packages/emacs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!74 fix CVE-2023-27985 CVE-2023-27986

Browse Source 
From: @markeryang 
Reviewed-by: @renxichen, @t_feng 
Signed-off-by: @t_feng
This commit is contained in:
openeuler-ci-bot 2023-03-15 06:34:46 +00:00 committed by Gitee
commit 93bb1b3e09
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 121 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
backport-CVE-2023-27985.patch Normal file
View File

@ -0,0 +1,64 @@
From d32091199ae5de590a83f1542a01d75fba000467 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm@gentoo.org>
Date: Mon, 19 Dec 2022 16:51:20 +0100
Subject: Fix quoted argument in emacsclient-mail.desktop Exec key
Apparently the emacsclient-mail.desktop file doesn't conform to the
Desktop Entry Specification at
https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables
which says about the Exec key:
| Field codes must not be used inside a quoted argument, the result of
| field code expansion inside a quoted argument is undefined.
However, the %u field code is used inside a quoted argument of the
Exec key in both the [Desktop Entry] and [Desktop Action new-window]
sections.
* etc/emacsclient-mail.desktop (Exec): The Desktop Entry
Specification does not allow field codes like %u inside a quoted
argument. Work around it by passing %u as first parameter ($1)
to the shell wrapper.
* etc/emacsclient.desktop (Exec): Use `sh` rather than `placeholder`
as the command name of the shell wrapper. (Bug#60204)
---
etc/emacsclient-mail.desktop | 4 ++--
etc/emacsclient.desktop | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/etc/emacsclient-mail.desktop b/etc/emacsclient-mail.desktop
index b575a41..91df122 100644
--- a/etc/emacsclient-mail.desktop
+++ b/etc/emacsclient-mail.desktop
@@ -1,7 +1,7 @@
[Desktop Entry]
Categories=Network;Email;
Comment=GNU Emacs is an extensible, customizable text editor - and more
-Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\\\(message-mailto\\\\ \\\\\\"%u\\\\\\"\\\\)"
+Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
Icon=emacs
Name=Emacs (Mail, Client)
MimeType=x-scheme-handler/mailto;
@@ -13,7 +13,7 @@ Actions=new-window;new-instance;
[Desktop Action new-window]
Name=New Window
-Exec=emacsclient --alternate-editor= --create-frame --eval "(message-mailto \\"%u\\")"
+Exec=sh -c "exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
[Desktop Action new-instance]
Name=New Instance
diff --git a/etc/emacsclient.desktop b/etc/emacsclient.desktop
index 1ecdecf..a9f840c7 100644
--- a/etc/emacsclient.desktop
+++ b/etc/emacsclient.desktop
@@ -3,7 +3,7 @@ Name=Emacs (Client)
GenericName=Text Editor
Comment=Edit text
MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++;
-Exec=sh -c "if [ -n \\"\\$*\\" ]; then exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" \\"\\$@\\"; else exec emacsclient --alternate-editor= --create-frame; fi" placeholder %F
+Exec=sh -c "if [ -n \\"\\$*\\" ]; then exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" \\"\\$@\\"; else exec emacsclient --alternate-editor= --create-frame; fi" sh %F
Icon=emacs
Type=Application
Terminal=false
--
cgit v1.1

50
backport-CVE-2023-27986.patch Normal file
View File

@ -0,0 +1,50 @@
From 3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm@gentoo.org>
Date: Tue, 7 Mar 2023 18:25:37 +0100
Subject: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
A crafted mailto URI could contain unescaped double-quote
characters, allowing injection of Elisp code. Therefore, any
'\' and '"' characters are replaced by '\\' and '\"', using Bash
pattern substitution (which is not available in the POSIX shell).
We want to pass literal 'u=${1//\\/\\\\}; u=${u//\"/\\\"};' in the
bash -c command, but in the desktop entry '"', '$', and '\' must
be escaped as '\\"', '\\$', and '\\\\', respectively (backslashes
are expanded twice, see the Desktop Entry Specification).
Reported by Gabriel Corona <gabriel.corona@free.fr>.
* etc/emacsclient-mail.desktop (Exec): Escape backslash and
double-quote characters.
---
etc/emacsclient-mail.desktop | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/etc/emacsclient-mail.desktop b/etc/emacsclient-mail.desktop
index 91df122..49c6f99 100644
--- a/etc/emacsclient-mail.desktop
+++ b/etc/emacsclient-mail.desktop
@@ -1,7 +1,10 @@
[Desktop Entry]
Categories=Network;Email;
Comment=GNU Emacs is an extensible, customizable text editor - and more
-Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
+# We want to pass the following commands to the shell wrapper:
+# u=${1//\\/\\\\}; u=${u//\"/\\\"}; exec emacsclient --alternate-editor= --display="$DISPLAY" --eval "(message-mailto \"$u\")"
+# Special chars '"', '$', and '\' must be escaped as '\\"', '\\$', and '\\\\'.
+Exec=bash -c "u=\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=\\${u//\\\\\\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u
Icon=emacs
Name=Emacs (Mail, Client)
MimeType=x-scheme-handler/mailto;
@@ -13,7 +16,7 @@ Actions=new-window;new-instance;
[Desktop Action new-window]
Name=New Window
-Exec=sh -c "exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
+Exec=bash -c "u=\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=\\${u//\\\\\\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u
[Desktop Action new-instance]
Name=New Instance
--
cgit v1.1

8
emacs.spec
View File

@ -8,7 +8,7 @@
Name: emacs
Epoch: 1
Version: 28.2
Release: 2
Release: 3
Summary: An extensible GNU text editor
License: GPLv3+ and CC0-1.0
URL: http://www.gnu.org/software/emacs
@ -31,6 +31,9 @@ Patch6003: backport-CVE-2022-45939.patch
Patch6004: backport-CVE-2022-48337.patch
Patch6005: backport-CVE-2022-48338.patch
Patch6006: backport-CVE-2022-48339.patch
Patch6007: backport-CVE-2023-27985.patch
Patch6008: backport-CVE-2023-27986.patch
Patch9000: emacs-deal-taboo-words.patch
BuildRequires: gcc atk-devel cairo-devel freetype-devel fontconfig-devel dbus-devel giflib-devel
@ -414,6 +417,9 @@ fi
%{_mandir}/*/*
%changelog
* Wed Mar 15 2023 yanglongkang <yanglongkang@h-partners.com> - 1:28.2-3
- fix CVE-2023-27985 CVE-2023-27986
* Wed Feb 22 2023 zhangpan <zhangpan103@h-partners.com> - 1:28.2-2
- fix CVE-2022-48337 CVE-2022-48338 CVE-2022-48339