diff options
author | tez <tez@pkgsrc.org> | 2017-10-12 17:30:24 +0000 |
---|---|---|
committer | tez <tez@pkgsrc.org> | 2017-10-12 17:30:24 +0000 |
commit | dd8b93815eabcc8adf9f57a2a838924ace1feee8 (patch) | |
tree | 99cd5c342d91b750c838df54fb0c512b63774a09 | |
parent | 4958b92b91bcb468868dc274dfae78f51f3024b9 (diff) | |
download | pkgsrc-dd8b93815eabcc8adf9f57a2a838924ace1feee8.tar.gz |
emacs21: fix for CVE-2017-14482
adapted from upstream 9ad0fcc54442a9a01d41be19880250783426db70
-rw-r--r-- | editors/emacs21/Makefile | 4 | ||||
-rw-r--r-- | editors/emacs21/distinfo | 3 | ||||
-rw-r--r-- | editors/emacs21/patches/patch-CVE-2017-14482 | 79 |
3 files changed, 83 insertions, 3 deletions
diff --git a/editors/emacs21/Makefile b/editors/emacs21/Makefile index a808bd2fdc0..8d06f605973 100644 --- a/editors/emacs21/Makefile +++ b/editors/emacs21/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.39 2017/07/23 18:47:09 dholland Exp $ +# $NetBSD: Makefile,v 1.40 2017/10/12 17:30:24 tez Exp $ -PKGREVISION= 38 +PKGREVISION= 39 CATEGORIES= editors CONFLICTS+= emacs21-nox11-[0-9]* diff --git a/editors/emacs21/distinfo b/editors/emacs21/distinfo index 89c4c2c940a..3a80dca0fc0 100644 --- a/editors/emacs21/distinfo +++ b/editors/emacs21/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.23 2017/06/17 19:40:18 joerg Exp $ +$NetBSD: distinfo,v 1.24 2017/10/12 17:30:24 tez Exp $ SHA1 (emacs-21.4a.tar.gz) = cdb33731180fe4a912838af805dd35e3f55394d4 RMD160 (emacs-21.4a.tar.gz) = c312e739935b56d08783bbfe97992297a363cb8a SHA512 (emacs-21.4a.tar.gz) = 6932db498e7b6b904d90f817e335690c5c681510812332c514af1d84d91b9841ea3eff0357429c7bf866a55ab94d03193fc9cdbf403a9fe4b71d2673c23b863e Size (emacs-21.4a.tar.gz) = 20403483 bytes +SHA1 (patch-CVE-2017-14482) = b0e11974076dcb1cad83841c949d0f35fdaa2ca2 SHA1 (patch-aa) = a7146ff6cc24de8d0caf56a0bc0ce057f659f536 SHA1 (patch-ab) = 884b8fe5643b06340948c1f10b7c5d643fad2bf6 SHA1 (patch-ac) = a2de7619fece50cb42b0e23b1651b5bf742ff69a diff --git a/editors/emacs21/patches/patch-CVE-2017-14482 b/editors/emacs21/patches/patch-CVE-2017-14482 new file mode 100644 index 00000000000..01ec08878c6 --- /dev/null +++ b/editors/emacs21/patches/patch-CVE-2017-14482 @@ -0,0 +1,79 @@ +$NetBSD: patch-CVE-2017-14482,v 1.1 2017/10/12 17:30:24 tez Exp $ + +CVE-2017-14482 fix +From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001 +From: Lars Ingebrigtsen <larsi@gnus.org> +Date: Fri, 8 Sep 2017 20:23:31 -0700 +Subject: Remove unsafe enriched mode translations + +* lisp/gnus/mm-view.el (mm-inline-text): +Do not worry about enriched or richtext type. +* lisp/textmodes/enriched.el (enriched-translations): +Remove translations for FUNCTION, display (Bug#28350). +(enriched-handle-display-prop, enriched-decode-display-prop): Remove. + +--- lisp/gnus/mm-view.el.orig 2002-02-07 15:55:05.000000000 +0000 ++++ lisp/gnus/mm-view.el +@@ -184,10 +184,6 @@ + (goto-char (point-max)))) + (save-restriction + (narrow-to-region b (point)) +- (set-text-properties (point-min) (point-max) nil) +- (when (or (equal type "enriched") +- (equal type "richtext")) +- (enriched-decode (point-min) (point-max))) + (mm-handle-set-undisplayer + handle + `(lambda () + +--- lisp/enriched.el.orig 2017-10-11 22:06:02.627530400 +0000 ++++ lisp/enriched.el +@@ -119,12 +119,7 @@ expression, which is evaluated to get th + (full "flushboth") + (center "center")) + (PARAMETER (t "param")) ; Argument of preceding annotation +- ;; The following are not part of the standard: +- (FUNCTION (enriched-decode-foreground "x-color") +- (enriched-decode-background "x-bg-color") +- (enriched-decode-display-prop "x-display")) + (read-only (t "x-read-only")) +- (display (nil enriched-handle-display-prop)) + (unknown (nil format-annotate-value)) + ; (font-size (2 "bigger") ; unimplemented + ; (-2 "smaller")) +@@ -468,35 +463,6 @@ Return value is \(begin end name positiv + + + +-;;; Handling the `display' property. +- +- +-(defun enriched-handle-display-prop (old new) +- "Return a list of annotations for a change in the `display' property. +-OLD is the old value of the property, NEW is the new value. Value +-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to +-close and OPEN a list of annotations to open. Each of these lists +-has the form `(ANNOTATION PARAM ...)'." +- (let ((annotation "x-display") +- (param (prin1-to-string (or old new))) +- close open) +- (if (null old) +- (list nil (list annotation param)) +- (list (list annotation param))))) +- +- +-(defun enriched-decode-display-prop (start end &optional param) +- "Decode a `display' property for text between START and END. +-PARAM is a `<param>' found for the property. +-Value is a list `(START END SYMBOL VALUE)' with START and END denoting +-the range of text to assign text property SYMBOL with value VALUE " +- (let ((prop (when (stringp param) +- (condition-case () +- (car (read-from-string param)) +- (error nil))))) +- (unless prop +- (message "Warning: invalid <x-display> parameter %s" param)) +- (list start end 'display prop))) + + + ;;; enriched.el ends here |