* lisp/emacs-lisp/package.el (package-unpack): Security check

author Artur Malabarba <bruce.connor.am@gmail.com>

Sat, 12 Dec 2015 21:43:34 +0000 (21:43 +0000)

committer Artur Malabarba <bruce.connor.am@gmail.com>

Sat, 12 Dec 2015 21:43:34 +0000 (21:43 +0000)
author Artur Malabarba <bruce.connor.am@gmail.com>
Sat, 12 Dec 2015 21:43:34 +0000 (21:43 +0000)
committer Artur Malabarba <bruce.connor.am@gmail.com>
Sat, 12 Dec 2015 21:43:34 +0000 (21:43 +0000)
diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el

index 3cf94ec0255137790b87f4329922d0c8ed6b817d..f60bff4a477f9014cd8afcd316cb1fd32a683371 100644 (file)
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -829,7 +829,10 @@ untar into a directory named DIR; otherwise, signal an error."
      (package--make-autoloads-and-stuff pkg-desc pkg-dir)
      ;; Update package-alist.
      (let ((new-desc (package-load-descriptor pkg-dir)))
-      ;; FIXME: Check that `new-desc' matches `desc'!
+      (unless (equal (package-desc-full-name new-desc)
+                     (package-desc-full-name pkg-desc))
+        (error "The retrieved package (`%s') doesn't match what the archive offered (`%s')"
+               (package-desc-full-name new-desc) (package-desc-full-name pkg-desc)))
        ;; Activation has to be done before compilation, so that if we're
        ;; upgrading and macros have changed we load the new definitions
        ;; before compiling.
author	Artur Malabarba <bruce.connor.am@gmail.com>
	Sat, 12 Dec 2015 21:43:34 +0000 (21:43 +0000)
committer	Artur Malabarba <bruce.connor.am@gmail.com>
	Sat, 12 Dec 2015 21:43:34 +0000 (21:43 +0000)