diff options
author | Ulrich Müller <ulm@gentoo.org> | 2012-08-13 07:24:35 +0000 |
---|---|---|
committer | Ulrich Müller <ulm@gentoo.org> | 2012-08-13 07:24:35 +0000 |
commit | a6a741a923012e983c8e63890ac0140ebf56fb2e (patch) | |
tree | ee1b7eb5b6df6c35560b2db54e384aa153056f0e | |
parent | Backport FreeBSD patch from Emacs 24. (diff) | |
download | emacs-patches-a6a741a923012e983c8e63890ac0140ebf56fb2e.tar.gz emacs-patches-a6a741a923012e983c8e63890ac0140ebf56fb2e.tar.bz2 emacs-patches-a6a741a923012e983c8e63890ac0140ebf56fb2e.zip |
Fix security flaw in enable-local-eval, bug 431178.emacs-24.1-patches-5emacs-23.4-patches-7
-rw-r--r-- | emacs/23.4/13_all_local-eval.patch | 28 | ||||
-rw-r--r-- | emacs/24.1/06_all_local-eval.patch | 28 |
2 files changed, 56 insertions, 0 deletions
diff --git a/emacs/23.4/13_all_local-eval.patch b/emacs/23.4/13_all_local-eval.patch new file mode 100644 index 0000000..3753132 --- /dev/null +++ b/emacs/23.4/13_all_local-eval.patch @@ -0,0 +1,28 @@ +Fix security flaw in enable-local-eval. +http://lists.gnu.org/archive/html/emacs-devel/2012-08/msg00396.html +https://bugs.gentoo.org/431178 + +--- emacs-23.4-orig/lisp/files.el ++++ emacs-23.4/lisp/files.el +@@ -2986,11 +2986,16 @@ + ;; Obey `enable-local-eval'. + ((eq var 'eval) + (when enable-local-eval +- (push elt all-vars) +- (or (eq enable-local-eval t) +- (hack-one-local-variable-eval-safep (eval (quote val))) +- (safe-local-variable-p var val) +- (push elt unsafe-vars)))) ++ (let ((safe (or (hack-one-local-variable-eval-safep ++ (eval (quote val))) ++ ;; In case previously marked safe (bug#5636). ++ (safe-local-variable-p var val)))) ++ ;; If not safe and e-l-v = :safe, ignore totally. ++ (when (or safe (not (eq enable-local-variables :safe))) ++ (push elt all-vars) ++ (or (eq enable-local-eval t) ++ safe ++ (push elt unsafe-vars)))))) + ;; Ignore duplicates (except `mode') in the present list. + ((and (assq var all-vars) (not (eq var 'mode))) nil) + ;; Accept known-safe variables. diff --git a/emacs/24.1/06_all_local-eval.patch b/emacs/24.1/06_all_local-eval.patch new file mode 100644 index 0000000..fdce50c --- /dev/null +++ b/emacs/24.1/06_all_local-eval.patch @@ -0,0 +1,28 @@ +Fix security flaw in enable-local-eval. +http://lists.gnu.org/archive/html/emacs-devel/2012-08/msg00396.html +https://bugs.gentoo.org/431178 + +--- emacs-24.1-orig/lisp/files.el ++++ emacs-24.1/lisp/files.el +@@ -3107,11 +3107,16 @@ + ;; Obey `enable-local-eval'. + ((eq var 'eval) + (when enable-local-eval +- (push elt all-vars) +- (or (eq enable-local-eval t) +- (hack-one-local-variable-eval-safep (eval (quote val))) +- (safe-local-variable-p var val) +- (push elt unsafe-vars)))) ++ (let ((safe (or (hack-one-local-variable-eval-safep ++ (eval (quote val))) ++ ;; In case previously marked safe (bug#5636). ++ (safe-local-variable-p var val)))) ++ ;; If not safe and e-l-v = :safe, ignore totally. ++ (when (or safe (not (eq enable-local-variables :safe))) ++ (push elt all-vars) ++ (or (eq enable-local-eval t) ++ safe ++ (push elt unsafe-vars)))))) + ;; Ignore duplicates (except `mode') in the present list. + ((and (assq var all-vars) (not (eq var 'mode))) nil) + ;; Accept known-safe variables. |