subject:"\[gentoo\-commits\] proj\/emacs\-tools\:patchsets commit in\: emacs\/24.3\/, emacs\/23.4\/"

[gentoo-commits] proj/emacs-tools:patchsets commit in: emacs/24.3/, emacs/23.4/

2014-05-08 Thread Ulrich Müller

commit: f93ca92566a63f8dce17b92ae23b0e79757a0a36
Author: Ulrich Müller  gentoo  org>
AuthorDate: Thu May  8 17:52:16 2014 +
Commit: Ulrich Müller  gentoo  org>
CommitDate: Thu May  8 17:52:16 2014 +
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/emacs-tools.git;a=commit;h=f93ca925

Fix insecure use of temporary files, bug 509830.

---
 emacs/23.4/16_all_gnus-fun-tmpfile.patch |  41 
 emacs/23.4/17_all_find-gc-tmpfile.patch  | 135 +++
 emacs/23.4/18_all_browse-url-no-mosaic.patch | 124 
 emacs/23.4/19_all_tramp-tmpfile.patch|  84 +
 emacs/24.3/05_all_gnus-fun-tmpfile.patch |  41 
 emacs/24.3/06_all_find-gc-tmpfile.patch  | 135 +++
 emacs/24.3/07_all_browse-url-no-mosaic.patch | 124 
 emacs/24.3/08_all_tramp-sh-tmpfile.patch |  84 +
 8 files changed, 768 insertions(+)

diff --git a/emacs/23.4/16_all_gnus-fun-tmpfile.patch 
b/emacs/23.4/16_all_gnus-fun-tmpfile.patch
new file mode 100644
index 000..18adf49
--- /dev/null
+++ b/emacs/23.4/16_all_gnus-fun-tmpfile.patch
@@ -0,0 +1,41 @@
+Fix insecure use of temporary files.
+Patch from upstream bzr, backported to Emacs 23.4.
+https://bugs.gentoo.org/509830
+CVE-2014-3421
+
+revno: 117066
+fixes bug: http://bugs.debian.org/747100
+committer: Glenn Morris 
+branch nick: emacs-24
+timestamp: Mon 2014-05-05 20:50:51 -0700
+message:
+  * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.
+
+--- emacs-23.4-orig/lisp/gnus/gnus-fun.el
 emacs-23.4/lisp/gnus/gnus-fun.el
+@@ -260,20 +260,21 @@
+   (interactive)
+   (shell-command "xawtv-remote snap ppm")
+   (let ((file nil)
++  (tempfile (make-temp-file "gnus-face-" nil ".ppm"))
+   result)
+ (while (null (setq file (directory-files "/tftpboot/sparky/tmp"
+t "snap.*ppm")))
+   (sleep-for 1))
+ (setq file (car file))
+ (shell-command
+- (format "pnmcut -left 110 -top 30 -width 144 -height 144 '%s' | pnmscale 
-width 48 -height 48 | ppmtopgm > /tmp/gnus.face.ppm"
+-   file))
++ (format "pnmcut -left 110 -top 30 -width 144 -height 144 '%s' | pnmscale 
-width 48 -height 48 | ppmtopgm >> %s"
++   file tempfile))
+ (let ((gnus-convert-image-to-face-command
+  (format "cat '%%s' | ppmquant %%d | ppmchange %s | pnmtopng"
+  (gnus-fun-ppm-change-string
+-  (setq result (gnus-face-from-file "/tmp/gnus.face.ppm")))
++  (setq result (gnus-face-from-file tempfile)))
+ (delete-file file)
+-;;(delete-file "/tmp/gnus.face.ppm")
++;;(delete-file tempfile); FIXME why are we not deleting it?!
+ result))
+ 
+ (defun gnus-fun-ppm-change-string ()

