[Bug 163813] Please backport emacs22 22.1-0ubuntu7 from hardy

[Michael W. Olson]

Public bug reported:

The version of emacs22 that is currently in feisty-backports has a
security vulnerability.  Please sync emacs22 22.1-0ubuntu7 from hardy so
that this may be fixed.  Changelog for the past two entries follows.

emacs22 (22.1-0ubuntu7) hardy; urgency=low

  * Brown paper bag release.
  * debian/rules (build, clean): Call patch and unpatch, respectively, so
    that our patches actually get applied.

 -- Michael W. Olson (GNU address) <mwolson at gnu.org>  Sat, 03 Nov 2007
22:45:01 -0400

emacs22 (22.1-0ubuntu6) hardy; urgency=low

  [ Michael Olson: Fix security issue. ]
  * debian/patches/fix-local-vars-security.diff: New patch that fixes a
    bug in local variables handling.  This bug permitted very risky, close
    to arbitrary modification of the behavior of Emacs by potentially
    untrusted visited files.  Namely, highly unsafe variables like
    `load-path' could be changed without authorization.  Fixes Launchpad
    #159525 and Debian #449008.

  [ Michael Olson: Bring this closer to Debian's packaging. ]
  * debian/control: Remove Build-Depends for cdbs, since we really don't
    need it after all.
  * debian/patches: Remove executable bits for all patches.
  * debian/rules:
    - Include /usr/share/quilt/quilt.make instead of cdbs.  Thanks to
      Romain Francoise for discovering this Makefile.
    - Trivial changes that minimize the differences between our package
      and Debian's:
      + Use $(...) rather than ${...}, since the former seems to be
        preferred by debian.
      + Add "set -o pipefail" before several commands involving pipes, so
        that the error code returned is the one for the first command with
        an error in the pipe.  Since the version of bash in Debian sarge
        does not support this option, and we want to be able to share
        changes with Romain's emacs-snapshot backport for sarge, send the
        output of set to /dev/null and force the exit status to be 0.
      + (nominal_ver): Split command into multiple lines.
      + Reorganize some sections to make it easier to compare changes.
      + Export DEB_HOST_GNU_TYPE and DEB_BUILD_GNU_TYPE.
      + Rename DEB_TRASH to deb_trash.
      + Rename bin_name to flavor.
      + Update comments.
      + (confflags): Use "--build=" instead of "--build " and "--host="
        instead of "--host ".
      + (deb_orig_tgz): Introduce.
      + (persistent_autogen_build_files)
        (nonpersistent_autogen_build_files)
        (persistent_autogen_install_files)
        (nonpersistent_autogen_install_files, autogen_build_files)
        (autogen_install_files, persistent_autogen_files)
        (nonpersistent_autogen_files): New variables that replace
        PERSISTENT_AUTOGEN_FILES, NONPERSISTENT_AUTOGEN_FILES, and
        DEBPKGFILES.
    - (quilt): New variable that specifies how to call quilt.  This
      particular name was chosen because Debian uses it in their emacs22
      packaging.
    - (patch_info): Use $(quilt) rather than $(DEB_QUILT_CMD).

 -- Michael W. Olson (GNU address) <mwolson at gnu.org>  Fri, 02 Nov 2007
11:00:58 -0400

** Affects: feisty-backports
     Importance: Undecided
         Status: New

** Visibility changed to: Public

-- 
Please backport emacs22 22.1-0ubuntu7 from hardy
https://bugs.launchpad.net/bugs/163813
You received this bug notification because you are a member of Ubuntu
Backporters, which is a direct subscriber.