[emacs/f16] CVE-2012-3479
Karel Klíč
kklic at fedoraproject.org
Tue Aug 14 09:25:06 UTC 2012
commit cf202808df6d5c92e46072ee9da120f8f52ce374
Author: Karel Klic <kklic at redhat.com>
Date: Tue Aug 14 11:25:17 2012 +0200
CVE-2012-3479
emacs-cve-2012-3479.patch | 33 +++++++++++++++++++++++++++++++++
emacs.spec | 13 +++++++++++--
2 files changed, 44 insertions(+), 2 deletions(-)
---
diff --git a/emacs-cve-2012-3479.patch b/emacs-cve-2012-3479.patch
new file mode 100644
index 0000000..70da786
--- /dev/null
+++ b/emacs-cve-2012-3479.patch
@@ -0,0 +1,33 @@
+
+*** emacs-23.4/lisp/files.el~ 2012-08-13 10:50:42.340171173 +0800
+--- emacs-23.4/lisp/files.el 2012-08-13 10:51:12.528172450 +0800
+***************
+*** 2986,2996 ****
+ ;; Obey `enable-local-eval'.
+ ((eq var 'eval)
+ (when enable-local-eval
+! (push elt all-vars)
+! (or (eq enable-local-eval t)
+! (hack-one-local-variable-eval-safep (eval (quote val)))
+! (safe-local-variable-p var val)
+! (push elt unsafe-vars))))
+ ;; Ignore duplicates (except `mode') in the present list.
+ ((and (assq var all-vars) (not (eq var 'mode))) nil)
+ ;; Accept known-safe variables.
+--- 2986,3001 ----
+ ;; Obey `enable-local-eval'.
+ ((eq var 'eval)
+ (when enable-local-eval
+! (let ((safe (or (hack-one-local-variable-eval-safep
+! (eval (quote val)))
+! ;; In case previously marked safe (bug#5636).
+! (safe-local-variable-p var val))))
+! ;; If not safe and e-l-v = :safe, ignore totally.
+! (when (or safe (not (eq enable-local-variables :safe)))
+! (push elt all-vars)
+! (or (eq enable-local-eval t)
+! safe
+! (push elt unsafe-vars))))))
+ ;; Ignore duplicates (except `mode') in the present list.
+ ((and (assq var all-vars) (not (eq var 'mode))) nil)
+ ;; Accept known-safe variables.
diff --git a/emacs.spec b/emacs.spec
index 4a991af..ea82f32 100644
--- a/emacs.spec
+++ b/emacs.spec
@@ -3,7 +3,7 @@ Summary: GNU Emacs text editor
Name: emacs
Epoch: 1
Version: 23.3
-Release: 9%{?dist}
+Release: 10%{?dist}
License: GPLv3+
URL: http://www.gnu.org/software/emacs/
Group: Applications/Editors
@@ -36,6 +36,9 @@ Patch6: emacs-23.2-hideshow-comment.patch
Patch7: emacs-wm-state-hidden.patch
# http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html
Patch8: emacs-ede-cve-2012-0035.patch
+# CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local
+# variable sections, when 'enable-local-variables' set to ':safe'
+Patch9: emacs-cve-2012-3479.patch
BuildRequires: atk-devel, cairo-devel, freetype-devel, fontconfig-devel, dbus-devel, giflib-devel, glibc-devel, gtk2-devel, libpng-devel
BuildRequires: libjpeg-devel, libtiff-devel, libX11-devel, libXau-devel, libXdmcp-devel, libXrender-devel, libXt-devel
@@ -158,6 +161,7 @@ packages that add functionality to Emacs.
%patch6 -p0 -b .hideshow-comment
%patch7 -p1 -b .wm-state-hidden
%patch8 -p1 -b .ede-cve-2012-0035
+%patch9 -p1 -b .cve-2012-3479
# Install site-lisp files
cp %SOURCE7 %SOURCE9 %SOURCE10 site-lisp
@@ -434,8 +438,13 @@ update-desktop-database &> /dev/null || :
%dir %{_datadir}/emacs/site-lisp/site-start.d
%changelog
+* Tue Aug 14 2012 Karel Klíč <kklic at redhat.com> - 1:23.3-10
+- CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local
+ variable sections, when 'enable-local-variables' set to ':safe'
+
* Thu Jan 12 2012 Karel Klíč <kklic at redhat.com> - 1:23.3-9
-- Added patch to handle CVE-2012-0035: CEDET global-ede-mode file loading vulnerability (rhbz#773024)
+- Added patch to handle CVE-2012-0035: CEDET global-ede-mode
+ file loading vulnerability (rhbz#773024)
* Wed Nov 23 2011 Karel Klíč <kklic at redhat.com> - 1:23.3-8
- Check for _NET_WM_STATE_HIDDEN (rhbz#711739)
More information about the scm-commits
mailing list