From 0731a05d6383eaef79d6fb429044b1935527248e999529e4048287c1bc2329c7 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 30 Nov 2007 15:11:39 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/emacs?expand=0&rev=20 --- emacs-22.0.99.dif | 57 +--------------------------- emacs-22.1-format.diff | 86 ++++++++++++++++++++++++++++++++++++++++++ emacs.changes | 6 +++ emacs.spec | 8 +++- 4 files changed, 100 insertions(+), 57 deletions(-) create mode 100644 emacs-22.1-format.diff diff --git a/emacs-22.0.99.dif b/emacs-22.0.99.dif index 1de2542..2c176f6 100644 --- a/emacs-22.0.99.dif +++ b/emacs-22.0.99.dif @@ -1147,7 +1147,7 @@ +;; Ende von linux.el --- site-lisp/term/locale.el +++ site-lisp/term/locale.el 2007-06-04 15:26:38.703969552 +0200 -@@ -0,0 +1,37 @@ +@@ -0,0 +1,16 @@ +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;; term/locale.el for site-lisp path +;;; Copyright (c) 1996-2003 SuSE Linux AG Nuernberg, Germany. @@ -1155,27 +1155,6 @@ +;;; +;;; Author: Werner Fink , No warranty of any kind +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -+;; -+;; Umlaute -+;; ------- -+ -+(let* ((tmp (shell-command-to-string "locale charmap")) -+ (tmp (substring tmp 0 (string-match "\[ \t\n\]" tmp))) -+ (tmp (downcase tmp))) -+ (when (coding-system-p (intern tmp)) -+ (set-keyboard-coding-system (intern tmp)) -+ (set-terminal-coding-system (intern tmp)) -+ (set-default-coding-systems (intern tmp)))) -+;; Set this only if no default is given -+(unless (terminal-coding-system) -+ (set-terminal-coding-system 'iso-latin-9)) -+;; Set input mode -+(let ((value (current-input-mode))) -+ (set-input-mode (nth 0 value) -+ (nth 1 value) -+ (terminal-coding-system) -+ ;; This quit value is optional -+ (nth 3 value))) + +(add-hook 'term-setup-hook (function (lambda () + (load "term/func-keys" t t)))) @@ -1280,40 +1259,6 @@ exit (0); } ---- src/process.c -+++ src/process.c 2007-05-15 19:29:13.505217000 +0200 -@@ -528,8 +528,22 @@ status_message (p) - static int - allocate_pty () - { -- register int c, i; - int fd; -+#ifdef UNIX98_PTYS -+ if ((fd = getpt ()) < 0) -+ return -1; -+ -+ if (grantpt (fd) < 0 || -+ unlockpt (fd) < 0 || -+ ptsname_r (fd, pty_name, sizeof pty_name)) -+ { -+ close (fd); -+ return -1; -+ } -+ setup_pty (fd); -+ return fd; -+#else -+ register int c, i; - - #ifdef PTY_ITERATION - PTY_ITERATION -@@ -607,6 +621,7 @@ allocate_pty () - } - } - return -1; -+#endif /* !UNIX98_PTYS */ - } - #endif /* HAVE_PTYS */ - --- src/m/hp800.h +++ src/m/hp800.h 2007-05-15 19:33:25.880021000 +0200 @@ -71,7 +71,7 @@ Boston, MA 02110-1301, USA. */ diff --git a/emacs-22.1-format.diff b/emacs-22.1-format.diff new file mode 100644 index 0000000..42ac70e --- /dev/null +++ b/emacs-22.1-format.diff @@ -0,0 +1,86 @@ +2007-11-15 Andreas Schwab + + * editfns.c (Fformat): Correctly format EMACS_INT values. + Also take precision into account when formatting an integer. + +Index: src/editfns.c +================================================================================ +--- src/editfns.c ++++ src/editfns.c +@@ -3543,8 +3543,10 @@ usage: (format STRING &rest OBJECTS) */ + precision[n+1] = 10 * precision[n+1] + *format - '0'; + } + +- if (format - this_format_start + 1 > longest_format) +- longest_format = format - this_format_start + 1; ++ /* Extra +1 for 'l' that we may need to insert into the ++ format. */ ++ if (format - this_format_start + 2 > longest_format) ++ longest_format = format - this_format_start + 2; + + if (format == end) + error ("Format string ends in middle of format specifier"); +@@ -3605,7 +3607,7 @@ usage: (format STRING &rest OBJECTS) */ + && *format != 'i' && *format != 'X' && *format != 'c') + error ("Invalid format operation %%%c", *format); + +- thissize = 30; ++ thissize = 30 + (precision[n] > 0 ? precision[n] : 0); + if (*format == 'c') + { + if (! SINGLE_BYTE_CHAR_P (XINT (args[n])) +@@ -3803,23 +3805,40 @@ usage: (format STRING &rest OBJECTS) */ + format - this_format_start); + this_format[format - this_format_start] = 0; + +- if (INTEGERP (args[n])) ++ if (format[-1] == 'e' || format[-1] == 'f' || format[-1] == 'g') ++ sprintf (p, this_format, XFLOAT_DATA (args[n])); ++ else + { +- if (format[-1] == 'd') +- sprintf (p, this_format, XINT (args[n])); +- /* Don't sign-extend for octal or hex printing. */ ++ if (sizeof (EMACS_INT) > sizeof (int) ++ && format[-1] != 'c') ++ { ++ /* Insert 'l' before format spec. */ ++ this_format[format - this_format_start] ++ = this_format[format - this_format_start - 1]; ++ this_format[format - this_format_start - 1] = 'l'; ++ this_format[format - this_format_start + 1] = 0; ++ } ++ ++ if (INTEGERP (args[n])) ++ { ++ if (format[-1] == 'c') ++ sprintf (p, this_format, (int) XINT (args[n])); ++ else if (format[-1] == 'd') ++ sprintf (p, this_format, XINT (args[n])); ++ /* Don't sign-extend for octal or hex printing. */ ++ else ++ sprintf (p, this_format, XUINT (args[n])); ++ } ++ else if (format[-1] == 'c') ++ sprintf (p, this_format, (int) XFLOAT_DATA (args[n])); ++ else if (format[-1] == 'd') ++ /* Maybe we should use "%1.0f" instead so it also works ++ for values larger than MAXINT. */ ++ sprintf (p, this_format, (EMACS_INT) XFLOAT_DATA (args[n])); + else +- sprintf (p, this_format, XUINT (args[n])); ++ /* Don't sign-extend for octal or hex printing. */ ++ sprintf (p, this_format, (EMACS_UINT) XFLOAT_DATA (args[n])); + } +- else if (format[-1] == 'e' || format[-1] == 'f' || format[-1] == 'g') +- sprintf (p, this_format, XFLOAT_DATA (args[n])); +- else if (format[-1] == 'd') +- /* Maybe we should use "%1.0f" instead so it also works +- for values larger than MAXINT. */ +- sprintf (p, this_format, (EMACS_INT) XFLOAT_DATA (args[n])); +- else +- /* Don't sign-extend for octal or hex printing. */ +- sprintf (p, this_format, (EMACS_UINT) XFLOAT_DATA (args[n])); + + if (p > buf + && multibyte diff --git a/emacs.changes b/emacs.changes index 4c92884..1eaa6e9 100644 --- a/emacs.changes +++ b/emacs.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Nov 22 14:23:04 CET 2007 - schwab@suse.de + +- Fix buffer overflow in format [#342158]. +- Remove obsolete patches. + ------------------------------------------------------------------- Mon Nov 5 13:43:09 CET 2007 - werner@suse.de diff --git a/emacs.spec b/emacs.spec index 65f86d7..1cab1b4 100644 --- a/emacs.spec +++ b/emacs.spec @@ -20,7 +20,7 @@ Requires: emacs-info ctags emacs_program Provides: ge_site ge_exec emacs-url Mule-UCS emacs-calc erc AutoReqProv: on Version: 22.1 -Release: 56 +Release: 62 BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: GNU Emacs Base Package Source: emacs-22.1.tar.bz2 @@ -45,6 +45,7 @@ Patch12: emacs-22.0.99-x11r7.patch Patch13: emacs-22.0.99-s390x.dif Patch14: emacs-22.1-conf.diff Patch15: emacs-22.1-CVE-2007-5795.dif +Patch16: emacs-22.1-format.diff %{expand: %%global _exec_prefix %(type -p pkg-config &>/dev/null && pkg-config --variable prefix x11 || echo /usr/X11R6)} %if "%_exec_prefix" == "/usr/X11R6" %define _x11lib %{_exec_prefix}/%{_lib} @@ -214,6 +215,7 @@ Authors: %patch13 -p0 -b .s390x %patch14 %patch15 -p0 -b .CVE20075795 +%patch16 %patch if test ! -e $HOME/.mh_profile && type -p install-mh > /dev/null 2>&1; then install-mh -auto < /dev/null @@ -3188,7 +3190,11 @@ done /usr/share/emacs/%{version}/lisp/x-dnd.el.gz /usr/share/emacs/%{version}/lisp/xml.el.gz /usr/share/emacs/%{version}/lisp/xt-mouse.el.gz + %changelog +* Thu Nov 22 2007 - schwab@suse.de +- Fix buffer overflow in format [#342158]. +- Remove obsolete patches. * Mon Nov 05 2007 - werner@suse.de - Fix insufficient safe mode checks (bug #339033, CVE-2007-5795) * Fri Sep 07 2007 - schwab@suse.de