From e493955ccb4b62663919d2ab8a190e56120499518d4c237e00474af6b6eddec4 Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Tue, 25 Apr 2017 11:46:13 +0000 Subject: [PATCH 1/5] Final update tp GNU Emacs 25.2 OBS-URL: https://build.opensuse.org/package/show/editors/emacs?expand=0&rev=226 --- emacs-25.2-rc2.tar.xz | 3 --- emacs-25.2.tar.xz | 3 +++ emacs.changes | 28 ++++++++++++++++++++++++++++ emacs.spec | 7 ++++--- 4 files changed, 35 insertions(+), 6 deletions(-) delete mode 100644 emacs-25.2-rc2.tar.xz create mode 100644 emacs-25.2.tar.xz diff --git a/emacs-25.2-rc2.tar.xz b/emacs-25.2-rc2.tar.xz deleted file mode 100644 index eac1289..0000000 --- a/emacs-25.2-rc2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4f405314b427f9fdfc3fe89c3a062524156b23e07396427bb16d30ba1a8bf687 -size 43014244 diff --git a/emacs-25.2.tar.xz b/emacs-25.2.tar.xz new file mode 100644 index 0000000..b8e754a --- /dev/null +++ b/emacs-25.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:59b55194c9979987c5e9f1a1a4ab5406714e80ffcfd415cc6b9222413bc073fa +size 46900336 diff --git a/emacs.changes b/emacs.changes index d8d8851..bdefd25 100644 --- a/emacs.changes +++ b/emacs.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Tue Apr 25 10:43:33 UTC 2017 - werner@suse.de + +- Update to emacs version 25.2 a bugfix release + * 'find-library', 'help-function-def' and 'help-variable-def' now run + 'find-function-after-hook'. + * New basic face 'fixed-pitch-serif', for a fixed-width font with serifs. + The 'Info-quoted' and 'tex-verbatim' faces inherit from it by default. + * New variable 'use-default-font-for-symbols', for backward compatibility. + This variable allows you to get back pre-Emacs 25 behavior where the + font for displaying symbol and punctuation characters was always + selected according to your fontset setup. By default, Emacs 25 tries + to use the default face's font for such characters, if it supports + them, disregarding the fontsets. Set this variable to nil to disable + this and get back the old behavior. + * 'electric-quote-mode' is no longer suppressed in a buffer whose + coding system cannot represent curved quote characters. + Instead, users can deal with the unrepresentable characters in the + usual way when they save the buffer. + * New variable 'inhibit-compacting-font-caches'. + Set this variable to a non-nil value to speed up display of characters + using large fonts, at the price of a larger memory footprint. + * The version number of CC Mode has been changed from 5.33 to + 5.32.99, although the software itself hasn't changed. This aims to + reduce confusion with the standalone CC Mode 5.33 (available from + http://cc-mode.sourceforge.net), which is a more mature version than + the one included in Emacs 25.2. + ------------------------------------------------------------------- Wed Apr 12 09:25:13 UTC 2017 - pgajdos@suse.com diff --git a/emacs.spec b/emacs.spec index 52287ce..1842e09 100644 --- a/emacs.spec +++ b/emacs.spec @@ -20,7 +20,7 @@ %if %{suse_version} >= 1330 %bcond_without autoconf %endif -# Experimental, not for production (see https://www.gnu.org/software/emacs/news/NEWS.25.1) +# Experimental, not for production (see https://www.gnu.org/software/emacs/news/NEWS.25.2) %bcond_with cairo Name: emacs @@ -103,8 +103,7 @@ Obsoletes: nxml-mode < 20041004 Provides: epg = 1.0.0 Obsoletes: epg < 1.0.0 Requires(pre): fileutils -#Source: ftp://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz -Source: ftp://alpha.gnu.org/gnu/emacs/pretest/emacs-%{version}-rc2.tar.xz +Source: ftp://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz Source1: app-defaults.Emacs Source2: site-lisp.tar.bz2 Source3: dot.gnu-emacs @@ -380,6 +379,7 @@ DESKTOP="--with-x \ %else --with-x-toolkit=gtk2 \ %endif + --with-toolkit-scroll-bars \ --x-includes=%{_x11inc} \ --x-libraries=%{_x11lib} \ --with-libotf \ @@ -390,6 +390,7 @@ DESKTOP="--with-x \ " X11="${DESKTOP} \ --with-x-toolkit=lucid \ + --with-toolkit-scroll-bars \ --x-includes=%{_x11inc} \ --x-libraries=%{_x11lib}:%{_x11data} \ --without-libotf \ From 22735a012388c69b54c90b6855fe4b95dd0853c23f606835cc2f1071ea407bdd Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Tue, 25 Apr 2017 14:51:56 +0000 Subject: [PATCH 2/5] . OBS-URL: https://build.opensuse.org/package/show/editors/emacs?expand=0&rev=227 --- emacs.changes | 5 +++++ emacs.sh | 11 ++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/emacs.changes b/emacs.changes index bdefd25..5397b64 100644 --- a/emacs.changes +++ b/emacs.