Fix vcdiff insecure temporary file creation, CVE-2008-1694, security bug 216880.

(Portage version: 2.1.5_rc2, RepoMan options: --force)
author: Ulrich Müller <ulm@gentoo.org> 2008-04-11 14:00:09 +0000
committer: Ulrich Müller <ulm@gentoo.org> 2008-04-11 14:00:09 +0000
commit: f4e5d69f1b6a954bcde78b8b365e85d0933e870f (patch)
tree: def5479d972d7807a6357108f9231283ef80b491 /app-editors
parent: Latest release, thanks to dberkholz for pointing it out. (diff)
download: gentoo-2-f4e5d69f1b6a954bcde78b8b365e85d0933e870f.tar.gz
gentoo-2-f4e5d69f1b6a954bcde78b8b365e85d0933e870f.tar.bz2
gentoo-2-f4e5d69f1b6a954bcde78b8b365e85d0933e870f.zip
6 files changed, 48 insertions, 9 deletions
diff --git a/app-editors/emacs/ChangeLog b/app-editors/emacs/ChangeLog
index b0e4b86834cf..0e729942518a 100644
--- a/app-editors/emacs/ChangeLog
+++ b/app-editors/emacs/ChangeLog
@@ -1,6 +1,18 @@
 # ChangeLog for app-editors/emacs
 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/ChangeLog,v 1.236 2008/04/06 22:05:14 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/ChangeLog,v 1.237 2008/04/11 14:00:08 ulm Exp $
+
+*emacs-22.2-r1 (08 Apr 2008)
+*emacs-22.1-r4 (08 Apr 2008)
+*emacs-21.4-r15 (08 Apr 2008)
+
+  08 Apr 2008; Ulrich Mueller <ulm@gentoo.org>
+  +files/emacs-22.1-vcdiff-tmp-race.patch, -emacs-21.4-r14.ebuild,
+  +emacs-21.4-r15.ebuild, -emacs-22.1-r3.ebuild, +emacs-22.1-r4.ebuild,
+  -emacs-22.2.ebuild, +emacs-22.2-r1.ebuild:
+  Security fix for vcdiff insecure temporary file creation, CVE-2008-1694,
+  bug 216880. Straight to stable, since there is no sensible way for arch
+  teams to test (vcdiff was used for SCCS only). Remove vulnerable revisions.
 
   06 Apr 2008; Ulrich Mueller <ulm@gentoo.org>
   +files/emacs-22.2-heimdal-gentoo.patch, emacs-22.2.ebuild:
diff --git a/app-editors/emacs/emacs-18.59-r4.ebuild b/app-editors/emacs/emacs-18.59-r4.ebuild
index 62124d943ccb..74b71d159a96 100644
--- a/app-editors/emacs/emacs-18.59-r4.ebuild
+++ b/app-editors/emacs/emacs-18.59-r4.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-18.59-r4.ebuild,v 1.9 2008/03/28 06:29:03 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-18.59-r4.ebuild,v 1.10 2008/04/11 14:00:08 ulm Exp $
 
 inherit eutils toolchain-funcs flag-o-matic
 
@@ -8,7 +8,7 @@ DESCRIPTION="The extensible self-documenting text editor"
 HOMEPAGE="http://www.gnu.org/software/emacs/"
 SRC_URI="mirror://gnu/old-gnu/emacs/${P}.tar.gz
 	ftp://ftp.splode.com/pub/users/friedman/emacs/${P}-linux22x-elf-glibc21.diff.gz
-	mirror://gentoo/${P}-patches.tar.bz2"
+	mirror://gentoo/${P}-patches-1.tar.bz2"
 
 LICENSE="GPL-1 BSD"
 SLOT="18"
diff --git a/app-editors/emacs/emacs-21.4-r14.ebuild b/app-editors/emacs/emacs-21.4-r15.ebuild
index 2c26d7bb4873..f99fde4321d1 100644
--- a/app-editors/emacs/emacs-21.4-r14.ebuild
+++ b/app-editors/emacs/emacs-21.4-r15.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-21.4-r14.ebuild,v 1.14 2008/02/02 21:08:12 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-21.4-r15.ebuild,v 1.1 2008/04/11 14:00:08 ulm Exp $
 
 WANT_AUTOCONF="2.1"
 
@@ -9,7 +9,7 @@ inherit flag-o-matic eutils toolchain-funcs autotools
 DESCRIPTION="The extensible, customizable, self-documenting real-time display editor"
 HOMEPAGE="http://www.gnu.org/software/emacs/"
 SRC_URI="mirror://gnu/emacs/${P}a.tar.gz
-	mirror://gentoo/${P}-patches-1.tar.bz2
+	mirror://gentoo/${P}-patches-2.tar.bz2
 	leim? ( mirror://gnu/emacs/leim-${PV}.tar.gz )"
 
