From f93ca92566a63f8dce17b92ae23b0e79757a0a36 Mon Sep 17 00:00:00 2001 From: Ulrich Müller Date: Thu, 8 May 2014 19:52:16 +0200 Subject: Fix insecure use of temporary files, bug 509830. --- emacs/23.4/16_all_gnus-fun-tmpfile.patch | 41 ++++++++ emacs/23.4/17_all_find-gc-tmpfile.patch | 135 +++++++++++++++++++++++++++ emacs/23.4/18_all_browse-url-no-mosaic.patch | 124 ++++++++++++++++++++++++ emacs/23.4/19_all_tramp-tmpfile.patch | 84 +++++++++++++++++ emacs/24.3/05_all_gnus-fun-tmpfile.patch | 41 ++++++++ emacs/24.3/06_all_find-gc-tmpfile.patch | 135 +++++++++++++++++++++++++++ emacs/24.3/07_all_browse-url-no-mosaic.patch | 124 ++++++++++++++++++++++++ emacs/24.3/08_all_tramp-sh-tmpfile.patch | 84 +++++++++++++++++ 8 files changed, 768 insertions(+) create mode 100644 emacs/23.4/16_all_gnus-fun-tmpfile.patch create mode 100644 emacs/23.4/17_all_find-gc-tmpfile.patch create mode 100644 emacs/23.4/18_all_browse-url-no-mosaic.patch create mode 100644 emacs/23.4/19_all_tramp-tmpfile.patch create mode 100644 emacs/24.3/05_all_gnus-fun-tmpfile.patch create mode 100644 emacs/24.3/06_all_find-gc-tmpfile.patch create mode 100644 emacs/24.3/07_all_browse-url-no-mosaic.patch create mode 100644 emacs/24.3/08_all_tramp-sh-tmpfile.patch diff --git a/emacs/23.4/16_all_gnus-fun-tmpfile.patch b/emacs/23.4/16_all_gnus-fun-tmpfile.patch new file mode 100644 index 0000000..18adf49 --- /dev/null +++ b/emacs/23.4/16_all_gnus-fun-tmpfile.patch @@ -0,0 +1,41 @@ +Fix insecure use of temporary files. +Patch from upstream bzr, backported to Emacs 23.4. +https://bugs.gentoo.org/509830 +CVE-2014-3421 + +revno: 117066 +fixes bug: http://bugs.debian.org/747100 +committer: Glenn Morris +branch nick: emacs-24 +timestamp: Mon 2014-05-05 20:50:51 -0700 +message: + * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name. + +--- emacs-23.4-orig/lisp/gnus/gnus-fun.el ++++ emacs-23.4/lisp/gnus/gnus-fun.el +@@ -260,20 +260,21 @@ + (interactive) + (shell-command "xawtv-remote snap ppm") + (let ((file nil) ++ (tempfile (make-temp-file "gnus-face-" nil ".ppm")) + result) + (while (null (setq file (directory-files "/tftpboot/sparky/tmp" + t "snap.*ppm"))) + (sleep-for 1)) + (setq file (car file)) + (shell-command +- (format "pnmcut -left 110 -top 30 -width 144 -height 144 '%s' | pnmscale -width 48 -height 48 | ppmtopgm > /tmp/gnus.face.ppm" +- file)) ++ (format "pnmcut -left 110 -top 30 -width 144 -height 144 '%s' | pnmscale -width 48 -height 48 | ppmtopgm >> %s" ++ file tempfile)) + (let ((gnus-convert-image-to-face-command + (format "cat '%%s' | ppmquant %%d | ppmchange %s | pnmtopng" + (gnus-fun-ppm-change-string)))) +- (setq result (gnus-face-from-file "/tmp/gnus.face.ppm"))) ++ (setq result (gnus-face-from-file tempfile))) + (delete-file file) +- ;;(delete-file "/tmp/gnus.face.ppm") ++ ;;(delete-file tempfile) ; FIXME why are we not deleting it?! + result)) + + (defun gnus-fun-ppm-change-string () diff --git a/emacs/23.4/17_all_find-gc-tmpfile.patch b/emacs/23.4/17_all_find-gc-tmpfile.patch new file mode 100644 index 0000000..3a7a719 --- /dev/null +++ b/emacs/23.4/17_all_find-gc-tmpfile.patch @@ -0,0 +1,135 @@ +Fix insecure use of temporary files. +Patch from upstream bzr, backported to Emacs 23.4. +https://bugs.gentoo.org/509830 +CVE-2014-3422 + +revno: 117067 +fixes bug: http://bugs.debian.org/747100 +committer: Glenn Morris +branch nick: emacs-24 +timestamp: Mon 2014-05-05 20:53:31 -0700 +message: + find-gc.el misc fixes + + The whole file looks obsolete and/or broken. + + * lisp/emacs-lisp/find-gc.el (find-gc-source-directory): Give it a value. + (find-gc-source-files): Update some names. + (trace-call-tree): Simplify and update. Avoid predictable temp-file