diff options
| author |   Ulrich Müller <ulm@gentoo.org> | 2008-04-11 14:00:09 +0000 |
|---|---|---|
| committer | Ulrich Müller <ulm@gentoo.org> | 2008-04-11 14:00:09 +0000 |
| commit | 1b1a3fe54006e0773fbc64bd7734080b141e6ed6 (patch) | |
| tree | 7e10f1e7c6ef783e9337c4a226bc5b990e1581a5 /app-editors | |
| parent | Latest release, thanks to dberkholz for pointing it out. (diff) | |
| download | historical-1b1a3fe54006e0773fbc64bd7734080b141e6ed6.tar.gz historical-1b1a3fe54006e0773fbc64bd7734080b141e6ed6.tar.bz2 historical-1b1a3fe54006e0773fbc64bd7734080b141e6ed6.zip | |
Fix vcdiff insecure temporary file creation, CVE-2008-1694, security bug 216880.
Package-Manager: portage-2.1.5_rc2
RepoMan-Options: --force
Diffstat (limited to 'app-editors')
| -rw-r--r-- | app-editors/emacs/ChangeLog | 14 | ||||
| -rw-r--r-- | app-editors/emacs/Manifest | 21 | ||||
| -rw-r--r-- | app-editors/emacs/emacs-18.59-r4.ebuild | 4 | ||||
| -rw-r--r-- | app-editors/emacs/emacs-21.4-r15.ebuild (renamed from app-editors/emacs/emacs-21.4-r14.ebuild) | 8 | ||||
| -rw-r--r-- | app-editors/emacs/emacs-22.1-r4.ebuild (renamed from app-editors/emacs/emacs-22.1-r3.ebuild) | 3 | ||||
| -rw-r--r-- | app-editors/emacs/emacs-22.2-r1.ebuild (renamed from app-editors/emacs/emacs-22.2.ebuild) | 3 | ||||
| -rw-r--r-- | app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch | 25 |
7 files changed, 59 insertions, 19 deletions
diff --git a/app-editors/emacs/ChangeLog b/app-editors/emacs/ChangeLog index b0e4b86834cf..0e729942518a 100644 --- a/app-editors/emacs/ChangeLog +++ b/app-editors/emacs/ChangeLog @@ -1,6 +1,18 @@ # ChangeLog for app-editors/emacs # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/ChangeLog,v 1.236 2008/04/06 22:05:14 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/ChangeLog,v 1.237 2008/04/11 14:00:08 ulm Exp $ + +*emacs-22.2-r1 (08 Apr 2008) +*emacs-22.1-r4 (08 Apr 2008) +*emacs-21.4-r15 (08 Apr 2008) + + 08 Apr 2008; Ulrich Mueller <ulm@gentoo.org> + +files/emacs-22.1-vcdiff-tmp-race.patch, -emacs-21.4-r14.ebuild, + +emacs-21.4-r15.ebuild, -emacs-22.1-r3.ebuild, +emacs-22.1-r4.ebuild, + -emacs-22.2.ebuild, +emacs-22.2-r1.ebuild: + Security fix for vcdiff insecure temporary file creation, CVE-2008-1694, + bug 216880. Straight to stable, since there is no sensible way for arch + teams to test (vcdiff was used for SCCS only). Remove vulnerable revisions. 