Compare commits
4 Commits
| Author | SHA1 | Date |
|---|---|---|
MSVSphere Packaging Team
|
1f8c869d55 | 11 months ago |
|
MSVSphere Packaging Team
|
3c662b582d | 1 year ago |
 Alexey Lyubimov
|
737bd05d89 | 1 year ago |
CentOS Sources
|
1bbea18764 | 2 years ago |
@ -1,57 +1,11 @@
|
||||
/pandoc-1.6.0.1.tar.gz
|
||||
/pandoc-1.8.1.1.tar.gz
|
||||
/pandoc-1.8.1.2.tar.gz
|
||||
/pandoc-1.8.2.1.tar.gz
|
||||
/pandoc-1.9.1.1.tar.gz
|
||||
/pandoc-1.9.1.2.tar.gz
|
||||
/pandoc-1.9.2.tar.gz
|
||||
/pandoc-1.9.4.1.tar.gz
|
||||
/pandoc-1.9.4.2.tar.gz
|
||||
/pandoc-1.9.4.5.tar.gz
|
||||
/pandoc-1.10.1.tar.gz
|
||||
/pandoc-1.11.1.tar.gz
|
||||
/pandoc-1.12.3.1.tar.gz
|
||||
/pandoc-1.12.3.3.tar.gz
|
||||
/pandoc-1.13.2.tar.gz
|
||||
/pandoc-1.16.0.2.tar.gz
|
||||
/pandoc-1.17.1.tar.gz
|
||||
/pandoc-1.17.0.3.tar.gz
|
||||
/pandoc-1.19.1.tar.gz
|
||||
/doctemplates-0.1.0.2.tar.gz
|
||||
/pandoc-1.19.2.4.tar.gz
|
||||
/pandoc-2.0.6.tar.gz
|
||||
/cmark-gfm-0.1.3.tar.gz
|
||||
/hslua-module-text-0.1.2.1.tar.gz
|
||||
/pandoc-2.1.2.tar.gz
|
||||
/pandoc-2.2.1.tar.gz
|
||||
/pandoc-2.5.tar.gz
|
||||
/unicode-transforms-0.3.6.tar.gz
|
||||
/HsYAML-0.1.2.0.tar.gz
|
||||
/bitarray-0.0.1.1.tar.gz
|
||||
/hslua-module-system-0.2.1.tar.gz
|
||||
/ipynb-0.1.tar.gz
|
||||
/pandoc-2.7.3.tar.gz
|
||||
/emojis-0.1.tar.gz
|
||||
/ipynb-0.1.0.1.tar.gz
|
||||
/jira-wiki-markup-1.0.0.tar.gz
|
||||
/pandoc-2.9.1.1.tar.gz
|
||||
/pandoc-2.9.2.1.tar.gz
|
||||
/base-noprelude-4.13.0.0.tar.gz
|
||||
/jira-wiki-markup-1.1.4.tar.gz
|
||||
/pandoc-2.11.4.tar.gz
|
||||
/hslua-module-system-0.2.2.1.tar.gz
|
||||
/jira-wiki-markup-1.3.3.tar.gz
|
||||
/citeproc-0.3.0.7.tar.gz
|
||||
/commonmark-0.1.1.4.tar.gz
|
||||
/commonmark-extensions-0.2.0.4.tar.gz
|
||||
/commonmark-pandoc-0.2.0.1.tar.gz
|
||||
/jira-wiki-markup-1.3.4.tar.gz
|
||||
/citeproc-0.3.0.9.tar.gz
|
||||
/pandoc-2.14.0.3.tar.gz
|
||||
/jira-wiki-markup-1.4.0.tar.gz
|
||||
/citeproc-0.4.0.1.tar.gz
|
||||
/commonmark-0.2.1.tar.gz
|
||||
/commonmark-extensions-0.2.1.2.tar.gz
|
||||
/commonmark-pandoc-0.2.1.1.tar.gz
|
||||
/hslua-module-path-0.1.0.1.tar.gz
