79686: app-editors/[x]emacs: movemail arbitrary code execution (CAN-2005-0100)

(Portage version: 2.0.51-r15)
author: Matthew Kennedy <mkennedy@gentoo.org> 2005-02-15 14:40:49 +0000
committer: Matthew Kennedy <mkennedy@gentoo.org> 2005-02-15 14:40:49 +0000
commit: 00c628d88d7bcc06b3bbffd80000f55dcbaf3b28 (patch)
tree: 959edcc796ff3643766f09b7d2ba70e47fcb2967 /app-editors
parent: version 0.39.9 (Manifest recommit) (diff)
download: gentoo-2-00c628d88d7bcc06b3bbffd80000f55dcbaf3b28.tar.gz
gentoo-2-00c628d88d7bcc06b3bbffd80000f55dcbaf3b28.tar.bz2
gentoo-2-00c628d88d7bcc06b3bbffd80000f55dcbaf3b28.zip
5 files changed, 256 insertions, 11 deletions
diff --git a/app-editors/xemacs/ChangeLog b/app-editors/xemacs/ChangeLog
index 4ae4e1025742..abf6fbacfdec 100644
--- a/app-editors/xemacs/ChangeLog
+++ b/app-editors/xemacs/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-editors/xemacs
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/xemacs/ChangeLog,v 1.57 2005/01/09 10:42:06 swegener Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/xemacs/ChangeLog,v 1.58 2005/02/15 14:40:49 mkennedy Exp $
+
+*xemacs-21.4.15-r3 (15 Feb 2005)
+
+  15 Feb 2005; Matthew Kennedy <mkennedy@gentoo.org>
+  +files/xemacs21-movemail-popfmt.diff, +xemacs-21.4.15-r3.ebuild:
+  Resolves Bug #79686 movemail arbitrary code execution (CAN-2005-0100)
 
   09 Jan 2005; Sven Wegener <swegener@gentoo.org> xemacs-21.4.12.ebuild,
   xemacs-21.4.15-r1.ebuild, xemacs-21.4.15-r2.ebuild:
diff --git a/app-editors/xemacs/Manifest b/app-editors/xemacs/Manifest
index f32f45c6f346..5a0470ef6414 100644
--- a/app-editors/xemacs/Manifest
+++ b/app-editors/xemacs/Manifest
@@ -1,7 +1,5 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 MD5 336408fe3cad0453f336d4ee8aa03203 xemacs-21.4.15-r1.ebuild 5050
+MD5 e06e61efdbcf0b33efc3bf290b3577f5 xemacs-21.4.15-r3.ebuild 5206
 MD5 a4f298f675fc5c0ed0ceaa6bfecce583 xemacs-21.4.15.ebuild 3835
 MD5 7dc7dbe3b86bdf29083a4a85a4f232d5 xemacs-21.4.9.ebuild 4179
 MD5 63acc01c26f029f9a46cc788a80351e2 xemacs-21.4.12.ebuild 4950
@@ -14,6 +12,7 @@ MD5 39fc9657b72b09c8b91f52ee50758ad2 files/xemacs-21.4.12-ppc.diff 1075
 MD5 c72c4643e7b5e7c44a57766a88838600 files/xemacs-21.4.9-ppc.diff 1031
 MD5 6d3780dc77d3dd7c017d8864d2f0b07d files/digest-xemacs-21.4.12 130
 MD5 a15e4793a81736335419229a12101bc1 files/digest-xemacs-21.4.15 274
+MD5 314a61a9a7fe98dacbfa87ee8cfe3c03 files/xemacs21-movemail-popfmt.diff 1245
 MD5 678239bc0954d838f5a9c53a6570c850 files/xemacs-21.4.9-ppc-glibc-2.3.x.diff 1112
 MD5 df382940daa67bb8888fbae22d617cb4 files/README.Gentoo 1426
 MD5 ace9b77c4d23c9500c1e81a3606545f8 files/quick-fix.patch 393
@@ -21,11 +20,5 @@ MD5 27a8dcab7441389fc05c3406096bb8be files/emodules.info-gentoo.patch 479
 MD5 892c698f9b7d3ca42a83df34518b0946 files/digest-xemacs-21.4.9 273
