display' properties support evaluation of arbitrary Lisp forms
as part of instantiating the property, so decoding 'x-display' is
vulnerable to executing arbitrary malicious Lisp code included in the
text (e.g., sent as part of an email message).
This vulnerability was introduced in Emacs 19.29.
diffstat:
editors/emacs25-nox11/Makefile | 3 +-
editors/emacs25/Makefile | 3 +-
editors/emacs25/distinfo | 10 +-
editors/emacs25/patches/patch-lisp_gnus_mm-view.el | 29 -------
editors/emacs25/patches/patch-lisp_textmodes_enriched.el | 64 ----------------
editors/emacs25/version.mk | 4 +-
6 files changed, 9 insertions(+), 104 deletions(-)
diffs (157 lines):
diff -r a0b7da5dbf76 -r e505727d2fd8 editors/emacs25-nox11/Makefile
--- a/editors/emacs25-nox11/Makefile Tue Sep 12 02:32:17 2017 +0000
+++ b/editors/emacs25-nox11/Makefile Tue Sep 12 03:19:02 2017 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.4 2017/09/11 11:34:15 wiz Exp $
+# $NetBSD: Makefile,v 1.5 2017/09/12 03:19:02 ryoon Exp $
PKGNAME= ${DISTNAME:S/emacs/emacs25/:S/-/-nox11-/}
-PKGREVISION= 2
CONFLICTS+= emacs25-[0-9]*
diff -r a0b7da5dbf76 -r e505727d2fd8 editors/emacs25/Makefile
--- a/editors/emacs25/Makefile Tue Sep 12 02:32:17 2017 +0000
+++ b/editors/emacs25/Makefile Tue Sep 12 03:19:02 2017 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.10 2017/09/11 11:33:08 wiz Exp $
+# $NetBSD: Makefile,v 1.11 2017/09/12 03:19:02 ryoon Exp $
CONFLICTS+= emacs25-nox11-[0-9]*
-PKGREVISION= 2
.include "../../editors/emacs25/Makefile.common"
.include "options.mk"
diff -r a0b7da5dbf76 -r e505727d2fd8 editors/emacs25/distinfo
--- a/editors/emacs25/distinfo Tue Sep 12 02:32:17 2017 +0000
+++ b/editors/emacs25/distinfo Tue Sep 12 03:19:02 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.4 2017/09/11 11:33:08 wiz Exp $
+$NetBSD: distinfo,v 1.5 2017/09/12 03:19:02 ryoon Exp $
-SHA1 (emacs-25.2.tar.gz) = 30c18fb0cd932736bb6a7232ab62f562cf89a785
-RMD160 (emacs-25.2.tar.gz) = 2b0cd1fa04abb2156fd4a33f73e9b929f97dca43
-SHA512 (emacs-25.2.tar.gz) = 3ddecdfb64fba400d82b6d44fd03799ac1a2032aa3bda6eb18a83d680465f1df3e8128b9544daaeed4b5ead0ac11955c1ad613de6a489236995def840c4d501c
-Size (emacs-25.2.tar.gz) = 64289988 bytes
+SHA1 (emacs-25.3.tar.gz) = 732cd74b1df9288855c5f354606c115a1c4dcd95
+RMD160 (emacs-25.3.tar.gz) = 3a1f361ba79b73ba6598f66420477164206f7cdc
+SHA512 (emacs-25.3.tar.gz) = a64cf978be0896f06f918fad98391bededfffb2fc651b4941e55f7bab3bfeef16f2b723a5e12c3431fbf9d11098d81f0f0767585ed3d5db768a801aa4440ea68
+Size (emacs-25.3.tar.gz) = 63363581 bytes
SHA1 (patch-lisp_gnus_mm-view.el) = b654fffd12d3467ea6ffa33f7d831ff69054dc4f
SHA1 (patch-lisp_textmodes_enriched.el) = 62d807368088b11722cd68fafb0017c64f1eac3b
SHA1 (patch-src_inotify.c) = 1fdc6566ed57e8418f1ddc85bb03518d7d9d6bb3
diff -r a0b7da5dbf76 -r e505727d2fd8 editors/emacs25/patches/patch-lisp_gnus_mm-view.el
--- a/editors/emacs25/patches/patch-lisp_gnus_mm-view.el Tue Sep 12 02:32:17 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,29 +0,0 @@
-$NetBSD: patch-lisp_gnus_mm-view.el,v 1.1 2017/09/11 11:33:33 wiz Exp $
-
-GNU Emacs is an extensible, customizable, free/libre text editor and software
-environment. When Emacs renders MIME text/enriched data (Internet RFC 1896),
-it is vulnerable to arbitrary code execution. Since Emacs-based mail clients
-decode "Content-Type: text/enriched", this code is exploitable remotely. This
-bug affects GNU Emacs versions 19.29 through 25.2.
