Hello community, here is the log from the commit of package emacs checked in at Tue Nov 6 00:12:46 CET 2007. -------- --- emacs/emacs.changes 2007-09-08 10:24:53.000000000 +0200 +++ /mounts/work_src_done/STABLE/emacs/emacs.changes 2007-11-05 13:56:15.574279000 +0100 @@ -1,0 +2,5 @@ +Mon Nov 5 13:43:09 CET 2007 - werner@suse.de + +- Fix insufficient safe mode checks (bug #339033, CVE-2007-5795) + +------------------------------------------------------------------- New: ---- emacs-22.1-CVE-2007-5795.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ emacs.spec ++++++ --- /var/tmp/diff_new_pack.y31843/_old 2007-11-06 00:08:59.000000000 +0100 +++ /var/tmp/diff_new_pack.y31843/_new 2007-11-06 00:08:59.000000000 +0100 @@ -20,7 +20,7 @@ Provides: ge_site ge_exec emacs-url Mule-UCS emacs-calc erc AutoReqProv: on Version: 22.1 -Release: 41 +Release: 56 BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: GNU Emacs Base Package Source: emacs-22.1.tar.bz2 @@ -44,6 +44,7 @@ Patch12: emacs-22.0.99-x11r7.patch Patch13: emacs-22.0.99-s390x.dif Patch14: emacs-22.1-conf.diff +Patch15: emacs-22.1-CVE-2007-5795.dif %{expand: %%global _exec_prefix %(type -p pkg-config &>/dev/null && pkg-config --variable prefix x11 || echo /usr/X11R6)} %if "%_exec_prefix" == "/usr/X11R6" %define _x11lib %{_exec_prefix}/%{_lib} @@ -212,6 +213,7 @@ %patch12 -p0 -b .x11r7 %patch13 -p0 -b .s390x %patch14 +%patch15 -p0 -b .CVE20075795 %patch if test ! -e $HOME/.mh_profile && type -p install-mh > /dev/null 2>&1; then install-mh -auto < /dev/null @@ -383,6 +385,7 @@ rm -vf %{buildroot}/usr/share/emacs/%{version}/lisp/ldefs-boot.el.psbdf rm -vf %{buildroot}/usr/share/emacs/%{version}/lisp/ps-mule.el.psmu rm -vf %{buildroot}/usr/share/emacs/%{version}/lisp/textmodes/ispell.el.psmu +rm -vf %{buildroot}/usr/share/emacs/%{version}/lisp/files.el.CVE20075795 unelc %{buildroot}/usr/share/emacs/%{version}/lisp/bindings.elc unelc %{buildroot}/usr/share/emacs/%{version}/lisp/cus-start.elc unelc %{buildroot}/usr/share/emacs/%{version}/lisp/generic-x.elc @@ -3186,6 +3189,8 @@ /usr/share/emacs/%{version}/lisp/xml.el.gz /usr/share/emacs/%{version}/lisp/xt-mouse.el.gz %changelog +* Mon Nov 05 2007 - werner@suse.de +- Fix insufficient safe mode checks (bug #339033, CVE-2007-5795) * Fri Sep 07 2007 - schwab@suse.de - Remove obsolete xterm.el. * Mon Jul 23 2007 - aj@suse.de ++++++ emacs-22.1-CVE-2007-5795.dif ++++++ --- lisp/files.el +++ lisp/files.el 2007-11-05 12:27:44.225166531 +0100 @@ -2736,8 +2736,8 @@ is specified, returning t if it is speci ;; If caller wants only the safe variables, ;; install only them. (dolist (elt result) - (unless (or (memq (car elt) unsafe-vars) - (memq (car elt) risky-vars)) + (unless (or (member elt unsafe-vars) + (member elt risky-vars)) (hack-one-local-variable (car elt) (cdr elt)))) ;; Query, except in the case where all are known safe ;; if the user wants no quuery in that case. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org