 MD5 6a3d383a050855607a702a56c850ff1a files/digest-xemacs-21.4.15-r1 130
 MD5 6a3d383a050855607a702a56c850ff1a files/digest-xemacs-21.4.15-r2 130
+MD5 6a3d383a050855607a702a56c850ff1a files/digest-xemacs-21.4.15-r3 130
 MD5 94beef92edcaf12edef657556fbb7a7e files/xemacs-21.4.8-ppc.diff 1032
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.9.10 (GNU/Linux)
-
-iD8DBQFB4QqEI1lqEGTUzyQRAl5CAJ4tBZIMoRaj7wPkgar8LThQKK6e3wCg0MZN
-TEbgMrhTiUwCfWK3hMZBIiQ=
-=8Ms3
------END PGP SIGNATURE-----
diff --git a/app-editors/xemacs/files/digest-xemacs-21.4.15-r3 b/app-editors/xemacs/files/digest-xemacs-21.4.15-r3
new file mode 100644
index 000000000000..daf9ca3600d6
--- /dev/null
+++ b/app-editors/xemacs/files/digest-xemacs-21.4.15-r3
@@ -0,0 +1,2 @@
+MD5 b80e040d9cb85c9210999554dc210fa6 xemacs-21.4.15.tar.gz 10652161
+MD5 95c531ec2639990a09e92c59a855784e NeXT_XEmacs.tar.gz 39571
diff --git a/app-editors/xemacs/files/xemacs21-movemail-popfmt.diff b/app-editors/xemacs/files/xemacs21-movemail-popfmt.diff
new file mode 100644
index 000000000000..0a5fce002263
--- /dev/null
+++ b/app-editors/xemacs/files/xemacs21-movemail-popfmt.diff
@@ -0,0 +1,46 @@
+--- xemacs21-21.4.16/lib-src/movemail.c.orig	2005-01-16 09:05:05.000000000 +0100
++++ xemacs21-21.4.16/lib-src/movemail.c	2005-01-16 09:07:04.000000000 +0100
+@@ -741,14 +741,14 @@
+   server = pop_open (0, user, password, POP_NO_GETPASS);
+   if (! server)
+     {
+-      error (pop_error, NULL, NULL);
++      error ("%s", pop_error, NULL);
+       return (1);
+     }
+ 
+   VERBOSE(("stat'ing messages\n"));
+   if (pop_stat (server, &nmsgs, &nbytes))
+     {
+-      error (pop_error, NULL, NULL);
++      error ("%s", pop_error, NULL);
+       return (1);
+     }
+ 
+@@ -796,7 +796,7 @@
+           mbx_delimit_begin (mbf);
+ 	  if (pop_retr (server, i, mbx_write, mbf) != POP_RETRIEVED)
+ 	    {
+-	      error (Errmsg, NULL, NULL);
++	      error ("%s", Errmsg, NULL);
+ 	      close (mbfi);
+ 	      return (1);
+ 	    }
+@@ -844,7 +844,7 @@
+ 	      VERBOSE(("deleting message %d     \n", i));
+ 	      if (pop_delete (server, i))
+ 		{
+-		  error (pop_error, NULL, NULL);
++		  error ("%s", pop_error, NULL);
+ 		  pop_close (server);
+ 		  return (1);
+ 		}
+@@ -855,7 +855,7 @@
+   VERBOSE(("closing server             \n"));
+   if (pop_quit (server))
+     {
+-      error (pop_error, NULL, NULL);
++      error ("%s", pop_error, NULL);
+       return (1);
+     }
+     
diff --git a/app-editors/xemacs/xemacs-21.4.15-r3.ebuild b/app-editors/xemacs/xemacs-21.4.15-r3.ebuild
new file mode 100644
index 000000000000..513379187194
--- /dev/null
+++ b/app-editors/xemacs/xemacs-21.4.15-r3.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-editors/xemacs/xemacs-21.4.15-r3.ebuild,v 1.1 2005/02/15 14:40:49 mkennedy Exp $
+
+inherit eutils
+
