head	1.1;
access;
symbols
	pkgsrc-2026Q1:1.1.0.70
	pkgsrc-2026Q1-base:1.1
	pkgsrc-2025Q4:1.1.0.68
	pkgsrc-2025Q4-base:1.1
	pkgsrc-2025Q3:1.1.0.66
	pkgsrc-2025Q3-base:1.1
	pkgsrc-2025Q2:1.1.0.64
	pkgsrc-2025Q2-base:1.1
	pkgsrc-2025Q1:1.1.0.62
	pkgsrc-2025Q1-base:1.1
	pkgsrc-2024Q4:1.1.0.60
	pkgsrc-2024Q4-base:1.1
	pkgsrc-2024Q3:1.1.0.58
	pkgsrc-2024Q3-base:1.1
	pkgsrc-2024Q2:1.1.0.56
	pkgsrc-2024Q2-base:1.1
	pkgsrc-2024Q1:1.1.0.54
	pkgsrc-2024Q1-base:1.1
	pkgsrc-2023Q4:1.1.0.52
	pkgsrc-2023Q4-base:1.1
	pkgsrc-2023Q3:1.1.0.50
	pkgsrc-2023Q3-base:1.1
	pkgsrc-2023Q2:1.1.0.48
	pkgsrc-2023Q2-base:1.1
	pkgsrc-2023Q1:1.1.0.46
	pkgsrc-2023Q1-base:1.1
	pkgsrc-2022Q4:1.1.0.44
	pkgsrc-2022Q4-base:1.1
	pkgsrc-2022Q3:1.1.0.42
	pkgsrc-2022Q3-base:1.1
	pkgsrc-2022Q2:1.1.0.40
	pkgsrc-2022Q2-base:1.1
	pkgsrc-2022Q1:1.1.0.38
	pkgsrc-2022Q1-base:1.1
	pkgsrc-2021Q4:1.1.0.36
	pkgsrc-2021Q4-base:1.1
	pkgsrc-2021Q3:1.1.0.34
	pkgsrc-2021Q3-base:1.1
	pkgsrc-2021Q2:1.1.0.32
	pkgsrc-2021Q2-base:1.1
	pkgsrc-2021Q1:1.1.0.30
	pkgsrc-2021Q1-base:1.1
	pkgsrc-2020Q4:1.1.0.28
	pkgsrc-2020Q4-base:1.1
	pkgsrc-2020Q3:1.1.0.26
	pkgsrc-2020Q3-base:1.1
	pkgsrc-2020Q2:1.1.0.24
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.20
	pkgsrc-2020Q1-base:1.1
	pkgsrc-2019Q4:1.1.0.22
	pkgsrc-2019Q4-base:1.1
	pkgsrc-2019Q3:1.1.0.18
	pkgsrc-2019Q3-base:1.1
	pkgsrc-2019Q2:1.1.0.16
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.14
	pkgsrc-2019Q1-base:1.1
	pkgsrc-2018Q4:1.1.0.12
	pkgsrc-2018Q4-base:1.1
	pkgsrc-2018Q3:1.1.0.10
	pkgsrc-2018Q3-base:1.1
	pkgsrc-2018Q2:1.1.0.8
	pkgsrc-2018Q2-base:1.1
	pkgsrc-2018Q1:1.1.0.6
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.4
	pkgsrc-2017Q4-base:1.1
	pkgsrc-2017Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.1
date	2017.10.12.17.30.24;	author tez;	state Exp;
branches
	1.1.2.1;
next	;
commitid	ASC1jAicGcdWRMaA;

1.1.2.1
date	2017.10.12.17.30.24;	author spz;	state dead;
branches;
next	1.1.2.2;
commitid	54NSLEfKeADnq9bA;

1.1.2.2
date	2017.10.15.13.25.51;	author spz;	state Exp;
branches;
next	;
commitid	54NSLEfKeADnq9bA;


desc
@@


1.1
log
@emacs21: fix for CVE-2017-14482

adapted from upstream 9ad0fcc54442a9a01d41be19880250783426db70
@
text
@$NetBSD$

CVE-2017-14482 fix
From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001
From: Lars Ingebrigtsen <larsi@@gnus.org>
Date: Fri, 8 Sep 2017 20:23:31 -0700
Subject: Remove unsafe enriched mode translations

* lisp/gnus/mm-view.el (mm-inline-text):
Do not worry about enriched or richtext type.
* lisp/textmodes/enriched.el (enriched-translations):
Remove translations for FUNCTION, display (Bug#28350).
(enriched-handle-display-prop, enriched-decode-display-prop): Remove.

--- lisp/gnus/mm-view.el.orig	2002-02-07 15:55:05.000000000 +0000
+++ lisp/gnus/mm-view.el
@@@@ -184,10 +184,6 @@@@
 	    (goto-char (point-max))))
 	(save-restriction
 	  (narrow-to-region b (point))
-	  (set-text-properties (point-min) (point-max) nil)
-	  (when (or (equal type "enriched")
-		    (equal type "richtext"))
-	    (enriched-decode (point-min) (point-max)))
 	  (mm-handle-set-undisplayer
 	   handle
 	   `(lambda ()

--- lisp/enriched.el.orig	2017-10-11 22:06:02.627530400 +0000
+++ lisp/enriched.el
@@@@ -119,12 +119,7 @@@@ expression, which is evaluated to get th
 		   (full        "flushboth")
 		   (center      "center")) 
     (PARAMETER     (t           "param")) ; Argument of preceding annotation
-    ;; The following are not part of the standard:
-    (FUNCTION      (enriched-decode-foreground "x-color")
-		   (enriched-decode-background "x-bg-color")
-		   (enriched-decode-display-prop "x-display"))
     (read-only     (t           "x-read-only"))
-    (display	   (nil		enriched-handle-display-prop))
     (unknown       (nil         format-annotate-value))
 ;   (font-size     (2           "bigger")       ; unimplemented
 ;		   (-2          "smaller"))
@@@@ -468,35 +463,6 @@@@ Return value is \(begin end name positiv
 
