packages/emacs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-28617

Browse Source
This commit is contained in:
zhangpan 2023-03-24 03:24:48 +00:00
parent 93bb1b3e09
commit bfbd7387f8
3 changed files with 84 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
backport-0001-CVE-2023-28617.patch Normal file
View File

@ -0,0 +1,32 @@
From 8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Sat, 18 Feb 2023 18:03:28 +0800
Subject: * lisp/ob-latex.el (org-babel-execute:latex): Fix command injection
vulnerability
Link: https://orgmode.org/list/tencent_5C4D5D0DEFDDBBFC66F855703927E60C7706@qq.com
TINYCHANGE
Reference:https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485
Conflict:NA
---
lisp/org/ob-latex.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el
index 428907a..a0154bf 100644
--- a/lisp/org/ob-latex.el
+++ b/lisp/org/ob-latex.el
@@ -180,7 +180,7 @@ This function is called by `org-babel-execute-src-block'."
tmp-pdf
(list org-babel-latex-pdf-svg-process)
extension err-msg log-buf)))
- (shell-command (format "mv %s %s" img-out out-file)))))
+ (rename-file img-out out-file t))))
((string-suffix-p ".tikz" out-file)
(when (file-exists-p out-file) (delete-file out-file))
(with-temp-file out-file
--
cgit v1.1

46
backport-0002-CVE-2023-28617.patch Normal file
View File

@ -0,0 +1,46 @@
From a8006ea580ed74f27f974d60b598143b04ad1741 Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Sat, 11 Mar 2023 18:53:37 +0800
Subject: * lisp/ob-latex.el: Fix command injection vulnerability
(org-babel-execute:latex):
Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'.
TINYCHANGE
Reference:https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741
Conflict:NA
---
lisp/org/ob-latex.el | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el
index a2c24b3..ce39628 100644
--- a/lisp/org/ob-latex.el
+++ b/lisp/org/ob-latex.el
@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'."
(if (string-suffix-p ".svg" out-file)
(progn
(shell-command "pwd")
- (shell-command (format "mv %s %s"
- (concat (file-name-sans-extension tex-file) "-1.svg")
- out-file)))
+ (rename-file (concat (file-name-sans-extension tex-file) "-1.svg")
+ out-file t))
(error "SVG file produced but HTML file requested")))
((file-exists-p (concat (file-name-sans-extension tex-file) ".html"))
(if (string-suffix-p ".html" out-file)
- (shell-command "mv %s %s"
- (concat (file-name-sans-extension tex-file)
- ".html")
- out-file)
- (error "HTML file produced but SVG file requested")))))
+ (rename-file (concat (file-name-sans-extension tex-file) ".html")
+ out-file t)
+ (error "HTML file produced but SVG file requested")))))
((or (string= "pdf" extension) imagemagick)
(with-temp-file tex-file
(require 'ox-latex)
--
cgit v1.1

7
emacs.spec
View File

@ -8,7 +8,7 @@
Name: emacs
Epoch: 1
Version: 28.2
Release: 3
Release: 4
Summary: An extensible GNU text editor
License: GPLv3+ and CC0-1.0
URL: http://www.gnu.org/software/emacs
@ -33,6 +33,8 @@ Patch6005: backport-CVE-2022-48338.patch
Patch6006: backport-CVE-2022-48339.patch
Patch6007: backport-CVE-2023-27985.patch
Patch6008: backport-CVE-2023-27986.patch
Patch6009: backport-0001-CVE-2023-28617.patch
Patch6010: backport-0002-CVE-2023-28617.patch
Patch9000: emacs-deal-taboo-words.patch
@ -417,6 +419,9 @@ fi
%{_mandir}/*/*
%changelog
* Fri Mar 24 2023 zhangpan <zhangpan103@h-partners.com> - 1:28.2-4
- fix CVE-2023-28617
* Wed Mar 15 2023 yanglongkang <yanglongkang@h-partners.com> - 1:28.2-3
- fix CVE-2023-27985 CVE-2023-27986