+DESCRIPTION="highly customizable open source text editor and application development system"
+HOMEPAGE="http://www.xemacs.org/"
+SRC_URI="http://ftp.xemacs.org/xemacs-21.4/${P}.tar.gz
+	http://www.malfunction.de/afterstep/files/NeXT_XEmacs.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="x86 ppc sparc alpha amd64 ppc64"
+IUSE="gpm postgres ldap xface nas dnd X jpeg tiff png mule motif freewnn canna	athena neXt Xaw3d berkdb"
+
+# esound is know to cause problems in XEmacs
+#esd? ( media-sound/esound )
+RDEPEND="virtual/libc
+	!virtual/xemacs
+
+	berkdb? ( =sys-libs/db-1* >=sys-libs/gdbm-1.8.0 )
+	>=sys-libs/zlib-1.1.4
+	>=dev-libs/openssl-0.9.6
+	>=media-libs/audiofile-0.2.3
+
+	gpm? ( >=sys-libs/gpm-1.19.6 )
+
+	postgres? ( >=dev-db/postgresql-7.2 )
+	ldap? ( net-nds/openldap )
+
+	nas? ( media-libs/nas )
+
+	dnd? ( x11-libs/dnd )
+
+	X? ( virtual/x11 )
+	motif? ( >=x11-libs/openmotif-2.1.30 )
+	athena? ( virtual/x11 )
+	Xaw3d? ( x11-libs/Xaw3d )
+	neXt? ( x11-libs/neXtaw )
+	xface? ( media-libs/compface )
+	tiff? ( media-libs/tiff )
+	png? ( =media-libs/libpng-1.2* )
+	jpeg? ( media-libs/jpeg )
+
+	canna? ( app-i18n/canna )
+	!amd64? ( freewnn? ( app-i18n/freewnn ) )"
+DEPEND="${RDEPEND}
+	>=sys-libs/ncurses-5.2"
+PDEPEND="app-xemacs/xemacs-base
+	mule? ( app-xemacs/mule-base )"
+PROVIDE="virtual/xemacs virtual/editor"
+
+src_unpack() {
+	unpack ${P}.tar.gz
+	unpack NeXT_XEmacs.tar.gz
+
+	cd ${S}
+	epatch ${FILESDIR}/emodules.info-21.4.8-gentoo.patch
+
+	# see bug 58350
+	epatch ${FILESDIR}/${P}-gdbm.patch
+	autoconf-2.13
+
+	epatch ${FILESDIR}/quick-fix.patch
+	# copy Next_XEmacs icons into toolbar dir
+	cp ${WORKDIR}/NeXT.XEmacs/xemacs-icons/* ${S}/etc/toolbar/
+
+	# Bug #79686 movemail arbitrary code execution (CAN-2005-0100)
+	epatch ${FILESDIR}/xemacs21-movemail-popfmt.diff || die
+}
+
+src_compile() {
+	local myconf=""
+
+	if use X; then
+
+		myconf="--with-widgets=lucid"
+		myconf="${myconf} --with-dialogs=lucid"
+		myconf="${myconf} --with-scrollbars=lucid"
+		myconf="${myconf} --with-menubars=lucid"
+		if use motif ; then
+			myconf="--with-widgets=motif"
+			myconf="${myconf} --with-dialogs=motif"
+			myconf="${myconf} --with-scrollbars=motif"
+			myconf="${myconf} --with-menubars=lucid"
+		fi
+		if use athena ; then
+			myconf="--with-widgets=athena"
+			if use Xaw3d ; then
+				myconf="${myconf} --with-athena=xaw3d"
+			elif use neXt ; then
+				myconf="${myconf} --with-athena=next"
+			else
+				myconf="${myconf} --with-athena=3d"
+			fi
+			myconf="${myconf} --with-dialogs=athena"
+			myconf="${myconf} --with-scrollbars=lucid"
+			myconf="${myconf} --with-menubars=lucid"
+		fi
+
+		myconf="${myconf}
+			--with-gif=no"
+
+		use dnd && myconf="${myconf} --with-dragndrop --with-offix"
+
+		use tiff && myconf="${myconf} --with-tiff" ||
+			myconf="${myconf} --without-tiff"
