Security fix for function hack-local-variables, CVE-2007-5795, bug #197958.

Package-Manager: portage-2.1.3.17
author: Ulrich Müller <ulm@gentoo.org> 2007-11-03 20:23:02 +0000
committer: Ulrich Müller <ulm@gentoo.org> 2007-11-03 20:23:02 +0000
commit: 53a2763799ce0dbdfce8e7a47d8fb8d6822e2127 (patch)
tree: 962ee352cc6d87aac99775b75b0a8550f99f6a6c /app-editors
parent: Respect ROOT in pkg_* functions. (diff)
download: historical-53a2763799ce0dbdfce8e7a47d8fb8d6822e2127.tar.gz
historical-53a2763799ce0dbdfce8e7a47d8fb8d6822e2127.tar.bz2
historical-53a2763799ce0dbdfce8e7a47d8fb8d6822e2127.zip
5 files changed, 42 insertions, 18 deletions
diff --git a/app-editors/emacs-cvs/ChangeLog b/app-editors/emacs-cvs/ChangeLog
index c9456deec25d..b4feab8a9eeb 100644
--- a/app-editors/emacs-cvs/ChangeLog
+++ b/app-editors/emacs-cvs/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for app-editors/emacs-cvs
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/ChangeLog,v 1.166 2007/10/29 09:05:29 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/ChangeLog,v 1.167 2007/11/03 20:23:02 ulm Exp $
+
+  03 Nov 2007; Ulrich Mueller <ulm@gentoo.org>
+  +files/emacs-cvs-hack-local-variables.patch,
+  emacs-cvs-22.1.50_p20070829-r1.ebuild, emacs-cvs-23.0.0_p20070920.ebuild:
+  Security fix for function hack-local-variables, CVE-2007-5795, bug #197958.
 
   24 Oct 2007; Ulrich Mueller <ulm@gentoo.org> emacs-cvs-22.1.50-r1.ebuild,
   emacs-cvs-22.1.50_p20070829-r1.ebuild, emacs-cvs-23.0.0_p20070920.ebuild,
diff --git a/app-editors/emacs-cvs/Manifest b/app-editors/emacs-cvs/Manifest
index 98a565126be5..4a5416dacebb 100644
--- a/app-editors/emacs-cvs/Manifest
+++ b/app-editors/emacs-cvs/Manifest
@@ -13,6 +13,10 @@ AUX emacs-cvs-freebsd-sparc.patch 475 RMD160 a8e6e3f2bc014979fd269a027835a65520c
 MD5 33cdd958f1be433095a69bff6be18148 files/emacs-cvs-freebsd-sparc.patch 475
 RMD160 a8e6e3f2bc014979fd269a027835a65520c12417 files/emacs-cvs-freebsd-sparc.patch 475
 SHA256 43584ea923e6c7221e69d1d6a14d55d386565c5decd067a62acc58af522c803b files/emacs-cvs-freebsd-sparc.patch 475
+AUX emacs-cvs-hack-local-variables.patch 561 RMD160 248f09898369161dcd0e3148c7fcb4c9de5b3bc5 SHA1 02018dc2b66f829c83aeeadca240e282a695b9a1 SHA256 d3e2ec4d4b2788a5a6d91669bfc9dcb3dc7ff1f80195d42e5ae751fa4e26b9fb
+MD5 7ee94f62749433284020272e2b059560 files/emacs-cvs-hack-local-variables.patch 561
+RMD160 248f09898369161dcd0e3148c7fcb4c9de5b3bc5 files/emacs-cvs-hack-local-variables.patch 561
+SHA256 d3e2ec4d4b2788a5a6d91669bfc9dcb3dc7ff1f80195d42e5ae751fa4e26b9fb files/emacs-cvs-hack-local-variables.patch 561
 AUX emacs-cvs-make-tramp-temp-file.patch 8605 RMD160 62120931db6326b8aca58c63266e332a6c785efe SHA1 81269e45c2749e373540b568a376937fcfab9494 SHA256 26e00b6dd65b58452b8819e017b2d6b74030e74c9d699ec11fbdf7e79717690f
