[emacs/f17] Fix CVE-2012-3479

Mon Aug 13 16:07:26 UTC 2012

commit af4d8ef765d146c5a29804ad5edff76308c5ded4
Author: Karel Klic <kklic at redhat.com>
Date:   Mon Aug 13 18:07:53 2012 +0200

    Fix CVE-2012-3479

 emacs-cve-2012-3479.patch |   33 +++++++++++++++++++++++++++++++++
 emacs.spec                |    9 ++++++++-
 2 files changed, 41 insertions(+), 1 deletions(-)
---

diff --git a/emacs-cve-2012-3479.patch b/emacs-cve-2012-3479.patch
new file mode 100644
index 0000000..17d1abe
--- /dev/null
+++ b/emacs-cve-2012-3479.patch
@@ -0,0 +1,33 @@
+*** emacs-24.1/lisp/files.el~	2012-08-13 10:54:50.256181658 +0800
+--- emacs-24.1/lisp/files.el	2012-08-13 10:54:58.076181990 +0800
+***************
+*** 3107,3117 ****
+  	      ;; Obey `enable-local-eval'.
+  	      ((eq var 'eval)
+  	       (when enable-local-eval
+! 		 (push elt all-vars)
+! 		 (or (eq enable-local-eval t)
+! 		     (hack-one-local-variable-eval-safep (eval (quote val)))
+! 		     (safe-local-variable-p var val)
+! 		     (push elt unsafe-vars))))
+  	      ;; Ignore duplicates (except `mode') in the present list.
+  	      ((and (assq var all-vars) (not (eq var 'mode))) nil)
+  	      ;; Accept known-safe variables.
+--- 3107,3122 ----
+  	      ;; Obey `enable-local-eval'.
+  	      ((eq var 'eval)
+  	       (when enable-local-eval
+! 		 (let ((safe (or (hack-one-local-variable-eval-safep
+! 				  (eval (quote val)))
+! 				 ;; In case previously marked safe (bug#5636).
+! 				 (safe-local-variable-p var val))))
+! 		   ;; If not safe and e-l-v = :safe, ignore totally.
+! 		   (when (or safe (not (eq enable-local-variables :safe)))
+! 		     (push elt all-vars)
+! 		     (or (eq enable-local-eval t)
+! 			 safe
+! 			 (push elt unsafe-vars))))))
+  	      ;; Ignore duplicates (except `mode') in the present list.
+  	      ((and (assq var all-vars) (not (eq var 'mode))) nil)
+  	      ;; Accept known-safe variables.
+
diff --git a/emacs.spec b/emacs.spec
index e642ceb..1ef895f 100644
--- a/emacs.spec
+++ b/emacs.spec
@@ -3,7 +3,7 @@ Summary: GNU Emacs text editor
 Name: emacs
 Epoch: 1
 Version: 24.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv3+
 URL: http://www.gnu.org/software/emacs/
 Group: Applications/Editors
@@ -30,6 +30,8 @@ Patch3: rpm-spec-mode-changelog.patch
 Patch7: emacs-spellchecker.patch
 # rhbz#830162
 Patch8: emacs-locate-library.patch
+# rhbz#847702
+Patch9: emacs-cve-2012-3479.patch
 
 BuildRequires: atk-devel, cairo-devel, freetype-devel, fontconfig-devel, dbus-devel, giflib-devel, glibc-devel, gtk2-devel, libpng-devel
 BuildRequires: libjpeg-devel, libtiff-devel, libX11-devel, libXau-devel, libXdmcp-devel, libXrender-devel, libXt-devel
@@ -152,6 +154,7 @@ packages that add functionality to Emacs.
 %patch0 -p1 -b .glibc-open-macro
 %patch7 -p1 -b .spellchecker
 %patch8 -p1 -b .locate-library
+%patch9 -p1 -b .cve-2012-3479
 
 # Install site-lisp files
 cp %SOURCE7 %SOURCE10 site-lisp
@@ -436,6 +439,10 @@ update-desktop-database &> /dev/null || :
 %dir %{_datadir}/emacs/site-lisp/site-start.d
 
 %changelog
+* Mon Aug 13 2012 Karel Klíč <kklic at redhat.com> - 1:24.1-4
+- Fix CVE-2012-3479: Evaluation of 'eval' forms in file-local variable
+  sections, when 'enable-local-variables' set to ':safe'
+
 * Fri Jul 13 2012 Karel Klíč <kklic at redhat.com> - 1:24.1-3
 - Revert the switch from GTK 3 to GTK 2 for this release
 