+		use png && myconf="${myconf} --with-png" ||
+			myconf="${myconf} --without-png"
+		use jpeg && myconf="${myconf} --with-jpeg" ||
+			myconf="${myconf} --without-jpeg"
+		use xface && myconf="${myconf} --with-xface" ||
+			myconf="${myconf} --without-xface"
+
+	else
+		myconf="${myconf}
+			--without-x
+			--without-xpm
+			--without-dragndrop
+			--with-gif=no"
+	fi
+
+	use gpm	&& myconf="${myconf} --with-gpm" ||
+		myconf="${myconf} --without-gpm"
+	use postgres && myconf="${myconf} --with-postgresql" ||
+		myconf="${myconf} --without-postgresql"
+	use ldap && myconf="${myconf} --with-ldap" ||
+		myconf="${myconf} --without-ldap"
+
+	if use mule ; then
+		myconf="${myconf} --with-mule"
+		use motif && myconf="${myconf} --with-xim=motif" ||
+			myconf="${myconf} --with-xim=xlib"
+			use canna && myconf="${myconf} --with-canna" ||
+					myconf="${myconf} --without-canna"
+		use freewnn && myconf="${myconf} --with-wnn" ||
+					myconf="${myconf} --without-wnn"
+	fi
+
+	local soundconf="native"
+
+	use nas	&& soundconf="${soundconf},nas"
+
+	myconf="${myconf} --with-sound=${soundconf}"
+
+	local dbconf="gnudbm"
+	if use berkdb; then
+		myconf="${myconf} --with-database=${dbconf}"
+	else
+		myconf="${myconf} --without-database"
+	fi
+
+	# fixes #21264
+	use alpha && myconf="${myconf} --with-system-malloc"
+
+	use ppc64 && myconf="${myconf} --with-system-malloc"
+
+	./configure ${myconf} \
+		--prefix=/usr \
+		--with-pop \
+		--with-ncurses \
+		--with-msw=no \
+		--mail-locking=flock \
+		--with-site-lisp=yes \
+		--with-site-modules=yes \
+		|| die
+
+	# emake dont work on faster boxes it seems
+	# azarah (04 Aug 2002)
+	make || die
+}
+
+src_install() {
+	make prefix=${D}/usr \
+		mandir=${D}/usr/share/man/man1 \
+		infodir=${D}/usr/share/info \
+		install gzip-el || die
+
+	# install base packages directories
+	dodir /usr/lib/xemacs/xemacs-packages/
+	dodir /usr/lib/xemacs/site-packages/
+	dodir /usr/lib/xemacs/site-modules/
+	dodir /usr/lib/xemacs/site-lisp/
+
+	if use mule;
+	then
+		dodir /usr/lib/xemacs/mule-packages
+	fi
+
+	# remove extraneous files
+	cd ${D}/usr/share/info
+	rm -f dir info.info texinfo* termcap*
+	cd ${S}
+	dodoc BUGS CHANGES-* ChangeLog GETTING* INSTALL PROBLEMS README*
+	dodoc ${FILESDIR}/README.Gentoo
+	rm -f ${D}/usr/share/info/emodules.info~*
+}
author	Matthew Kennedy <mkennedy@gentoo.org>	2005-02-15 14:40:49 +0000
committer	Matthew Kennedy <mkennedy@gentoo.org>	2005-02-15 14:40:49 +0000
commit	00c628d88d7bcc06b3bbffd80000f55dcbaf3b28 (patch)
tree	959edcc796ff3643766f09b7d2ba70e47fcb2967 /app-editors
parent	version 0.39.9 (Manifest recommit) (diff)
download	gentoo-2-00c628d88d7bcc06b3bbffd80000f55dcbaf3b28.tar.gz gentoo-2-00c628d88d7bcc06b3bbffd80000f55dcbaf3b28.tar.bz2 gentoo-2-00c628d88d7bcc06b3bbffd80000f55dcbaf3b28.zip