 MD5 575d6121adb3d88e605e9fae6f273416 files/emacs-cvs-make-tramp-temp-file.patch 8605
 RMD160 62120931db6326b8aca58c63266e332a6c785efe files/emacs-cvs-make-tramp-temp-file.patch 8605
@@ -31,14 +35,14 @@ EBUILD emacs-cvs-22.1.50-r1.ebuild 7748 RMD160 304eace7e9863a5bbece2c1a03892a321
 MD5 2fe9c595ea5ca41d6a6e0039e1cd5129 emacs-cvs-22.1.50-r1.ebuild 7748
 RMD160 304eace7e9863a5bbece2c1a03892a321967b248 emacs-cvs-22.1.50-r1.ebuild 7748
 SHA256 4e3060d236a8af09d522c6f9341008b673c480e5abcd56ff65d9f3e24434b8ff emacs-cvs-22.1.50-r1.ebuild 7748
-EBUILD emacs-cvs-22.1.50_p20070829-r1.ebuild 7358 RMD160 eab5debbfe13693acfb03f6c7d18ae0033504b8b SHA1 b0b01b302176bedc5e324a3454bcd27e3deda10a SHA256 2b50d202519bd7316594063c03b222edf489d58a205e5bc9ccc8d9f45dc300e7
-MD5 b098a297f7b24952f5c3e4659c636292 emacs-cvs-22.1.50_p20070829-r1.ebuild 7358
-RMD160 eab5debbfe13693acfb03f6c7d18ae0033504b8b emacs-cvs-22.1.50_p20070829-r1.ebuild 7358
-SHA256 2b50d202519bd7316594063c03b222edf489d58a205e5bc9ccc8d9f45dc300e7 emacs-cvs-22.1.50_p20070829-r1.ebuild 7358
-EBUILD emacs-cvs-23.0.0_p20070920.ebuild 7616 RMD160 e5c9b8bd2cf0affb36fcf98e53ca91190e305a7c SHA1 62de8ce93e9c5d2859e65a6af05a2e0e30ca39ed SHA256 736c58d99dadcbf2a6242c9758e97202f03563882937b841e886f8c1b5aaa195
-MD5 4324adb4691e7d84136a3ed82071fa24 emacs-cvs-23.0.0_p20070920.ebuild 7616
-RMD160 e5c9b8bd2cf0affb36fcf98e53ca91190e305a7c emacs-cvs-23.0.0_p20070920.ebuild 7616
-SHA256 736c58d99dadcbf2a6242c9758e97202f03563882937b841e886f8c1b5aaa195 emacs-cvs-23.0.0_p20070920.ebuild 7616
+EBUILD emacs-cvs-22.1.50_p20070829-r1.ebuild 7413 RMD160 516a797e439c815b3bd1f168c61c94b4a836b858 SHA1 bd2f40f9a7cbc2015fd9af7f49d933048c6f6281 SHA256 a3d6a8da3a264e03f89c14fd372c4f4e0c54c82b48929c59158603ddfe78b573
+MD5 0b78eab038ac8c8a674327ab4cc1ea6c emacs-cvs-22.1.50_p20070829-r1.ebuild 7413
+RMD160 516a797e439c815b3bd1f168c61c94b4a836b858 emacs-cvs-22.1.50_p20070829-r1.ebuild 7413
+SHA256 a3d6a8da3a264e03f89c14fd372c4f4e0c54c82b48929c59158603ddfe78b573 emacs-cvs-22.1.50_p20070829-r1.ebuild 7413
+EBUILD emacs-cvs-23.0.0_p20070920.ebuild 7671 RMD160 9efc06dfdd47862f7624f91a3a5f1614e3a634b9 SHA1 c04388acf96eb530e665d988091155a39715eac9 SHA256 c3421b490cd05fc9fd9bbbd59f0b2e05710b150c0032fae5d582fb3927b56950
+MD5 0fbf4fa8088e2ea54a0a16f16a139c43 emacs-cvs-23.0.0_p20070920.ebuild 7671
+RMD160 9efc06dfdd47862f7624f91a3a5f1614e3a634b9 emacs-cvs-23.0.0_p20070920.ebuild 7671
+SHA256 c3421b490cd05fc9fd9bbbd59f0b2e05710b150c0032fae5d582fb3927b56950 emacs-cvs-23.0.0_p20070920.ebuild 7671
 EBUILD emacs-cvs-23.0.50.ebuild 7759 RMD160 cf1c7ba709cf89f54274f71ba35b983f8c632ed2 SHA1 225b4fc22c5b8b3743b22ca0f697e567f8f0fea8 SHA256 588e43735ea9a0ad1b60b141c0915df2f0707b217db4f014b6ee1e0348a8eba3
 MD5 7ce471dad554a0cbf3b000120e68af60 emacs-cvs-23.0.50.ebuild 7759
 RMD160 cf1c7ba709cf89f54274f71ba35b983f8c632ed2 emacs-cvs-23.0.50.ebuild 7759
@@ -47,10 +51,10 @@ EBUILD emacs-cvs-23.0.60.ebuild 7961 RMD160 9b0f50fc01926376cd3291d2d90eef498417
 MD5 1620062f2aa3722f5e95804f4d83b23e emacs-cvs-23.0.60.ebuild 7961
 RMD160 9b0f50fc01926376cd3291d2d90eef498417958c emacs-cvs-23.0.60.ebuild 7961
 SHA256 062b6a29585a13e2ec86cd149f24ef2a363c13cbd5190fc3d24b4f328a7f9ea1 emacs-cvs-23.0.60.ebuild 7961
-MISC ChangeLog 31915 RMD160 342979d64b4c8afa9b68b1afa9b7c6be9d44b59e SHA1 eeba42a969be4f68572543555a3b59fb66498bc0 SHA256 d781ad4ddb7f1b94d6bef795fa727116cd783bac7901217ebcf51c0403cc0bba
-MD5 a7a7d6f4cb77913fe40d8549cf182095 ChangeLog 31915
-RMD160 342979d64b4c8afa9b68b1afa9b7c6be9d44b59e ChangeLog 31915
-SHA256 d781ad4ddb7f1b94d6bef795fa727116cd783bac7901217ebcf51c0403cc0bba ChangeLog 31915
+MISC ChangeLog 32164 RMD160 6026a86cd3f41a60bd9e44fd0e100d28d1747347 SHA1 cdbd22b9461405b752e07b4ee5838691317a6728 SHA256 a64e82e60d791925707eacd419f1bdabd60a99bc0d9055fca7fb960395033ece
+MD5 a8f267d2836dfe26ebc0784fbdf30ee2 ChangeLog 32164
+RMD160 6026a86cd3f41a60bd9e44fd0e100d28d1747347 ChangeLog 32164
+SHA256 a64e82e60d791925707eacd419f1bdabd60a99bc0d9055fca7fb960395033ece ChangeLog 32164
 MISC metadata.xml 158 RMD160 415d172437ca754d24fc5ab186ba8e77934d96e4 SHA1 61f6eff9729cd87a725c2a70c81aca4270a17fc4 SHA256 1393bdef3a74343fdb40a112c7096a1af16f67e7a43413250de28dfe73810eab
 MD5 fcd33d07e4ee719b01157946734f4fe8 metadata.xml 158
 RMD160 415d172437ca754d24fc5ab186ba8e77934d96e4 metadata.xml 158
@@ -73,7 +77,7 @@ SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 files/di
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.7 (GNU/Linux)
 
-iD8DBQFHKvFxOeoy/oIi7uwRAmC7AJ4l5QMFfdJVcKHcqCwDHxJ0ssISJgCffIDd
-UNm5CQXuPJH46Uwei2kEtXk=
-=97iM
+iD8DBQFHLNi5Oeoy/oIi7uwRAtQ3AKDoZIvBtTPBy8924CEu+E5Rhi6MJQCffIPh
+EeLLu3Zo907CKpnqZo15ptM=
+=8rYt
 -----END PGP SIGNATURE-----
diff --git a/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild b/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild
index 40e565c32148..1ec6c73ed57b 100644
--- a/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild
+++ b/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild,v 1.7 2007/11/02 09:43:51 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/emacs-cvs-22.1.50_p20070829-r1.ebuild,v 1.8 2007/11/03 20:23:02 ulm Exp $
 
 WANT_AUTOCONF="2.5"
 WANT_AUTOMAKE="latest"
@@ -70,6 +70,7 @@ src_unpack() {
 	epatch "${FILESDIR}/${PN}-freebsd-sparc.patch"
 	epatch "${FILESDIR}/${PN}-make-tramp-temp-file.patch"
 	epatch "${FILESDIR}/${PN}-makeinfo-regexp.patch"
+	epatch "${FILESDIR}/${PN}-hack-local-variables.patch"
