[Frugalware-git] frugalware-0.8: emacs-22.1-3kalgan1-i686

Miklos Vajna Sat, 12 Apr 2008 05:58:39 -0700

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.8.git;a=commitdiff;h=d5ffd85593f1e6af60d2d618aa860dbe04ada36f


commit d5ffd85593f1e6af60d2d618aa860dbe04ada36f
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date:   Sat Apr 12 14:58:08 2008 +0200

emacs-22.1-3kalgan1-i686
- added CVE-2008-1694.patch
- closes #3006

diff --git a/source/xapps/emacs/CVE-2008-1694.patch 
b/source/xapps/emacs/CVE-2008-1694.patch
new file mode 100644
index 0000000..7f59d6a
--- /dev/null
+++ b/source/xapps/emacs/CVE-2008-1694.patch
@@ -0,0 +1,25 @@
+Steve Grubb of Red Hat discovered that vcdiff script as shipped with Emacs
+(confirmed in versions 20.7 to 22.1.50) uses temporary files insecurely,
+which makes it possible for local attacker to conduct a symlink attack and
+make the victim overwrite arbitrary file.
+
+diff -ur emacs-21.4.orig/lib-src/vcdiff emacs-21.4/lib-src/vcdiff
+--- emacs-21.4.orig/lib-src/vcdiff     2006-09-28 12:07:51.000000000 -0400
++++ emacs-21.4/lib-src/vcdiff  2006-09-28 15:58:53.000000000 -0400
+@@ -86,14 +86,14 @@
+       case $f in
+       s.* | */s.*)
+               if
+-                      rev1=/tmp/geta$$
++                      rev1=`mktemp /tmp/geta.XXXXXXXX`
+                       get -s -p -k $sid1 "$f" > $rev1 &&
+                       case $sid2 in
+                       '')
+                               workfile=`expr " /$f" : '.*/s.\(.*\)'`
+                               ;;
+                       *)
+-                              rev2=/tmp/getb$$
++                              rev2=`mktemp /tmp/getb.XXXXXXXX`
+                               get -s -p -k $sid2 "$f" > $rev2
+                               workfile=$rev2
+                       esac
diff --git a/source/xapps/emacs/FrugalBuild b/source/xapps/emacs/FrugalBuild
index 2bb2820..5332c48 100644
--- a/source/xapps/emacs/FrugalBuild
+++ b/source/xapps/emacs/FrugalBuild
@@ -5,7 +5,7 @@
pkgname=emacs
pkgver=22.1
pkgextraver=
-pkgrel=2
+pkgrel=3kalgan1
pkgdesc="An extensible, customizable, self-documenting real-time display editor"
url="http://www.gnu.org/software/emacs/";
Finclude texinfo
@@ -14,8 +14,9 @@ depends=('xaw3d' 'libtiff' 'libjpeg' 'libpng' 'libungif' 
'ncurses')
groups=('xapps')
archs=('i686' 'x86_64')
up2date="lynx -dump $url|grep stable|sed 's/.*: \([0-9\.]*\) .*/\1/'"
-source=(ftp://ftp.gnu.org/gnu/emacs/$pkgname-$pkgver$pkgextraver.tar.gz 
emacs-21.4-amd64.patch CVE-2007-5795.diff)
-signatures=($source.sig '' '')
+source=(ftp://ftp.gnu.org/gnu/emacs/$pkgname-$pkgver$pkgextraver.tar.gz 
emacs-21.4-amd64.patch CVE-2007-5795.diff \
+       CVE-2008-1694.patch)
+signatures=($source.sig '' '' '')

build() {
# LDFLAGS="-Wl,--hash-style=both" does not compile
@@ -23,6 +24,7 @@ build() {
Fcd $pkgname-$pkgver
[[ "$CARCH" == "x86_64" ]] && Fpatch emacs-21.4-amd64.patch
Fpatch CVE-2007-5795.diff
+       Fpatch CVE-2008-1694.patch
Fmake --with-x11 --with-x-toolkit --with-pop
Fmakeinstall
[ -e $Fdestdir/usr/info/dir.old ] && Frm /usr/info/dir.old
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git

[Frugalware-git] frugalware-0.8: emacs-22.1-3kalgan1-i686

Reply via email to