Security fix for function hack-local-variables, CVE-2007-5795, bug #197958.

(Portage version: 2.1.3.17)
author: Ulrich Müller <ulm@gentoo.org> 2007-11-03 20:23:02 +0000
committer: Ulrich Müller <ulm@gentoo.org> 2007-11-03 20:23:02 +0000
commit: e97873cc9d6360bb995f2042bab55f321386ff5b (patch)
tree: afe9307f6cba1f2ba670348b5b56b3d8e334584d /app-editors
parent: Respect ROOT in pkg_* functions. (diff)
download: gentoo-2-e97873cc9d6360bb995f2042bab55f321386ff5b.tar.gz
gentoo-2-e97873cc9d6360bb995f2042bab55f321386ff5b.tar.bz2
gentoo-2-e97873cc9d6360bb995f2042bab55f321386ff5b.zip
4 files changed, 23 insertions, 3 deletions
diff --git a/app-editors/emacs-cvs/ChangeLog b/app-editors/emacs-cvs/ChangeLog
index c9456deec25d..b4feab8a9eeb 100644
--- a/app-editors/emacs-cvs/ChangeLog
+++ b/app-editors/emacs-cvs/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for app-editors/emacs-cvs
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/ChangeLog,v 1.166 2007/10/29 09:05:29 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/ChangeLog,v 1.167 2007/11/03 20:23:02 ulm Exp $
+
+  03 Nov 2007; Ulrich Mueller <ulm@gentoo.org>
+  +files/emacs-cvs-hack-local-variables.patch,
+  emacs-cvs-22.1.50_p20070829-r1.ebuild, emacs-cvs-23.0.0_p20070920.ebuild:
+  Security fix for function hack-local-variables, CVE-2007-5795, bug #197958.
 
   24 Oct 2007; Ulrich Mueller <ulm@gentoo.org> emacs-cvs-22.1.50-r1.ebuild,
   emacs-cvs-22.1.50_p20070829-r1.ebuild, emacs-cvs-23.0.0_p20070920.ebuild,
diff --git a/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild b/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild
index 40e565c32148..1ec6c73ed57b 100644
--- a/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild
+++ b/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild,v 1.7 2007/11/02 09:43:51 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild,v 1.8 2007/11/03 20:23:02 ulm Exp $
 
 WANT_AUTOCONF="2.5"
 WANT_AUTOMAKE="latest"
@@ -70,6 +70,7 @@ src_unpack() {
 	epatch "${FILESDIR}/${PN}-freebsd-sparc.patch"
 	epatch "${FILESDIR}/${PN}-make-tramp-temp-file.patch"
 	epatch "${FILESDIR}/${PN}-makeinfo-regexp.patch"
+	epatch "${FILESDIR}/${PN}-hack-local-variables.patch"
 	# ALSA is detected and used even if not requested by the USE=alsa flag.
 	# So remove the automagic check
 	use alsa || epatch "${FILESDIR}/${PN}-disable_alsa_detection-r1.patch"
diff --git a/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild b/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild
index 240b1aede0df..86b044b60c45 100644
--- a/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild
+++ b/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild,v 1.5 2007/11/02 09:43:51 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild,v 1.6 2007/11/03 20:23:02 ulm Exp $
 
 WANT_AUTOCONF="2.5"
 WANT_AUTOMAKE="latest"
@@ -72,6 +72,7 @@ src_unpack() {
 	epatch "${FILESDIR}/${PN}-make-tramp-temp-file.patch"
 	epatch "${FILESDIR}/${PN}-makeinfo-regexp.patch"
 	epatch "${FILESDIR}/${PN}-no-x-compile.patch"
+	epatch "${FILESDIR}/${PN}-hack-local-variables.patch"
 	# ALSA is detected and used even if not requested by the USE=alsa flag.
 	# So remove the automagic check
 	use alsa || epatch "${FILESDIR}/${PN}-disable_alsa_detection-r1.patch"
diff --git a/app-editors/emacs-cvs/files/emacs-cvs-hack-local-variables.patch b/app-editors/emacs-cvs/files/emacs-cvs-hack-local-variables.patch
new file mode 100644
index 000000000000..ed73505c68a2
--- /dev/null
+++ b/app-editors/emacs-cvs/files/emacs-cvs-hack-local-variables.patch
@@ -0,0 +1,13 @@
+--- lisp/files.el	13 Oct 2007 14:09:56 -0000	1.896.2.28
++++ lisp/files.el	2 Nov 2007 11:02:12 -0000	1.896.2.29
+@@ -2764,8 +2764,8 @@
+ 		;; If caller wants only the safe variables,
+ 		;; install only them.
+ 		(dolist (elt result)
+-		  (unless (or (memq (car elt) unsafe-vars)
+-			      (memq (car elt) risky-vars))
++		  (unless (or (member elt unsafe-vars)
++			      (member elt risky-vars))
+ 		    (hack-one-local-variable (car elt) (cdr elt))))
+ 	      ;; Query, except in the case where all are known safe
+ 	      ;; if the user wants no quuery in that case.
author	Ulrich Müller <ulm@gentoo.org>	2007-11-03 20:23:02 +0000
committer	Ulrich Müller <ulm@gentoo.org>	2007-11-03 20:23:02 +0000
commit	e97873cc9d6360bb995f2042bab55f321386ff5b (patch)
tree	afe9307f6cba1f2ba670348b5b56b3d8e334584d /app-editors
parent	Respect ROOT in pkg_* functions. (diff)
download	gentoo-2-e97873cc9d6360bb995f2042bab55f321386ff5b.tar.gz gentoo-2-e97873cc9d6360bb995f2042bab55f321386ff5b.tar.bz2 gentoo-2-e97873cc9d6360bb995f2042bab55f321386ff5b.zip