 	# ALSA is detected and used even if not requested by the USE=alsa flag.
 	# So remove the automagic check
 	use alsa || epatch "${FILESDIR}/${PN}-disable_alsa_detection-r1.patch"
diff --git a/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild b/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild
index 240b1aede0df..86b044b60c45 100644
--- a/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild
+++ b/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild,v 1.5 2007/11/02 09:43:51 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs-cvs/emacs-cvs-23.0.0_p20070920.ebuild,v 1.6 2007/11/03 20:23:02 ulm Exp $
 
 WANT_AUTOCONF="2.5"
 WANT_AUTOMAKE="latest"
@@ -72,6 +72,7 @@ src_unpack() {
 	epatch "${FILESDIR}/${PN}-make-tramp-temp-file.patch"
 	epatch "${FILESDIR}/${PN}-makeinfo-regexp.patch"
 	epatch "${FILESDIR}/${PN}-no-x-compile.patch"
+	epatch "${FILESDIR}/${PN}-hack-local-variables.patch"
 	# ALSA is detected and used even if not requested by the USE=alsa flag.
 	# So remove the automagic check
 	use alsa || epatch "${FILESDIR}/${PN}-disable_alsa_detection-r1.patch"
diff --git a/app-editors/emacs-cvs/files/emacs-cvs-hack-local-variables.patch b/app-editors/emacs-cvs/files/emacs-cvs-hack-local-variables.patch
new file mode 100644
index 000000000000..ed73505c68a2
--- /dev/null
+++ b/app-editors/emacs-cvs/files/emacs-cvs-hack-local-variables.patch
@@ -0,0 +1,13 @@
+--- lisp/files.el	13 Oct 2007 14:09:56 -0000	1.896.2.28
++++ lisp/files.el	2 Nov 2007 11:02:12 -0000	1.896.2.29
+@@ -2764,8 +2764,8 @@
+ 		;; If caller wants only the safe variables,
+ 		;; install only them.
+ 		(dolist (elt result)
+-		  (unless (or (memq (car elt) unsafe-vars)
+-			      (memq (car elt) risky-vars))
++		  (unless (or (member elt unsafe-vars)
++			      (member elt risky-vars))
+ 		    (hack-one-local-variable (car elt) (cdr elt))))
+ 	      ;; Query, except in the case where all are known safe
+ 	      ;; if the user wants no quuery in that case.
author	Ulrich Müller <ulm@gentoo.org>	2007-11-03 20:23:02 +0000
committer	Ulrich Müller <ulm@gentoo.org>	2007-11-03 20:23:02 +0000
commit	53a2763799ce0dbdfce8e7a47d8fb8d6822e2127 (patch)
tree	962ee352cc6d87aac99775b75b0a8550f99f6a6c /app-editors
parent	Respect ROOT in pkg_* functions. (diff)
download	historical-53a2763799ce0dbdfce8e7a47d8fb8d6822e2127.tar.gz historical-53a2763799ce0dbdfce8e7a47d8fb8d6822e2127.tar.bz2 historical-53a2763799ce0dbdfce8e7a47d8fb8d6822e2127.zip