names. + +--- emacs-23.4-orig/lisp/emacs-lisp/find-gc.el ++++ emacs-23.4/lisp/emacs-lisp/find-gc.el +@@ -24,14 +24,15 @@ + + ;; Produce in find-gc-unsafe-list the set of all functions that may invoke GC. + ;; This expects the Emacs sources to live in find-gc-source-directory. +-;; It creates a temporary working directory /tmp/esrc. + + ;;; Code: + + (defvar find-gc-unsafe-list nil + "The list of unsafe functions is placed here by `find-gc-unsafe'.") + +-(defvar find-gc-source-directory) ++(defvar find-gc-source-directory ++ (file-name-as-directory (expand-file-name "src" source-directory)) ++ "Directory containing Emacs C sources.") + + (defvar find-gc-subrs-callers nil + "Alist of users of subrs, from GC testing. +@@ -60,14 +61,14 @@ + "indent.c" "search.c" "regex.c" "undo.c" + "alloc.c" "data.c" "doc.c" "editfns.c" + "callint.c" "eval.c" "fns.c" "print.c" "lread.c" +- "abbrev.c" "syntax.c" "unexec.c" ++ "syntax.c" "unexec.c" + "bytecode.c" "process.c" "callproc.c" "doprnt.c" +- "x11term.c" "x11fns.c")) ++ "xterm.c" "xfns.c")) + + + (defun find-gc-unsafe () + "Return a list of unsafe functions--that is, which can call GC. +-Also store it in `find-gc-unsafe'." ++Also store it in `find-gc-unsafe-list'." + (trace-call-tree nil) + (trace-use-tree) + (find-unsafe-funcs 'Fgarbage_collect) +@@ -103,47 +104,38 @@ + + + +-(defun trace-call-tree (&optional already-setup) ++(defun trace-call-tree (&optional ignored) + (message "Setting up directories...") +- (or already-setup +- (progn +- ;; Gee, wouldn't a built-in "system" function be handy here. +- (call-process "csh" nil nil nil "-c" "rm -rf /tmp/esrc") +- (call-process "csh" nil nil nil "-c" "mkdir /tmp/esrc") +- (call-process "csh" nil nil nil "-c" +- (format "ln -s %s/*.[ch] /tmp/esrc" +- find-gc-source-directory)))) +- (with-current-buffer (get-buffer-create "*Trace Call Tree*") +- (setq find-gc-subrs-called nil) +- (let ((case-fold-search nil) +- (files find-gc-source-files) +- name entry) +- (while files +- (message "Compiling %s..." (car files)) +- (call-process "csh" nil nil nil "-c" +- (format "gcc -dr -c /tmp/esrc/%s -o /dev/null" +- (car files))) +- (erase-buffer) +- (insert-file-contents (concat "/tmp/esrc/" (car files) ".rtl")) +- (while (re-search-forward ";; Function \\|(call_insn " nil t) +- (if (= (char-after (- (point) 3)) ?o) +- (progn +- (looking-at "[a-zA-Z0-9_]+") +- (setq name (intern (buffer-substring (match-beginning 0) +- (match-end 0)))) +- (message "%s : %s" (car files) name) +- (setq entry (list name) +- find-gc-subrs-called (cons entry find-gc-subrs-called))) +- (if (looking-at ".*\n?.*\"\\([A-Za-z0-9_]+\\)\"") ++ (setq find-gc-subrs-called nil) ++ (let ((case-fold-search nil) ++ (default-directory find-gc-source-directory) ++ (files find-gc-source-files) ++ name entry rtlfile) ++ (dolist (file files) ++ (message "Compiling %s..." file) ++ (call-process "gcc" nil nil nil "-I" "." "-I" "../lib" ++ "-fdump-rtl-expand" "-o" null-device "-c" file) ++ (setq rtlfile ++ (file-expand-wildcards (format "%s.*.expand" file) t)) ++ (if (/= 1 (length rtlfile)) ++ (message "Error compiling `%s'?" file) ++ (with-temp-buffer ++ (insert-file-contents (setq rtlfile (car rtlfile))) ++ (delete-file rtlfile) ++ (while (re-search-forward ";; Function \\|(call_insn " nil t) ++ (if (= (char-after (- (point) 3)) ?o) + (progn +- (setq name (intern (buffer-substring (match-beginning 1) +- (match-end 1)))) +- (or (memq name (cdr entry)) +- (setcdr entry (cons name (cdr entry)))))))) +- (delete-file (concat "/tmp/esrc/" (car files) ".rtl")) +- (setq files (cdr files))))) +-) +- ++ (looking-at "[a-zA-Z0-9_]+") ++ (setq name (intern (match-string 0))) ++ (message "%s : %s" (car files) name) ++ (setq entry (list name) ++ find-gc-subrs-called ++ (cons entry find-gc-subrs-called))) ++ (if (looking-at ".*\n?.*\"\\([A-Za-z0-9_]+\\)\"") ++ (progn ++ (setq name (intern (match-string 1))) ++ (or (memq name (cdr entry)) ++ (setcdr entry (cons name (cdr entry))))))))))))) + + (defun trace-use-tree () + (setq find-gc-subrs-callers (mapcar 'list (mapcar 'car find-gc-subrs-called))) diff --git a/emacs/23.4/18_all_browse-url-no-mosaic.patch b/emacs/23.4/18_all_browse-url-no-mosaic.patch new file mode 100644 index 0000000..b6a8152 --- /dev/null +++ b/emacs/23.4/18_all_browse-url-no-mosaic.patch @@ -0,0 +1,124 @@ +Fix insecure use of temporary files. +Gentoo patch: Remove obsolete browse-url-mosaic function completely. +https://bugs.gentoo.org/509830 +CVE-2014-3423 + +--- emacs-23.4-orig/lisp/net/browse-url.el ++++ emacs-23.4/lisp/net/browse-url.el +@@ -40,7 +40,6 @@ + ;; browse-url-galeon Galeon Don't know + ;; browse-url-epiphany Epiphany Don't know + ;; browse-url-netscape Netscape 1.1b1 +-;; browse-url-mosaic XMosaic/mMosaic <= 2.4 + ;; browse-url-cci XMosaic 2.5 + ;; browse-url-w3 w3 0 + ;; browse-url-w3-gnudoit w3 remotely +@@ -82,11 +81,7 @@ + ;; include Chimera and + ;; , Arena + ;; and Amaya +-;; . mMosaic +-;; , +-;; (with development +-;; support for Java applets and multicast) can be used like Mosaic by +-;; setting `browse-url-mosaic-program' appropriately. ++;; . + + ;; I [Denis Howe, not Dave Love] recommend Nelson Minar + ;; 's excellent html-helper-mode.el for editing +@@ -242,7 +237,6 @@ + (function-item :tag "Galeon" :value browse-url-galeon) + (function-item :tag "Epiphany" :value browse-url-epiphany) + (function-item :tag "Netscape" :value browse-url-netscape) +- (function-item :tag "Mosaic" :value browse-url-mosaic) + (function-item :tag "Mosaic using CCI" :value browse-url-cci) + (function-item :tag "Text browser in an xterm window" + :value browse-url-text-xterm) +@@ -421,22 +415,6 @@ + :type 'boolean + :group 'browse-url) + +-(defcustom browse-url-mosaic-program "xmosaic" +- "The name by which to invoke Mosaic (or mMosaic)." +- :type 'string +- :version "20.3" +- :group 'browse-url) +- +-(defcustom browse-url-mosaic-arguments nil +- "A list of strings to pass to Mosaic as arguments." +- :type '(repeat (string :tag "Argument")) +- :group 'browse-url) +- +-(defcustom browse-url-mosaic-pidfile "~/.mosaicpid" +- "The name of the pidfile created by Mosaic." +- :type 'string +- :group 'browse-url) +- + (defcustom browse-url-filename-alist + `(("^/\\(ftp@\\|anonymous@\\)?\\([^:]+\\):/*" . "ftp://\\2/") + ;; The above loses the username to avoid the browser prompting for +@@ -895,7 +873,6 @@ + ((executable-find browse-url-galeon-program) 'browse-url-galeon) + ((executable-find browse-url-kde-program) 'browse-url-kde) + ((executable-find browse-url-netscape-program) 'browse-url-netscape) +- ((executable-find browse-url-mosaic-program) 'browse-url-mosaic) + ((executable-find browse-url-xterm-program) 'browse-url-text-xterm) + ((locate-library "w3") 'browse-url-w3) + (t +@@ -1212,56 +1189,6 @@ + '("--newwin")) + (list "--raise" url)))) + +-;; --- Mosaic --- +- +-;;;###autoload +-(defun browse-url-mosaic (url &optional new-window) +- "Ask the XMosaic WWW browser to load URL. +- +-Default to the URL around or before point. The strings in variable +-`browse-url-mosaic-arguments' are also passed to Mosaic and the +-program is invoked according to the variable +-`browse-url-mosaic-program'. +- +-When called interactively, if variable `browse-url-new-window-flag' is +-non-nil, load the document in a new Mosaic window, otherwise use a +-random existing one. A non-nil interactive prefix argument reverses +-the effect of `browse-url-new-window-flag'. +- +-When called non-interactively, optional second argument NEW-WINDOW is +-used instead of `browse-url-new-window-flag'." +- (interactive (browse-url-interactive-arg "Mosaic URL: ")) +- (let ((pidfile (expand-file-name browse-url-mosaic-pidfile)) +- pid) +- (if (file-readable-p pidfile) +- (save-excursion +- (find-file pidfile) +- (goto-char (point-min)) +- (setq pid (read (current-buffer))) +- (kill-buffer nil))) +- (if (and pid (zerop (signal-process pid 0))) ; Mosaic running +- (save-excursion +- (find-file (format "/tmp/Mosaic.%d" pid)) +- (erase-buffer) +- (insert (if (browse-url-maybe-new-window new-window) +- "newwin\n" +- "goto\n") +- url "\n") +- (save-buffer) +- (kill-buffer nil) +- ;; Send signal SIGUSR to Mosaic +- (message "Signaling Mosaic...") +- (signal-process pid 'SIGUSR1) +- ;; Or you could try: +- ;; (call-process "kill" nil 0 nil "-USR1" (int-to-string pid)) +- (message "Signaling Mosaic...done") +- ) +- ;; Mosaic not running - start it +- (message "Starting %s..." browse-url-mosaic-program) +- (apply 'start-process "xmosaic" nil browse-url-mosaic-program +- (append browse-url-mosaic-arguments (list url))) +- (message "Starting %s...done" browse-url-mosaic-program)))) +- + ;; --- Mosaic using CCI --- + + ;;;###autoload diff --git a/emacs/23.4/19_all_tramp-tmpfile.patch b/emacs/23.4/19_all_tramp-tmpfile.patch new file mode 100644 index 0000000..9eda3f9 --- /dev/null +++ b/emacs/23.4/19_all_tramp-tmpfile.patch @@ -0,0 +1,84 @@ +Fix insecure use of temporary files. +Patch from upstream bzr, backported to Emacs 23.4. +https://bugs.gentoo.org/509830 +CVE-2014-3424 + +revno: 117071 +committer: Michael Albinus +branch nick: emacs-24 +timestamp: Tue 2014-05-06 11:51:05 +0200 +message: + Fix Bug#17415. + + * net/tramp-sh.el (tramp-uudecode): Replace the hard-coded temporary + file name by a format specifier. + (tramp-remote-coding-commands): Enhance docstring. + (tramp-find-inline-encoding): Replace "%t" by a temporary file name. + +--- emacs-23.4-orig/lisp/net/tramp.el ++++ emacs-23.4/lisp/net/tramp.el +@@ -1687,9 +1687,9 @@ + "Remote host for this *tramp* buffer.") + + (defconst tramp-uudecode +- "(echo begin 600 /tmp/tramp.$$; tail +2) | uudecode +-cat /tmp/tramp.$$ +-rm -f /tmp/tramp.$$" ++ "(echo begin 600 %t; tail -n +2) | uudecode ++cat %t ++rm -f %t" + "Shell function to implement `uudecode' to standard output. + Many systems support `uudecode -o /dev/stdout' or `uudecode -o -' + for this or `uudecode -p', but some systems don't, and for them +@@ -7173,7 +7173,7 @@ + + \(FORMAT ENCODING DECODING\) + +-FORMAT is symbol describing the encoding/decoding format. It can be ++FORMAT is a symbol describing the encoding/decoding format. It can be + `b64' for base64 encoding, `uu' for uu encoding, or `pack' for simple packing. + + ENCODING and DECODING can be strings, giving commands, or symbols, +@@ -7220,9 +7220,11 @@ + specifier is not present, the input should be read from standard + input. + +-If they are variables, this variable is a string containing a Perl +-implementation for this functionality. This Perl program will be transferred +-to the remote host, and it is available as shell function with the same name.") ++If they are variables, this variable is a string containing a ++Perl or Shell implementation for this functionality. This ++program will be transferred to the remote host, and it is ++available as shell function with the same name. A \"%t\" format ++specifier in the variable value denotes a temporary file.") + + (defun tramp-find-inline-encoding (vec) + "Find an inline transfer encoding that works. +@@ -7286,10 +7288,25 @@ + (throw 'wont-work-remote nil)) + + (when (not (stringp rem-dec)) +- (let ((name (symbol-name rem-dec))) ++ (let ((name (symbol-name