06 Apr 2008; Ulrich Mueller <ulm@gentoo.org> +files/emacs-22.2-heimdal-gentoo.patch, emacs-22.2.ebuild: diff --git a/app-editors/emacs/Manifest b/app-editors/emacs/Manifest index 0e91227c80e8..f4f386c80404 100644 --- a/app-editors/emacs/Manifest +++ b/app-editors/emacs/Manifest @@ -8,25 +8,26 @@ AUX emacs-22.1-freebsd-sparc.patch 475 RMD160 a8e6e3f2bc014979fd269a027835a65520 AUX emacs-22.1-hack-local-variables.patch 561 RMD160 248f09898369161dcd0e3148c7fcb4c9de5b3bc5 SHA1 02018dc2b66f829c83aeeadca240e282a695b9a1 SHA256 d3e2ec4d4b2788a5a6d91669bfc9dcb3dc7ff1f80195d42e5ae751fa4e26b9fb AUX emacs-22.1-oldxmenu-qa.patch 448 RMD160 ac5b0e57569f0963862ded46953be899fb637590 SHA1 10887f5e0ccebde6715307fdc59faa8f826dd597 SHA256 3039fa8eedc22c638e706123bd1affb0f736a53bf0ebc68566678ead92a4c590 AUX emacs-22.1-s390x-non-multilib.patch 1097 RMD160 01f05e7f917cc7b0e7f8d5c06935a967a9bed8bd SHA1 8783e82d5d53b1993f00481577201511a4fed375 SHA256 2cf2c4722cee9567be5b570a47d32f9322b125cbcd214161d3f956605b03eecc +AUX emacs-22.1-vcdiff-tmp-race.patch 831 RMD160 0ffb7c22f28982a0f199a177a5e21a6a62b5ef46 SHA1 9200da3d3825747ded3cba4c9e1c0a514131e9ae SHA256 a220e676cde0e84fb136328915a747cce1b0807c21373cfda7c93063997d616d AUX emacs-22.2-heimdal-gentoo.patch 1906 RMD160 004cd91c637df470e5960854b943d2cce5b628af SHA1 6460fca37eed80fd0b7539ec0982dcd180fe2281 SHA256 7cd1a4358a26aa832461e5a16b6d8a1ea95b58dd19578ee2361f91afc4e3bc7f DIST emacs-18.59-linux22x-elf-glibc21.diff.gz 15671 RMD160 4fab87eead1a66d767d2334d31507695dcf7b4a8 SHA1 075f1c9cf86e9a10fb686ebd04a2f95d6e4c3972 SHA256 fb810d893938883d50a3a8d7c43fbeb1604d5454f760b8f1f700326c8ee659dd -DIST emacs-18.59-patches.tar.bz2 16592 RMD160 87410388441f3dabfb300154a7e3f2ee501e6ac0 SHA1 108fb43146568ac78052243bdf6b804e038efcf1 SHA256 9359bd2e8bc6fd0d7532ad4c91fccdfb12342a4e5c578d8e35f2abae11ccf024 +DIST emacs-18.59-patches-1.tar.bz2 16613 RMD160 274fc8cf91d1ebd847bac79d77aa7540803a2b07 SHA1 5eeb76e3517c0db6d4d664a01d667b0e824b6b09 SHA256 92b72201b3c152360a09a5d7dadbac4debb131751c4fb4dfda49d6430e6e0680 DIST emacs-18.59.tar.gz 2962652 RMD160 4976d0f0f34b6d54db6774d24a528f74a3bb20dc SHA1 15b25bf130e3eeb91f3eea8c01a3dec9aabf23cc SHA256 1e27e33f91984a91e9b4c1f21433f931aba03670960ecc147bb6d7b0de0f051e -DIST emacs-21.4-patches-1.tar.bz2 9598 RMD160 a838e9d49fbc23e2c7f000a96fca06f0e347ab47 SHA1 ef15a55f94fc01e99cc386273bebdfe363efe15c SHA256 75c8a3d9f420e9ab3f426b39b0f73299a22d399415cbd4190dfda63b6e65f3a1 +DIST emacs-21.4-patches-2.tar.bz2 9984 RMD160 fd1a5e24740a9ce230b0898864abea2ef4451db2 SHA1 4042d587210dba95514c18054de4a98ce8d4c231 SHA256 2980bf428e97e34def633ce4c6bf383dbaf09aeb57eea318398144a067c7fa34 DIST emacs-21.4a.tar.gz 20403483 RMD160 c312e739935b56d08783bbfe97992297a363cb8a SHA1 cdb33731180fe4a912838af805dd35e3f55394d4 SHA256 1d50ddae117c48d689a3d772e390569edccfdc22168be0112d2093bd2d7c3216 DIST emacs-22.1.tar.gz 38172226 RMD160 da5360871db8b1d473ff7f0b0937ee6c278c0b19 SHA1 327664173eabe5db49d4e7e4a4b1794577af902e SHA256 1ec43bef7127e572f92d7c3a846951cf8e263e27445c62c867035f94681c3ed0 DIST emacs-22.2.tar.gz 38694318 RMD160 ec2da7cd7065cbd76773e544da1d1495f33d6ea1 SHA1 7a371332cb8400d44e8eb31f19e432bbc93523a0 SHA256 216839e1fb38ca4f2ed0a07689fb47ee80d90845f34e0a56fe781d6aa462e367 DIST leim-21.4.tar.gz 3291433 RMD160 89e1108bfe06425a0d6b4d941f9c297551bafcca SHA1 dd63f9aca1a58d40d9d426dd410fb627230974f7 SHA256 db24946985dd644bfed18815d6e991dad27f8ab1fd5823dd6dc4eb8dcd04333b -EBUILD emacs-18.59-r4.ebuild 2488 RMD160 4b94a804303d69c33b4057c8c955ab63280d4dff SHA1 e2caaf2c192bfe86e69af494162e380646842099 SHA256 96135bbdc3aee3aef8d36cedcabff5efac0391fc471044d189f2982913bc85a4 -EBUILD emacs-21.4-r14.ebuild 5623 RMD160 b02817c3ff91ceb620e8ec5f4ba4469b4a23c560 SHA1 fa57863e6925145dc184e80a60cffaea4f0cb0b5 SHA256 9459ddc0527722373dceaafad137fd0d6a69d6eed0992d7b29ccc879961a99ce -EBUILD emacs-22.1-r3.ebuild 8110 RMD160 dabca65382af25e03fc4574aaf2d3de431501dea SHA1 83706fd62b52373826079ac80ddf21a1c00db8b0 SHA256 6100e67d854c7df188f056c1dc30f6f6f27a9c913cb9d5f3230d24a60c038530 -EBUILD emacs-22.2.ebuild 7956 RMD160 04b63483170594938544478a84b10058a521e9de SHA1 911d8d730a484a79318ed23066f7778a73f006f0 SHA256 39eaaedb7876398bb5143c4d8a0f7fd5973ed85730839d2eecc6b8cd41e030c5 -MISC ChangeLog 35016 RMD160 ef801edb21cf4b5c9598af5782f27c2d9457d98a SHA1 7180b4aedb66338de71d5b6e9f44197557a51fe7 SHA256 a512e5968f1be042d9ee1070ae3fb5ff6658d221ef65b178a023fb9376e56cbd +EBUILD emacs-18.59-r4.ebuild 2491 RMD160 b384466f01c7f4df87a50c4f6ffa209be64fc60e SHA1 d1680b107812f2950e767b7982e3a3545e2820bd SHA256 bb4d86f19d22cda3efc60987f74dc348173b9f493e6565abd0f4e2bdf4ef13c1 +EBUILD emacs-21.4-r15.ebuild 5622 RMD160 19b8b288922fff84b201790e93b9c3818740ce47 SHA1 676a4da16adeff6610c13bf6da25b7f7e61688ac SHA256 fc4469b0d3d6b05f966666b183190791a9b94af450e5993e7f750ffe3c28279a +EBUILD emacs-22.1-r4.ebuild 8158 RMD160 d624bc64aef43cb4532c9520f0bb4e967b5ce6cb SHA1 f6fc0eb5941b31e5a74baf9e8178a42a8c1e5de9 SHA256 670d3dc2103d6e6720fd286a1440540638589480fc60aaca09be039bedee9bea +EBUILD emacs-22.2-r1.ebuild 8014 RMD160 7dc6b67af2f2a5b8837ac8dc3471f965175f9858 SHA1 188d8ff7d6abff3c358d95e95c14b98b39732c94 SHA256 d12cb89be69e38df19c2e32131c272ee162da562613a42ded1b9a2aa3be669f5 +MISC ChangeLog 35564 RMD160 3e521443b8198ef90be8b661674350d8626cb05b SHA1 7f68c917fc6f5005689602f53c808b398d185e82 SHA256 7837d0d997184c2fa5b567fe607da526b6d491c0b5deccc3f958cd45e54df374 MISC metadata.xml 1213 RMD160 