File bugzilla-389154-fast-lock.patch of Package xemacs-packages

CVE-2008-2142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2142
http://thread.gmane.org/gmane.emacs.devel/96903
http://article.gmane.org/gmane.emacs.devel/97038
http://article.gmane.org/gmane.emacs.devel/97074

--- packages.orig/xemacs-packages/edit-utils/fast-lock.el	2006-06-28 17:26:22.000000000 +0200
+++ packages/xemacs-packages/edit-utils/fast-lock.el	2008-05-13 16:18:29.000000000 +0200
@@ -247,7 +247,7 @@
 
 ;; User Variables:
 
-(defcustom fast-lock-cache-directories '("." "~/.emacs-flc")
+(defcustom fast-lock-cache-directories '("~/.emacs-flc")
 ; - `internal', keep each file's Font Lock cache file in the same file.
 ; - `external', keep each file's Font Lock cache file in the same directory.
   "*Directories in which Font Lock cache files are saved and read.
@@ -265,10 +265,15 @@
  ((\"^/your/true/home/directory/\" . \".\") \"~/.emacs-flc\")
 
 would cause a file's current directory to be used if the file is under your
-home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'."
+home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'.
+For security reasons, it is not advisable to use the file's current directory
+to avoid the possibility of using the cache of another user."
   :type '(repeat (choice (cons regexp directory) directory))
   :group 'fast-lock)
 
+;;;###autoload
+(put 'fast-lock-cache-directories 'risky-local-variable t)
+
 (defcustom fast-lock-minimum-size (* 25 1024)
   "*Minimum size of a buffer for cached fontification.
 Only buffers more than this can have associated Font Lock cache files saved.