rem-dec)) ++ (value (symbol-value rem-dec)) ++ tmpfile) + (while (string-match (regexp-quote "-") name) + (setq name (replace-match "_" nil t name))) +- (tramp-maybe-send-script vec (symbol-value rem-dec) name) ++ (when (string-match "%t" value) ++ (setq tmpfile ++ (make-temp-name ++ (expand-file-name ++ tramp-temp-name-prefix ++ (tramp-get-remote-tmpdir vec))) ++ value ++ (format-spec ++ value ++ (format-spec-make ++ ?t ++ (tramp-file-name-handler ++ 'file-remote-p tmpfile 'localname))))) ++ (tramp-maybe-send-script vec value name) + (setq rem-dec name))) + (tramp-message + vec 5 diff --git a/emacs/24.3/05_all_gnus-fun-tmpfile.patch b/emacs/24.3/05_all_gnus-fun-tmpfile.patch new file mode 100644 index 0000000..227935d --- /dev/null +++ b/emacs/24.3/05_all_gnus-fun-tmpfile.patch @@ -0,0 +1,41 @@ +Fix insecure use of temporary files. +Patch from upstream bzr, backported to Emacs 24.3. +https://bugs.gentoo.org/509830 +CVE-2014-3421 + +revno: 117066 +fixes bug: http://bugs.debian.org/747100 +committer: Glenn Morris +branch nick: emacs-24 +timestamp: Mon 2014-05-05 20:50:51 -0700 +message: + * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name. + +--- emacs-24.3-orig/lisp/gnus/gnus-fun.el ++++ emacs-24.3/lisp/gnus/gnus-fun.el +@@ -250,20 +250,21 @@ + (interactive) + (shell-command "xawtv-remote snap ppm") + (let ((file nil) ++ (tempfile (make-temp-file "gnus-face-" nil ".ppm")) + result) + (while (null (setq file (directory-files "/tftpboot/sparky/tmp" + t "snap.*ppm"))) + (sleep-for 1)) + (setq file (car file)) + (shell-command +- (format "pnmcut -left 110 -top 30 -width 144 -height 144 '%s' | pnmscale -width 48 -height 48 | ppmtopgm > /tmp/gnus.face.ppm" +- file)) ++ (format "pnmcut -left 110 -top 30 -width 144 -height 144 '%s' | pnmscale -width 48 -height 48 | ppmtopgm >> %s" ++ file tempfile)) + (let ((gnus-convert-image-to-face-command + (format "cat '%%s' | ppmquant %%d | ppmchange %s | pnmtopng" + (gnus-fun-ppm-change-string)))) +- (setq result (gnus-face-from-file "/tmp/gnus.face.ppm"))) ++ (setq result (gnus-face-from-file tempfile))) + (delete-file file) +- ;;(delete-file "/tmp/gnus.face.ppm") ++ ;;(delete-file tempfile) ; FIXME why are we not deleting it?! + result)) + + (defun gnus-fun-ppm-change-string () diff --git a/emacs/24.3/06_all_find-gc-tmpfile.patch b/emacs/24.3/06_all_find-gc-tmpfile.patch new file mode 100644 index 0000000..3c640f3 --- /dev/null +++ b/emacs/24.3/06_all_find-gc-tmpfile.patch @@ -0,0 +1,135 @@ +Fix insecure use of temporary files. +Patch from upstream bzr, backported to Emacs 24.3. +https://bugs.gentoo.org/509830 +CVE-2014-3422 + +revno: 117067 +fixes bug: http://bugs.debian.org/747100 +committer: Glenn Morris +branch nick: emacs-24 +timestamp: Mon 2014-05-05 20:53:31 -0700 +message: + find-gc.el misc fixes + + The whole file looks obsolete and/or broken. + + * lisp/emacs-lisp/find-gc.el (find-gc-source-directory): Give it a value. + (find-gc-source-files): Update some names. + (trace-call-tree): Simplify and update. Avoid predictable temp-file names. + +--- emacs-24.3-orig/lisp/emacs-lisp/find-gc.el ++++ emacs-24.3/lisp/emacs-lisp/find-gc.el +@@ -23,14 +23,15 @@ + + ;; Produce in find-gc-unsafe-list the set of all functions that may invoke GC. + ;; This expects the Emacs sources to live in find-gc-source-directory. +-;; It creates a temporary working directory /tmp/esrc. + + ;;; Code: + + (defvar find-gc-unsafe-list nil + "The list of unsafe functions is placed here by `find-gc-unsafe'.") + +-(defvar find-gc-source-directory) ++(defvar find-gc-source-directory ++ (file-name-as-directory (expand-file-name "src" source-directory)) ++ "Directory containing Emacs C sources.") + + (defvar find-gc-subrs-callers nil + "Alist of users of subrs, from GC testing. +@@ -59,14 +60,14 @@ + "indent.c" "search.c" "regex.c" "undo.c" + "alloc.c" "data.c" "doc.c" "editfns.c" + "callint.c" "eval.c" "fns.c" "print.c" "lread.c" +- "abbrev.c" "syntax.c" "unexcoff.c" ++ "syntax.c" "unexcoff.c" + "bytecode.c" "process.c" "callproc.c" "doprnt.c" +- "x11term.c" "x11fns.c")) ++ "xterm.c" "xfns.c")) + + + (defun find-gc-unsafe () + "Return a list of unsafe functions--that is, which can call GC. +-Also store it in `find-gc-unsafe'." ++Also store it in `find-gc-unsafe-list'." + (trace-call-tree nil) + (trace-use-tree) + (find-unsafe-funcs 'Fgarbage_collect) +@@ -102,47 +103,38 @@ + + + +-(defun trace-call-tree (&optional already-setup) ++(defun trace-call-tree (&optional ignored) + (message "Setting up directories...") +- (or already-setup +- (progn +- ;; Gee, wouldn't a built-in "system" function be handy here. +- (call-process "csh" nil nil nil "-c" "rm -rf /tmp/esrc") +- (call-process "csh" nil nil nil "-c" "mkdir /tmp/esrc") +- (call-process "csh" nil nil nil "-c" +- (format "ln -s %s/*.[ch] /tmp/esrc" +- find-gc-source-directory)))) +- (with-current-buffer (get-buffer-create "*Trace Call Tree*") +- (setq find-gc-subrs-called nil) +- (let ((case-fold-search nil) +- (files find-gc-source-files) +- name entry) +- (while files +- (message "Compiling %s..." (car files)) +- (call-process "csh" nil nil nil "-c" +- (format "gcc -dr -c /tmp/esrc/%s -o /dev/null" +- (car files))) +- (erase-buffer) +- (insert-file-contents (concat "/tmp/esrc/" (car files) ".rtl")) +- (while (re-search-forward ";; Function \\|(call_insn " nil t) +- (if (= (char-after (- (point) 3)) ?o) +- (progn +- (looking-at "[a-zA-Z0-9_]+") +- (setq name (intern (buffer-substring (match-beginning 0) +- (match-end 0)))) +- (message "%s : %s" (car files) name) +- (setq entry (list name) +- find-gc-subrs-called (cons entry find-gc-subrs-called))) +- (if (looking-at ".*\n?.*\"\\([A-Za-z0-9_]+\\)\"") ++ (setq find-gc-subrs-called nil) ++ (let ((case-fold-search nil) ++ (default-directory find-gc-source-directory) ++ (files find-gc-source-files) ++ name entry rtlfile) ++ (dolist (file files) ++ (message "Compiling %s..." file) ++ (call-process "gcc" nil nil nil "-I" "." "-I" "../lib" ++ "-fdump-rtl-expand" "-o" null-device "-c" file) ++ (setq rtlfile ++ (file-expand-wildcards (format "%s.*.expand" file) t)) ++ (if (/= 1 (length rtlfile)) ++ (message "Error compiling `%s'?" file) ++ (with-temp-buffer ++ (insert-file-contents (setq rtlfile (car rtlfile))) ++ (delete-file rtlfile) ++ (while (re-search-forward ";; Function \\|(call_insn " nil t) ++ (if (= (char-after (- (point) 3)) ?o) + (progn +- (setq name (intern (buffer-substring (match-beginning 1) +- (match-end 1)))) +- (or (memq name (cdr entry)) +- (setcdr entry (cons name (cdr entry)))))))) +- (delete-file (concat "/tmp/esrc/" (car files) ".rtl")) +- (setq files (cdr files))))) +-) +- ++ (looking-at "[a-zA-Z0-9_]+") ++ (setq name (intern (match-string 0))) ++ (message "%s : %s" (car files) name) ++ (setq entry (list name) ++ find-gc-subrs-called ++ (cons entry find-gc-subrs-called))) ++ (if (looking-at ".*\n?.*\"\\([A-Za-z0-9_]+\\)\"") ++ (progn ++ (setq name (intern (match-string 1))) ++ (or (memq name (cdr entry)) ++ (setcdr entry (cons name (cdr entry))))))))))))) + + (defun trace-use-tree () + (setq find-gc-subrs-callers (mapcar 'list (mapcar 'car find-gc-subrs-called))) diff --git a/emacs/24.3/07_all_browse-url-no-mosaic.patch b/emacs/24.3/07_all_browse-url-no-mosaic.patch new file mode 100644 index 0000000..3ccab76 --- /dev/null +++ b/emacs/24.3/07_all_browse-url-no-mosaic.patch @@ -0,0 +1,124 @@ +Fix insecure use of temporary files. +Gentoo patch: Remove obsolete