7df0bb43f41ecf811a37b60ee3cbefc7f798e840 SHA1 e545b177be5578569de6410bfea01cffe6003611 SHA256 1e71985b81478302fb03a9af91293f7dfad07aa7b31c4cc226170b45d573ce13 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) -iEYEARECAAYFAkf5SREACgkQOeoy/oIi7ux92gCgo+ApFxsMMyaIYuzwMtspdkp3 -9rsAoJ6Vn7pEyQvz7U0g5RMcYTeyjwRM -=q6Az +iEYEARECAAYFAkf/bsgACgkQOeoy/oIi7uwLwwCeJmmVRoaXmGJ/TEmLcAX5LTta +ZnQAoNruUBI84qNi/0j4RkPhqFFg6VLS +=Uzh2 -----END PGP SIGNATURE----- diff --git a/app-editors/emacs/emacs-18.59-r4.ebuild b/app-editors/emacs/emacs-18.59-r4.ebuild index 62124d943ccb..74b71d159a96 100644 --- a/app-editors/emacs/emacs-18.59-r4.ebuild +++ b/app-editors/emacs/emacs-18.59-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-18.59-r4.ebuild,v 1.9 2008/03/28 06:29:03 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-18.59-r4.ebuild,v 1.10 2008/04/11 14:00:08 ulm Exp $ inherit eutils toolchain-funcs flag-o-matic @@ -8,7 +8,7 @@ DESCRIPTION="The extensible self-documenting text editor" HOMEPAGE="http://www.gnu.org/software/emacs/" SRC_URI="mirror://gnu/old-gnu/emacs/${P}.tar.gz ftp://ftp.splode.com/pub/users/friedman/emacs/${P}-linux22x-elf-glibc21.diff.gz - mirror://gentoo/${P}-patches.tar.bz2" + mirror://gentoo/${P}-patches-1.tar.bz2" LICENSE="GPL-1 BSD" SLOT="18" diff --git a/app-editors/emacs/emacs-21.4-r14.ebuild b/app-editors/emacs/emacs-21.4-r15.ebuild index 2c26d7bb4873..f99fde4321d1 100644 --- a/app-editors/emacs/emacs-21.4-r14.ebuild +++ b/app-editors/emacs/emacs-21.4-r15.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-21.4-r14.ebuild,v 1.14 2008/02/02 21:08:12 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-21.4-r15.ebuild,v 1.1 2008/04/11 14:00:08 ulm Exp $ WANT_AUTOCONF="2.1" @@ -9,7 +9,7 @@ inherit flag-o-matic eutils toolchain-funcs autotools DESCRIPTION="The extensible, customizable, self-documenting real-time display editor" HOMEPAGE="http://www.gnu.org/software/emacs/" SRC_URI="mirror://gnu/emacs/${P}a.tar.gz - mirror://gentoo/${P}-patches-1.tar.bz2 + mirror://gentoo/${P}-patches-2.tar.bz2 leim? ( mirror://gnu/emacs/leim-${PV}.tar.gz )" LICENSE="GPL-2 FDL-1.1 BSD" @@ -55,6 +55,8 @@ src_unpack() { # This will need to be updated for X-Compilation sed -i -e "s:/usr/lib/\([^ ]*\).o:/usr/$(get_libdir)/\1.o:g" \ "${S}/src/s/gnu-linux.h" || die + + eautoconf } src_compile() { @@ -72,8 +74,6 @@ src_compile() { # -march is known to cause signal 6 on some environment filter-flags "-march=*" - eautoconf - local myconf use nls || myconf="${myconf} --disable-nls" if use X ; then diff --git a/app-editors/emacs/emacs-22.1-r3.ebuild b/app-editors/emacs/emacs-22.1-r4.ebuild