diff --git a/emacs/23.4/17_all_find-gc-tmpfile.patch 
b/emacs/23.4/17_all_find-gc-tmpfile.patch
new file mode 100644
index 000..3a7a719
--- /dev/null
+++ b/emacs/23.4/17_all_find-gc-tmpfile.patch
@@ -0,0 +1,135 @@
+Fix insecure use of temporary files.
+Patch from upstream bzr, backported to Emacs 23.4.
+https://bugs.gentoo.org/509830
+CVE-2014-3422
+
+revno: 117067
+fixes bug: http://bugs.debian.org/747100
+committer: Glenn Morris 
+branch nick: emacs-24
+timestamp: Mon 2014-05-05 20:53:31 -0700
+message:
+  find-gc.el misc fixes
+  
+  The whole file looks obsolete and/or broken.
+  
+  * lisp/emacs-lisp/find-gc.el (find-gc-source-directory): Give it a value.
+  (find-gc-source-files): Update some names.
+  (trace-call-tree): Simplify and update.  Avoid predictable temp-file names.
+
+--- emacs-23.4-orig/lisp/emacs-lisp/find-gc.el
 emacs-23.4/lisp/emacs-lisp/find-gc.el
+@@ -24,14 +24,15 @@
+ 
+ ;; Produce in find-gc-unsafe-list the set of all functions that may invoke GC.
+ ;; This expects the Emacs sources to live in find-gc-source-directory.
+-;; It creates a temporary working directory /tmp/esrc.
+ 
+ ;;; Code:
+ 
+ (defvar find-gc-unsafe-list nil
+   "The list of unsafe functions is placed here by `find-gc-unsafe'.")
+ 
+-(defvar find-gc-source-directory)
++(defvar find-gc-source-directory
++  (file-name-as-directory (expand-file-name "src" source-directory))
++  "Directory containing Emacs C sources.")
+ 
+ (defvar find-gc-subrs-callers nil
+   "Alist of users of subrs, from GC testing.
+@@ -60,14 +61,14 @@
+ "indent.c" "search.c" "regex.c" "undo.c"
+ "alloc.c" "data.c" "doc.c" "editfns.c"
+ "callint.c" "eval.c" "fns.c" "print.c" "lread.c"
+-"abbrev.c" "syntax.c" "unexec.c"
++"syntax.c" "unexec.c"
+ "bytecode.c" "process.c" "callproc.c" "doprnt.c"
+-"x11term.c" "x11fns.c"))
++"xterm.c" "xfns.c"))
+ 
+ 
+ (defun find-gc-unsafe ()
+   "Return a list of unsafe functions--that is, which can call GC.
+-Also store it in `find-gc-unsafe'."
++Also store it in `find-gc-unsafe-list'."
+   (trace-call-tree nil)
+   (trace-use-tree)
+   (find-unsafe-funcs 'Fgarbage_collect)
+@@ -103,47 +10

[gentoo-commits] proj/emacs-tools:patchsets commit in: emacs/24.3/, emacs/23.4/

2014-05-08 Thread Ulrich Müller

commit: 07eb79ff7ef6b0637f89ed0cb9c69579e57878d1
Author: Ulrich Müller  gentoo  org>
AuthorDate: Fri May  9 06:04:09 2014 +
Commit: Ulrich Müller  gentoo  org>
CommitDate: Fri May  9 06:04:09 2014 +
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/emacs-tools.git;a=commit;h=07eb79ff

Upstream patch for browse-url, bug 509830.

---
 emacs/23.4/18_all_browse-url-no-mosaic.patch | 124 ---
 emacs/23.4/18_all_browse-url-tmpfile.patch   |  59 +
 emacs/24.3/07_all_browse-url-no-mosaic.patch | 124 ---
 emacs/24.3/07_all_browse-url-tmpfile.patch   |  59 +
 4 files changed, 118 insertions(+), 248 deletions(-)

diff --git a/emacs/23.4/18_all_browse-url-no-mosaic.patch 
b/emacs/23.4/18_all_browse-url-no-mosaic.patch
deleted file mode 100644
index b6a8152..000
--- a/emacs/23.4/18_all_browse-url-no-mosaic.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-Fix insecure use of temporary files.
-Gentoo patch: Remove obsolete browse-url-mosaic function completely.
-https://bugs.gentoo.org/509830
-CVE-2014-3423
-
 emacs-23.4-orig/lisp/net/browse-url.el
-+++ emacs-23.4/lisp/net/browse-url.el
-@@ -40,7 +40,6 @@
- ;; browse-url-galeon  Galeon  Don't know
- ;; browse-url-epiphanyEpiphanyDon't know
- ;; browse-url-netscapeNetscape1.1b1
--;; browse-url-mosaic  XMosaic/mMosaic <= 2.4
- ;; browse-url-cci XMosaic 2.5
- ;; browse-url-w3  w3  0
- ;; browse-url-w3-gnudoit  w3 remotely
-@@ -82,11 +81,7 @@
- ;; include Chimera ftp://ftp.cs.unlv.edu/pub/chimera> and
- ;; http://www.unlv.edu/chimera/>, Arena
- ;; ftp://ftp.yggdrasil.com/pub/dist/web/arena> and Amaya
--;; ftp://ftp.w3.org/pub/amaya>.  mMosaic
--;; ftp://ftp.enst.fr/pub/mbone/mMosaic/>,
--;; http://www.enst.fr/~dauphin/mMosaic/> (with development
--;; support for Java applets and multicast) can be used like Mosaic by
--;; setting `browse-url-mosaic-program' appropriately.
-+;; ftp://ftp.w3.org/pub/amaya>.
- 
- ;; I [Denis Howe, not Dave Love] recommend Nelson Minar
- ;; 's excellent html-helper-mode.el for editing
-@@ -242,7 +237,6 @@
- (function-item :tag "Galeon" :value  browse-url-galeon)
- (function-item :tag "Epiphany" :value  browse-url-epiphany)
- (function-item :tag "Netscape" :value  browse-url-netscape)
--(function-item :tag "Mosaic" :value  browse-url-mosaic)
- (function-item :tag "Mosaic using CCI" :value  browse-url-cci)
- (function-item :tag "Text browser in an xterm window"
-:value browse-url-text-xterm)
-@@ -421,22 +415,6 @@
-   :type 'boolean
-   :group 'browse-url)
- 
--(defcustom browse-url-mosaic-program "xmosaic"
--  "The name by which to invoke Mosaic (or mMosaic)."
--  :type 'string
--  :version "20.3"
--  :group 'browse-url)
--
--(defcustom browse-url-mosaic-arguments nil
--  "A list of strings to pass to Mosaic as arguments."
--  :type '(repeat (string :tag "Argument"))
--  :group 'browse-url)
--
--(defcustom browse-url-mosaic-pidfile "~/.mosaicpid"
--  "The name of the pidfile created by Mosaic."
--  :type 'string
--  :group 'browse-url)
--
- (defcustom browse-url-filename-alist
-   `(("^/\\(ftp@\\|anonymous@\\)?\\([^:]+\\):/*" . "ftp://\\2/";)
- ;; The above loses the username to avoid the browser prompting for
-@@ -895,7 +873,6 @@
- ((executable-find browse-url-galeon-program) 'browse-url-galeon)
- ((executable-find browse-url-kde-program) 'browse-url-kde)
- ((executable-find browse-url-netscape-program) 'browse-url-netscape)
--((executable-find browse-url-mosaic-program) 'browse-url-mosaic)
- ((executable-find browse-url-xterm-program) 'browse-url-text-xterm)
- ((locate-library "w3") 'browse-url-w3)
- (t
-@@ -1212,56 +1189,6 @@
- '("--newwin"))
- (list "--raise" url
- 
--;; --- Mosaic ---
--
--;;;###autoload
--(defun browse-url-mosaic (url &optional new-window)
--  "Ask the XMosaic WWW browser to load URL.
--
--Default to the URL around or before point.  The strings in variable
--`browse-url-mosaic-arguments' are also passed to Mosaic and the
--program is invoked according to the variable
--`browse-url-mosaic-program'.
--
--When called interactively, if variable `browse-url-new-window-flag' is
--non-nil, load the document in a new Mosaic window, otherwise use a
--random existing one.  A non-nil interactive prefix argument reverses
--the effect of `browse-url-new-window-flag'.
--
--When called non-interactively, optional second argument NEW-WINDOW is
--used instead of `browse-url-new-window-flag'."
--  (interactive (browse-url-interactive-arg "Mosaic URL: "))
--  (let ((pidfile (expand-file-name browse-url-mosaic-pidfile))
--  pid)
--(if (file-readable-p pidfile)
--  (save-excursion
--(find-file pidfile)
--(goto-char (point-min))
--(setq pid (read (curre

[gentoo-commits] proj/emacs-tools:patchsets commit in: emacs/24.3/, emacs/23.4/

[gentoo-commits] proj/emacs-tools:patchsets commit in: emacs/24.3/, emacs/23.4/

2 matches

Site Navigation

Mail list logo

Footer information