From d1e80997ab7b31bf23c785aef805cddadb79ae269f4c01906defe1ec13082a78 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 5 Nov 2007 23:12:47 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/emacs?expand=0&rev=19 --- emacs-22.1-CVE-2007-5795.dif | 13 +++++++++++++ emacs.changes | 5 +++++ emacs.spec | 7 ++++++- 3 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 emacs-22.1-CVE-2007-5795.dif diff --git a/emacs-22.1-CVE-2007-5795.dif b/emacs-22.1-CVE-2007-5795.dif new file mode 100644 index 0000000..fe6fc8a --- /dev/null +++ b/emacs-22.1-CVE-2007-5795.dif @@ -0,0 +1,13 @@ +--- lisp/files.el ++++ lisp/files.el 2007-11-05 12:27:44.225166531 +0100 +@@ -2736,8 +2736,8 @@ is specified, returning t if it is speci + ;; If caller wants only the safe variables, + ;; install only them. + (dolist (elt result) +- (unless (or (memq (car elt) unsafe-vars) +- (memq (car elt) risky-vars)) ++ (unless (or (member elt unsafe-vars) ++ (member elt risky-vars)) + (hack-one-local-variable (car elt) (cdr elt)))) + ;; Query, except in the case where all are known safe + ;; if the user wants no quuery in that case. diff --git a/emacs.changes b/emacs.changes index 2653be6..4c92884 100644 --- a/emacs.changes +++ b/emacs.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Nov 5 13:43:09 CET 2007 - werner@suse.de + +- Fix insufficient safe mode checks (bug #339033, CVE-2007-5795) + ------------------------------------------------------------------- Fri Sep 7 20:44:25 CEST 2007 - schwab@suse.de diff --git a/emacs.spec b/emacs.spec index 197a494..65f86d7 100644 --- a/emacs.spec +++ b/emacs.spec @@ -20,7 +20,7 @@ Requires: emacs-info ctags emacs_program Provides: ge_site ge_exec emacs-url Mule-UCS emacs-calc erc AutoReqProv: on Version: 22.1 -Release: 41 +Release: 56 BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: GNU Emacs Base Package Source: emacs-22.1.tar.bz2 @@ -44,6 +44,7 @@ Patch11: emacs-22.0.99-xim.patch Patch12: emacs-22.0.99-x11r7.patch Patch13: emacs-22.0.99-s390x.dif Patch14: emacs-22.1-conf.diff +Patch15: emacs-22.1-CVE-2007-5795.dif %{expand: %%global _exec_prefix %(type -p pkg-config &>/dev/null && pkg-config --variable prefix x11 || echo /usr/X11R6)} %if "%_exec_prefix" == "/usr/X11R6" %define _x11lib %{_exec_prefix}/%{_lib} @@ -212,6 +213,7 @@ Authors: %patch12 -p0 -b .x11r7 %patch13 -p0 -b .s390x %patch14 +%patch15 -p0 -b .CVE20075795 %patch if test ! -e $HOME/.mh_profile && type -p install-mh > /dev/null 2>&1; then install-mh -auto < /dev/null @@ -383,6 +385,7 @@ rm -vf %{buildroot}/usr/share/emacs/%{version}/lisp/mail/sendmail.el.snd rm -vf %{buildroot}/usr/share/emacs/%{version}/lisp/ldefs-boot.el.psbdf rm -vf %{buildroot}/usr/share/emacs/%{version}/lisp/ps-mule.el.psmu rm -vf %{buildroot}/usr/share/emacs/%{version}/lisp/textmodes/ispell.el.psmu +rm -vf %{buildroot}/usr/share/emacs/%{version}/lisp/files.el.CVE20075795 unelc %{buildroot}/usr/share/emacs/%{version}/lisp/bindings.elc unelc %{buildroot}/usr/share/emacs/%{version}/lisp/cus-start.elc unelc %{buildroot}/usr/share/emacs/%{version}/lisp/generic-x.elc @@ -3186,6 +3189,8 @@ done /usr/share/emacs/%{version}/lisp/xml.el.gz /usr/share/emacs/%{version}/lisp/xt-mouse.el.gz %changelog +* Mon Nov 05 2007 - werner@suse.de +- Fix insufficient safe mode checks (bug #339033, CVE-2007-5795) * Fri Sep 07 2007 - schwab@suse.de - Remove obsolete xterm.el. * Mon Jul 23 2007 - aj@suse.de