openSUSE Security Update: emacs and depending packages ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1348-1 Rating: moderate References: #775993 #780653 Cross-References: CVE-2012-3479 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the following issues for emacs, emacs-w3, gnuplot and ddskk: emacs: - Add fix for bnc#775993 which disable arbitrary lisp code execution when 'enable-local-variables' is set to ':safe' (CVE-2012-3479) - Add fix for bnc#780653 to allow emacs to parse tar archives with PAX extended headers - This update also upgrades emacs to version 24.1: * Support for Gtk+3.0, GnuTLS, ImageMagick, libxml2, and SELinux * Support for wide integer (62 bits) in lisp even on 32-bit machines. * The --unibyte, --multibyte, --no-multibyte, and --no-unibyte command line arguments, and the EMACS_UNIBYTE environment variable, no longer have any effect. * And many more changes see /usr/share/emacs/24.1/etc/NEWS - Remove obsolete patches - Refresh some others patches emacs-w3: - (condition-case ...) and (eval-when (compile) ...) will not work together gnuplot: - Resolve the former problem by using texlive-texinfo to enforce installing required fonts as well as required tools for TL 2012 - add more texlive 2012 requirements - Make it build with latest TeXLive 2012 with new package layout - Convert gnuplot.el to new backtick lisp scheme for emacs 24.1 ddskk: - Update to ddskk-14.4 and skkdic-20110529 - Take some patches from Debian as well add some own patches - Drop superfluous patches Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-710 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): emacs-24.2-15.8.2 emacs-debuginfo-24.2-15.8.2 emacs-debugsource-24.2-15.8.2 emacs-nox-24.2-15.8.2 emacs-x11-24.2-15.8.2 gnuplot-4.6.0-3.4.2 gnuplot-debuginfo-4.6.0-3.4.2 gnuplot-debugsource-4.6.0-3.4.2 - openSUSE 12.2 (noarch): ddskk-20121010_14.4-283.6.1 emacs-el-24.2-15.8.2 emacs-info-24.2-15.8.2 emacs-w3-cvs-808.4.4 gnuplot-doc-4.6.0-3.4.2 skkdic-20121010_14.4-283.6.1 skkdic-extra-20121010_14.4-283.6.1 References: http://support.novell.com/security/cve/CVE-2012-3479.html https://bugzilla.novell.com/775993 https://bugzilla.novell.com/780653