-
-== Details ==
-
-https://bugs.gnu.org/28350
-
-== Patch ==
-
-https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
-
---- lisp/gnus/mm-view.el.orig 2017-02-03 10:25:44.000000000 +0000
-+++ lisp/gnus/mm-view.el
-@@ -383,10 +383,6 @@
- (goto-char (point-max))))
- (save-restriction
- (narrow-to-region b (point))
-- (when (member type '("enriched" "richtext"))
-- (set-text-properties (point-min) (point-max) nil)
-- (ignore-errors
-- (enriched-decode (point-min) (point-max))))
- (mm-handle-set-undisplayer
- handle
- `(lambda ()
diff -r a0b7da5dbf76 -r e505727d2fd8 editors/emacs25/patches/patch-lisp_textmodes_enriched.el
--- a/editors/emacs25/patches/patch-lisp_textmodes_enriched.el Tue Sep 12 02:32:17 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,64 +0,0 @@
-$NetBSD: patch-lisp_textmodes_enriched.el,v 1.1 2017/09/11 11:33:33 wiz Exp $
-
-GNU Emacs is an extensible, customizable, free/libre text editor and software
-environment. When Emacs renders MIME text/enriched data (Internet RFC 1896),
-it is vulnerable to arbitrary code execution. Since Emacs-based mail clients
-decode "Content-Type: text/enriched", this code is exploitable remotely. This
-bug affects GNU Emacs versions 19.29 through 25.2.
-
-== Details ==
-
-https://bugs.gnu.org/28350
-
-== Patch ==
-
-https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
-
---- lisp/textmodes/enriched.el.orig 2017-02-03 10:25:44.000000000 +0000
-+++ lisp/textmodes/enriched.el
-@@ -117,12 +117,7 @@ expression, which is evaluated to get th
- (full "flushboth")
- (center "center"))
- (PARAMETER (t "param")) ; Argument of preceding annotation
-- ;; The following are not part of the standard:
-- (FUNCTION (enriched-decode-foreground "x-color")
-- (enriched-decode-background "x-bg-color")
-- (enriched-decode-display-prop "x-display"))
- (read-only (t "x-read-only"))
-- (display (nil enriched-handle-display-prop))
- (unknown (nil format-annotate-value))
- ; (font-size (2 "bigger") ; unimplemented
- ; (-2 "smaller"))
-@@ -477,32 +472,5 @@ Return value is \(begin end name positiv
- (message "Warning: no color specified for <x-bg-color>")
- nil))
- �
--;;; Handling the `display' property.
--
--
--(defun enriched-handle-display-prop (old new)
-- "Return a list of annotations for a change in the `display' property.
--OLD is the old value of the property, NEW is the new value. Value
--is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
--close and OPEN a list of annotations to open. Each of these lists
--has the form `(ANNOTATION PARAM ...)'."
-- (let ((annotation "x-display")
-- (param (prin1-to-string (or old new))))
-- (if (null old)
-- (cons nil (list (list annotation param)))
-- (cons (list (list annotation param)) nil))))
--
--(defun enriched-decode-display-prop (start end &optional param)
-- "Decode a `display' property for text between START and END.
--PARAM is a `<param>' found for the property.
--Value is a list `(START END SYMBOL VALUE)' with START and END denoting
--the range of text to assign text property SYMBOL with value VALUE."
-- (let ((prop (when (stringp param)
-- (condition-case ()
-- (car (read-from-string param))
-- (error nil)))))
-- (unless prop
-- (message "Warning: invalid <x-display> parameter %s" param))
-- (list start end 'display prop)))
-
- ;;; enriched.el ends here
diff -r a0b7da5dbf76 -r e505727d2fd8 editors/emacs25/version.mk
--- a/editors/emacs25/version.mk Tue Sep 12 02:32:17 2017 +0000
+++ b/editors/emacs25/version.mk Tue Sep 12 03:19:02 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: version.mk,v 1.2 2017/04/27 13:27:57 ryoon Exp $
+# $NetBSD: version.mk,v 1.3 2017/09/12 03:19:02 ryoon Exp $
_EMACS_FLAVOR= emacs
_EMACS_REQD= emacs25>=25.1<26
_EMACS_VERSION_MAJOR= 25
-_EMACS_VERSION_MINOR= 2
+_EMACS_VERSION_MINOR= 3
Home |
Main Index |
Thread Index |
Old Index