import emacs-27.2-6.el9_1.1

i9-test changed/i9c/emacs-27.2-6.el9_1.1
MSVSphere Packaging Team 2 years ago
parent edd1464c5c
commit e873855e71

@ -0,0 +1,43 @@
From a8006ea580ed74f27f974d60b598143b04ad1741 Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Sat, 11 Mar 2023 18:53:37 +0800
Subject: * lisp/org/ob-latex.el: Fix command injection vulnerability
(org-babel-execute:latex):
Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'.
TINYCHANGE
---
lisp/org/ob-latex.el | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el
index a2c24b3..ce39628 100644
--- a/lisp/org/ob-latex.el
+++ b/lisp/org/ob-latex.el
@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'."
(if (string-suffix-p ".svg" out-file)
(progn
(shell-command "pwd")
- (shell-command (format "mv %s %s"
- (concat (file-name-sans-extension tex-file) "-1.svg")
- out-file)))
+ (rename-file (concat (file-name-sans-extension tex-file) "-1.svg")
+ out-file t))
(error "SVG file produced but HTML file requested")))
((file-exists-p (concat (file-name-sans-extension tex-file) ".html"))
(if (string-suffix-p ".html" out-file)
- (shell-command "mv %s %s"
- (concat (file-name-sans-extension tex-file)
- ".html")
- out-file)
- (error "HTML file produced but SVG file requested")))))
+ (rename-file (concat (file-name-sans-extension tex-file) ".html")
+ out-file t)
+ (error "HTML file produced but SVG file requested")))))
((or (string= "pdf" extension) imagemagick)
(with-temp-file tex-file
(require 'ox-latex)
--
cgit v1.1

@ -5,7 +5,7 @@ Summary: GNU Emacs text editor
Name: emacs
Epoch: 1
Version: 27.2
Release: 6%{?dist}
Release: 6%{?dist}.1
License: GPLv3+ and CC0-1.0
URL: http://www.gnu.org/software/emacs/
Source0: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz
@ -27,7 +27,7 @@ Source10: %{name}.appdata.xml
Patch1: emacs-spellchecker.patch
Patch2: emacs-system-crypto-policies.patch
Patch3: emacs-glibc-2.34.patch
Patch4: emacs-ob-latex-command-injection-vulnerability.patch
BuildRequires: gcc
BuildRequires: atk-devel
BuildRequires: cairo-devel
@ -190,6 +190,7 @@ Development header files for Emacs.
%patch1 -p1 -b .spellchecker
%patch2 -p1 -b .system-crypto-policies
%patch3 -p1 -b .glibc2.34
%patch4 -p1 -b .ob-latex-command-injection-vulnerability
autoconf
# We prefer our emacs.desktop file
@ -480,6 +481,9 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg
%{_includedir}/emacs-module.h
%changelog
* Wed Apr 4 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-6.1
- Fix ob-latex.el command injection vulnerability (#2180589)
* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 27.2-6
- Rebuilt for MSVSphere 9.1.
@ -499,7 +503,7 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:27.2-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Mar 27 2021 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.2-1
* Sat Mar 27 2021 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.2-1
- emacs-27.2 is available
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:27.1-3

Loading…
Cancel
Save