diff --git a/backport-0001-CVE-2023-28617.patch b/backport-0001-CVE-2023-28617.patch deleted file mode 100644 index 406672c..0000000 --- a/backport-0001-CVE-2023-28617.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 Mon Sep 17 00:00:00 2001 -From: Xi Lu -Date: Sat, 18 Feb 2023 18:03:28 +0800 -Subject: * lisp/ob-latex.el (org-babel-execute:latex): Fix command injection - vulnerability - -Link: https://orgmode.org/list/tencent_5C4D5D0DEFDDBBFC66F855703927E60C7706@qq.com - -TINYCHANGE - -Reference:https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 -Conflict:NA - ---- - lisp/org/ob-latex.el | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el -index 428907a..a0154bf 100644 ---- a/lisp/org/ob-latex.el -+++ b/lisp/org/ob-latex.el -@@ -180,7 +180,7 @@ This function is called by `org-babel-execute-src-block'." - tmp-pdf - (list org-babel-latex-pdf-svg-process) - extension err-msg log-buf))) -- (shell-command (format "mv %s %s" img-out out-file))))) -+ (rename-file img-out out-file t)))) - ((string-suffix-p ".tikz" out-file) - (when (file-exists-p out-file) (delete-file out-file)) - (with-temp-file out-file --- -cgit v1.1 diff --git a/backport-0002-CVE-2022-48337.patch b/backport-0002-CVE-2022-48337.patch deleted file mode 100644 index 5c3f2fb..0000000 --- a/backport-0002-CVE-2022-48337.patch +++ /dev/null @@ -1,25 +0,0 @@ -From c6ece14812f32a7f9f0d69497c886d178730a75f Mon Sep 17 00:00:00 2001 -From: Super User -Date: Mon, 25 Sep 2023 14:14:02 +0800 -Subject: [PATCH] backport 0002 CVE-2022-48337 - ---- - lib-src/etags.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib-src/etags.c b/lib-src/etags.c -index a6bd7f6..ea80ba6 100644 ---- a/lib-src/etags.c -+++ b/lib-src/etags.c -@@ -1714,6 +1714,8 @@ process_file_name (char *file, language *lang) - int buf_len = strlen (compr->command) + strlen (" > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1; - char *cmd = xmalloc (buf_len); - snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name); -+ free (new_real_name); -+ free (new_tmp_name); - #endif - inf = (system (cmd) == -1 - ? NULL --- -2.41.0 - diff --git a/backport-0002-CVE-2023-28617.patch b/backport-0002-CVE-2023-28617.patch deleted file mode 100644 index d175173..0000000 --- a/backport-0002-CVE-2023-28617.patch +++ /dev/null @@ -1,46 +0,0 @@ -From a8006ea580ed74f27f974d60b598143b04ad1741 Mon Sep 17 00:00:00 2001 -From: Xi Lu -Date: Sat, 11 Mar 2023 18:53:37 +0800 -Subject: * lisp/ob-latex.el: Fix command injection vulnerability - -(org-babel-execute:latex): -Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'. - -TINYCHANGE - -Reference:https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741 -Conflict:NA - ---- - lisp/org/ob-latex.el | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el -index a2c24b3..ce39628 100644 ---- a/lisp/org/ob-latex.el -+++ b/lisp/org/ob-latex.el -@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'." - (if (string-suffix-p ".svg" out-file) - (progn - (shell-command "pwd") -- (shell-command (format "mv %s %s" -- (concat (file-name-sans-extension tex-file) "-1.svg") -- out-file))) -+ (rename-file (concat (file-name-sans-extension tex-file) "-1.svg") -+ out-file t)) - (error "SVG file produced but HTML file requested"))) - ((file-exists-p (concat (file-name-sans-extension tex-file) ".html")) - (if (string-suffix-p ".html" out-file) -- (shell-command "mv %s %s" -- (concat (file-name-sans-extension tex-file) -- ".html") -- out-file) -- (error "HTML file produced but SVG file requested"))))) -+ (rename-file (concat (file-name-sans-extension tex-file) ".html") -+ out-file t) -+ (error "HTML file produced but SVG file requested"))))) - ((or (string= "pdf" extension) imagemagick) - (with-temp-file tex-file - (require 'ox-latex) --- -cgit v1.1 diff --git a/backport-CVE-2022-45939.patch b/backport-CVE-2022-45939.patch deleted file mode 100644 index 1287403..0000000 --- a/backport-CVE-2022-45939.patch +++ /dev/null @@ -1,272 +0,0 @@ -From d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 Mon Sep 17 00:00:00 2001 -From: lu4nx -Date: Fri, 25 Nov 2022 14:38:29 +0800 -Subject: Fixed ctags local command execute vulnerability - -* lib-src/etags.c: - -(clean_matched_file_tag): New function -(do_move_file): New function -(readline_internal): -Add `leave_cr` parameter, if true, include the \r character - -* test/manual/etags/CTAGS.good_crlf: New file -* test/manual/etags/CTAGS.good_update: New file -* test/manual/etags/crlf: New file -* test/manual/etags/Makefile: Add `ctags -u` test cases - -Conflict:Removed test case related code, so the patch is over 9000 lines, it's too big -Reference:https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 ---- - lib-src/etags.c | 149 +- - 1 files changed, 113 insertions(+), 36 deletions(-) - -diff --git a/lib-src/etags.c b/lib-src/etags.c -index 3107c7b..b6f51df 100644 ---- a/lib-src/etags.c -+++ b/lib-src/etags.c -@@ -375,7 +375,7 @@ static void just_read_file (FILE *); - - static language *get_language_from_langname (const char *); - static void readline (linebuffer *, FILE *); --static ptrdiff_t readline_internal (linebuffer *, FILE *, char const *); -+static ptrdiff_t readline_internal (linebuffer *, FILE *, char const *, const bool); - static bool nocase_tail (const char *); - static void get_tag (char *, char **); - static void get_lispy_tag (char *); -@@ -399,7 +399,9 @@ static void free_fdesc (fdesc *); - static void pfnote (char *, bool, char *, ptrdiff_t, intmax_t, intmax_t); - static void invalidate_nodes (fdesc *, node **); - static void put_entries (node *); -+static void clean_matched_file_tag (char const * const, char const * const); - -+static void do_move_file (const char *, const char *); - static char *concat (const char *, const char *, const char *); - static char *skip_spaces (char *); - static char *skip_non_spaces (char *); -@@ -1332,7 +1334,7 @@ main (int argc, char **argv) - if (parsing_stdin) - fatal ("cannot parse standard input " - "AND read file names from it"); -- while (readline_internal (&filename_lb, stdin, "-") > 0) -+ while (readline_internal (&filename_lb, stdin, "-", false) > 0) - process_file_name (filename_lb.buffer, lang); - } - else -@@ -1380,9 +1382,6 @@ main (int argc, char **argv) - /* From here on, we are in (CTAGS && !cxref_style) */ - if (update) - { -- char *cmd = -- xmalloc (strlen (tagfile) + whatlen_max + -- sizeof "mv..OTAGS;grep -Fv '\t\t' OTAGS >;rm OTAGS"); - for (i = 0; i < current_arg; ++i) - { - switch (argbuffer[i].arg_type) -@@ -1393,17 +1392,8 @@ main (int argc, char **argv) - default: - continue; /* the for loop */ - } -- char *z = stpcpy (cmd, "mv "); -- z = stpcpy (z, tagfile); -- z = stpcpy (z, " OTAGS;grep -Fv '\t"); -- z = stpcpy (z, argbuffer[i].what); -- z = stpcpy (z, "\t' OTAGS >"); -- z = stpcpy (z, tagfile); -- strcpy (z, ";rm OTAGS"); -- if (system (cmd) != EXIT_SUCCESS) -- fatal ("failed to execute shell command"); -+ clean_matched_file_tag (tagfile, argbuffer[i].what); - } -- free (cmd); - append_to_tagfile = true; - } - -@@ -1448,6 +1438,51 @@ main (int argc, char **argv) - return EXIT_SUCCESS; - } - -+/* -+ * Equivalent to: mv tags OTAGS;grep -Fv ' filename ' OTAGS >tags;rm OTAGS -+ */ -+static void -+clean_matched_file_tag (const char* tagfile, const char* match_file_name) -+{ -+ FILE *otags_f = fopen ("OTAGS", "wb"); -+ FILE *tag_f = fopen (tagfile, "rb"); -+ -+ if (otags_f == NULL) -+ pfatal ("OTAGS"); -+ -+ if (tag_f == NULL) -+ pfatal (tagfile); -+ -+ int buf_len = strlen (match_file_name) + sizeof ("\t\t ") + 1; -+ char *buf = xmalloc (buf_len); -+ snprintf (buf, buf_len, "\t%s\t", match_file_name); -+ -+ linebuffer line; -+ linebuffer_init (&line); -+ while (readline_internal (&line, tag_f, tagfile, true) > 0) -+ { -+ if (ferror (tag_f)) -+ pfatal (tagfile); -+ -+ if (strstr (line.buffer, buf) == NULL) -+ { -+ fprintf (otags_f, "%s\n", line.buffer); -+ if (ferror (tag_f)) -+ pfatal (tagfile); -+ } -+ } -+ free (buf); -+ free (line.buffer); -+ -+ if (fclose (otags_f) == EOF) -+ pfatal ("OTAGS"); -+ -+ if (fclose (tag_f) == EOF) -+ pfatal (tagfile); -+ -+ do_move_file ("OTAGS", tagfile); -+ return; -+} - - /* - * Return a compressor given the file name. If EXTPTR is non-zero, -@@ -1831,7 +1866,7 @@ find_entries (FILE *inf) - - /* Else look for sharp-bang as the first two characters. */ - if (parser == NULL -- && readline_internal (&lb, inf, infilename) > 0 -+ && readline_internal (&lb, inf, infilename, false) > 0 - && lb.len >= 2 - && lb.buffer[0] == '#' - && lb.buffer[1] == '!') -@@ -6878,7 +6913,7 @@ analyze_regex (char *regex_arg) - if (regexfp == NULL) - pfatal (regexfile); - linebuffer_init (®exbuf); -- while (readline_internal (®exbuf, regexfp, regexfile) > 0) -+ while (readline_internal (®exbuf, regexfp, regexfile, false) > 0) - analyze_regex (regexbuf.buffer); - free (regexbuf.buffer); - if (fclose (regexfp) != 0) -@@ -7226,11 +7261,13 @@ get_lispy_tag (register char *bp) - - /* - * Read a line of text from `stream' into `lbp', excluding the -- * newline or CR-NL, if any. Return the number of characters read from -- * `stream', which is the length of the line including the newline. -+ * newline or CR-NL (if `leave_cr` is false), if any. Return the -+ * number of characters read from `stream', which is the length -+ * of the line including the newline. - * -- * On DOS or Windows we do not count the CR character, if any before the -- * NL, in the returned length; this mirrors the behavior of Emacs on those -+ * On DOS or Windows, if `leave_cr` is false, we do not count the -+ * CR character, if any before the NL, in the returned length; -+ * this mirrors the behavior of Emacs on those - * platforms (for text files, it translates CR-NL to NL as it reads in the - * file). - * -@@ -7238,7 +7275,7 @@ get_lispy_tag (register char *bp) - * appended to `filebuf'. - */ - static ptrdiff_t --readline_internal (linebuffer *lbp, FILE *stream, char const *filename) -+readline_internal (linebuffer *lbp, FILE *stream, char const *filename, const bool leave_cr) - { - char *buffer = lbp->buffer; - char *p = lbp->buffer; -@@ -7268,19 +7305,19 @@ readline_internal (linebuffer *lbp, FILE *stream, char const *filename) - break; - } - if (c == '\n') -- { -- if (p > buffer && p[-1] == '\r') -- { -- p -= 1; -- chars_deleted = 2; -- } -- else -- { -- chars_deleted = 1; -- } -- *p = '\0'; -- break; -- } -+ { -+ if (!leave_cr && p > buffer && p[-1] == '\r') -+ { -+ p -= 1; -+ chars_deleted = 2; -+ } -+ else -+ { -+ chars_deleted = 1; -+ } -+ *p = '\0'; -+ break; -+ } - *p++ = c; - } - lbp->len = p - buffer; -@@ -7311,7 +7348,7 @@ static void - readline (linebuffer *lbp, FILE *stream) - { - linecharno = charno; /* update global char number of line start */ -- ptrdiff_t result = readline_internal (lbp, stream, infilename); -+ ptrdiff_t result = readline_internal (lbp, stream, infilename, false); - lineno += 1; /* increment global line number */ - charno += result; /* increment global char number */ - -@@ -7669,6 +7706,46 @@ etags_mktmp (void) - return templt; - } - -+static void -+do_move_file(const char *src_file, const char *dst_file) -+{ -+ if (rename (src_file, dst_file) == 0) -+ return; -+ -+ FILE *src_f = fopen (src_file, "rb"); -+ FILE *dst_f = fopen (dst_file, "wb"); -+ -+ if (src_f == NULL) -+ pfatal (src_file); -+ -+ if (dst_f == NULL) -+ pfatal (dst_file); -+ -+ int c; -+ while ((c = fgetc (src_f)) != EOF) -+ { -+ if (ferror (src_f)) -+ pfatal (src_file); -+ -+ if (ferror (dst_f)) -+ pfatal (dst_file); -+ -+ if (fputc (c, dst_f) == EOF) -+ pfatal ("cannot write"); -+ } -+ -+ if (fclose (src_f) == EOF) -+ pfatal (src_file); -+ -+ if (fclose (dst_f) == EOF) -+ pfatal (dst_file); -+ -+ if (unlink (src_file) == -1) -+ pfatal ("unlink error"); -+ -+ return; -+} -+ - /* Return a newly allocated string containing the file name of FILE - relative to the absolute directory DIR (which should end with a slash). */ - static char * --- -cgit v1.1 diff --git a/backport-CVE-2022-48337.patch b/backport-CVE-2022-48337.patch deleted file mode 100644 index 9e258be..0000000 --- a/backport-CVE-2022-48337.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 01a4035c869b91c153af9a9132c87adb7669ea1c Mon Sep 17 00:00:00 2001 -From: lu4nx -Date: Tue, 6 Dec 2022 15:42:40 +0800 -Subject: Fix etags local command injection vulnerability - -* lib-src/etags.c: (escape_shell_arg_string): New function. -(process_file_name): Use it to quote file names passed to the -shell. (Bug#59817) - -Reference:https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c -Conflict:NA ---- - lib-src/etags.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- - 1 file changed, 58 insertions(+), 5 deletions(-) - -diff --git a/lib-src/etags.c b/lib-src/etags.c -index d1d2085..ba0092c 100644 ---- a/lib-src/etags.c -+++ b/lib-src/etags.c -@@ -401,6 +401,7 @@ static void invalidate_nodes (fdesc *, node **); - static void put_entries (node *); - static void clean_matched_file_tag (char const * const, char const * const); - -+static char *escape_shell_arg_string (char *); - static void do_move_file (const char *, const char *); - static char *concat (const char *, const char *, const char *); - static char *skip_spaces (char *); -@@ -1713,13 +1714,16 @@ process_file_name (char *file, language *lang) - else - { - #if MSDOS || defined (DOS_NT) -- char *cmd1 = concat (compr->command, " \"", real_name); -- char *cmd = concat (cmd1, "\" > ", tmp_name); -+ int buf_len = strlen (compr->command) + strlen (" \"\" > \"\"") + strlen (real_name) + strlen (tmp_name) + 1; -+ char *cmd = xmalloc (buf_len); -+ snprintf (cmd, buf_len, "%s \"%s\" > \"%s\"", compr->command, real_name, tmp_name); - #else -- char *cmd1 = concat (compr->command, " '", real_name); -- char *cmd = concat (cmd1, "' > ", tmp_name); -+ char *new_real_name = escape_shell_arg_string (real_name); -+ char *new_tmp_name = escape_shell_arg_string (tmp_name); -+ int buf_len = strlen (compr->command) + strlen (" > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1; -+ char *cmd = xmalloc (buf_len); -+ snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name); - #endif -- free (cmd1); - inf = (system (cmd) == -1 - ? NULL - : fopen (tmp_name, "r" FOPEN_BINARY)); -@@ -7707,6 +7711,55 @@ etags_mktmp (void) - return templt; - } - -+/* -+ * Adds single quotes around a string, if found single quotes, escaped it. -+ * Return a newly-allocated string. -+ * -+ * For example: -+ * escape_shell_arg_string("test.txt") => 'test.txt' -+ * escape_shell_arg_string("'test.txt") => ''\''test.txt' -+ */ -+static char * -+escape_shell_arg_string (char *str) -+{ -+ char *p = str; -+ int need_space = 2; /* ' at begin and end */ -+ -+ while (*p != '\0') -+ { -+ if (*p == '\'') -+ need_space += 4; /* ' to '\'', length is 4 */ -+ else -+ need_space++; -+ -+ p++; -+ } -+ -+ char *new_str = xnew (need_space + 1, char); -+ new_str[0] = '\''; -+ new_str[need_space-1] = '\''; -+ -+ int i = 1; /* skip first byte */ -+ p = str; -+ while (*p != '\0') -+ { -+ new_str[i] = *p; -+ if (*p == '\'') -+ { -+ new_str[i+1] = '\\'; -+ new_str[i+2] = '\''; -+ new_str[i+3] = '\''; -+ i += 3; -+ } -+ -+ i++; -+ p++; -+ } -+ -+ new_str[need_space] = '\0'; -+ return new_str; -+} -+ - static void - do_move_file(const char *src_file, const char *dst_file) - { --- -cgit v1.1 diff --git a/backport-CVE-2022-48338.patch b/backport-CVE-2022-48338.patch deleted file mode 100644 index 934d36c..0000000 --- a/backport-CVE-2022-48338.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001 -From: Xi Lu -Date: Fri, 23 Dec 2022 12:52:48 +0800 -Subject: Fix ruby-mode.el local command injection vulnerability (bug#60268) - -* lisp/progmodes/ruby-mode.el -(ruby-find-library-file): Fix local command injection vulnerability. - -Reference:https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c -Conflict:NA ---- - lisp/progmodes/ruby-mode.el | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el -index 1f3e9b6..a4aa619 100644 ---- a/lisp/progmodes/ruby-mode.el -+++ b/lisp/progmodes/ruby-mode.el -@@ -1899,7 +1899,7 @@ or `gem' statement around point." - (setq feature-name (read-string "Feature name: " init)))) - (let ((out - (substring -- (shell-command-to-string (concat "gem which " feature-name)) -+ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name))) - 0 -1))) - (if (string-match-p "\\`ERROR" out) - (user-error "%s" out) --- -cgit v1.1 diff --git a/backport-CVE-2022-48339.patch b/backport-CVE-2022-48339.patch deleted file mode 100644 index eefe3c1..0000000 --- a/backport-CVE-2022-48339.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 1b4dc4691c1f87fc970fbe568b43869a15ad0d4c Mon Sep 17 00:00:00 2001 -From: Xi Lu -Date: Sat, 24 Dec 2022 16:28:54 +0800 -Subject: Fix htmlfontify.el command injection vulnerability. - -* lisp/htmlfontify.el (hfy-text-p): Fix command injection -vulnerability. (Bug#60295) - -Reference:https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c -Conflict:NA ---- - lisp/htmlfontify.el | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lisp/htmlfontify.el b/lisp/htmlfontify.el -index df4c6ab..389b929 100644 ---- a/lisp/htmlfontify.el -+++ b/lisp/htmlfontify.el -@@ -1850,7 +1850,7 @@ Hardly bombproof, but good enough in the context in which it is being used." - - (defun hfy-text-p (srcdir file) - "Is SRCDIR/FILE text? Use `hfy-istext-command' to determine this." -- (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir))) -+ (let* ((cmd (format hfy-istext-command (shell-quote-argument (expand-file-name file srcdir)))) - (rsp (shell-command-to-string cmd))) - (string-match "text" rsp))) - --- -cgit v1.1 diff --git a/backport-CVE-2023-27985.patch b/backport-CVE-2023-27985.patch deleted file mode 100644 index 4c6821e..0000000 --- a/backport-CVE-2023-27985.patch +++ /dev/null @@ -1,64 +0,0 @@ -From d32091199ae5de590a83f1542a01d75fba000467 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ulrich=20M=C3=BCller?