- Add patch to fix RHBZ #578272 - security vulnerability with movemail

(CVE-2010-0825) - Use standard %patch macro to apply all patches to silent rpmlint warnings - Remove unnecessary buildroot tag - Remove explicit dependency on librsvg2 (but keep BuildRequires for librsvg2-devel) - Add properly versioned Provides for emacs(bin) - Remove long unneeded Obsoletes for emacs-leim - Fix summary for emacs-el - Use out of tree builds so that we can build multibple versions in the %build section - Remove checks for old version of Emacs in postrtrans
2010-04-01 14:34:28 +00:00 · 2010-04-01 14:34:28 +00:00 · 94063cf9fb
commit 94063cf9fb
parent d34a4e6dd2
2 changed files with 155 additions and 55 deletions
--- a/emacs-23.1-movemail.patch
+++ b/emacs-23.1-movemail.patch
@ -0,0 +1,100 @@
+diff -up emacs-23.1/lib-src/movemail.c.movemail emacs-23.1/lib-src/movemail.c
+--- emacs-23.1/lib-src/movemail.c.movemail	2010-03-31 19:18:05.611899443 +0200
+++ emacs-23.1/lib-src/movemail.c	2010-03-31 19:24:29.738754553 +0200
+@@ -176,7 +176,9 @@ main (argc, argv)
+   int nread;
+   int status;
+   int c, preserve_mail = 0;
+-
+  uid_t real_gid, priv_gid;
+  real_gid = getgid();
+  priv_gid = getegid();
+ #ifndef MAIL_USE_SYSTEM_LOCK
+   struct stat st;
+   long now;
+@@ -247,25 +249,6 @@ main (argc, argv)
+   if (*outname == 0)
+     fatal ("Destination file name is empty", 0, 0);
+ 
+-  /* Check access to output file.  */
+-  if (access (outname, F_OK) == 0 && access (outname, W_OK) != 0)
+-    pfatal_with_name (outname);
+-
+-  /* Also check that outname's directory is writable to the real uid.  */
+-  {
+-    char *buf = (char *) xmalloc (strlen (outname) + 1);
+-    char *p;
+-    strcpy (buf, outname);
+-    p = buf + strlen (buf);
+-    while (p > buf && !IS_DIRECTORY_SEP (p[-1]))
+-      *--p = 0;
+-    if (p == buf)
+-      *p++ = '.';
+-    if (access (buf, W_OK) != 0)
+-      pfatal_with_name (buf);
+-    free (buf);
+-  }
+-
+ #ifdef MAIL_USE_POP
+   if (!strncmp (inname, "po:", 3))
+     {
+@@ -277,15 +260,11 @@ main (argc, argv)
+       exit (status);
+     }
+ 
+-  setuid (getuid ());
+  if (setuid (getuid ()) < 0)
+    fatal ("Failed to drop privileges", 0, 0);
+ #endif /* MAIL_USE_POP */
+ 
+ #ifndef DISABLE_DIRECT_ACCESS
+-
+-  /* Check access to input file.  */
+-  if (access (inname, R_OK | W_OK) != 0)
+-    pfatal_with_name (inname);
+-
+ #ifndef MAIL_USE_MMDF
+ #ifndef MAIL_USE_SYSTEM_LOCK
+ #ifdef MAIL_USE_MAILLOCK
+@@ -379,7 +358,8 @@ main (argc, argv)
+       time_t touched_lock, now;
+ #endif
+ 
+-      setuid (getuid ());
+      if (setuid (getuid ()) < 0 || setegid (real_gid) < 0)
+	fatal("Failed to drop privileges", 0, 0);
+ 
+ #ifndef MAIL_USE_MMDF
+ #ifdef MAIL_USE_SYSTEM_LOCK
+@@ -405,6 +385,9 @@ main (argc, argv)
+       if (outdesc < 0)
+ 	pfatal_with_name (outname);
+ 
+      if (setegid (priv_gid) < 0)
+        fatal("Failed to regain privileges", 0, 0);
+
+       /* This label exists so we can retry locking
+ 	 after a delay, if it got EAGAIN or EBUSY.  */
+     retry_lock:
+@@ -502,6 +485,10 @@ main (argc, argv)
+       if (close (outdesc) != 0)
+ 	pfatal_and_delete (outname);
+ 
+      /* Prevent symlink attacks truncating other users' mailboxes */
+      if (setegid (real_gid) < 0)
+	fatal("Failed to drop privileges", 0, 0);
+
+ #ifdef MAIL_USE_SYSTEM_LOCK
+       if (! preserve_mail)
+ 	{
+@@ -529,6 +516,10 @@ main (argc, argv)
+ 	}
+ #endif /* not MAIL_USE_SYSTEM_LOCK */
+ 
+      /* End of mailbox truncation */
+      if (setegid (priv_gid) < 0)
+	fatal("Failed to regain privileges", 0, 0);
+
+ #ifdef MAIL_USE_MAILLOCK
+       /* This has to occur in the child, i.e., in the process that
+          acquired the lock! */
--- a/emacs.spec
+++ b/emacs.spec
@ -4,7 +4,7 @@ Summary: GNU Emacs text editor
 Name: emacs
 Epoch: 1
 Version: 23.1.94
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv3+
 URL: http://www.gnu.org/software/emacs/
 Group: Applications/Editors
@ -29,7 +29,10 @@ Patch2: po-mode-auto-replace-date-71264.patch
 Patch3: rpm-spec-mode-utc.patch
 Patch4: emacs-23.1-xdg.patch