browse-url-mosaic function completely. +https://bugs.gentoo.org/509830 +CVE-2014-3423 + +--- emacs-24.3-orig/lisp/net/browse-url.el ++++ emacs-24.3/lisp/net/browse-url.el +@@ -40,7 +40,6 @@ + ;; browse-url-galeon Galeon Don't know + ;; browse-url-epiphany Epiphany Don't know + ;; browse-url-netscape Netscape 1.1b1 +-;; browse-url-mosaic XMosaic/mMosaic <= 2.4 + ;; browse-url-cci XMosaic 2.5 + ;; browse-url-w3 w3 0 + ;; browse-url-w3-gnudoit w3 remotely +@@ -83,11 +82,7 @@ + ;; include Chimera and + ;; , Arena + ;; and Amaya +-;; . mMosaic +-;; , +-;; (with development +-;; support for Java applets and multicast) can be used like Mosaic by +-;; setting `browse-url-mosaic-program' appropriately. ++;; . + + ;; I [Denis Howe, not Dave Love] recommend Nelson Minar + ;; 's excellent html-helper-mode.el for editing +@@ -233,7 +228,6 @@ + (function-item :tag "Galeon" :value browse-url-galeon) + (function-item :tag "Epiphany" :value browse-url-epiphany) + (function-item :tag "Netscape" :value browse-url-netscape) +- (function-item :tag "Mosaic" :value browse-url-mosaic) + (function-item :tag "Mosaic using CCI" :value browse-url-cci) + (function-item :tag "Text browser in an xterm window" + :value browse-url-text-xterm) +@@ -442,22 +436,6 @@ + :type 'boolean + :group 'browse-url) + +-(defcustom browse-url-mosaic-program "xmosaic" +- "The name by which to invoke Mosaic (or mMosaic)." +- :type 'string +- :version "20.3" +- :group 'browse-url) +- +-(defcustom browse-url-mosaic-arguments nil +- "A list of strings to pass to Mosaic as arguments." +- :type '(repeat (string :tag "Argument")) +- :group 'browse-url) +- +-(defcustom browse-url-mosaic-pidfile "~/.mosaicpid" +- "The name of the pidfile created by Mosaic." +- :type 'string +- :group 'browse-url) +- + (defcustom browse-url-filename-alist + `(("^/\\(ftp@\\|anonymous@\\)?\\([^:]+\\):/*" . "ftp://\\2/") + ;; The above loses the username to avoid the browser prompting for +@@ -927,7 +905,6 @@ + ((executable-find browse-url-galeon-program) 'browse-url-galeon) + ((executable-find browse-url-kde-program) 'browse-url-kde) + ((executable-find browse-url-netscape-program) 'browse-url-netscape) +- ((executable-find browse-url-mosaic-program) 'browse-url-mosaic) + ((executable-find browse-url-xterm-program) 'browse-url-text-xterm) + ((locate-library "w3") 'browse-url-w3) + (t +@@ -1306,56 +1283,6 @@ + '("--newwin")) + (list "--raise" url)))) + +-;; --- Mosaic --- +- +-;;;###autoload +-(defun browse-url-mosaic (url &optional new-window) +- "Ask the XMosaic WWW browser to load URL. +- +-Default to the URL around or before point. The strings in variable +-`browse-url-mosaic-arguments' are also passed to Mosaic and the +-program is invoked according to the variable +-`browse-url-mosaic-program'. +- +-When called interactively, if variable `browse-url-new-window-flag' is +-non-nil, load the document in a new Mosaic window, otherwise use a +-random existing one. A non-nil interactive prefix argument reverses +-the effect of `browse-url-new-window-flag'. +- +-When called non-interactively, optional second argument NEW-WINDOW is +-used instead of `browse-url-new-window-flag'." +- (interactive (browse-url-interactive-arg "Mosaic URL: ")) +- (let ((pidfile (expand-file-name browse-url-mosaic-pidfile)) +- pid) +- (if (file-readable-p pidfile) +- (save-excursion +- (find-file pidfile) +- (goto-char (point-min)) +- (setq pid (read (current-buffer))) +- (kill-buffer nil))) +- (if (and pid (zerop (signal-process pid 0))) ; Mosaic running +- (save-excursion +- (find-file (format "/tmp/Mosaic.