http://bugs.gentoo.org/221197 CVE-2008-2142 --- emacs-21.4-orig/lisp/fast-lock.el 2001-07-15 18:15:34.000000000 +0200 +++ emacs-21.4/lisp/fast-lock.el 2008-05-12 22:43:07.000000000 +0200 @@ -278,7 +278,7 @@ (integer :tag "size"))))) :group 'fast-lock) -(defcustom fast-lock-cache-directories '("." "~/.emacs-flc") +(defcustom fast-lock-cache-directories '("~/.emacs-flc") ; - `internal', keep each file's Font Lock cache file in the same file. ; - `external', keep each file's Font Lock cache file in the same directory. "*Directories in which Font Lock cache files are saved and read. @@ -296,13 +296,18 @@ ((\"^/your/true/home/directory/\" . \".\") \"~/.emacs-flc\") would cause a file's current directory to be used if the file is under your -home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'." +home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'. +For security reasons, it is not advisable to use the file's current directory +to avoid the possibility of using the cache of another user." :type '(repeat (radio (directory :tag "directory") (cons :tag "Matching" (regexp :tag "regexp") (directory :tag "directory")))) :group 'fast-lock) +;;;###autoload +(put 'fast-lock-cache-directories 'risky-local-variable t) + (defcustom fast-lock-save-events '(kill-buffer kill-emacs) "*Events under which caches will be saved. Valid events are `save-buffer', `kill-buffer' and `kill-emacs'. --- emacs-21.4-orig/lisp/loaddefs.el 2003-03-18 15:36:18.000000000 +0100 +++ emacs-21.4/lisp/loaddefs.el 2008-05-12 22:47:58.000000000 +0200 @@ -6963,6 +6963,8 @@ ;;;;;; "fast-lock.el" (15611 31344)) ;;; Generated autoloads from fast-lock.el +(put (quote fast-lock-cache-directories) (quote risky-local-variable) t) + (autoload (quote fast-lock-mode) "fast-lock" "\ Toggle Fast Lock mode. With arg, turn Fast Lock mode on if and only if arg is positive and the buffer