diff --git a/.emacs.metadata b/.emacs.metadata index 3193782..d1fa856 100644 --- a/.emacs.metadata +++ b/.emacs.metadata @@ -1,2 +1 @@ 8d18e2bfb6e28cf060ce7587290954e9c582aa25 SOURCES/emacs-27.2.tar.xz -4898b4750740a0b711bb140a2fad512d80a991b0 SOURCES/gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg diff --git a/.gitignore b/.gitignore index 15d9ecd..6844156 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ SOURCES/emacs-27.2.tar.xz -SOURCES/gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg diff --git a/SOURCES/emacs-org-link-expand-abbrev-unsafe-elisp.patch b/SOURCES/emacs-org-link-expand-abbrev-unsafe-elisp.patch new file mode 100644 index 0000000..fffc2cc --- /dev/null +++ b/SOURCES/emacs-org-link-expand-abbrev-unsafe-elisp.patch @@ -0,0 +1,68 @@ +From f4cc61636947b5c2f0afc67174dd369fe3277aa8 Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 18 Jun 2024 13:06:44 +0200 +Subject: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code + +* lisp/org/ol.el (org-link-expand-abbrev): Refuse expanding %(...) link +abbrevs that specify unsafe function. Instead, display a warning, and +do not expand the abbrev. Clear all the text properties from the +returned link, to avoid any potential vulnerabilities caused by +properties that may contain arbitrary Elisp. +--- + lisp/org/ol.el | 40 +++++++++++++++++++++++++++++----------- + 1 file changed, 29 insertions(+), 11 deletions(-) + +diff --git a/lisp/org/ol.el b/lisp/org/ol.el +index 7a7f4f5..8a556c7 100644 +--- a/lisp/org/ol.el ++++ b/lisp/org/ol.el +@@ -1152,17 +1152,35 @@ Abbreviations are defined in `org-link-abbrev-alist'." + (if (not as) + link + (setq rpl (cdr as)) +- (cond +- ((symbolp rpl) (funcall rpl tag)) +- ((string-match "%(\\([^)]+\\))" rpl) +- (replace-match +- (save-match-data +- (funcall (intern-soft (match-string 1 rpl)) tag)) +- t t rpl)) +- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) +- ((string-match "%h" rpl) +- (replace-match (url-hexify-string (or tag "")) t t rpl)) +- (t (concat rpl tag))))))) ++ ;; Drop any potentially dangerous text properties like ++ ;; `modification-hooks' that may be used as an attack vector. ++ (substring-no-properties ++ (cond ++ ((symbolp rpl) (funcall rpl tag)) ++ ((string-match "%(\\([^)]+\\))" rpl) ++ (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl)))) ++ ;; Using `unsafep-function' is not quite enough because ++ ;; Emacs considers functions like `genenv' safe, while ++ ;; they can potentially be used to expose private system ++ ;; data to attacker if abbreviated link is clicked. ++ (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe)) ++ (eq t (get rpl-fun-symbol 'pure))) ++ (replace-match ++ (save-match-data ++ (funcall (intern-soft (match-string 1 rpl)) tag)) ++ t t rpl) ++ (org-display-warning ++ (format "Disabling unsafe link abbrev: %s ++You may mark function safe via (put '%s 'org-link-abbrev-safe t)" ++ rpl (match-string 1 rpl))) ++ (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local) ++ org-link-abbrev-alist (delete as org-link-abbrev-alist)) ++ link ++ ))) ++ ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) ++ ((string-match "%h" rpl) ++ (replace-match (url-hexify-string (or tag "")) t t rpl)) ++ (t (concat rpl tag)))))))) + + (defun org-link-open (link &optional arg) + "Open a link object LINK. +-- +cgit v1.1 + diff --git a/SOURCES/gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg b/SOURCES/gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg new file mode 100644 index 0000000..85ae139 --- /dev/null +++ b/SOURCES/gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBF+pf4UBCAC6vjkWLSAsQpe8YIGKLQzNOJx/IjGtCdFF8uzmO5jmME+SD8RO +uJN+t5KXVw58uzu75EFD0vHTY9e+udJ2gkpuy0NnzkFcbumdLLo2ERKCoSctZZRh +zKXI5z5cHxCqW0B2ygHRrRLtoNlGID7bAgcgSViT1ptGqTXO7zGVu4Airok7dNzc +PtHgns8GlR5YAFX0TvE6oGd0l2VPghNeVJKJOjrbfhoDxl3ucFpqbqMH8z9HTLDO +Fpz8UaYYUdJMi3xX6vwTZxI2sM2RRVLUpZyllAkSMI4lln1OOgazM/62DJUs/rKI +HKBnF6h3/qsJUjUYXaAHbrXY26mWllAd536lABEBAAG0I0VsaSBaYXJldHNraWkg +KGVsaXopIDxlbGl6QGdudS5vcmc+iQE4BBMBAgAiBQJfqX+FAhsDBgsJCAcDAgYV +CAIJCgsEFgIDAQIeAQIXgAAKCRCRwSYvAeuNOYUQB/4/iIKKOG45ijNaRoTvmJJZ +Mvj1S07WQxEm7c5SHEeEQbLOAxB9vESOV7sLueuN3oqEndtzyYt4x1WTSBmHFF7h +5fcCMjBs41siOIp5Sj/xD0Bvaa0IKGCRSZ7PAo8Mq3wgajXpTpn9vxE2PmtzA8Kd +EE0K1+f9pVAfOpUIcCl44rIxLUW352XG0y7iz6c/O6LB1deOKMiKFctKO7pBti1d +JEm1ImewLH3H8uTbwspLOs3EB8xhsESxmTidnze68HX2jt+2EeMgCdkiNU+LWbex +QZPfIS7+ZmE06ll0v6+Jy7ZdTkCCRypKWTnW7pIFsq/p4kybV8O/kHSV6B4vvQBf +uQENBF+pf4UBCACvFrdx/m22lgObypSmSS4TNlNvQnMUorrMmp0U32hv5adt6CKX +eMjk05F+GcIfVMrpxqMBn4sEUIXWhhogQJa9ZbWEP/HbS8XjMMbz0Q0Siaty9+DS +spK/9u2GWKsz3uQzLCexIJtzmXvjAVmvoMCAU/F2t038ggygjYLRgyLRNLgbbart +u2dMkvrfxRjheip60S4S3utOcwUf/qdoa1grNannCFluHr/ftXCeeuGB4H8iO0BX +WNby6NZPizxJttx9gdcH8/OmDOJkXyRMTT/3sSem76CSOjfXcz7saJlg680NQhG5 +TmuYERjJD4+U02K5RuqTsEnOuWeFy4p+/mslABEBAAGJAR8EGAECAAkFAl+pf4UC +GwwACgkQkcEmLwHrjTno7Af/a1XoLHxAUkS43nmF8iazn3ZnuwWKWLEAsNrxk56y +UxhUPRzNs0/fsABDQR1o0DyTqbScKOcOMSG2YMCctLiDd7FdfMWwkUsV9GUpPBiR +tD60Ewmn9sbNJKrEoZ5L6sqOUEslJRVABu5taOzVIRfeUPPaMRjvCcr0d+epKjW8 +1J9Aqj8SskuNkHwvHchTYFYVT22aemjjZ1MGOUm7QiybWQgYL6aSPV2gR+NQQ7pE +hOBoEi6GLEiBkoYOIXvmxsqQLBrUPbsJq8lItYEaw4HGt8BaPxtK2yZ9mSqC2xhW +Yr1j1YAIHffzubC0jxc5znXERsRANoJOwNUXmiddD7UM9A== +=g4R7 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/SPECS/emacs.spec b/SPECS/emacs.spec index 78e3d91..ef66ace 100644 --- a/SPECS/emacs.spec +++ b/SPECS/emacs.spec @@ -5,7 +5,7 @@ Summary: GNU Emacs text editor Name: emacs Epoch: 1 Version: 27.2 -Release: 8%{?dist}.1.inferit +Release: 10%{?dist}.inferit License: GPLv3+ and CC0-1.0 URL: http://www.gnu.org/software/emacs/ Source0: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz @@ -33,6 +33,8 @@ Patch6: emacs-etags-local-command-injection-vulnerability.patch Patch7: emacs-htmlfontify-command-injection-vulnerability.patch Patch8: emacs-ruby-mode-local-command-injection-vulnerability.patch Patch9: emacs-ob-latex-command-injection-vulnerability.patch +Patch10: emacs-org-link-expand-abbrev-unsafe-elisp.patch + BuildRequires: gcc BuildRequires: atk-devel BuildRequires: cairo-devel @@ -75,7 +77,6 @@ BuildRequires: jansson-devel BuildRequires: systemd-devel BuildRequires: gtk3-devel -BuildRequires: webkit2gtk3-devel BuildRequires: gnupg2 @@ -201,6 +202,7 @@ Development header files for Emacs. %patch7 -p1 -b .htmlfontify-command-injection-vulnerability %patch8 -p1 -b .ruby-mode-local-command-injection-vulnerability %patch9 -p1 -b .ob-latex-command-injection-vulnerability +%patch10 -p1 -b .org-link-expand-abbrev-unsafe-elisp autoconf # We prefer our emacs.desktop file @@ -253,7 +255,7 @@ ln -s ../configure . %configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \ --with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3 --with-gpm=no \ - --with-xwidgets --with-modules --with-harfbuzz --with-cairo --with-json + --with-modules --with-harfbuzz --with-cairo --with-json make bootstrap %{setarch} %make_build cd .. @@ -491,17 +493,24 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg %{_includedir}/emacs-module.h %changelog +* Tue Sep 10 2024 Sergey Cherevko - 1:27.2-10.inferit +- Update to 27.2-10 + +* Fri Aug 23 2024 Jacek Migacz - 1:27.2-10 +- org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331) +- Disable xwidgets (RHEL-33447) + * Thu Aug 10 2023 Sergey Cherevko - 1:27.2-8.1.inferit - Added Russian description for ArcMenu and gnome-software - Rebuilt for MSVSphere 9.2 -* Tue Apr 4 2023 Jacek Migacz - 1:27.2-8.1 -- Fix etags local command injection vulnerability (#2184369) -- Fix htmlfontify.el command injection vulnerability (#2184368) -- Fix ruby-mode.el local command injection vulnerability (#2184367) -- Fix ob-latex.el command injection vulnerability (#2184377) +* Sun Apr 02 2023 Jacek Migacz - 1:27.2-9 +- Fix etags local command injection vulnerability (#2175190) +- Fix htmlfontify.el command injection vulnerability (#2175179) +- Fix ruby-mode.el local command injection vulnerability (#2175142) +- Fix ob-latex.el command injection vulnerability (#2180590) -* Wed Mar 15 2023 MSVSphere Packaging Team - 27.2-6 +* Wed Mar 15 2023 MSVSphere Packaging Team - 1:27.2-8 - Rebuilt for MSVSphere 9.1. * Tue Jan 10 2023 Jacek Migacz - 1:27.2-8