 
 
-;;; Handling the `display' property.
-
-
-(defun enriched-handle-display-prop (old new)
-  "Return a list of annotations for a change in the `display' property.
-OLD is the old value of the property, NEW is the new value.  Value
-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
-close and OPEN a list of annotations to open.  Each of these lists
-has the form `(ANNOTATION PARAM ...)'."
-  (let ((annotation "x-display")
-	(param (prin1-to-string (or old new)))
-	close open)
-    (if (null old)
-	(list nil (list annotation param))
-      (list (list annotation param)))))
-
-
-(defun enriched-decode-display-prop (start end &optional param)
-  "Decode a `display' property for text between START and END.
-PARAM is a `<param>' found for the property.
-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
-the range of text to assign text property SYMBOL with value VALUE "
-  (let ((prop (when (stringp param)
-		(condition-case ()
-		    (car (read-from-string param))
-		  (error nil)))))
-    (unless prop
-      (message "Warning: invalid <x-display> parameter %s" param))
-    (list start end 'display prop)))
 	       
 	   
 ;;; enriched.el ends here
@


1.1.2.1
log
@file patch-CVE-2017-14482 was added on branch pkgsrc-2017Q3 on 2017-10-15 13:25:51 +0000
@
text
@d1 79
@


1.1.2.2
log
@Pullup ticket #5574 - requested by sevan
editors/emacs21: security patch

Revisions pulled up:
- editors/emacs21/Makefile                                      1.40
- editors/emacs21/distinfo                                      1.24
- editors/emacs21/patches/patch-CVE-2017-14482                  1.1

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Thu Oct 12 17:30:24 UTC 2017

   Modified Files:
           pkgsrc/editors/emacs21: Makefile distinfo
   Added Files:
           pkgsrc/editors/emacs21/patches: patch-CVE-2017-14482

   Log Message:
   emacs21: fix for CVE-2017-14482

   adapted from upstream 9ad0fcc54442a9a01d41be19880250783426db70


   To generate a diff of this commit:
   cvs rdiff -u -r1.39 -r1.40 pkgsrc/editors/emacs21/Makefile
   cvs rdiff -u -r1.23 -r1.24 pkgsrc/editors/emacs21/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/editors/emacs21/patches/patch-CVE-2017-14482
@
text
@a0 79
$NetBSD$

CVE-2017-14482 fix
From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001
From: Lars Ingebrigtsen <larsi@@gnus.org>
Date: Fri, 8 Sep 2017 20:23:31 -0700
Subject: Remove unsafe enriched mode translations

* lisp/gnus/mm-view.el (mm-inline-text):
Do not worry about enriched or richtext type.
* lisp/textmodes/enriched.el (enriched-translations):
Remove translations for FUNCTION, display (Bug#28350).
(enriched-handle-display-prop, enriched-decode-display-prop): Remove.

--- lisp/gnus/mm-view.el.orig	2002-02-07 15:55:05.000000000 +0000
+++ lisp/gnus/mm-view.el
@@@@ -184,10 +184,6 @@@@
 	    (goto-char (point-max))))
 	(save-restriction
 	  (narrow-to-region b (point))
-	  (set-text-properties (point-min) (point-max) nil)
-	  (when (or (equal type "enriched")
-		    (equal type "richtext"))
-	    (enriched-decode (point-min) (point-max)))
 	  (mm-handle-set-undisplayer
 	   handle
 	   `(lambda ()

--- lisp/enriched.el.orig	2017-10-11 22:06:02.627530400 +0000
+++ lisp/enriched.el
@@@@ -119,12 +119,7 @@@@ expression, which is evaluated to get th
 		   (full        "flushboth")
 		   (center      "center")) 
     (PARAMETER     (t           "param")) ; Argument of preceding annotation
-    ;; The following are not part of the standard:
-    (FUNCTION      (enriched-decode-foreground "x-color")
-		   (enriched-decode-background "x-bg-color")
-		   (enriched-decode-display-prop "x-display"))
     (read-only     (t           "x-read-only"))
-    (display	   (nil		enriched-handle-display-prop))
     (unknown       (nil         format-annotate-value))
 ;   (font-size     (2           "bigger")       ; unimplemented
 ;		   (-2          "smaller"))
@@@@ -468,35 +463,6 @@@@ Return value is \(begin end name positiv
 
 
 
-;;; Handling the `display' property.
-
-
-(defun enriched-handle-display-prop (old new)
-  "Return a list of annotations for a change in the `display' property.
-OLD is the old value of the property, NEW is the new value.  Value
-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
-close and OPEN a list of annotations to open.  Each of these lists
-has the form `(ANNOTATION PARAM ...)'."
-  (let ((annotation "x-display")
-	(param (prin1-to-string (or old new)))
-	close open)
-    (if (null old)
-	(list nil (list annotation param))
-      (list (list annotation param)))))
-
-
-(defun enriched-decode-display-prop (start end &optional param)
-  "Decode a `display' property for text between START and END.
-PARAM is a `<param>' found for the property.
-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
-the range of text to assign text property SYMBOL with value VALUE "
-  (let ((prop (when (stringp param)
-		(condition-case ()
-		    (car (read-from-string param))
-		  (error nil)))))
-    (unless prop
-      (message "Warning: invalid <x-display> parameter %s" param))
-    (list start end 'display prop)))
 	       
 	   
 ;;; enriched.el ends here
@