From f67d79a4a913cbf14a715f86367ade6514deed3a Mon Sep 17 00:00:00 2001 From: Rob Browning Date: Mon, 30 Mar 2009 22:41:43 -0700 Subject: [PATCH] Update for new upstream release. --- debian/changelog | 6 ++ debian/copyright | 2 +- debian/dfsg-splitter | 8 +-- .../do-not-show-vc-internal-tmp-buffers.diff | 40 ----------- ...-python-module-handling-cve-2008-3949.diff | 66 ------------------- ...cdiff-tmp-file-handling-cve-2008-1694.diff | 33 ---------- debian/patches/fix-woman2-th.diff | 27 -------- ...cache-directories-risky-cve-2008-2142.diff | 56 ---------------- debian/patches/series | 5 -- debian/rules | 6 +- 10 files changed, 14 insertions(+), 235 deletions(-) delete mode 100644 debian/patches/do-not-show-vc-internal-tmp-buffers.diff delete mode 100644 debian/patches/fix-python-module-handling-cve-2008-3949.diff delete mode 100644 debian/patches/fix-vcdiff-tmp-file-handling-cve-2008-1694.diff delete mode 100644 debian/patches/fix-woman2-th.diff delete mode 100644 debian/patches/make-fast-lock-cache-directories-risky-cve-2008-2142.diff diff --git a/debian/changelog b/debian/changelog index 0ab32ac428c..110a0a5061c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +emacs22 (22.3+1-1) unstable; urgency=low + + * New upstream release. (closes: #512134) + + -- Rob Browning Sat, 28 Mar 2009 19:18:43 -0700 + emacs22 (22.2+2-5) unstable; urgency=low * Add a build dependency on libasound2-dev which emacs22 is already diff --git a/debian/copyright b/debian/copyright index d935127ca9d..d892b1f2244 100644 --- a/debian/copyright +++ b/debian/copyright @@ -5,7 +5,7 @@ Tue, 16 Dec 1997 00:05:45 -0600. This is the original source archive: - prep.ai.mit.edu:/pub/gnu/emacs/emacs-22.2.tar.gz + prep.ai.mit.edu:/pub/gnu/emacs/emacs-22.3.tar.gz Please see /usr/share/doc/emacs22-common/README.Debian.gz for a description of the Debian specific differences from the upstream diff --git a/debian/dfsg-splitter b/debian/dfsg-splitter index 252b0ce1865..850d43b7e8e 100644 --- a/debian/dfsg-splitter +++ b/debian/dfsg-splitter @@ -7,11 +7,11 @@ set -x # run the script. The resulting two orig.tar.gz files will be placed # into a new ./split-tmp directory. -emacs_archive_name="emacs-22.2.tar.gz" -emacs_dir="emacs-22.2" -emacs_version="22.2" +emacs_archive_name="emacs-22.3.tar.gz" +emacs_dir="emacs-22.3" +emacs_version="22.3" emacs_major="22" -deb_src_rev="2" +deb_src_rev="1" non_main_dir="${emacs_dir}-non-dfsg" diff --git a/debian/patches/do-not-show-vc-internal-tmp-buffers.diff b/debian/patches/do-not-show-vc-internal-tmp-buffers.diff deleted file mode 100644 index fa2701c8de3..00000000000 --- a/debian/patches/do-not-show-vc-internal-tmp-buffers.diff +++ /dev/null @@ -1,40 +0,0 @@ -* A problem with vc mode's handling of temporary buffers has been fixed. - Patch: do-not-show-vc-internal-tmp-buffers.diff - Provided-by: Sven Joachim - Originally-reported-by: Michael Berg - Date: Mon, 14 Apr 2008 14:36:05 UTC - Added-by: Rob Browning - Status: incorporated upstream - Bug: 476108 - - Emacs should no longer fail when trying to open files under monotone - version control. - - From the upstream ChangeLog: - - 2008-03-29 Stefan Monnier - - * vc.el (vc-do-command): Don't show internal temp buffers. - -Index: sid/lisp/vc.el -=================================================================== ---- sid.orig/lisp/vc.el -+++ sid/lisp/vc.el -@@ -1047,9 +1047,14 @@ - (when (and (not (eq t okstatus)) - (or (not (integerp status)) - (and okstatus (< okstatus status)))) -- (pop-to-buffer (current-buffer)) -- (goto-char (point-min)) -- (shrink-window-if-larger-than-buffer) -+ ;; Don't show internal temp buffers. Especially since, together -+ ;; with with-temp-buffer and pop-up-frames, this can result in -+ ;; bugs where with-temp-buffer ends up not preserving -+ ;; current-buffer (because kill-buffer doesn't preserve it). -+ (unless (eq ?\s (aref (buffer-name (current-buffer)) 0)) -+ (pop-to-buffer (current-buffer)) -+ (goto-char (point-min)) -+ (shrink-window-if-larger-than-buffer)) - (error "Running %s...FAILED (%s)" command - (if (integerp status) (format "status %d" status) status)))) - (if vc-command-messages diff --git a/debian/patches/fix-python-module-handling-cve-2008-3949.diff b/debian/patches/fix-python-module-handling-cve-2008-3949.diff deleted file mode 100644 index 817bf10e5d2..00000000000 --- a/debian/patches/fix-python-module-handling-cve-2008-3949.diff +++ /dev/null @@ -1,66 +0,0 @@ -* Python mode will not inappropriately load modules in the current directory. - Patch: fix-python-module-handling-cve-2008-3949.diff - Provided-by: Chong Yidong - Originally-reported-by: Sven Joachim - Date: Fri, 19 Sep 2008 23:06:33 +0200 - Added-by: Rob Browning - Status: incorporated upstream - - Chong Yidong describes the problem as - follows: - - The Emacs command `run-python' launches an interactive Python - interpreter. After the Python process starts up, Emacs - automatically sends it the line - - import emacs - - which normally imports a script named emacs.py which is - distributed with Emacs. This script, which is typically located - in a write-protected installation directory with other Emacs - program files, defines various functions to help the Python - process communicate with Emacs. - - The vulnerability arises because Python, by default, prepends '' - to the module search path, so modules are looked for in the - current directory. If the current directory is world-writable, an - attacker may insert malicious code by adding a fake Python module - named emacs.py into that directory. - - Furthermore, emacs.py imports other non-built-in Python modules, - such as `inspect'. The same vulnerability exists for these import - statements. - - By default, merely visiting and editing a *.py source file does - not launch a Python subprocess; you either have to call `M-x - run-python', or enable Emacs code that calls `run-python' - automatically, such as `eldoc-mode'. - - The Python developers, in a private communication, have stated - that they do not regard this module-importing behavior as a - security problem for Python per se, because running a python - script in a world-writable directory is itself a security hazard. - In the Emacs context, however, it's much less obvious that it's - unsafe to call `run-python' while the current directory is - world-writable; therefore, the problem discussed here can be - regarded as a security risk. - - The fix adds arguments to the invocation of Python which remove '' - from sys.path. Since sys is a built-in module, it cannot be - overriden via the current directory before this code executes. - -Index: sid/lisp/progmodes/python.el -=================================================================== ---- sid.orig/lisp/progmodes/python.el -+++ sid/lisp/progmodes/python.el -@@ -1355,7 +1355,9 @@ - ;; invoked. Would support multiple processes better. - (when (or new (not (comint-check-proc python-buffer))) - (with-current-buffer -- (let* ((cmdlist (append (python-args-to-list cmd) '("-i"))) -+ (let* ((cmdlist -+ (append (python-args-to-list cmd) -+ '("-i" "-c" "import sys; sys.path.remove('')"))) - (path (getenv "PYTHONPATH")) - (process-environment ; to import emacs.py - (cons (concat "PYTHONPATH=" data-directory diff --git a/debian/patches/fix-vcdiff-tmp-file-handling-cve-2008-1694.diff b/debian/patches/fix-vcdiff-tmp-file-handling-cve-2008-1694.diff deleted file mode 100644 index fa23579a213..00000000000 --- a/debian/patches/fix-vcdiff-tmp-file-handling-cve-2008-1694.diff +++ /dev/null @@ -1,33 +0,0 @@ -* A problem with insecure temporary file handling in vcdiff has been fixed. - Patch: fix-vcdiff-tmp-file-handling-cve-2008-1694.diff - Provided-by: Moritz Muehlenhoff - Originally-reported-by: Steve Grubb - Date: Fri, 18 Apr 2008 00:00:45 +0200 - Added-by: Rob Browning - Status: incorporated upstream - - The vcdiff script should use temporary files more securely. Without - this fix a local attacker might have been able to use a symlink - attack to force vcdiff to overwrite an arbitrary file. - -Index: sid/lib-src/vcdiff -=================================================================== ---- sid.orig/lib-src/vcdiff -+++ sid/lib-src/vcdiff -@@ -84,14 +84,14 @@ - case $f in - s.* | */s.*) - if -- rev1=/tmp/geta$$ -+ rev1=`mktemp /tmp/geta.XXXXXXXX` - get -s -p -k $sid1 "$f" > $rev1 && - case $sid2 in - '') - workfile=`expr " /$f" : '.*/s.\(.*\)'` - ;; - *) -- rev2=/tmp/getb$$ -+ rev2=`mktemp /tmp/getb.XXXXXXXX` - get -s -p -k $sid2 "$f" > $rev2 - workfile=$rev2 - esac diff --git a/debian/patches/fix-woman2-th.diff b/debian/patches/fix-woman2-th.diff deleted file mode 100644 index c8e3f19a16b..00000000000 --- a/debian/patches/fix-woman2-th.diff +++ /dev/null @@ -1,27 +0,0 @@ -* WoMan should now handle various manpages without raising an error. - Patch: fix-woman2-th.diff - Provided-by: Sven Joachim - Date: Tue, 15 Apr 2008 09:42:31 +0200 - Added-by: Rob Browning - Status: incorporated upstream - - WoMan should now correctly handle a number of manpages which - previously caused it to raise an error. - -Index: sid/lisp/woman.el -=================================================================== ---- sid.orig/lisp/woman.el -+++ sid/lisp/woman.el -@@ -3810,10 +3810,9 @@ - (insert " -- ") - (woman-forward-arg 'unquote 'concat) - ;; Delete repeated arguments: -- (if (string-match (buffer-substring here (point)) -+ (if (string-equal (buffer-substring here (point)) - (buffer-substring start here)) -- (delete-region here (point))) -- )) -+ (delete-region here (point))))) - ;; Embolden heading (point is at end of heading): - (woman-set-face - (save-excursion (beginning-of-line) (point)) (point) 'woman-bold) diff --git a/debian/patches/make-fast-lock-cache-directories-risky-cve-2008-2142.diff b/debian/patches/make-fast-lock-cache-directories-risky-cve-2008-2142.diff deleted file mode 100644 index e4fb0468654..00000000000 --- a/debian/patches/make-fast-lock-cache-directories-risky-cve-2008-2142.diff +++ /dev/null @@ -1,56 +0,0 @@ -* A security problem relating to fast-lock-cache-directories has been fixed. - Patch: make-fast-lock-cache-directories-risky-cve-2008-2142.diff - Provided-by: Sven Joachim - Originally-reported-by: "Morten Welinder" - Date: Mon, 12 May 2008 19:39:35 +0200 - Added-by: Rob Browning - Status: incorporated upstream - - The fast-lock-cache-directories variable no longer includes the - current directory, ".", and is now marked as risky. This has been - done to limit the possibility of executing arbitrary code via random - .flc files. - - From the upstream ChangeLog: - - 2008-05-12 Simon Marshall - - * fast-lock.el (fast-lock-cache-directories): Remove "." from its - default value and give it the risky-local-variable property. - - ---8<---------------cut here---------------start------------->8--- -Index: fast-lock.el -=================================================================== -RCS file: /sources/emacs/emacs/lisp/obsolete/fast-lock.el,v -retrieving revision 1.11.2.3 -retrieving revision 1.11.2.4 -diff -u -r1.11.2.3 -r1.11.2.4 ---- old/lisp/obsolete/fast-lock.el 7 Jan 2008 01:58:14 -0000 1.11.2.3 -+++ new/lisp/obsolete/fast-lock.el 12 May 2008 17:30:29 -0000 1.11.2.4 -@@ -286,7 +286,7 @@ - (integer :tag "size"))))) - :group 'fast-lock) - --(defcustom fast-lock-cache-directories '("." "~/.emacs-flc") -+(defcustom fast-lock-cache-directories '("~/.emacs-flc") - ; - `internal', keep each file's Font Lock cache file in the same file. - ; - `external', keep each file's Font Lock cache file in the same directory. - "*Directories in which Font Lock cache files are saved and read. -@@ -304,12 +304,15 @@ - ((\"^/your/true/home/directory/\" . \".\") \"~/.emacs-flc\") - - would cause a file's current directory to be used if the file is under your --home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'." -+home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'. -+For security reasons, it is not advisable to use the file's current directory -+to avoid the possibility of using the cache of another user." - :type '(repeat (radio (directory :tag "directory") - (cons :tag "Matching" - (regexp :tag "regexp") - (directory :tag "directory")))) - :group 'fast-lock) -+(put 'fast-lock-cache-directories 'risky-local-variable t) - - (defcustom fast-lock-save-events '(kill-buffer kill-emacs) - "*Events under which caches will be saved. diff --git a/debian/patches/series b/debian/patches/series index 4f7d095a0d6..5bba1319cec 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,12 +7,7 @@ fix-vc-path.diff require-movemail-use-liblockfile.diff avoid-fakemail-mail-loss.diff version-mention-debian.diff -fix-vcdiff-tmp-file-handling-cve-2008-1694.diff -make-fast-lock-cache-directories-risky-cve-2008-2142.diff fix-mule-select-safe-coding.diff look-for-news-to-find-etc.diff -fix-woman2-th.diff -fix-python-module-handling-cve-2008-3949.diff fix-flymake-xmlstarlet-invocation.diff -do-not-show-vc-internal-tmp-buffers.diff autofiles.diff diff --git a/debian/rules b/debian/rules index d14740107d1..476159ea56d 100755 --- a/debian/rules +++ b/debian/rules @@ -6,8 +6,8 @@ # removed from the file. # Copyright 1994,1995 Ian Jackson -# Copyright 1998-2005 Rob Browning # Copyright 2004-2005 Jérôme Marant +# Copyright 1998-2009 Rob Browning # Originally copied from the GNU Hello Debian rules file (1.3). # Modified for emacs by Mark Eichin . @@ -359,8 +359,8 @@ define update_debian_autofiles_quilt then \ touch debian/patches/autofiles.diff; \ fi; - $(patch) - test "$$($(quilt) top)" = autofiles.diff + $(quilt) push $$($(quilt) series | tail -n 2 | head -n 1) + test "$$($(quilt) next)" = autofiles.diff $(quilt) pop mkdir -p debian/tmp-autofiles/old $(pf); tar cpSf - --exclude ./debian --exclude ./.pc . \ -- 2.30.2