= -Date: Mon, 19 Dec 2022 16:51:20 +0100 -Subject: Fix quoted argument in emacsclient-mail.desktop Exec key - -Apparently the emacsclient-mail.desktop file doesn't conform to the -Desktop Entry Specification at -https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables -which says about the Exec key: - -| Field codes must not be used inside a quoted argument, the result of -| field code expansion inside a quoted argument is undefined. - -However, the %u field code is used inside a quoted argument of the -Exec key in both the [Desktop Entry] and [Desktop Action new-window] -sections. -* etc/emacsclient-mail.desktop (Exec): The Desktop Entry -Specification does not allow field codes like %u inside a quoted -argument. Work around it by passing %u as first parameter ($1) -to the shell wrapper. -* etc/emacsclient.desktop (Exec): Use `sh` rather than `placeholder` -as the command name of the shell wrapper. (Bug#60204) ---- - etc/emacsclient-mail.desktop | 4 ++-- - etc/emacsclient.desktop | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/etc/emacsclient-mail.desktop b/etc/emacsclient-mail.desktop -index b575a41..91df122 100644 ---- a/etc/emacsclient-mail.desktop -+++ b/etc/emacsclient-mail.desktop -@@ -1,7 +1,7 @@ - [Desktop Entry] - Categories=Network;Email; - Comment=GNU Emacs is an extensible, customizable text editor - and more --Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\\\(message-mailto\\\\ \\\\\\"%u\\\\\\"\\\\)" -+Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u - Icon=emacs - Name=Emacs (Mail, Client) - MimeType=x-scheme-handler/mailto; -@@ -13,7 +13,7 @@ Actions=new-window;new-instance; - - [Desktop Action new-window] - Name=New Window --Exec=emacsclient --alternate-editor= --create-frame --eval "(message-mailto \\"%u\\")" -+Exec=sh -c "exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u - - [Desktop Action new-instance] - Name=New Instance -diff --git a/etc/emacsclient.desktop b/etc/emacsclient.desktop -index 1ecdecf..a9f840c7 100644 ---- a/etc/emacsclient.desktop -+++ b/etc/emacsclient.desktop -@@ -3,7 +3,7 @@ Name=Emacs (Client) - GenericName=Text Editor - Comment=Edit text - MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++; --Exec=sh -c "if [ -n \\"\\$*\\" ]; then exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" \\"\\$@\\"; else exec emacsclient --alternate-editor= --create-frame; fi" placeholder %F -+Exec=sh -c "if [ -n \\"\\$*\\" ]; then exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" \\"\\$@\\"; else exec emacsclient --alternate-editor= --create-frame; fi" sh %F - Icon=emacs - Type=Application - Terminal=false --- -cgit v1.1 diff --git a/backport-CVE-2023-27986.patch b/backport-CVE-2023-27986.patch deleted file mode 100644 index a711d51..0000000 --- a/backport-CVE-2023-27986.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ulrich=20M=C3=BCller?