rpms/emacs
6
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2012-3479

Browse Source
This commit is contained in:
Karel Klic 2012-08-13 18:11:01 +02:00
parent 88d07e40d1
commit 4b2c39e943
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
emacs-cve-2012-3479.patch Normal file
View File

@ -0,0 +1,33 @@
*** emacs-24.1/lisp/files.el~ 2012-08-13 10:54:50.256181658 +0800
--- emacs-24.1/lisp/files.el 2012-08-13 10:54:58.076181990 +0800
***************
*** 3107,3117 ****
;; Obey `enable-local-eval'.
((eq var 'eval)
(when enable-local-eval
! (push elt all-vars)
! (or (eq enable-local-eval t)
! (hack-one-local-variable-eval-safep (eval (quote val)))
! (safe-local-variable-p var val)
! (push elt unsafe-vars))))
;; Ignore duplicates (except `mode') in the present list.
((and (assq var all-vars) (not (eq var 'mode))) nil)
;; Accept known-safe variables.
--- 3107,3122 ----
;; Obey `enable-local-eval'.
((eq var 'eval)
(when enable-local-eval
! (let ((safe (or (hack-one-local-variable-eval-safep
! (eval (quote val)))
! ;; In case previously marked safe (bug#5636).
! (safe-local-variable-p var val))))
! ;; If not safe and e-l-v = :safe, ignore totally.
! (when (or safe (not (eq enable-local-variables :safe)))
! (push elt all-vars)
! (or (eq enable-local-eval t)
! safe
! (push elt unsafe-vars))))))
;; Ignore duplicates (except `mode') in the present list.
((and (assq var all-vars) (not (eq var 'mode))) nil)
;; Accept known-safe variables.

9
emacs.spec
View File

@ -3,7 +3,7 @@ Summary: GNU Emacs text editor
Name: emacs Name: emacs
Epoch: 1 Epoch: 1
Version: 24.1 Version: 24.1
Release: 5%{?dist} Release: 6%{?dist}
License: GPLv3+ License: GPLv3+
URL: http://www.gnu.org/software/emacs/ URL: http://www.gnu.org/software/emacs/
Group: Applications/Editors Group: Applications/Editors
@ -31,6 +31,8 @@ Patch8: emacs-locate-library.patch
# Fix building without gets function, which is removed from recent # Fix building without gets function, which is removed from recent
# version of glibc. # version of glibc.
Patch9: emacs-nogets.patch Patch9: emacs-nogets.patch
# rhbz#847702
Patch10: emacs-cve-2012-3479.patch
BuildRequires: atk-devel, cairo-devel, freetype-devel, fontconfig-devel, dbus-devel, giflib-devel, glibc-devel, gtk3-devel, libpng-devel BuildRequires: atk-devel, cairo-devel, freetype-devel, fontconfig-devel, dbus-devel, giflib-devel, glibc-devel, gtk3-devel, libpng-devel
BuildRequires: libjpeg-devel, libtiff-devel, libX11-devel, libXau-devel, libXdmcp-devel, libXrender-devel, libXt-devel BuildRequires: libjpeg-devel, libtiff-devel, libX11-devel, libXau-devel, libXdmcp-devel, libXrender-devel, libXt-devel
@ -157,6 +159,7 @@ packages that add functionality to Emacs.
%patch7 -p1 -b .spellchecker %patch7 -p1 -b .spellchecker
%patch8 -p1 -b .locate-library %patch8 -p1 -b .locate-library
%patch9 -p1 -b .nogets %patch9 -p1 -b .nogets
%patch10 -p1 -b .cve-2012-3479
# Install site-lisp files # Install site-lisp files
cp %SOURCE10 site-lisp cp %SOURCE10 site-lisp
@ -441,6 +444,10 @@ update-desktop-database &> /dev/null || :
%dir %{_datadir}/emacs/site-lisp/site-start.d %dir %{_datadir}/emacs/site-lisp/site-start.d
%changelog %changelog
* Mon Aug 13 2012 Karel Klíč <kklic@redhat.com> - 1:24.1-6
- Fix CVE-2012-3479: Evaluation of 'eval' forms in file-local variable
sections, when 'enable-local-variables' set to ':safe'
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:24.1-5 * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:24.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild