openSUSE Security Update : emacs and depending packages (openSUSE-SU-2012:1348-1)
Medium Nessus Plugin ID 74780
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update fixes the following issues for emacs, emacs-w3, gnuplot and ddskk: emacs :
- Add fix for bnc#775993 which disable arbitrary lisp code execution when 'enable-local-variables' is set to ':safe' (CVE-2012-3479)
- Add fix for bnc#780653 to allow emacs to parse tar archives with PAX extended headers
- This update also upgrades emacs to version 24.1 :
- Support for Gtk+3.0, GnuTLS, ImageMagick, libxml2, and SELinux
- Support for wide integer (62 bits) in lisp even on 32-bit machines.
- The --unibyte, --multibyte, --no-multibyte, and
--no-unibyte command line arguments, and the EMACS_UNIBYTE environment variable, no longer have any effect.
- And many more changes see /usr/share/emacs/24.1/etc/NEWS
- Remove obsolete patches
- Refresh some others patches
- (condition-case ...) and (eval-when (compile) ...) will not work together
- Resolve the former problem by using texlive-texinfo to enforce installing required fonts as well as required tools for TL 2012
- add more texlive 2012 requirements
- Make it build with latest TeXLive 2012 with new package layout
- Convert gnuplot.el to new backtick lisp scheme for emacs 24.1
- Update to ddskk-14.4 and skkdic-20110529
- Take some patches from Debian as well add some own patches
- Drop superfluous patches
SolutionUpdate the affected emacs and depending packages packages.