* lisp/emacs-lisp/package.el (package-unpack): Security check
Check that we received the package we were offered.
This commit is contained in:
parent
cb5c26128f
commit
95a5c23f74
1 changed files with 4 additions and 1 deletions
|
@ -829,7 +829,10 @@ untar into a directory named DIR; otherwise, signal an error."
|
|||
(package--make-autoloads-and-stuff pkg-desc pkg-dir)
|
||||
;; Update package-alist.
|
||||
(let ((new-desc (package-load-descriptor pkg-dir)))
|
||||
;; FIXME: Check that `new-desc' matches `desc'!
|
||||
(unless (equal (package-desc-full-name new-desc)
|
||||
(package-desc-full-name pkg-desc))
|
||||
(error "The retrieved package (`%s') doesn't match what the archive offered (`%s')"
|
||||
(package-desc-full-name new-desc) (package-desc-full-name pkg-desc)))
|
||||
;; Activation has to be done before compilation, so that if we're
|
||||
;; upgrading and macros have changed we load the new definitions
|
||||
;; before compiling.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue