Commit 1de76afe authored by Chong Yidong's avatar Chong Yidong
Browse files

* lisp/custom.el (custom-safe-themes): Use SHA-256 for hashing.

* doc/emacs/custom.texi (Custom Themes): Switched custom-safe-themes
to use SHA-256.
parent 6a43ef8e
2012-01-09 Chong Yidong <cyd@gnu.org>
* custom.texi (Custom Themes): Switched custom-safe-themes to use
SHA-256.
2012-01-07 Chong Yidong <cyd@gnu.org>
* display.texi (Useless Whitespace): Add Whitespace mode.
......
......@@ -598,7 +598,7 @@ the theme file and asks if you really want to load it. Because
loading a Custom theme can execute arbitrary Lisp code, you should
only say yes if you know that the theme is safe; in that case, Emacs
offers to remember in the future that the theme is safe (this is done
by saving the theme file's SHA1 hash to the variable
by saving the theme file's SHA-256 hash to the variable
@code{custom-safe-themes}; if you want to treat all themes as safe,
change its value to @code{t}). Themes that come with Emacs (in the
@file{etc/themes} directory) are exempt from this check, and are
......
......@@ -1105,7 +1105,7 @@ property `theme-feature' (which is usually a symbol created by
(defcustom custom-safe-themes '(default)
"Themes that are considered safe to load.
If the value is a list, each element should be either the `sha1'
If the value is a list, each element should be either the SHA-256
hash of a safe theme file, or the symbol `default', which stands
for any theme in the built-in Emacs theme directory (a directory
named \"themes\" in `data-directory').
......@@ -1161,7 +1161,7 @@ Return t if THEME was successfully loaded, nil otherwise."
(error "Unable to find theme file for `%s'" theme))
(with-temp-buffer
(insert-file-contents fn)
(setq hash (sha1 (current-buffer)))
(setq hash (secure-hash 'sha256 (current-buffer)))
;; Check file safety with `custom-safe-themes', prompting the
;; user if necessary.
(when (or no-confirm
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment