rpms/xemacs-packages-extra/devel xemacs-packages-extra-20070427-CVE-2008-2142.patch, NONE, 1.1 xemacs-packages-extra.spec, 1.4, 1.5

[Ville Skytta (scop)]

Author: scop

Update of /cvs/pkgs/rpms/xemacs-packages-extra/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30561

Modified Files:
	xemacs-packages-extra.spec 
Added Files:
	xemacs-packages-extra-20070427-CVE-2008-2142.patch 
Log Message:
* Wed Jun 18 2008 Ville Skyttä <ville.skytta at iki.fi> - 20070427-2
- Apply upstream security fix for CVE-2008-2142 (#446069).


xemacs-packages-extra-20070427-CVE-2008-2142.patch:

--- NEW FILE xemacs-packages-extra-20070427-CVE-2008-2142.patch ---
Index: xemacs-packages/edit-utils/fast-lock.el
===================================================================
RCS file: /pack/xemacscvs/XEmacs/packages/xemacs-packages/edit-utils/fast-lock.el,v
retrieving revision 1.4
retrieving revision 1.6
diff -u -r1.4 -r1.6
--- xemacs-packages/edit-utils/fast-lock.el	7 Mar 2006 07:10:32 -0000	1.4
+++ xemacs-packages/edit-utils/fast-lock.el	18 Jun 2008 20:39:22 -0000	1.6
@@ -247,7 +247,7 @@
 
 ;; User Variables:
 
-(defcustom fast-lock-cache-directories '("." "~/.emacs-flc")
+(defcustom fast-lock-cache-directories '("~/.emacs-flc")
 ; - `internal', keep each file's Font Lock cache file in the same file.
 ; - `external', keep each file's Font Lock cache file in the same directory.
   "*Directories in which Font Lock cache files are saved and read.
@@ -265,9 +265,14 @@
  ((\"^/your/true/home/directory/\" . \".\") \"~/.emacs-flc\")
 
 would cause a file's current directory to be used if the file is under your
-home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'."
+home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'.
+This list should contain only trusted directories in order to avoid processing
+potentially malicious cache files."
   :type '(repeat (choice (cons regexp directory) directory))
   :group 'fast-lock)
+
+;;;###autoload
+(put 'fast-lock-cache-directories 'risky-local-variable t)
 
 (defcustom fast-lock-minimum-size (* 25 1024)
   "*Minimum size of a buffer for cached fontification.


Index: xemacs-packages-extra.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xemacs-packages-extra/devel/xemacs-packages-extra.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- xemacs-packages-extra.spec	18 May 2007 18:28:32 -0000	1.4
+++ xemacs-packages-extra.spec	18 Jun 2008 20:48:50 -0000	1.5
@@ -3,7 +3,7 @@
 
 Name:           xemacs-packages-extra
 Version:        20070427
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Collection of XEmacs lisp packages
 
 Group:          Applications/Editors
@@ -31,6 +31,7 @@
 Patch7:         %{name}-20070427-jp-locale-239394.patch
 Patch8:         %{name}-20060510-avoid-catch-error-65346.patch
 Patch9:         %{name}-20070427-rpmspec.patch
+Patch10:        %{name}-20070427-CVE-2008-2142.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildArch:      noarch
@@ -107,6 +108,8 @@
 %patch8 -p1
 # rpm-spec-mode improvements
 %patch9 -p0
+# CVE-2008-2142
+%patch10 -p0
 
 [ ! "%(%{xemver})" '<' "21.5" ] && x215="XEMACS_21_5=t" || x215=
 cat << EOF > make.sh
@@ -231,6 +234,9 @@
 
 
 %changelog
+* Wed Jun 18 2008 Ville Skyttä <ville.skytta at iki.fi> - 20070427-2
+- Apply upstream security fix for CVE-2008-2142 (#446069).
+
 * Fri May 18 2007 Ville Skyttä <ville.skytta at iki.fi> - 20070427-1
 - 2007-04-27 + upstream post-sumo rpm-spec-mode and locale (#239394) fixes.
 - Improve Japanese splash screen (#239394, Jens Petersen).