|
||||
/unicode-collation-0.1.3.tar.gz
|
||||
SOURCES/citeproc-0.4.0.1.tar.gz
|
||||
SOURCES/commonmark-0.2.1.tar.gz
|
||||
SOURCES/commonmark-extensions-0.2.1.2.tar.gz
|
||||
SOURCES/commonmark-pandoc-0.2.1.1.tar.gz
|
||||
SOURCES/emojis-0.1.tar.gz
|
||||
SOURCES/hslua-module-path-0.1.0.1.tar.gz
|
||||
SOURCES/hslua-module-system-0.2.2.1.tar.gz
|
||||
SOURCES/ipynb-0.1.0.1.tar.gz
|
||||
SOURCES/jira-wiki-markup-1.4.0.tar.gz
|
||||
SOURCES/pandoc-2.14.0.3.tar.gz
|
||||
SOURCES/unicode-collation-0.1.3.tar.gz
|
||||
|
||||
@ -0,0 +1,11 @@
|
||||
5e1d0cdbb24c0a90ca39a7d6d4fce806e640d08f SOURCES/citeproc-0.4.0.1.tar.gz
|
||||
09357904a3b4d6a31fc1621ef29e1fe3a4f7a718 SOURCES/commonmark-0.2.1.tar.gz
|
||||
4afe956cd9bbd0e1ba1bb574ce6499dd4d445a32 SOURCES/commonmark-extensions-0.2.1.2.tar.gz
|
||||
7be19d0352e30f6e7c4ae9925bae1cf31b361a30 SOURCES/commonmark-pandoc-0.2.1.1.tar.gz
|
||||
cadcb415a1a94d15e14b7a6ad55645dbcf61ecc7 SOURCES/emojis-0.1.tar.gz
|
||||
7177ca06f13f57376faf0c5942e0cf54367c5b46 SOURCES/hslua-module-path-0.1.0.1.tar.gz
|
||||
023f9057dab242347b30299180907a63ff5b46df SOURCES/hslua-module-system-0.2.2.1.tar.gz
|
||||
82efd73aad791f68a38f43bbfc43afd4e6edc704 SOURCES/ipynb-0.1.0.1.tar.gz
|
||||
706a9e18951aa1cf35b65e2963d0726951a763c2 SOURCES/jira-wiki-markup-1.4.0.tar.gz
|
||||
e3c2bb76a3a7b9501f14e50d1294431d8543d99a SOURCES/pandoc-2.14.0.3.tar.gz
|
||||
2143a55055541aa9e91c654ed404da0faccd339b SOURCES/unicode-collation-0.1.3.tar.gz
|
||||
@ -0,0 +1,92 @@
|
||||
commit 5e381e3878b5da87ee7542f7e51c3c1a7fd84b89
|
||||
Author: John MacFarlane <jgm@berkeley.edu>
|
||||
Date: Tue Jun 20 13:50:13 2023 -0700
|
||||
|
||||
Fix a security vulnerability in MediaBag and T.P.Class.IO.writeMedia.
|
||||
|
||||
This vulnerability, discovered by Entroy C, allows users to write
|
||||
arbitrary files to any location by feeding pandoc a specially crafted
|
||||
URL in an image element. The vulnerability is serious for anyone
|
||||
using pandoc to process untrusted input. The vulnerability does
|
||||
not affect pandoc when run with the `--sandbox` flag.
