Please sync emacs22 22.2+2-5 (main) from Debian unstable (main).

Bug #299594 reported by Jamie Strandboge on 2008-11-18
4
Affects Status Importance Assigned to Milestone
emacs22 (Ubuntu)
Wishlist
Unassigned

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/emacs22
 status confirmed
 importance wishlist
 subscribe ubuntu-archive

Please sync emacs22 22.2+2-5 (main) from Debian unstable (main).

Explanation of the Ubuntu delta and why it can be dropped:
The only delta was a patch for CVE-2008-1694, which is now included in
22.2+2-2.

Changelog since current jaunty version 22.2-0ubuntu2:

emacs22 (22.2+2-5) unstable; urgency=low

  * Add a build dependency on libasound2-dev which emacs22 is already
    linked against on i386. This change just makes things consistent
    across all the relevant platforms. Thanks to Sven Joachim
    <email address hidden> for the fix. (closes: #503054)

  * Set mail-interactive to t if /usr/bin/mail is not an executable and
    fakemail is chosen. This should still help avoid silent mail loss,
    but won't signal an error if the mailer is never invoked. Thanks to
    Ralf Resack <email address hidden> for proposing the
    fix. (closes: #429059)

 -- Rob Browning <email address hidden> Sun, 09 Nov 2008 12:05:33 -0800

emacs22 (22.2+2-4) unstable; urgency=medium

  * Fix a security problem related to the invocation of python
    (CVE-2008-3949). Avoid including the current directory in the module
    lookup path when invoking python from python.el. Thanks to Sven
    Joachim <email address hidden> and Michael Berg <email address hidden>.
    (closes: #499568)

  * Invoke xmlstarlet from flymake as xmlstarlet rather than xml. Thanks
    to Jussi Judin <email address hidden>. (closes: #447378)

  * Fix vc-mode's handling of internal temporary buffers. This should
    avoid failures when trying to open files under monotone version
    control. Thanks to Sven Joachim <email address hidden> and Michael Berg
    <email address hidden>. (closes: #476108)

 -- Rob Browning <email address hidden> Tue, 14 Oct 2008 21:28:47 -0700

emacs22 (22.2+2-3) unstable; urgency=medium

  * Fix an insecurity related to fast-lock-cache-directories
    (CVE-2008-2142). Thanks to Sven Joachim <email address hidden> and Morten
    Welinder <email address hidden>. (closes: #480885)

  * Don't remove /usr/local/share/emacs/site-lisp in emacs22-common.
    Leave that up to emacsen-common. Thanks to Sven Joachim
    <email address hidden>. (closes: #490524)

  * Don't prematurely raise an error when trying to save a non-ASCII
    buffer when select-safe-coding-system-accept-default-p is set to a
    function. Thanks to Jun Inoue <email address hidden>.
    (closes: #488427)

  * Don't look for GNU to find etc/. Look for NEWS instead. Thanks to
    "Bernhard Michler" <email address hidden> for the report and Sven Joachim
    <email address hidden> for the fix. (closes: #478240)

  * Fix a problem in WoMan which caused it to raise an error for a number
    of manpages. Thanks to Sven Joachim <email address hidden>. (closes: #476223)

 -- Rob Browning <email address hidden> Wed, 23 Jul 2008 20:56:33 -0700

emacs22 (22.2+2-2) unstable; urgency=medium

  * Fix debian-expand-file-name-dfsg and describe-gnu-project (C-h C-p).
    Thanks to Valery V. Vorotyntsev <email address hidden>.
    (closes: #448391, #477215)

  * Fix an insecurity in vcdiff's temporary file handling
    (CVE-2008-1694). Thanks to Moritz Muehlenhoff <email address hidden> and
    Steve Grubb. (closes: #476611)

 -- Rob Browning <email address hidden> Sat, 26 Apr 2008 22:02:40 -0700

emacs22 (22.2+2-1) unstable; urgency=low

  * Move mh-e.texi here from the non-DFSG package because the license does
    appear to be DFSG compatible. Thanks to Peter S Galbraith
    <email address hidden>. (closes: #433953)

  * Add Conflicts and Replaces emacs22-common-non-dfsg (<< 22.2+1-2) to
    debian/control.in to handle move of mh-e.

 -- Rob Browning <email address hidden> Sun, 20 Apr 2008 13:25:33 -0700

emacs22 (22.2+1-1) unstable; urgency=low

  * New upstream release. (closes: #473021, #474271)

  * Move dired-x.texi to the non-DFSG package because the license has
    changed.

  * Update debian/copyright to reflect recent changes.

  * Update debian/dfsg-splitter for new upstream release.

  * Add libgif-dev to debian/control. Thanks to Sven Joachim
    <email address hidden>. (closes: #472419)

 -- Rob Browning <email address hidden> Thu, 10 Apr 2008 18:41:02 -0700

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkjFg4ACgkQW0JvuRdL8BrOSwCaA26jTzKTtxHXDkr5Z8hLxmQ5
cuQAnjLDhnuMarpAt64UrEbtHOZHPXyZ
=XPZQ
-----END PGP SIGNATURE-----

Reinhard Tartler (siretart) wrote :

did you really investigate the remaining diff to debian? are you aware that ubuntu's packaging of emacs22 is based on Romain's emacs-snapshot package and not on Rob's packaging for debian?

archive admins: please don't sync until this is cleared and agreed on!

Jamie Strandboge (jdstrand) wrote :

I was not aware that emacs22 was based on emacs-snapshot. The changelog for 22.2-0ubuntu1 said simply "new upstream release". I added one patch for 22.2-0ubuntu2, which was the CVE fix. Since Debian is now at 22.2+2-5, and included the fix for the CVE, I thought a sync was appropriate.

Reinhard, since you did the packaging for 22.2-0ubuntu1, can you elaborate on what was done in the package?

Jamie Strandboge (jdstrand) wrote :

After reading WhyDifferentEmacs it's quite obvious that a sync is inappropriate, and I am sorry for the mistake. However, having had emacs22 show up in my list of assigned merges (due to the aforementioned security fix) but not being an emacs user, it would have been most helpful if something more than "new upstream release" was in the changelog. Perhaps something like:

 * new upstream release based on emacs-snapshot
    - https://wiki.ubuntu.com/MichaelOlsen/WhyDifferentEmacs

Changed in emacs22:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers