From f1aee043088f2e14764aa6c9d2b5af25d90d1a06 Mon Sep 17 00:00:00 2001 From: tron Date: Mon, 13 Aug 2012 13:07:44 +0000 Subject: Pullup ticket #3899 - requested by wiz editors/emacs-nox11: security patch editors/emacs: security patch Revisions pulled up: - editors/emacs-nox11/Makefile 1.36 - editors/emacs/Makefile 1.146 - editors/emacs/distinfo 1.58 - editors/emacs/patches/patch-lisp_files.el 1.1 --- Module Name: pkgsrc Committed By: wiz Date: Mon Aug 13 06:53:07 UTC 2012 Modified Files: pkgsrc/editors/emacs: Makefile distinfo pkgsrc/editors/emacs-nox11: Makefile Added Files: pkgsrc/editors/emacs/patches: patch-lisp_files.el Log Message: Fix CVE-2012-3479: When the Emacs user option `enable-local-variables' is set to `:safe' (the default value is t), Emacs should automatically refuse to evaluate `eval' forms in file-local variable sections. Due to the bug, Emacs instead automatically evaluates such `eval' forms. Thus, if the user changes the value of `enable-local-variables' to `:safe', visiting a malicious file can cause automatic execution of arbitrary Emacs Lisp code with the permissions of the user. Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 --- editors/emacs-nox11/Makefile | 3 ++- editors/emacs/Makefile | 4 ++-- editors/emacs/distinfo | 3 ++- editors/emacs/patches/patch-lisp_files.el | 37 +++++++++++++++++++++++++++++++ 4 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 editors/emacs/patches/patch-lisp_files.el diff --git a/editors/emacs-nox11/Makefile b/editors/emacs-nox11/Makefile index 0e40ee785cf..8eb37f8e8b7 100644 --- a/editors/emacs-nox11/Makefile +++ b/editors/emacs-nox11/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.35 2012/02/20 01:22:32 obache Exp $ +# $NetBSD: Makefile,v 1.35.4.1 2012/08/13 13:07:44 tron Exp $ PKGNAME= ${DISTNAME:S/-/-nox11-/} +PKGREVISION= 1 CONFLICTS+= emacs-[0-9]* diff --git a/editors/emacs/Makefile b/editors/emacs/Makefile index 9392286da8e..ca1bb47f887 100644 --- a/editors/emacs/Makefile +++ b/editors/emacs/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.145 2012/06/14 07:44:37 sbd Exp $ +# $NetBSD: Makefile,v 1.145.2.1 2012/08/13 13:07:44 tron Exp $ CONFLICTS+= emacs-nox11-[0-9]* .include "../../editors/emacs/Makefile.common" -PKGREVISION= 3 +PKGREVISION= 4 .include "options.mk" diff --git a/editors/emacs/distinfo b/editors/emacs/distinfo index 03158c96150..7fce46b567b 100644 --- a/editors/emacs/distinfo +++ b/editors/emacs/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.57 2012/05/09 09:30:07 wiz Exp $ +$NetBSD: distinfo,v 1.57.2.1 2012/08/13 13:07:44 tron Exp $ SHA1 (emacs-23.4.tar.gz) = 0a78466fff52d1f43c0db0ea66651a0b13b7e473 RMD160 (emacs-23.4.tar.gz) = 5fb7e4cd4270a524b8723ad86a145a0e47336bf7 @@ -9,6 +9,7 @@ SHA1 (patch-ad) = e37f73048273801b8fd330d6897346b1f6e55fe9 SHA1 (patch-ae) = 116394051b3e2f4220ff5a3de3402923857940b9 SHA1 (patch-ag) = f462ad22762469360d90060afbc73e660e9f7db5 SHA1 (patch-bf) = 9ff58581e7b9c865397729169fadd3baecc4a1e3 +SHA1 (patch-lisp_files.el) = e10c6949029ca7933ea632693843a911b7e010c2 SHA1 (patch-src_config.in) = c1f7b608dc49da704571a71f96067a0ffac01df9 SHA1 (patch-src_m_amdx86-64.h) = 0928f4e80c456e5b94a74cfeb3589e411a134507 SHA1 (patch-src_xgselect.c) = 4a0b246eae2e43fc1e544210fc97c0170e3cffdc diff --git a/editors/emacs/patches/patch-lisp_files.el b/editors/emacs/patches/patch-lisp_files.el new file mode 100644 index 00000000000..5a4b13454a9 --- /dev/null +++ b/editors/emacs/patches/patch-lisp_files.el @@ -0,0 +1,37 @@ +$NetBSD: patch-lisp_files.el,v 1.1.2.2 2012/08/13 13:07:44 tron Exp $ + +CVE-2012-3479: +When the Emacs user option `enable-local-variables' is set to `:safe' +(the default value is t), Emacs should automatically refuse to evaluate +`eval' forms in file-local variable sections. Due to the bug, Emacs +instead automatically evaluates such `eval' forms. Thus, if the user +changes the value of `enable-local-variables' to `:safe', visiting a +malicious file can cause automatic execution of arbitrary Emacs Lisp +code with the permissions of the user. + +Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 + +--- lisp/files.el.orig 2012-01-11 12:35:01.000000000 +0000 ++++ lisp/files.el +@@ -2986,11 +2986,16 @@ DIR-NAME is a directory name if these se + ;; Obey `enable-local-eval'. + ((eq var 'eval) + (when enable-local-eval +- (push elt all-vars) +- (or (eq enable-local-eval t) +- (hack-one-local-variable-eval-safep (eval (quote val))) +- (safe-local-variable-p var val) +- (push elt unsafe-vars)))) ++ (let ((safe (or (hack-one-local-variable-eval-safep ++ (eval (quote val))) ++ ;; In case previously marked safe (bug#5636). ++ (safe-local-variable-p var val)))) ++ ;; If not safe and e-l-v = :safe, ignore totally. ++ (when (or safe (not (eq enable-local-variables :safe))) ++ (push elt all-vars) ++ (or (eq enable-local-eval t) ++ safe ++ (push elt unsafe-vars)))))) + ;; Ignore duplicates (except `mode') in the present list. + ((and (assq var all-vars) (not (eq var 'mode))) nil) + ;; Accept known-safe variables. -- cgit v1.2.3