= -Date: Tue, 7 Mar 2023 18:25:37 +0100 -Subject: Fix Elisp code injection vulnerability in emacsclient-mail.desktop - -A crafted mailto URI could contain unescaped double-quote -characters, allowing injection of Elisp code. Therefore, any -'\' and '"' characters are replaced by '\\' and '\"', using Bash -pattern substitution (which is not available in the POSIX shell). - -We want to pass literal 'u=${1//\\/\\\\}; u=${u//\"/\\\"};' in the -bash -c command, but in the desktop entry '"', '$', and '\' must -be escaped as '\\"', '\\$', and '\\\\', respectively (backslashes -are expanded twice, see the Desktop Entry Specification). - -Reported by Gabriel Corona . - -* etc/emacsclient-mail.desktop (Exec): Escape backslash and -double-quote characters. ---- - etc/emacsclient-mail.desktop | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/etc/emacsclient-mail.desktop b/etc/emacsclient-mail.desktop -index 91df122..49c6f99 100644 ---- a/etc/emacsclient-mail.desktop -+++ b/etc/emacsclient-mail.desktop -@@ -1,7 +1,10 @@ - [Desktop Entry] - Categories=Network;Email; - Comment=GNU Emacs is an extensible, customizable text editor - and more --Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u -+# We want to pass the following commands to the shell wrapper: -+# u=${1//\\/\\\\}; u=${u//\"/\\\"}; exec emacsclient --alternate-editor= --display="$DISPLAY" --eval "(message-mailto \"$u\")" -+# Special chars '"', '$', and '\' must be escaped as '\\"', '\\$', and '\\\\'. -+Exec=bash -c "u=\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=\\${u//\\\\\\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u - Icon=emacs - Name=Emacs (Mail, Client) - MimeType=x-scheme-handler/mailto; -@@ -13,7 +16,7 @@ Actions=new-window;new-instance; - - [Desktop Action new-window] - Name=New Window --Exec=sh -c "exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u -+Exec=bash -c "u=\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=\\${u//\\\\\\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u - - [Desktop Action new-instance] - Name=New Instance --- -cgit v1.1 diff --git a/emacs-28.2.tar.xz b/emacs-29.1.tar.xz similarity index 75% rename from emacs-28.2.tar.xz rename to emacs-29.1.tar.xz index 2e0d408..9323da9 100644 Binary files a/emacs-28.2.tar.xz and b/emacs-29.1.tar.xz differ diff --git a/emacs.spec b/emacs.spec index b94db2f..003ae74 100644 --- a/emacs.spec +++ b/emacs.spec @@ -7,8 +7,8 @@ Name: emacs Epoch: 1 -Version: 28.2 -Release: 5 +Version: 29.1 +Release: 1 Summary: An extensible GNU text editor License: GPLv3+ and CC0-1.0 URL: http://www.gnu.org/software/emacs @@ -27,16 +27,6 @@ Patch6001: emacs-spellchecker.patch #https://src.fedoraproject.org/rpms/emacs/blob/rawhide/f/emacs-system-crypto-policies.patch Patch6002: emacs-system-crypto-policies.patch -Patch6003: backport-CVE-2022-45939.patch -Patch6004: backport-CVE-2022-48337.patch -Patch6005: backport-CVE-2022-48338.patch -Patch6006: backport-CVE-2022-48339.patch -Patch6007: backport-CVE-2023-27985.patch -Patch6008: backport-CVE-2023-27986.patch -Patch6009: backport-0001-CVE-2023-28617.patch -Patch6010: backport-0002-CVE-2023-28617.patch -Patch6011: backport-0002-CVE-2022-48337.patch - Patch9000: emacs-deal-taboo-words.patch BuildRequires: gcc atk-devel cairo-devel freetype-devel fontconfig-devel dbus-devel giflib-devel @@ -243,7 +233,7 @@ cd .. rm %{buildroot}%{_bindir}/emacs touch %{buildroot}%{_bindir}/emacs -rm %{buildroot}%{emacs_libexecdir}/emacs.pdmp +rm %{buildroot}%{emacs_libexecdir}/emacs-*.pdmp gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka*.el.gz @@ -420,6 +410,9 @@ fi %{_mandir}/*/* %changelog +* Tue Jan 23 2024 zhangpan - 1:29.1-1 +- update to 29.1 + * Mon Sep 25 2023 leeffo - 1:28.2-5 - fix CVE-2022-48337