packages/emacs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!91 update to 29.1

Browse Source 
From: @zppzhangpan 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot 2024-02-06 07:45:49 +00:00 committed by Gitee
commit ae5d41fb37
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
11 changed files with 6 additions and 667 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
backport-0001-CVE-2023-28617.patch
View File

@ -1,32 +0,0 @@
From 8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Sat, 18 Feb 2023 18:03:28 +0800
Subject: * lisp/ob-latex.el (org-babel-execute:latex): Fix command injection
vulnerability
Link: https://orgmode.org/list/tencent_5C4D5D0DEFDDBBFC66F855703927E60C7706@qq.com
TINYCHANGE
Reference:https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485
Conflict:NA
---
lisp/org/ob-latex.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el
index 428907a..a0154bf 100644
--- a/lisp/org/ob-latex.el
+++ b/lisp/org/ob-latex.el
@@ -180,7 +180,7 @@ This function is called by `org-babel-execute-src-block'."
tmp-pdf
(list org-babel-latex-pdf-svg-process)
extension err-msg log-buf)))
- (shell-command (format "mv %s %s" img-out out-file)))))
+ (rename-file img-out out-file t))))
((string-suffix-p ".tikz" out-file)
(when (file-exists-p out-file) (delete-file out-file))
(with-temp-file out-file
--
cgit v1.1

25
backport-0002-CVE-2022-48337.patch
View File

@ -1,25 +0,0 @@
From c6ece14812f32a7f9f0d69497c886d178730a75f Mon Sep 17 00:00:00 2001
From: Super User <root@localhost.localdomain>
Date: Mon, 25 Sep 2023 14:14:02 +0800
Subject: [PATCH] backport 0002 CVE-2022-48337
---
lib-src/etags.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib-src/etags.c b/lib-src/etags.c
index a6bd7f6..ea80ba6 100644
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@@ -1714,6 +1714,8 @@ process_file_name (char *file, language *lang)
int buf_len = strlen (compr->command) + strlen (" > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1;
char *cmd = xmalloc (buf_len);
snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name);
+ free (new_real_name);
+ free (new_tmp_name);
#endif
inf = (system (cmd) == -1
? NULL
--
2.41.0

46
backport-0002-CVE-2023-28617.patch
View File

@ -1,46 +0,0 @@
From a8006ea580ed74f27f974d60b598143b04ad1741 Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Sat, 11 Mar 2023 18:53:37 +0800
Subject: * lisp/ob-latex.el: Fix command injection vulnerability
(org-babel-execute:latex):
Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'.
TINYCHANGE
Reference:https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741
Conflict:NA
---
lisp/org/ob-latex.el | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el
index a2c24b3..ce39628 100644
--- a/lisp/org/ob-latex.el
+++ b/lisp/org/ob-latex.el
@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'."
(if (string-suffix-p ".svg" out-file)
(progn
(shell-command "pwd")
- (shell-command (format "mv %s %s"
- (concat (file-name-sans-extension tex-file) "-1.svg")
- out-file)))
+ (rename-file (concat (file-name-sans-extension tex-file) "-1.svg")
+ out-file t))
(error "SVG file produced but HTML file requested")))
((file-exists-p (concat (file-name-sans-extension tex-file) ".html"))
(if (string-suffix-p ".html" out-file)
- (shell-command "mv %s %s"
- (concat (file-name-sans-extension tex-file)
- ".html")
- out-file)
- (error "HTML file produced but SVG file requested")))))
+ (rename-file (concat (file-name-sans-extension tex-file) ".html")
+ out-file t)
+ (error "HTML file produced but SVG file requested")))))
((or (string= "pdf" extension) imagemagick)
(with-temp-file tex-file
(require 'ox-latex)
--
cgit v1.1

272
backport-CVE-2022-45939.patch
View File

@ -1,272 +0,0 @@
From d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 Mon Sep 17 00:00:00 2001
From: lu4nx <lx@shellcodes.org>
Date: Fri, 25 Nov 2022 14:38:29 +0800
Subject: Fixed ctags local command execute vulnerability
* lib-src/etags.c:
(clean_matched_file_tag): New function
(do_move_file): New function
(readline_internal):
Add `leave_cr` parameter, if true, include the \r character
* test/manual/etags/CTAGS.good_crlf: New file
* test/manual/etags/CTAGS.good_update: New file
* test/manual/etags/crlf: New file
* test/manual/etags/Makefile: Add `ctags -u` test cases
Conflict:Removed test case related code, so the patch is over 9000 lines, it's too big
Reference:https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51
---
lib-src/etags.c | 149 +-
1 files changed, 113 insertions(+), 36 deletions(-)
diff --git a/lib-src/etags.c b/lib-src/etags.c
index 3107c7b..b6f51df 100644
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@@ -375,7 +375,7 @@ static void just_read_file (FILE *);
static language *get_language_from_langname (const char *);
static void readline (linebuffer *, FILE *);
-static ptrdiff_t readline_internal (linebuffer *, FILE *, char const *);
+static ptrdiff_t readline_internal (linebuffer *, FILE *, char const *, const bool);
static bool nocase_tail (const char *);
static void get_tag (char *, char **);
static void get_lispy_tag (char *);
@@ -399,7 +399,9 @@ static void free_fdesc (fdesc *);
static void pfnote (char *, bool, char *, ptrdiff_t, intmax_t, intmax_t);
static void invalidate_nodes (fdesc *, node **);
static void put_entries (node *);
+static void clean_matched_file_tag (char const * const, char const * const);
+static void do_move_file (const char *, const char *);
static char *concat (const char *, const char *, const char *);
static char *skip_spaces (char *);
static char *skip_non_spaces (char *);
@@ -1332,7 +1334,7 @@ main (int argc, char **argv)
if (parsing_stdin)
fatal ("cannot parse standard input "
"AND read file names from it");
- while (readline_internal (&filename_lb, stdin, "-") > 0)
+ while (readline_internal (&filename_lb, stdin, "-", false) > 0)
process_file_name (filename_lb.buffer, lang);
}
else
@@ -1380,9 +1382,6 @@ main (int argc, char **argv)
/* From here on, we are in (CTAGS && !cxref_style) */
if (update)
{
- char *cmd =
- xmalloc (strlen (tagfile) + whatlen_max +
- sizeof "mv..OTAGS;grep -Fv '\t\t' OTAGS >;rm OTAGS");
for (i = 0; i < current_arg; ++i)
{
switch (argbuffer[i].arg_type)
@@ -1393,17 +1392,8 @@ main (int argc, char **argv)
default:
continue; /* the for loop */
}
- char *z = stpcpy (cmd, "mv ");
- z = stpcpy (z, tagfile);
- z = stpcpy (z, " OTAGS;grep -Fv '\t");
- z = stpcpy (z, argbuffer[i].what);
- z = stpcpy (z, "\t' OTAGS >");
- z = stpcpy (z, tagfile);
- strcpy (z, ";rm OTAGS");
- if (system (cmd) != EXIT_SUCCESS)
- fatal ("failed to execute shell command");
+ clean_matched_file_tag (tagfile, argbuffer[i].what);
}
- free (cmd);
append_to_tagfile = true;
}
@@ -1448,6 +1438,51 @@ main (int argc, char **argv)
return EXIT_SUCCESS;
}
+/*
+ * Equivalent to: mv tags OTAGS;grep -Fv ' filename ' OTAGS >tags;rm OTAGS
+ */
+static void
+clean_matched_file_tag (const char* tagfile, const char* match_file_name)
+{
+ FILE *otags_f = fopen ("OTAGS", "wb");
+ FILE *tag_f = fopen (tagfile, "rb");
+
+ if (otags_f == NULL)
+ pfatal ("OTAGS");
+
+ if (tag_f == NULL)
+ pfatal (tagfile);
+
+ int buf_len = strlen (match_file_name) + sizeof ("\t\t ") + 1;
+ char *buf = xmalloc (buf_len);
+ snprintf (buf, buf_len, "\t%s\t", match_file_name);
+
+ linebuffer line;
+ linebuffer_init (&line);
+ while (readline_internal (&line, tag_f, tagfile, true) > 0)
+ {
+ if (ferror (tag_f))
+ pfatal (tagfile);
+
+ if (strstr (line.buffer, buf) == NULL)
+ {
+ fprintf (otags_f, "%s\n", line.buffer);
