import emacs-27.2-6.el9_1.1

2 years ago · e089fe3e65
parent 0dabc32087
commit e089fe3e65
2 changed files with 50 additions and 3 deletions
--- a/SOURCES/emacs-ob-latex-command-injection-vulnerability.patch
+++ b/SOURCES/emacs-ob-latex-command-injection-vulnerability.patch
@ -0,0 +1,43 @@
+From a8006ea580ed74f27f974d60b598143b04ad1741 Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Sat, 11 Mar 2023 18:53:37 +0800
+Subject: * lisp/org/ob-latex.el: Fix command injection vulnerability
+
+(org-babel-execute:latex):
+Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'.
+
+TINYCHANGE
+---
+ lisp/org/ob-latex.el | 13 +++++--------
+ 1 file changed, 5 insertions(+), 8 deletions(-)
+
+diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el
+index a2c24b3..ce39628 100644
+--- a/lisp/org/ob-latex.el
+++ b/lisp/org/ob-latex.el
+@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'."
+ 	    (if (string-suffix-p ".svg" out-file)
+ 		(progn
+ 		  (shell-command "pwd")
+-		  (shell-command (format "mv %s %s"
+-					 (concat (file-name-sans-extension tex-file) "-1.svg")
+-					 out-file)))
+                  (rename-file (concat (file-name-sans-extension tex-file) "-1.svg")
+                               out-file t))
+ 	      (error "SVG file produced but HTML file requested")))
+ 	   ((file-exists-p (concat (file-name-sans-extension tex-file) ".html"))
+ 	    (if (string-suffix-p ".html" out-file)
+-		(shell-command "mv %s %s"
+-			       (concat (file-name-sans-extension tex-file)
+-				       ".html")
+-			       out-file)
+-	      (error "HTML file produced but SVG file requested")))))
+                (rename-file (concat (file-name-sans-extension tex-file) ".html")
+                             out-file t)
+              (error "HTML file produced but SVG file requested")))))
+ 	 ((or (string= "pdf" extension) imagemagick)
+ 	  (with-temp-file tex-file
+ 	    (require 'ox-latex)
+-- 
+cgit v1.1
+
--- a/SPECS/emacs.spec
+++ b/SPECS/emacs.spec
@ -5,7 +5,7 @@ Summary:       GNU Emacs text editor
 Name:          emacs
 Epoch:         1
 Version:       27.2
-Release:       6%{?dist}
+Release:       6%{?dist}.1
 License:       GPLv3+ and CC0-1.0
 URL:           http://www.gnu.org/software/emacs/
 Source0:       https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz
@ -27,7 +27,7 @@ Source10:      %{name}.appdata.xml
 Patch1:        emacs-spellchecker.patch
 Patch2:        emacs-system-crypto-policies.patch
 Patch3:        emacs-glibc-2.34.patch
-
+Patch4:        emacs-ob-latex-command-injection-vulnerability.patch
 BuildRequires: gcc
 BuildRequires: atk-devel
 BuildRequires: cairo-devel
@ -190,6 +190,7 @@ Development header files for Emacs.
 %patch1 -p1 -b .spellchecker
 %patch2 -p1 -b .system-crypto-policies
 %patch3 -p1 -b .glibc2.34
+%patch4 -p1 -b .ob-latex-command-injection-vulnerability
 autoconf

 # We prefer our emacs.desktop file
@ -480,6 +481,9 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg
 %{_includedir}/emacs-module.h

 %changelog
+* Wed Apr 4 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-6.1
+- Fix ob-latex.el command injection vulnerability (#2180589)
+
 * Wed Sep 22 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-6
 - Adapt hardening options from _hardened_build macro (#2006856)

@ -496,7 +500,7 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg
 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:27.2-2
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

-* Thu Mar 27 2021 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.2-1
+* Sat Mar 27 2021 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.2-1
 - emacs-27.2 is available

 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:27.1-3