From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Robert Pluim <rpluim@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Request to backport fix for CVE-2022-45939 to Emacs 28
Date: Tue, 14 Feb 2023 09:13:40 +0100
Message-ID: <87mt5gpsuj.fsf@gmail.com>
References: <85f35c42-cfe8-44a7-a9c1-307acc5c17d4@Spark>
 <09998122-0110-454f-94d1-e29c37b833f4@Spark> <83sff9e1is.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="21950"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: Troy Hinckley <comms@dabrev.com>,  emacs-devel@gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Feb 14 09:14:36 2023
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1pRqSR-0005QO-5J
	for ged-emacs-devel@m.gmane-mx.org; Tue, 14 Feb 2023 09:14:35 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1pRqRg-0002iU-ET; Tue, 14 Feb 2023 03:13:48 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <rpluim@gmail.com>) id 1pRqRe-0002i7-3M
 for emacs-devel@gnu.org; Tue, 14 Feb 2023 03:13:46 -0500
Original-Received: from mail-wr1-x42b.google.com ([2a00:1450:4864:20::42b])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <rpluim@gmail.com>)
 id 1pRqRc-0008K8-GT; Tue, 14 Feb 2023 03:13:45 -0500
Original-Received: by mail-wr1-x42b.google.com with SMTP id j23so14773279wra.0;
 Tue, 14 Feb 2023 00:13:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=content-transfer-encoding:mime-version:message-id:date
 :gmane-reply-to-list:references:in-reply-to:subject:cc:to:from:from
 :to:cc:subject:date:message-id:reply-to;
 bh=iTSx0N94k4ALw8t3H//+rDP4PbpE3r71Y8GWvCAPvUg=;
 b=VcRDByYTvYZloQSf6dra4r+0FHNhEUtMIuXtSfglZcrDoKSU67Sdhp4Ty4BVJtx3ux
 qQf9lkXk9swZH/W4G5rf+gqHDSN1EH4F7yHdC04RYxkiLPri0LFICIcBFixiLT63BgTG
 trmnpiSwtFm9YDgp7SvCTOqLAnJbXsrioAOgaK17z0eORZ3PRoz53a6cHzJH2d3TDXi4
 RKqe9CaBZMB4KliP9auHUhIWIt5LjHM9x3nzviyUIQbm3olWfWWerFHhAIZnqr0Dkr/b
 2mBWebnGPnSooSKVSA9ppCXbvEq7Qwd6lL64V0I4h4MvCW1KK519XojQSJPemQR3COrL
 IX+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:message-id:date
 :gmane-reply-to-list:references:in-reply-to:subject:cc:to:from
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=iTSx0N94k4ALw8t3H//+rDP4PbpE3r71Y8GWvCAPvUg=;
 b=O1s8VQLHdaTUYhxlmhfAdM3VsS4FutBe3tQliBFcZY7yxc8rumr0fMddxJNGAw4to4
 fTGshGaXgC/AiHvUVjZb/Dhoj8MiZXTgBt1s5Tzulbe0NyMdHr0BXVnX9RHnrfBI0a7K
 Jze/FR8K3+Hm//Te+kX29Mn2oxG06QGQ1UITT3O6+jtyd/d903sBOGgNEWSxMLuyMxt2
 FUuCL1jq4m/JnxdatPliV1Slysx1iibh1HL3/weIMwcdE6SEKYZzqVYrtB9vLHbQnwq0
 H8qKrBU+X69tCoAFatgLBbsaheZim91IGcfRqWnoP/7/NTd9vB7k/DBNjgv8CqYPzrag
 L98A==
X-Gm-Message-State: AO0yUKWXYe4Kl4+3oL1SUJyPW865GtE6E0ib6lnMNPqART7mhuc5mv2n
 lMxSW3bFkh4sPZM1QV9r3W0Db2oJRio=
X-Google-Smtp-Source: AK7set9oDcaz5cD1Kz3EJXqbdYz5csWAC6Xj4uV9JcSwEXklNYNzSBB+WHtVowM3uUUxGcAJWZdNyg==
X-Received: by 2002:a5d:6352:0:b0:2c5:5308:859c with SMTP id
 b18-20020a5d6352000000b002c55308859cmr1421151wrw.18.1676362421462; 
 Tue, 14 Feb 2023 00:13:41 -0800 (PST)
Original-Received: from rltb ([82.66.8.55]) by smtp.gmail.com with ESMTPSA id
 z15-20020adfe54f000000b002c5694aef92sm307375wrm.21.2023.02.14.00.13.40
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 14 Feb 2023 00:13:40 -0800 (PST)
In-Reply-To: <83sff9e1is.fsf@gnu.org> (Eli Zaretskii's message of "Mon, 13 Feb
 2023 22:47:07 +0200")
Gmane-Reply-To-List: yes
Received-SPF: pass client-ip=2a00:1450:4864:20::42b;
 envelope-from=rpluim@gmail.com; helo=mail-wr1-x42b.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:303263
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/303263>

>>>>> On Mon, 13 Feb 2023 22:47:07 +0200, Eli Zaretskii <eliz@gnu.org> said:

    >> Date: Mon, 13 Feb 2023 12:15:50 -0600
    >> From: Troy Hinckley <comms@dabrev.com>
    >>=20
    >> My company will not allow an install of Emacs 28 due to CVE-2022-459=
39. There is a patch for this in the
    >> master branch, but it did not make it in time for Emacs 28.2. We hav=
e many Emacs users who would like to
    >> upgrade to 28. What would be the effort to back port this fix and do=
 an Emacs 28.3 release?

    Eli> Unfortunately, we don't have the resources to produce another v28.x
    Eli> release.  Emacs 29.1 will start its pretest soon, and will have th=
is
    Eli> issue resolved when it is released, hopefully in a couple of month=
s.

    Eli> Alternatively, you could ask the distro which you are using (if you
    Eli> are using a distro) to backport that patch to the Emacs 28 codebas=
e.
    Eli> Or patch the sources yourself and build Emacs, if that is how you
    Eli> produce the binaries.

Or for minimal effort: don=CA=BCt install the emacs-28 'etags'

Robert
--=20