 LICENSE="GPL-2 FDL-1.1 BSD"
@@ -55,6 +55,8 @@ src_unpack() {
 	# This will need to be updated for X-Compilation
 	sed -i -e "s:/usr/lib/\([^ ]*\).o:/usr/$(get_libdir)/\1.o:g" \
 		"${S}/src/s/gnu-linux.h" || die
+
+	eautoconf
 }
 
 src_compile() {
@@ -72,8 +74,6 @@ src_compile() {
 	# -march is known to cause signal 6 on some environment
 	filter-flags "-march=*"
 
-	eautoconf
-
 	local myconf
 	use nls || myconf="${myconf} --disable-nls"
 	if use X ; then
diff --git a/app-editors/emacs/emacs-22.1-r3.ebuild b/app-editors/emacs/emacs-22.1-r4.ebuild
index 2f79bfdb1a37..382217bb9cdc 100644
--- a/app-editors/emacs/emacs-22.1-r3.ebuild
+++ b/app-editors/emacs/emacs-22.1-r4.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-22.1-r3.ebuild,v 1.20 2008/03/28 06:29:03 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-22.1-r4.ebuild,v 1.1 2008/04/11 14:00:08 ulm Exp $
 
 WANT_AUTOCONF="2.5"
 WANT_AUTOMAKE="latest"
@@ -63,6 +63,7 @@ src_unpack() {
 	epatch "${FILESDIR}/${P}-hack-local-variables.patch"
 	epatch "${FILESDIR}/${P}-format-int.patch"
 	epatch "${FILESDIR}/${P}-s390x-non-multilib.patch"
+	epatch "${FILESDIR}/${P}-vcdiff-tmp-race.patch"
 
 	sed -i -e "s:/usr/lib/crtbegin.o:$(`tc-getCC` -print-file-name=crtbegin.o):g" \
 		-e "s:/usr/lib/crtend.o:$(`tc-getCC` -print-file-name=crtend.o):g" \
diff --git a/app-editors/emacs/emacs-22.2.ebuild b/app-editors/emacs/emacs-22.2-r1.ebuild
index becd979d775e..c538063a9f53 100644
--- a/app-editors/emacs/emacs-22.2.ebuild
+++ b/app-editors/emacs/emacs-22.2-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-22.2.ebuild,v 1.4 2008/04/06 22:05:14 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-22.2-r1.ebuild,v 1.1 2008/04/11 14:00:08 ulm Exp $
 
 inherit autotools elisp-common eutils flag-o-matic
 
@@ -56,6 +56,7 @@ src_unpack() {
 
 	epatch "${FILESDIR}/emacs-22.1-Xaw3d-headers.patch"
 	epatch "${FILESDIR}/emacs-22.1-freebsd-sparc.patch"
+	epatch "${FILESDIR}/emacs-22.1-vcdiff-tmp-race.patch"
 	epatch "${FILESDIR}/${P}-heimdal-gentoo.patch"
 
 	sed -i -e "s:/usr/lib/crtbegin.o:$(`tc-getCC` -print-file-name=crtbegin.o):g" \
diff --git a/app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch b/app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch
new file mode 100644
index 000000000000..7f59d6afeeac
--- /dev/null
+++ b/app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch
@@ -0,0 +1,25 @@
+Steve Grubb of Red Hat discovered that vcdiff script as shipped with Emacs
+(confirmed in versions 20.7 to 22.1.50) uses temporary files insecurely,
+which makes it possible for local attacker to conduct a symlink attack and
+make the victim overwrite arbitrary file.
+
+diff -ur emacs-21.4.orig/lib-src/vcdiff emacs-21.4/lib-src/vcdiff
+--- emacs-21.4.orig/lib-src/vcdiff	2006-09-28 12:07:51.000000000 -0400
++++ emacs-21.4/lib-src/vcdiff	2006-09-28 15:58:53.000000000 -0400
+@@ -86,14 +86,14 @@
+ 	case $f in
+ 	s.* | */s.*)
+ 		if
+-			rev1=/tmp/geta$$
++			rev1=`mktemp /tmp/geta.XXXXXXXX`
+ 			get -s -p -k $sid1 "$f" > $rev1 &&
+ 			case $sid2 in
+ 			'')
+ 				workfile=`expr " /$f" : '.*/s.\(.*\)'`
+ 				;;
+ 			*)
+-				rev2=/tmp/getb$$
++				rev2=`mktemp /tmp/getb.XXXXXXXX`
+ 				get -s -p -k $sid2 "$f" > $rev2
+ 				workfile=$rev2
+ 			esac
author	Ulrich Müller <ulm@gentoo.org>	2008-04-11 14:00:09 +0000
committer	Ulrich Müller <ulm@gentoo.org>	2008-04-11 14:00:09 +0000
commit	f4e5d69f1b6a954bcde78b8b365e85d0933e870f (patch)
tree	def5479d972d7807a6357108f9231283ef80b491 /app-editors
parent	Latest release, thanks to dberkholz for pointing it out. (diff)
download	gentoo-2-f4e5d69f1b6a954bcde78b8b365e85d0933e870f.tar.gz gentoo-2-f4e5d69f1b6a954bcde78b8b365e85d0933e870f.tar.bz2 gentoo-2-f4e5d69f1b6a954bcde78b8b365e85d0933e870f.zip