From 643deb13d2574f84dc08514d0c333fdb1a9709de Mon Sep 17 00:00:00 2001 From: wiz Date: Mon, 13 Aug 2012 06:38:50 +0000 Subject: Fix CVE-2012-3479: When the Emacs user option `enable-local-variables' is set to `:safe' (the default value is t), Emacs should automatically refuse to evaluate `eval' forms in file-local variable sections. Due to the bug, Emacs instead automatically evaluates such `eval' forms. Thus, if the user changes the value of `enable-local-variables' to `:safe', visiting a malicious file can cause automatic execution of arbitrary Emacs Lisp code with the permissions of the user. Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 Bump PKGREVISION. --- editors/emacs24/Makefile | 4 ++-- editors/emacs24/distinfo | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'editors/emacs24') diff --git a/editors/emacs24/Makefile b/editors/emacs24/Makefile index 9a78a38c763..7b7e1a11e47 100644 --- a/editors/emacs24/Makefile +++ b/editors/emacs24/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.3 2012/06/29 06:31:35 wiz Exp $ +# $NetBSD: Makefile,v 1.4 2012/08/13 06:38:50 wiz Exp $ CONFLICTS+= emacs-nox11-[0-9]* .include "../../editors/emacs24/Makefile.common" -PKGREVISION= 1 +PKGREVISION= 2 .include "options.mk" diff --git a/editors/emacs24/distinfo b/editors/emacs24/distinfo index 84e315dff9c..5db915eb100 100644 --- a/editors/emacs24/distinfo +++ b/editors/emacs24/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.3 2012/08/10 10:08:14 marino Exp $ +$NetBSD: distinfo,v 1.4 2012/08/13 06:38:50 wiz Exp $ SHA1 (emacs-24.1.tar.gz) = f064396724a27c83b79b2d890d188abebaa5975e RMD160 (emacs-24.1.tar.gz) = 0fed00042339f46b29449bd561d2f881d13d8d38 @@ -7,3 +7,4 @@ SHA1 (patch-aa) = dc41270debcdeba46056590ff99e72e79bd04729 SHA1 (patch-ab) = 3021afead5011aa864a2734eeb72136c36580fb2 SHA1 (patch-ad) = adc347ccd6edeb6e7ad96eeb98d6ee64176fb143 SHA1 (patch-ag) = 3e6ee4774189185af10eada9c935120491318313 +SHA1 (patch-lisp_files.el) = 9963e3b6485ae569818f64ab878c3eb46895333d -- cgit v1.2.3