Merge branch 'i9c' with version 27.2-10 into 'i9'

import emacs-27.2-10.el9_4
import emacs-27.2-9.el9
5 changed files with 115 additions and 11 deletions
--- a/.emacs.metadata
+++ b/.emacs.metadata
@ -1,2 +1 @@
 8d18e2bfb6e28cf060ce7587290954e9c582aa25 SOURCES/emacs-27.2.tar.xz
-4898b4750740a0b711bb140a2fad512d80a991b0 SOURCES/gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1 @@
 SOURCES/emacs-27.2.tar.xz
-SOURCES/gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
--- a/SOURCES/emacs-org-link-expand-abbrev-unsafe-elisp.patch
+++ b/SOURCES/emacs-org-link-expand-abbrev-unsafe-elisp.patch
@ -0,0 +1,68 @@
+From f4cc61636947b5c2f0afc67174dd369fe3277aa8 Mon Sep 17 00:00:00 2001
+From: Ihor Radchenko <yantar92@posteo.net>
+Date: Tue, 18 Jun 2024 13:06:44 +0200
+Subject: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
+
+* lisp/org/ol.el (org-link-expand-abbrev): Refuse expanding %(...) link
+abbrevs that specify unsafe function.  Instead, display a warning, and
+do not expand the abbrev.  Clear all the text properties from the
+returned link, to avoid any potential vulnerabilities caused by
+properties that may contain arbitrary Elisp.
+---
+ lisp/org/ol.el | 40 +++++++++++++++++++++++++++++-----------
+ 1 file changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/lisp/org/ol.el b/lisp/org/ol.el
+index 7a7f4f5..8a556c7 100644
+--- a/lisp/org/ol.el
+++ b/lisp/org/ol.el
+@@ -1152,17 +1152,35 @@ Abbreviations are defined in `org-link-abbrev-alist'."
+       (if (not as)
+ 	  link
+ 	(setq rpl (cdr as))
+-	(cond
+-	 ((symbolp rpl) (funcall rpl tag))
+-	 ((string-match "%(\\([^)]+\\))" rpl)
+-	  (replace-match
+-	   (save-match-data
+-	     (funcall (intern-soft (match-string 1 rpl)) tag))
+-	   t t rpl))
+-	 ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
+-	 ((string-match "%h" rpl)
+-	  (replace-match (url-hexify-string (or tag "")) t t rpl))
+-	 (t (concat rpl tag)))))))
+        ;; Drop any potentially dangerous text properties like
+        ;; `modification-hooks' that may be used as an attack vector.
+        (substring-no-properties
+	 (cond
+	  ((symbolp rpl) (funcall rpl tag))
+	  ((string-match "%(\\([^)]+\\))" rpl)
+           (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl))))
+             ;; Using `unsafep-function' is not quite enough because
+             ;; Emacs considers functions like `genenv' safe, while
+             ;; they can potentially be used to expose private system
+             ;; data to attacker if abbreviated link is clicked.
+             (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe))
+                     (eq t (get rpl-fun-symbol 'pure)))
+                 (replace-match
+	          (save-match-data
+	            (funcall (intern-soft (match-string 1 rpl)) tag))
+	          t t rpl)
+               (org-display-warning
+                (format "Disabling unsafe link abbrev: %s
+You may mark function safe via (put '%s 'org-link-abbrev-safe t)"
+                        rpl (match-string 1 rpl)))
+               (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local)
+                     org-link-abbrev-alist (delete as org-link-abbrev-alist))
+               link
+	       )))
+	  ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
+	  ((string-match "%h" rpl)
+	   (replace-match (url-hexify-string (or tag "")) t t rpl))
+	  (t (concat rpl tag))))))))
+ 
+ (defun org-link-open (link &optional arg)
+   "Open a link object LINK.
+-- 
+cgit v1.1
+
--- a/SOURCES/gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
+++ b/SOURCES/gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBF+pf4UBCAC6vjkWLSAsQpe8YIGKLQzNOJx/IjGtCdFF8uzmO5jmME+SD8RO
+uJN+t5KXVw58uzu75EFD0vHTY9e+udJ2gkpuy0NnzkFcbumdLLo2ERKCoSctZZRh
+zKXI5z5cHxCqW0B2ygHRrRLtoNlGID7bAgcgSViT1ptGqTXO7zGVu4Airok7dNzc
+PtHgns8GlR5YAFX0TvE6oGd0l2VPghNeVJKJOjrbfhoDxl3ucFpqbqMH8z9HTLDO
+Fpz8UaYYUdJMi3xX6vwTZxI2sM2RRVLUpZyllAkSMI4lln1OOgazM/62DJUs/rKI
+HKBnF6h3/qsJUjUYXaAHbrXY26mWllAd536lABEBAAG0I0VsaSBaYXJldHNraWkg
+KGVsaXopIDxlbGl6QGdudS5vcmc+iQE4BBMBAgAiBQJfqX+FAhsDBgsJCAcDAgYV
+CAIJCgsEFgIDAQIeAQIXgAAKCRCRwSYvAeuNOYUQB/4/iIKKOG45ijNaRoTvmJJZ
+Mvj1S07WQxEm7c5SHEeEQbLOAxB9vESOV7sLueuN3oqEndtzyYt4x1WTSBmHFF7h
+5fcCMjBs41siOIp5Sj/xD0Bvaa0IKGCRSZ7PAo8Mq3wgajXpTpn9vxE2PmtzA8Kd
+EE0K1+f9pVAfOpUIcCl44rIxLUW352XG0y7iz6c/O6LB1deOKMiKFctKO7pBti1d
+JEm1ImewLH3H8uTbwspLOs3EB8xhsESxmTidnze68HX2jt+2EeMgCdkiNU+LWbex
+QZPfIS7+ZmE06ll0v6+Jy7ZdTkCCRypKWTnW7pIFsq/p4kybV8O/kHSV6B4vvQBf
+uQENBF+pf4UBCACvFrdx/m22lgObypSmSS4TNlNvQnMUorrMmp0U32hv5adt6CKX
+eMjk05F+GcIfVMrpxqMBn4sEUIXWhhogQJa9ZbWEP/HbS8XjMMbz0Q0Siaty9+DS
+spK/9u2GWKsz3uQzLCexIJtzmXvjAVmvoMCAU/F2t038ggygjYLRgyLRNLgbbart
+u2dMkvrfxRjheip60S4S3utOcwUf/qdoa1grNannCFluHr/ftXCeeuGB4H8iO0BX
+WNby6NZPizxJttx9gdcH8/OmDOJkXyRMTT/3sSem76CSOjfXcz7saJlg680NQhG5
+TmuYERjJD4+U02K5RuqTsEnOuWeFy4p+/mslABEBAAGJAR8EGAECAAkFAl+pf4UC
+GwwACgkQkcEmLwHrjTno7Af/a1XoLHxAUkS43nmF8iazn3ZnuwWKWLEAsNrxk56y
+UxhUPRzNs0/fsABDQR1o0DyTqbScKOcOMSG2YMCctLiDd7FdfMWwkUsV9GUpPBiR
+tD60Ewmn9sbNJKrEoZ5L6sqOUEslJRVABu5taOzVIRfeUPPaMRjvCcr0d+epKjW8
+1J9Aqj8SskuNkHwvHchTYFYVT22aemjjZ1MGOUm7QiybWQgYL6aSPV2gR+NQQ7pE
+hOBoEi6GLEiBkoYOIXvmxsqQLBrUPbsJq8lItYEaw4HGt8BaPxtK2yZ9mSqC2xhW
+Yr1j1YAIHffzubC0jxc5znXERsRANoJOwNUXmiddD7UM9A==
+=g4R7
+-----END PGP PUBLIC KEY BLOCK-----
--- a/SPECS/emacs.spec
+++ b/SPECS/emacs.spec
@ -5,7 +5,7 @@ Summary:       GNU Emacs text editor
 Name:          emacs
 Epoch:         1
 Version:       27.2
-Release:       8%{?dist}.1.inferit
+Release:       10%{?dist}.inferit
 License:       GPLv3+ and CC0-1.0
 URL:           http://www.gnu.org/software/emacs/
 Source0:       https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz
@ -33,6 +33,8 @@ Patch6:        emacs-etags-local-command-injection-vulnerability.patch
 Patch7:        emacs-htmlfontify-command-injection-vulnerability.patch
 Patch8:        emacs-ruby-mode-local-command-injection-vulnerability.patch
 Patch9:        emacs-ob-latex-command-injection-vulnerability.patch
+Patch10:       emacs-org-link-expand-abbrev-unsafe-elisp.patch
+
 BuildRequires: gcc
 BuildRequires: atk-devel
 BuildRequires: cairo-devel
@ -75,7 +77,6 @@ BuildRequires: jansson-devel
 BuildRequires: systemd-devel

 BuildRequires: gtk3-devel
-BuildRequires: webkit2gtk3-devel

 BuildRequires: gnupg2

@ -201,6 +202,7 @@ Development header files for Emacs.
 %patch7 -p1 -b .htmlfontify-command-injection-vulnerability
 %patch8 -p1 -b .ruby-mode-local-command-injection-vulnerability
 %patch9 -p1 -b .ob-latex-command-injection-vulnerability
+%patch10 -p1 -b .org-link-expand-abbrev-unsafe-elisp
 autoconf

 # We prefer our emacs.desktop file
@ -253,7 +255,7 @@ ln -s ../configure .

 %configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \
           --with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3 --with-gpm=no \
-           --with-xwidgets --with-modules --with-harfbuzz --with-cairo --with-json
+           --with-modules --with-harfbuzz --with-cairo --with-json
 make bootstrap
 %{setarch} %make_build
 cd ..
@ -491,17 +493,24 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg
 %{_includedir}/emacs-module.h

 %changelog
+* Tue Sep 10 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 1:27.2-10.inferit
+- Update to 27.2-10
+
+* Fri Aug 23 2024 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-10
+- org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331)
+- Disable xwidgets (RHEL-33447)
+
 * Thu Aug 10 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 1:27.2-8.1.inferit
 - Added Russian description for ArcMenu and gnome-software
 - Rebuilt for MSVSphere 9.2

-* Tue Apr 4 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-8.1
- Fix etags local command injection vulnerability (#2184369)
- Fix htmlfontify.el command injection vulnerability (#2184368)
- Fix ruby-mode.el local command injection vulnerability (#2184367)
- Fix ob-latex.el command injection vulnerability (#2184377)
+* Sun Apr 02 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-9
+- Fix etags local command injection vulnerability (#2175190)
+- Fix htmlfontify.el command injection vulnerability (#2175179)
+- Fix ruby-mode.el local command injection vulnerability (#2175142)
+- Fix ob-latex.el command injection vulnerability (#2180590)

-* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 27.2-6
+* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 1:27.2-8
 - Rebuilt for MSVSphere 9.1.

 * Tue Jan 10 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-8
Author	SHA1	Message	Date
Sergey Cherevko	027293d5d7	Merge branch 'i9c' with version 27.2-10 into 'i9'	1 week ago
MSVSphere Packaging Team	c2c3864191	import emacs-27.2-10.el9_4	1 week ago
MSVSphere Packaging Team	104b35a406	import emacs-27.2-9.el9	11 months ago