-Buildroot: %{_tmppath}/%{name}-%{version}-root
+# Fix https://bugzilla.redhat.com/show_bug.cgi?id=578272
+# CVE-2010-0825
+Patch5: emacs-23.1-movemail.patch
+
 BuildRequires: atk-devel, cairo-devel, desktop-file-utils, freetype-devel, fontconfig-devel, dbus-devel, giflib-devel, glibc-devel, gtk2-devel, libpng-devel
 BuildRequires: libjpeg-devel, libtiff-devel, libX11-devel, libXau-devel, libXdmcp-devel, libXrender-devel, libXt-devel
 BuildRequires: libXpm-devel, ncurses-devel, xorg-x11-proto-devel, zlib-devel
@ -45,12 +48,12 @@ Requires: hunspell, aspell
 # bz#507852
 BuildRequires: librsvg2-devel, m17n-lib-devel, libotf-devel
 BuildRequires: alsa-lib-devel
-Requires: librsvg2
+
 # Desktop integration
 BuildRequires: desktop-file-utils
 Requires:      desktop-file-utils
 Conflicts: gettext < 0.10.40
-Provides: emacs(bin)
+Provides: emacs(bin) = %{epoch}:%{version}-%{release}
 # #516391
 Obsoletes: emacs-nxml-mode < 0.20041004-10
 Provides: emacs-nxml-mode = 0.20041004-10
@ -88,7 +91,7 @@ This package provides an emacs binary with support for X windows.
 Summary: GNU Emacs text editor without X support
 Group: Applications/Editors
 Requires: emacs-common = %{epoch}:%{version}-%{release}
-Provides: emacs(bin)
+Provides: emacs(bin) = %{epoch}:%{version}-%{release}

 %description nox
 Emacs is a powerful, customizable, self-documenting, modeless text
@ -105,7 +108,6 @@ Group: Applications/Editors
 Requires(preun): %{_sbindir}/alternatives, /sbin/install-info, dev
 Requires(posttrans): %{_sbindir}/alternatives
 Requires(post): /sbin/install-info, dev
-Obsoletes: emacs-leim

 %description common
 Emacs is a powerful, customizable, self-documenting, modeless text
@ -116,7 +118,7 @@ without leaving the editor.
 This package contains all the common files needed by emacs or emacs-nox.

 %package el
-Summary: Emacs Lisp source files included with Emacs.
+Summary: Lisp source files included with GNU Emacs
 Group: Applications/Editors

 %description el
@ -130,19 +132,19 @@ Emacs packages or see some elisp examples.

 %prep
 %setup -q
+
 %patch0 -p1 -b .glibc-open-macro
 %patch4 -p1 -b .xdg

-# install rest of site-lisp files
-( cd site-lisp
-  cp %SOURCE7 %SOURCE9 %SOURCE10 %SOURCE14 .
-  # rpm-spec-mode can use compilation-mode
-  patch < %PATCH1
-  # fix po-auto-replace-revision-date nil
-  patch < %PATCH2 
-  # rpm-spec-mode: added rpm-change-log-uses-utc variable
-  patch < %PATCH3
-  )
+# Install site-lisp files
+cp %SOURCE7 %SOURCE9 %SOURCE10 %SOURCE14 site-lisp
+pushd site-lisp
+%patch1 -p0
+%patch2 -p0
+%patch3 -p0
+popd
+
+%patch5 -p1

 # we prefer our emacs.desktop file
 cp %SOURCE1 etc/emacs.desktop
@ -177,20 +179,28 @@ export CFLAGS="-DMAIL_USE_LOCKF $RPM_OPT_FLAGS"

 #we patch configure.in so we have to do this
 autoconf
+
+# Build GTK+2 binary
+mkdir build-gtk && cd build-gtk
+ln -s ../configure .
 %configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \
-   --with-tiff --with-xft --with-xpm --with-x-toolkit=gtk
+           --with-tiff --with-xft --with-xpm --with-x-toolkit=gtk
+make bootstrap
+%{setarch} make %{?_smp_mflags}
+cd ..

-%__make bootstrap
-%{setarch} %__make %{?_smp_mflags}
+# Build binary without X support
+mkdir build-nox && cd build-nox
+ln -s ../configure .
+%configure --with-x=no
+%{setarch} make %{?_smp_mflags}
+cd ..

-# remove versioned file so that we end up with .1 suffix and only one DOC file
-rm src/emacs-%{version}.*
+# Make sure patched lisp files get byte-compiled
+build-gtk/src/emacs %{bytecompargs} site-lisp/*.el

-# make sure patched lisp files get byte-compiled
-TOPDIR=${PWD}
-${TOPDIR}/src/emacs %{bytecompargs} site-lisp/*.el
-
-%__make %{?_smp_mflags} -C lisp updates
+# Remove versioned file so that we end up with .1 suffix and only one DOC file
+rm build-{gtk,nox}/src/emacs-%{version}.*

 # Create pkgconfig file
 cat > emacs.pc << EOF
@ -215,7 +225,9 @@ EOF
 %install
 rm -rf %{buildroot}

+cd build-gtk
 make install INSTALL="%{__install} -p" DESTDIR=%{buildroot}
+cd ..

 # let alternatives manage the symlink
 rm %{buildroot}%{_bindir}/emacs
@ -224,14 +236,8 @@ rm %{buildroot}%{_bindir}/emacs
 gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-compr.el.gz
 gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-cmpr-hook.el.gz

-# rebuild without X support
-# remove the versioned binary with X support so that we end up with .1 suffix for emacs-nox too
-rm src/emacs-%{version}.*
-%configure --without-x
-%__make %{?_smp_mflags}
-
 # install the emacs without X
-install -p -m 0755 src/emacs-%{version}.1 %{buildroot}%{_bindir}/emacs-%{version}-nox
+install -p -m 0755 build-nox/src/emacs %{buildroot}%{_bindir}/emacs-%{version}-nox

 # make sure movemail isn't setgid
 chmod 755 %{buildroot}%{emacs_libexecdir}/movemail
@ -322,32 +328,12 @@ fi
 alternatives --remove emacs %{_bindir}/emacs-%{version} || :

 %posttrans
-#check if there is "remainder" old version, which was not deleted
-# the check can be removed for Fedora 14, as the bug it handled was
-# present only in some old Emacs package version
-if alternatives --display emacs > /dev/null; then
-VER=$(alternatives --display emacs | sed -ne 's/.*emacs-\([0-9\.]\+\).*/\1/p' | head -1)
-if [ ${VER} != %{version} ]; then
-alternatives --remove emacs %{_bindir}/emacs-${VER} || :
-fi
-fi
-#end check
 alternatives --install %{_bindir}/emacs emacs %{_bindir}/emacs-%{version} 80 || :

 %preun nox
 alternatives --remove emacs %{_bindir}/emacs-%{version}-nox || :

 %posttrans nox
-#check if there is "remainder" old version, which was not deleted
-# the check can be removed for Fedora 14, as the bug it handled was
-# present only in some old Emacs package version
-if alternatives --display emacs > /dev/null; then
-VER=$(alternatives --display emacs | sed -ne 's/.*emacs-\([0-9\.]\+\).*/\1/p' | head -1)
-if [ ${VER} != %{version} ]; then
-alternatives --remove emacs %{_bindir}/emacs-${VER}-nox || :
-fi
-fi
-#end check
 alternatives --install %{_bindir}/emacs emacs %{_bindir}/emacs-%{version}-nox 70 || :

 %post common
@ -411,6 +397,20 @@ alternatives --install %{_bindir}/etags emacs.etags %{_bindir}/etags.emacs 80 \
 %dir %{_datadir}/emacs/%{version}

 %changelog
+* Thu Apr  1 2010 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 1:23.1.94-2
+- Add patch to fix RHBZ #578272 - security vulnerability with movemail
+  (CVE-2010-0825) 
+- Use standard %%patch macro to apply all patches to silent rpmlint warnings
+- Remove unnecessary buildroot tag
+- Remove explicit dependency on librsvg2 (but keep BuildRequires for
+  librsvg2-devel)
+- Add properly versioned Provides for emacs(bin)
+- Remove long unneeded Obsoletes for emacs-leim
+- Fix summary for emacs-el
+- Use out of tree builds so that we can build multibple versions in the
+  %%build section 
+- Remove checks for old version of Emacs in postrtrans
+
 * Mon Mar 22 2010 Karel Klic <kklic@redhat.com> - 1:23.1.94-1
 - Update to 23.2 pretest version
 - Removed patches applied by upstream
@ -783,7 +783,7 @@ alternatives --install %{_bindir}/etags emacs.etags %{_bindir}/etags.emacs 80 \
  emacs-21-personality-linux32-101818.patch from cvs (Jan Djärv)
  which also turns off address randomization during dumping (Masatake Yamato)
  - no longer need to pass SETARCH to make on i386 (#160814)
- move ownership of %%{_datadir}/emacs/ and %%{_datadir}/emacs/%{version}/
+- move ownership of %%{_datadir}/emacs/ and %%{_datadir}/emacs/%%{version}/
  from emacs to emacs-el and emacs-leim subpackages
 - don't build tramp html and dvi documentation
 - drop src/config.in part of bzero-and-have-stdlib.dpatch to avoid