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Apr 25 14:51:25 UTC 2017 - werner@suse.de + +- Fix emacs.sh wrapper script to check modern dbus session + ------------------------------------------------------------------- Tue Apr 25 10:43:33 UTC 2017 - werner@suse.de diff --git a/emacs.sh b/emacs.sh index 5517cd7..1cb6497 100644 --- a/emacs.sh +++ b/emacs.sh @@ -78,7 +78,12 @@ if test -n "$dbusdaemon" ; then unset DBUS_SESSION_BUS_ADDRESS break done - test -n "$dpid" || unset DBUS_SESSION_BUS_ADDRESS + if test -z "$dpid" ; then + case ":$DBUS_SESSION_BUS_ADDRESS" in + *:path=/run/user/${UID}/bus*) ;; + *) unset DBUS_SESSION_BUS_ADDRESS + esac + fi fi # Find a valid dbus-daemon if active if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then @@ -90,6 +95,10 @@ if test -n "$dbusdaemon" ; then DBUS_SESSION_BUS_ADDRESS=${dadd#*=} export DBUS_SESSION_BUS_ADDRESS done + if test -z "$DBUS_SESSION_BUS_ADDRESS" -a -S /run/user/${UID}/bus ; then + DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${UID}/bus + export DBUS_SESSION_BUS_ADDRESS + fi fi unset mid guid suid dadd # Oops ... no dbus-daemon then launch a new session From 7b5d2a72bb4e0a07ec6f039e20fc153c1f67469a932c1cb73f3bc496115c2bdf Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Tue, 25 Apr 2017 14:55:19 +0000 Subject: [PATCH 3/5] . OBS-URL: https://build.opensuse.org/package/show/editors/emacs?expand=0&rev=228 --- emacs.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/emacs.changes b/emacs.changes index 5397b64..e6c9542 100644 --- a/emacs.changes +++ b/emacs.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Tue Apr 25 14:51:25 UTC 2017 - werner@suse.de -- Fix emacs.sh wrapper script to check modern dbus session +- Fix emacs.sh wrapper script to check modern dbus session (boo#1032759) ------------------------------------------------------------------- Tue Apr 25 10:43:33 UTC 2017 - werner@suse.de From d333c5cb4dd452a74070498c0ab43729a3bc4a54dc446038997be3927e1cbc88 Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Wed, 26 Apr 2017 07:34:32 +0000 Subject: [PATCH 4/5] . OBS-URL: https://build.opensuse.org/package/show/editors/emacs?expand=0&rev=229 --- emacs.changes | 5 +++++ emacs.sh | 10 ++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/emacs.changes b/emacs.changes index e6c9542..79ea69c 100644 --- a/emacs.changes +++ b/emacs.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Apr 26 07:33:45 UTC 2017 - werner@suse.de + +- Use socket activation to get dbus up before starting emacs + ------------------------------------------------------------------- Tue Apr 25 14:51:25 UTC 2017 - werner@suse.de diff --git a/emacs.sh b/emacs.sh index 1cb6497..529465b 100644 --- a/emacs.sh +++ b/emacs.sh @@ -95,8 +95,8 @@ if test -n "$dbusdaemon" ; then DBUS_SESSION_BUS_ADDRESS=${dadd#*=} export DBUS_SESSION_BUS_ADDRESS done - if test -z "$DBUS_SESSION_BUS_ADDRESS" -a -S /run/user/${UID}/bus ; then - DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${UID}/bus + if test -z "$DBUS_SESSION_BUS_ADDRESS" -a -S "${XDG_RUNTIME_DIR}/bus" ; then + DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus" export DBUS_SESSION_BUS_ADDRESS fi fi @@ -114,6 +114,12 @@ if test -n "$dbusdaemon" ; then else arg0=emacs fi + elif test -S "${XDG_RUNTIME_DIR}/bus" ; then + dbusupdate=$(type -p dbus-update-activation-environment 2>/dev/null) + dbusstatus=$(systemctl --user is-active dbus.service 2>/dev/null) + if test -n "$dbusupdate" -a "$dbusstatus" != active ; then + $dbusupdate --systemd DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus" + fi fi unset dbuslaunch dbusdaemon fi From 4c30c8b5b1968c3f8cf947b02e74828c5efc0f20df3e57e50114e6dffcc32ad2 Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Tue, 2 May 2017 11:23:36 +0000 Subject: [PATCH 5/5] CVE-2017-7476 OBS-URL: https://build.opensuse.org/package/show/editors/emacs?expand=0&rev=230 --- emacs.changes | 5 +++ emacs.spec | 5 ++- gnulib.git-94e01571.patch | 85 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 94 insertions(+), 1 deletion(-) create mode 100644 gnulib.git-94e01571.patch diff --git a/emacs.changes b/emacs.changes index 79ea69c..2fb8a3c 100644 --- a/emacs.changes +++ b/emacs.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue May 2 11:02:57 UTC 2017 - werner@suse.de + +- Add patch gnulib.git-94e01571.patch to fix CVE-2017-7476 + ------------------------------------------------------------------- Wed Apr 26 07:33:45 UTC 2017 - werner@suse.de diff --git a/emacs.spec b/emacs.spec index 1842e09..911e098 100644 --- a/emacs.spec +++ b/emacs.spec @@ -127,6 +127,8 @@ Patch23: emacs-25.1-custom-fonts.patch # but that is because we ship /usr/include/ImageMagick-7/wand compat # symlink Patch24: emacs-25.2-ImageMagick7.patch +# PATCH-FIX-UPSTREAM-GNULIB CVE-2017-7476 +Patch25: gnulib.git-94e01571.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %{expand: %%global include_info %(test -s /usr/share/info/info.info* && echo 0 || echo 1)} @@ -240,8 +242,9 @@ and most assembler-like syntaxes. %patch16 -p0 -b .flyspell %patch22 -p0 -b .obsolate %patch23 -p0 -b .custfnt -%patch -p0 -b .0 %patch24 -p1 +%patch25 -p0 +%patch -p0 -b .0 %if %{without autoconf} # We don't want to run autoconf diff --git a/gnulib.git-94e01571.patch b/gnulib.git-94e01571.patch new file mode 100644 index 0000000..ed71415 --- /dev/null +++ b/gnulib.git-94e01571.patch @@ -0,0 +1,85 @@ +From 94e01571507835ff59dd8ce2a0b56a4b566965a4 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?P=C3=A1draig=20Brady?= +Date: Mon, 24 Apr 2017 01:43:36 -0700 +Subject: [PATCH] time_rz: fix heap buffer overflow vulnerability + +This issue has been assigned CVE-2017-7476 and was +detected with American Fuzzy Lop 2.41b run on the +coreutils date(1) program with ASAN enabled. + + ERROR: AddressSanitizer: heap-buffer-overflow on address 0x... + WRITE of size 8 at 0x60d00000cff8 thread T0 + #1 0x443020 in extend_abbrs lib/time_rz.c:88 + #2 0x443356 in save_abbr lib/time_rz.c:155 + #3 0x44393f in localtime_rz lib/time_rz.c:290 + #4 0x41e4fe in parse_datetime2 lib/parse-datetime.y:1798 + +A minimized reproducer is the following 120 byte TZ value, +which goes beyond the value of ABBR_SIZE_MIN (119) on x86_64. +Extend the aa...b portion to overwrite more of the heap. + + date -d $(printf 'TZ="aaa%020daaaaaab%089d"') + +localtime_rz and mktime_z were affected since commit 4bc76593. +parse_datetime was affected since commit 4e6e16b3f. + +* lib/time_rz.c (save_abbr): Rearrange the calculation determining +whether there is enough buffer space available. The rearrangement +ensures we're only dealing with positive numbers, thus avoiding +the problematic promotion of signed to unsigned causing an invalid +comparison when zone_copy is more than ABBR_SIZE_MIN bytes beyond +the start of the buffer. +* tests/test-parse-datetime.c (main): Add a test case written by +Paul Eggert, which overwrites enough of the heap so that +standard glibc will fail with "free(): invalid pointer" +without the patch applied. +Reported and analyzed at https://bugzilla.redhat.com/1444774 +--- + lib/time_rz.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +--- lib/time_rz.c ++++ lib/time_rz.c 2017-05-02 11:00:09.386018503 +0000 +@@ -27,6 +27,7 @@ + #include + + #include ++#include + #include + #include + #include +@@ -34,6 +35,10 @@ + + #include "time-internal.h" + ++#ifndef SIZE_MAX ++# define SIZE_MAX ((size_t) -1) ++#endif ++ + #if !HAVE_TZSET + static void tzset (void) { } + #endif +@@ -42,7 +47,7 @@ static void tzset (void) { } + the largest "small" request for the GNU C library malloc. */ + enum { DEFAULT_MXFAST = 64 * sizeof (size_t) / 4 }; + +-/* Minimum size of the ABBRS member of struct abbr. ABBRS is larger ++/* Minimum size of the ABBRS member of struct tm_zone. ABBRS is larger + only in the unlikely case where an abbreviation longer than this is + used. */ + enum { ABBR_SIZE_MIN = DEFAULT_MXFAST - offsetof (struct tm_zone, abbrs) }; +@@ -149,7 +154,13 @@ save_abbr (timezone_t tz, struct tm *tm) + if (! (*zone_copy || (zone_copy == tz->abbrs && tz->tz_is_set))) + { + size_t zone_size = strlen (zone) + 1; +- if (zone_size < tz->abbrs + ABBR_SIZE_MIN - zone_copy) ++ size_t zone_used = zone_copy - tz->abbrs; ++ if (SIZE_MAX - zone_used < zone_size) ++ { ++ errno = ENOMEM; ++ return false; ++ } ++ if (zone_used + zone_size < ABBR_SIZE_MIN) + extend_abbrs (zone_copy, zone, zone_size); + else + {