From e089fe3e65c96ce5230ad039cc685618dd4ec324 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 2 May 2023 07:04:52 +0000 Subject: [PATCH] import emacs-27.2-6.el9_1.1 --- ...atex-command-injection-vulnerability.patch | 43 +++++++++++++++++++ SPECS/emacs.spec | 10 +++-- 2 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 SOURCES/emacs-ob-latex-command-injection-vulnerability.patch diff --git a/SOURCES/emacs-ob-latex-command-injection-vulnerability.patch b/SOURCES/emacs-ob-latex-command-injection-vulnerability.patch new file mode 100644 index 0000000..275ada9 --- /dev/null +++ b/SOURCES/emacs-ob-latex-command-injection-vulnerability.patch @@ -0,0 +1,43 @@ +From a8006ea580ed74f27f974d60b598143b04ad1741 Mon Sep 17 00:00:00 2001 +From: Xi Lu +Date: Sat, 11 Mar 2023 18:53:37 +0800 +Subject: * lisp/org/ob-latex.el: Fix command injection vulnerability + +(org-babel-execute:latex): +Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'. + +TINYCHANGE +--- + lisp/org/ob-latex.el | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el +index a2c24b3..ce39628 100644 +--- a/lisp/org/ob-latex.el ++++ b/lisp/org/ob-latex.el +@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'." + (if (string-suffix-p ".svg" out-file) + (progn + (shell-command "pwd") +- (shell-command (format "mv %s %s" +- (concat (file-name-sans-extension tex-file) "-1.svg") +- out-file))) ++ (rename-file (concat (file-name-sans-extension tex-file) "-1.svg") ++ out-file t)) + (error "SVG file produced but HTML file requested"))) + ((file-exists-p (concat (file-name-sans-extension tex-file) ".html")) + (if (string-suffix-p ".html" out-file) +- (shell-command "mv %s %s" +- (concat (file-name-sans-extension tex-file) +- ".html") +- out-file) +- (error "HTML file produced but SVG file requested"))))) ++ (rename-file (concat (file-name-sans-extension tex-file) ".html") ++ out-file t) ++ (error "HTML file produced but SVG file requested"))))) + ((or (string= "pdf" extension) imagemagick) + (with-temp-file tex-file + (require 'ox-latex) +-- +cgit v1.1 + diff --git a/SPECS/emacs.spec b/SPECS/emacs.spec index 088ea9a..477c3d1 100644 --- a/SPECS/emacs.spec +++ b/SPECS/emacs.spec @@ -5,7 +5,7 @@ Summary: GNU Emacs text editor Name: emacs Epoch: 1 Version: 27.2 -Release: 6%{?dist} +Release: 6%{?dist}.1 License: GPLv3+ and CC0-1.0 URL: http://www.gnu.org/software/emacs/ Source0: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz @@ -27,7 +27,7 @@ Source10: %{name}.appdata.xml Patch1: emacs-spellchecker.patch Patch2: emacs-system-crypto-policies.patch Patch3: emacs-glibc-2.34.patch - +Patch4: emacs-ob-latex-command-injection-vulnerability.patch BuildRequires: gcc BuildRequires: atk-devel BuildRequires: cairo-devel @@ -190,6 +190,7 @@ Development header files for Emacs. %patch1 -p1 -b .spellchecker %patch2 -p1 -b .system-crypto-policies %patch3 -p1 -b .glibc2.34 +%patch4 -p1 -b .ob-latex-command-injection-vulnerability autoconf # We prefer our emacs.desktop file @@ -480,6 +481,9 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg %{_includedir}/emacs-module.h %changelog +* Wed Apr 4 2023 Jacek Migacz - 1:27.2-6.1 +- Fix ob-latex.el command injection vulnerability (#2180589) + * Wed Sep 22 2021 Jacek Migacz - 1:27.2-6 - Adapt hardening options from _hardened_build macro (#2006856) @@ -496,7 +500,7 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg * Thu Apr 15 2021 Mohan Boddu - 1:27.2-2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 -* Thu Mar 27 2021 Bhavin Gandhi - 1:27.2-1 +* Sat Mar 27 2021 Bhavin Gandhi - 1:27.2-1 - emacs-27.2 is available * Tue Jan 26 2021 Fedora Release Engineering - 1:27.1-3