+ if (ferror (tag_f))
+ pfatal (tagfile);
+ }
+ }
+ free (buf);
+ free (line.buffer);
+
+ if (fclose (otags_f) == EOF)
+ pfatal ("OTAGS");
+
+ if (fclose (tag_f) == EOF)
+ pfatal (tagfile);
+
+ do_move_file ("OTAGS", tagfile);
+ return;
+}
/*
* Return a compressor given the file name. If EXTPTR is non-zero,
@@ -1831,7 +1866,7 @@ find_entries (FILE *inf)
/* Else look for sharp-bang as the first two characters. */
if (parser == NULL
- && readline_internal (&lb, inf, infilename) > 0
+ && readline_internal (&lb, inf, infilename, false) > 0
&& lb.len >= 2
&& lb.buffer[0] == '#'
&& lb.buffer[1] == '!')
@@ -6878,7 +6913,7 @@ analyze_regex (char *regex_arg)
if (regexfp == NULL)
pfatal (regexfile);
linebuffer_init (&regexbuf);
- while (readline_internal (&regexbuf, regexfp, regexfile) > 0)
+ while (readline_internal (&regexbuf, regexfp, regexfile, false) > 0)
analyze_regex (regexbuf.buffer);
free (regexbuf.buffer);
if (fclose (regexfp) != 0)
@@ -7226,11 +7261,13 @@ get_lispy_tag (register char *bp)
/*
* Read a line of text from `stream' into `lbp', excluding the
- * newline or CR-NL, if any. Return the number of characters read from
- * `stream', which is the length of the line including the newline.
+ * newline or CR-NL (if `leave_cr` is false), if any. Return the
+ * number of characters read from `stream', which is the length
+ * of the line including the newline.
*
- * On DOS or Windows we do not count the CR character, if any before the
- * NL, in the returned length; this mirrors the behavior of Emacs on those
+ * On DOS or Windows, if `leave_cr` is false, we do not count the
+ * CR character, if any before the NL, in the returned length;
+ * this mirrors the behavior of Emacs on those
* platforms (for text files, it translates CR-NL to NL as it reads in the
* file).
*
@@ -7238,7 +7275,7 @@ get_lispy_tag (register char *bp)
* appended to `filebuf'.
*/
static ptrdiff_t
-readline_internal (linebuffer *lbp, FILE *stream, char const *filename)
+readline_internal (linebuffer *lbp, FILE *stream, char const *filename, const bool leave_cr)
{
char *buffer = lbp->buffer;
char *p = lbp->buffer;
@@ -7268,19 +7305,19 @@ readline_internal (linebuffer *lbp, FILE *stream, char const *filename)
break;
}
if (c == '\n')
- {
- if (p > buffer && p[-1] == '\r')
- {
- p -= 1;
- chars_deleted = 2;
- }
- else
- {
- chars_deleted = 1;
- }
- *p = '\0';
- break;
- }
+ {
+ if (!leave_cr && p > buffer && p[-1] == '\r')
+ {
+ p -= 1;
+ chars_deleted = 2;
+ }
+ else
+ {
+ chars_deleted = 1;
+ }
+ *p = '\0';
+ break;
+ }
*p++ = c;
}
lbp->len = p - buffer;
@@ -7311,7 +7348,7 @@ static void
readline (linebuffer *lbp, FILE *stream)
{
linecharno = charno; /* update global char number of line start */
- ptrdiff_t result = readline_internal (lbp, stream, infilename);
+ ptrdiff_t result = readline_internal (lbp, stream, infilename, false);
lineno += 1; /* increment global line number */
charno += result; /* increment global char number */
@@ -7669,6 +7706,46 @@ etags_mktmp (void)
return templt;
}
+static void
+do_move_file(const char *src_file, const char *dst_file)
+{
+ if (rename (src_file, dst_file) == 0)
+ return;
+
+ FILE *src_f = fopen (src_file, "rb");
+ FILE *dst_f = fopen (dst_file, "wb");
+
+ if (src_f == NULL)
+ pfatal (src_file);
+
+ if (dst_f == NULL)
+ pfatal (dst_file);
+
+ int c;
+ while ((c = fgetc (src_f)) != EOF)
+ {
+ if (ferror (src_f))
+ pfatal (src_file);
+
+ if (ferror (dst_f))
+ pfatal (dst_file);
+
+ if (fputc (c, dst_f) == EOF)
+ pfatal ("cannot write");
+ }
+
+ if (fclose (src_f) == EOF)
+ pfatal (src_file);
+
+ if (fclose (dst_f) == EOF)
+ pfatal (dst_file);
+
+ if (unlink (src_file) == -1)
+ pfatal ("unlink error");
+
+ return;
+}
+
/* Return a newly allocated string containing the file name of FILE
relative to the absolute directory DIR (which should end with a slash). */
static char *
--
cgit v1.1