%d" pid)) +- (erase-buffer) +- (insert (if (browse-url-maybe-new-window new-window) +- "newwin\n" +- "goto\n") +- url "\n") +- (save-buffer) +- (kill-buffer nil) +- ;; Send signal SIGUSR to Mosaic +- (message "Signaling Mosaic...") +- (signal-process pid 'SIGUSR1) +- ;; Or you could try: +- ;; (call-process "kill" nil 0 nil "-USR1" (int-to-string pid)) +- (message "Signaling Mosaic...done") +- ) +- ;; Mosaic not running - start it +- (message "Starting %s..." browse-url-mosaic-program) +- (apply 'start-process "xmosaic" nil browse-url-mosaic-program +- (append browse-url-mosaic-arguments (list url))) +- (message "Starting %s...done" browse-url-mosaic-program)))) +- + ;; --- Mosaic using CCI --- + + ;;;###autoload diff --git a/emacs/24.3/08_all_tramp-sh-tmpfile.patch b/emacs/24.3/08_all_tramp-sh-tmpfile.patch new file mode 100644 index 0000000..80cdb3f --- /dev/null +++ b/emacs/24.3/08_all_tramp-sh-tmpfile.patch @@ -0,0 +1,84 @@ +Fix insecure use of temporary files. +Patch from upstream bzr, backported to Emacs 24.3. +https://bugs.gentoo.org/509830 +CVE-2014-3424 + +revno: 117071 +committer: Michael Albinus +branch nick: emacs-24 +timestamp: Tue 2014-05-06 11:51:05 +0200 +message: + Fix Bug#17415. + + * net/tramp-sh.el (tramp-uudecode): Replace the hard-coded temporary + file name by a format specifier. + (tramp-remote-coding-commands): Enhance docstring. + (tramp-find-inline-encoding): Replace "%t" by a temporary file name. + +--- emacs-24.3-orig/lisp/net/tramp-sh.el ++++ emacs-24.3/lisp/net/tramp-sh.el +@@ -605,9 +605,9 @@ + See `tramp-actions-before-shell' for more info.") + + (defconst tramp-uudecode +- "(echo begin 600 /tmp/tramp.$$; tail +2) | uudecode +-cat /tmp/tramp.$$ +-rm -f /tmp/tramp.$$" ++ "(echo begin 600 %t; tail -n +2) | uudecode ++cat %t ++rm -f %t" + "Shell function to implement `uudecode' to standard output. + Many systems support `uudecode -o /dev/stdout' or `uudecode -o -' + for this or `uudecode -p', but some systems don't, and for them +@@ -3938,7 +3938,7 @@ + + \(FORMAT ENCODING DECODING [TEST]\) + +-FORMAT is symbol describing the encoding/decoding format. It can be ++FORMAT is a symbol describing the encoding/decoding format. It can be + `b64' for base64 encoding, `uu' for uu encoding, or `pack' for simple packing. + + ENCODING and DECODING can be strings, giving commands, or symbols, +@@ -3948,9 +3948,11 @@ + specifier is not present, the input should be read from standard + input. + +-If they are variables, this variable is a string containing a Perl +-implementation for this functionality. This Perl program will be transferred +-to the remote host, and it is available as shell function with the same name. ++If they are variables, this variable is a string containing a ++Perl or Shell implementation for this functionality. This ++program will be transferred to the remote host, and it is ++available as shell function with the same name. A \"%t\" format ++specifier in the variable value denotes a temporary file. + + The optional TEST command can be used for further tests, whether + ENCODING and DECODING are applicable.") +@@ -4025,10 +4027,25 @@ + (throw 'wont-work-remote nil)) + + (when (not (stringp rem-dec)) +- (let ((name (symbol-name rem-dec))) ++ (let ((name (symbol-name rem-dec)) ++ (value (symbol-value rem-dec)) ++ tmpfile) + (while (string-match (regexp-quote "-") name) + (setq name (replace-match "_" nil t name))) +- (tramp-maybe-send-script vec (symbol-value rem-dec) name) ++ (when (string-match "%t" value) ++ (setq tmpfile ++ (make-temp-name ++ (expand-file-name ++ tramp-temp-name-prefix ++ (tramp-get-remote-tmpdir vec))) ++ value ++ (format-spec ++ value ++ (format-spec-make ++ ?t ++ (tramp-file-name-handler ++ 'file-remote-p tmpfile 'localname))))) ++ (tramp-maybe-send-script vec value name) + (setq rem-dec name))) + (tramp-message + vec 5 -- cgit v1.2.3-18-g5258