index 2f79bfdb1a37..382217bb9cdc 100644 --- a/app-editors/emacs/emacs-22.1-r3.ebuild +++ b/app-editors/emacs/emacs-22.1-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-22.1-r3.ebuild,v 1.20 2008/03/28 06:29:03 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-22.1-r4.ebuild,v 1.1 2008/04/11 14:00:08 ulm Exp $ WANT_AUTOCONF="2.5" WANT_AUTOMAKE="latest" @@ -63,6 +63,7 @@ src_unpack() { epatch "${FILESDIR}/${P}-hack-local-variables.patch" epatch "${FILESDIR}/${P}-format-int.patch" epatch "${FILESDIR}/${P}-s390x-non-multilib.patch" + epatch "${FILESDIR}/${P}-vcdiff-tmp-race.patch" sed -i -e "s:/usr/lib/crtbegin.o:$(`tc-getCC` -print-file-name=crtbegin.o):g" \ -e "s:/usr/lib/crtend.o:$(`tc-getCC` -print-file-name=crtend.o):g" \ diff --git a/app-editors/emacs/emacs-22.2.ebuild b/app-editors/emacs/emacs-22.2-r1.ebuild index becd979d775e..c538063a9f53 100644 --- a/app-editors/emacs/emacs-22.2.ebuild +++ b/app-editors/emacs/emacs-22.2-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-22.2.ebuild,v 1.4 2008/04/06 22:05:14 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-22.2-r1.ebuild,v 1.1 2008/04/11 14:00:08 ulm Exp $ inherit autotools elisp-common eutils flag-o-matic @@ -56,6 +56,7 @@ src_unpack() { epatch "${FILESDIR}/emacs-22.1-Xaw3d-headers.patch" epatch "${FILESDIR}/emacs-22.1-freebsd-sparc.patch" + epatch "${FILESDIR}/emacs-22.1-vcdiff-tmp-race.patch" epatch "${FILESDIR}/${P}-heimdal-gentoo.patch" sed -i -e "s:/usr/lib/crtbegin.o:$(`tc-getCC` -print-file-name=crtbegin.o):g" \ diff --git a/app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch b/app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch new file mode 100644 index 000000000000..7f59d6afeeac --- /dev/null +++ b/app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch @@ -0,0 +1,25 @@ +Steve Grubb of Red Hat discovered that vcdiff script as shipped with Emacs +(confirmed in versions 20.7 to 22.1.50) uses temporary files insecurely, +which makes it possible for local attacker to conduct a symlink attack and +make the victim overwrite arbitrary file. + +diff -ur emacs-21.4.orig/lib-src/vcdiff emacs-21.4/lib-src/vcdiff +--- emacs-21.4.orig/lib-src/vcdiff 2006-09-28 12:07:51.000000000 -0400 ++++ emacs-21.4/lib-src/vcdiff 2006-09-28 15:58:53.000000000 -0400 +@@ -86,14 +86,14 @@ + case $f in + s.* | */s.*) + if +- rev1=/tmp/geta$$ ++ rev1=`mktemp /tmp/geta.XXXXXXXX` + get -s -p -k $sid1 "$f" > $rev1 && + case $sid2 in + '') + workfile=`expr " /$f" : '.*/s.\(.*\)'` + ;; + *) +- rev2=/tmp/getb$$ ++ rev2=`mktemp /tmp/getb.XXXXXXXX` + get -s -p -k $sid2 "$f" > $rev2 + workfile=$rev2 + esac |