107
backport-CVE-2022-48337.patch
View File

@ -1,107 +0,0 @@
From 01a4035c869b91c153af9a9132c87adb7669ea1c Mon Sep 17 00:00:00 2001
From: lu4nx <lx@shellcodes.org>
Date: Tue, 6 Dec 2022 15:42:40 +0800
Subject: Fix etags local command injection vulnerability
* lib-src/etags.c: (escape_shell_arg_string): New function.
(process_file_name): Use it to quote file names passed to the
shell. (Bug#59817)
Reference:https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c
Conflict:NA
---
lib-src/etags.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 58 insertions(+), 5 deletions(-)
diff --git a/lib-src/etags.c b/lib-src/etags.c
index d1d2085..ba0092c 100644
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@@ -401,6 +401,7 @@ static void invalidate_nodes (fdesc *, node **);
static void put_entries (node *);
static void clean_matched_file_tag (char const * const, char const * const);
+static char *escape_shell_arg_string (char *);
static void do_move_file (const char *, const char *);
static char *concat (const char *, const char *, const char *);
static char *skip_spaces (char *);
@@ -1713,13 +1714,16 @@ process_file_name (char *file, language *lang)
else
{
#if MSDOS || defined (DOS_NT)
- char *cmd1 = concat (compr->command, " \"", real_name);
- char *cmd = concat (cmd1, "\" > ", tmp_name);
+ int buf_len = strlen (compr->command) + strlen (" \"\" > \"\"") + strlen (real_name) + strlen (tmp_name) + 1;
+ char *cmd = xmalloc (buf_len);
+ snprintf (cmd, buf_len, "%s \"%s\" > \"%s\"", compr->command, real_name, tmp_name);
#else
- char *cmd1 = concat (compr->command, " '", real_name);
- char *cmd = concat (cmd1, "' > ", tmp_name);
+ char *new_real_name = escape_shell_arg_string (real_name);
+ char *new_tmp_name = escape_shell_arg_string (tmp_name);
+ int buf_len = strlen (compr->command) + strlen (" > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1;
+ char *cmd = xmalloc (buf_len);
+ snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name);
#endif
- free (cmd1);
inf = (system (cmd) == -1
? NULL
: fopen (tmp_name, "r" FOPEN_BINARY));
@@ -7707,6 +7711,55 @@ etags_mktmp (void)
return templt;
}
+/*
+ * Adds single quotes around a string, if found single quotes, escaped it.
+ * Return a newly-allocated string.
+ *
+ * For example:
+ * escape_shell_arg_string("test.txt") => 'test.txt'
+ * escape_shell_arg_string("'test.txt") => ''\''test.txt'
+ */
+static char *
+escape_shell_arg_string (char *str)
+{
+ char *p = str;
+ int need_space = 2; /* ' at begin and end */
+
+ while (*p != '\0')
+ {
+ if (*p == '\'')
+ need_space += 4; /* ' to '\'', length is 4 */
+ else
+ need_space++;
+
+ p++;
+ }
+
+ char *new_str = xnew (need_space + 1, char);
+ new_str[0] = '\'';
+ new_str[need_space-1] = '\'';
+
+ int i = 1; /* skip first byte */
+ p = str;
+ while (*p != '\0')
+ {
+ new_str[i] = *p;
+ if (*p == '\'')
+ {
+ new_str[i+1] = '\\';
+ new_str[i+2] = '\'';
+ new_str[i+3] = '\'';
+ i += 3;
+ }
+
+ i++;
+ p++;
+ }
+
+ new_str[need_space] = '\0';
+ return new_str;
+}
+
static void
do_move_file(const char *src_file, const char *dst_file)
{
--
cgit v1.1

29
backport-CVE-2022-48338.patch
View File

@ -1,29 +0,0 @@
From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Fri, 23 Dec 2022 12:52:48 +0800
Subject: Fix ruby-mode.el local command injection vulnerability (bug#60268)
* lisp/progmodes/ruby-mode.el
(ruby-find-library-file): Fix local command injection vulnerability.
Reference:https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c
Conflict:NA
---
lisp/progmodes/ruby-mode.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el
index 1f3e9b6..a4aa619 100644
--- a/lisp/progmodes/ruby-mode.el
+++ b/lisp/progmodes/ruby-mode.el
@@ -1899,7 +1899,7 @@ or `gem' statement around point."
(setq feature-name (read-string "Feature name: " init))))
(let ((out
(substring
- (shell-command-to-string (concat "gem which " feature-name))
+ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
0 -1)))
(if (string-match-p "\\`ERROR" out)
(user-error "%s" out)
--
cgit v1.1

29
backport-CVE-2022-48339.patch
View File

@ -1,29 +0,0 @@
From 1b4dc4691c1f87fc970fbe568b43869a15ad0d4c Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Sat, 24 Dec 2022 16:28:54 +0800
Subject: Fix htmlfontify.el command injection vulnerability.
* lisp/htmlfontify.el (hfy-text-p): Fix command injection
vulnerability. (Bug#60295)
Reference:https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c
Conflict:NA
---
lisp/htmlfontify.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/htmlfontify.el b/lisp/htmlfontify.el
index df4c6ab..389b929 100644
--- a/lisp/htmlfontify.el
+++ b/lisp/htmlfontify.el
@@ -1850,7 +1850,7 @@ Hardly bombproof, but good enough in the context in which it is being used."
(defun hfy-text-p (srcdir file)
"Is SRCDIR/FILE text? Use `hfy-istext-command' to determine this."
- (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir)))
+ (let* ((cmd (format hfy-istext-command (shell-quote-argument (expand-file-name file srcdir))))
(rsp (shell-command-to-string cmd)))
(string-match "text" rsp)))
--
cgit v1.1

64
backport-CVE-2023-27985.patch
View File

@ -1,64 +0,0 @@
From d32091199ae5de590a83f1542a01d75fba000467 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm@gentoo.org>
Date: Mon, 19 Dec 2022 16:51:20 +0100
Subject: Fix quoted argument in emacsclient-mail.desktop Exec key
Apparently the emacsclient-mail.desktop file doesn't conform to the
Desktop Entry Specification at
https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables
which says about the Exec key:
| Field codes must not be used inside a quoted argument, the result of
| field code expansion inside a quoted argument is undefined.
However, the %u field code is used inside a quoted argument of the
Exec key in both the [Desktop Entry] and [Desktop Action new-window]
sections.
* etc/emacsclient-mail.desktop (Exec): The Desktop Entry
Specification does not allow field codes like %u inside a quoted
argument. Work around it by passing %u as first parameter ($1)
to the shell wrapper.
* etc/emacsclient.desktop (Exec): Use `sh` rather than `placeholder`
as the command name of the shell wrapper. (Bug#60204)
---
etc/emacsclient-mail.desktop | 4 ++--
etc/emacsclient.desktop | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/etc/emacsclient-mail.desktop b/etc/emacsclient-mail.desktop
index b575a41..91df122 100644
--- a/etc/emacsclient-mail.desktop
+++ b/etc/emacsclient-mail.desktop
@@ -1,7 +1,7 @@
[Desktop Entry]
Categories=Network;Email;
Comment=GNU Emacs is an extensible, customizable text editor - and more
-Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\\\(message-mailto\\\\ \\\\\\"%u\\\\\\"\\\\)"
+Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
Icon=emacs
Name=Emacs (Mail, Client)
MimeType=x-scheme-handler/mailto;
@@ -13,7 +13,7 @@ Actions=new-window;new-instance;
[Desktop Action new-window]
Name=New Window
-Exec=emacsclient --alternate-editor= --create-frame --eval "(message-mailto \\"%u\\")"
+Exec=sh -c "exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
[Desktop Action new-instance]
Name=New Instance
diff --git a/etc/emacsclient.desktop b/etc/emacsclient.desktop
index 1ecdecf..a9f840c7 100644
--- a/etc/emacsclient.desktop
+++ b/etc/emacsclient.desktop
@@ -3,7 +3,7 @@ Name=Emacs (Client)
GenericName=Text Editor
Comment=Edit text
MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++;
-Exec=sh -c "if [ -n \\"\\$*\\" ]; then exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" \\"\\$@\\"; else exec emacsclient --alternate-editor= --create-frame; fi" placeholder %F
+Exec=sh -c "if [ -n \\"\\$*\\" ]; then exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" \\"\\$@\\"; else exec emacsclient --alternate-editor= --create-frame; fi" sh %F
Icon=emacs
Type=Application
Terminal=false
--
cgit v1.1

50
backport-CVE-2023-27986.patch
View File

@ -1,50 +0,0 @@
From 3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm@gentoo.org>
Date: Tue, 7 Mar 2023 18:25:37 +0100
Subject: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
A crafted mailto URI could contain unescaped double-quote
characters, allowing injection of Elisp code. Therefore, any
'\' and '"' characters are replaced by '\\' and '\"', using Bash
pattern substitution (which is not available in the POSIX shell).
We want to pass literal 'u=${1//\\/\\\\}; u=${u//\"/\\\"};' in the
bash -c command, but in the desktop entry '"', '$', and '\' must
be escaped as '\\"', '\\$', and '\\\\', respectively (backslashes
are expanded twice, see the Desktop Entry Specification).
Reported by Gabriel Corona <gabriel.corona@free.fr>.
* etc/emacsclient-mail.desktop (Exec): Escape backslash and
double-quote characters.
---
etc/emacsclient-mail.desktop | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/etc/emacsclient-mail.desktop b/etc/emacsclient-mail.desktop
index 91df122..49c6f99 100644
--- a/etc/emacsclient-mail.desktop
+++ b/etc/emacsclient-mail.desktop
@@ -1,7 +1,10 @@
[Desktop Entry]
Categories=Network;Email;
Comment=GNU Emacs is an extensible, customizable text editor - and more
-Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
+# We want to pass the following commands to the shell wrapper:
+# u=${1//\\/\\\\}; u=${u//\"/\\\"}; exec emacsclient --alternate-editor= --display="$DISPLAY" --eval "(message-mailto \"$u\")"
+# Special chars '"', '$', and '\' must be escaped as '\\"', '\\$', and '\\\\'.
+Exec=bash -c "u=\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=\\${u//\\\\\\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u
Icon=emacs
Name=Emacs (Mail, Client)
MimeType=x-scheme-handler/mailto;
@@ -13,7 +16,7 @@ Actions=new-window;new-instance;
[Desktop Action new-window]
Name=New Window
-Exec=sh -c "exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
+Exec=bash -c "u=\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=\\${u//\\\\\\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u
[Desktop Action new-instance]
Name=New Instance
--
cgit v1.1

BIN
emacs-28.2.tar.xz → emacs-29.1.tar.xz
View File

Binary file not shown.

19
emacs.spec
View File

@ -7,8 +7,8 @@
Name: emacs
Epoch: 1
Version: 28.2
Release: 5
Version: 29.1
Release: 1
Summary: An extensible GNU text editor
License: GPLv3+ and CC0-1.0
URL: http://www.gnu.org/software/emacs
@ -27,16 +27,6 @@ Patch6001: emacs-spellchecker.patch
#https://src.fedoraproject.org/rpms/emacs/blob/rawhide/f/emacs-system-crypto-policies.patch
Patch6002: emacs-system-crypto-policies.patch
Patch6003: backport-CVE-2022-45939.patch
Patch6004: backport-CVE-2022-48337.patch
Patch6005: backport-CVE-2022-48338.patch
Patch6006: backport-CVE-2022-48339.patch
Patch6007: backport-CVE-2023-27985.patch
Patch6008: backport-CVE-2023-27986.patch
Patch6009: backport-0001-CVE-2023-28617.patch
Patch6010: backport-0002-CVE-2023-28617.patch
Patch6011: backport-0002-CVE-2022-48337.patch
Patch9000: emacs-deal-taboo-words.patch
BuildRequires: gcc atk-devel cairo-devel freetype-devel fontconfig-devel dbus-devel giflib-devel
@ -243,7 +233,7 @@ cd ..
rm %{buildroot}%{_bindir}/emacs
touch %{buildroot}%{_bindir}/emacs
rm %{buildroot}%{emacs_libexecdir}/emacs.pdmp
rm %{buildroot}%{emacs_libexecdir}/emacs-*.pdmp
gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka*.el.gz
@ -420,6 +410,9 @@ fi
%{_mandir}/*/*
%changelog
* Tue Jan 23 2024 zhangpan <zhangpan103@h-partners.com> - 1:29.1-1
- update to 29.1
* Mon Sep 25 2023 leeffo <liweiganga@uniontech.com> - 1:28.2-5
- fix CVE-2022-48337