|
||||
|
||||
--- pandoc-2.14.0.3/src/Text/Pandoc/Class/IO.hs.orig 2021-06-11 07:26:17.000000000 +0800
|
||||
+++ pandoc-2.14.0.3/src/Text/Pandoc/Class/IO.hs 2024-03-22 16:39:03.445837785 +0800
|
||||
@@ -48,7 +48,7 @@
|
||||
import Network.HTTP.Client.TLS (mkManagerSettings)
|
||||
import Network.HTTP.Types.Header ( hContentType )
|
||||
import Network.Socket (withSocketsDo)
|
||||
-import Network.URI (unEscapeString)
|
||||
+import Network.URI (URI(..), parseURI)
|
||||
import System.Directory (createDirectoryIfMissing)
|
||||
import System.Environment (getEnv)
|
||||
import System.FilePath ((</>), takeDirectory, normalise)
|
||||
@@ -119,11 +119,11 @@
|
||||
|
||||
openURL :: (PandocMonad m, MonadIO m) => Text -> m (B.ByteString, Maybe MimeType)
|
||||
openURL u
|
||||
- | Just u'' <- T.stripPrefix "data:" u = do
|
||||
- let mime = T.takeWhile (/=',') u''
|
||||
- let contents = UTF8.fromString $
|
||||
- unEscapeString $ T.unpack $ T.drop 1 $ T.dropWhile (/=',') u''
|
||||
- return (decodeLenient contents, Just mime)
|
||||
+ | Just (URI{ uriScheme = "data:",
|
||||
+ uriPath = upath }) <- parseURI (T.unpack u) = do
|
||||
+ let (mime, rest) = break (== '.') upath
|
||||
+ let contents = UTF8.fromString $ drop 1 rest
|
||||
+ return (decodeLenient contents, Just (T.pack mime))
|
||||
| otherwise = do
|
||||
let toReqHeader (n, v) = (CI.mk (UTF8.fromText n), UTF8.fromText v)
|
||||
customHeaders <- map toReqHeader <$> getsCommonState stRequestHeaders
|
||||
--- pandoc-2.14.0.3/src/Text/Pandoc/MediaBag.hs.orig 2021-06-19 04:15:43.000000000 +0800
|
||||
+++ pandoc-2.14.0.3/src/Text/Pandoc/MediaBag.hs 2024-03-22 16:33:37.600005389 +0800
|
||||
@@ -33,7 +33,7 @@
|
||||
import Data.Text (Text)
|
||||
import qualified Data.Text as T
|
||||
import Data.Digest.Pure.SHA (sha1, showDigest)
|
||||
-import Network.URI (URI (..), parseURI)
|
||||
+import Network.URI (URI (..), parseURI, isURI, unEscapeString)
|
||||
|
||||
data MediaItem =
|
||||
MediaItem
|
||||
@@ -52,9 +52,12 @@
|
||||
instance Show MediaBag where
|
||||
show bag = "MediaBag " ++ show (mediaDirectory bag)
|
||||
|
||||
--- | We represent paths with /, in normalized form.
|
||||
+-- | We represent paths with /, in normalized form. Percent-encoding
|
||||
+-- is resolved.
|
||||
canonicalize :: FilePath -> Text
|
||||
-canonicalize = T.replace "\\" "/" . T.pack . normalise
|
||||
+canonicalize fp
|
||||
+ | isURI fp = T.pack fp
|
||||
+ | otherwise = T.replace "\\" "/" . T.pack . normalise . unEscapeString $ fp
|
||||
|
||||
-- | Delete a media item from a 'MediaBag', or do nothing if no item corresponds
|
||||
-- to the given path.
|
||||
@@ -77,17 +80,18 @@
|
||||
, mediaContents = contents
|
||||
, mediaMimeType = mt }
|
||||
fp' = canonicalize fp
|
||||
+ fp'' = T.unpack fp'
|
||||
uri = parseURI fp
|
||||
- newpath = if isRelative fp
|
||||
+ newpath = if isRelative fp''
|
||||
&& isNothing uri
|
||||
- && ".." `notElem` splitPath fp
|
||||
- then T.unpack fp'
|
||||
+ && not (".." `T.isInfixOf` fp')
|
||||
+ then fp''
|
||||
else showDigest (sha1 contents) <> "." <> ext
|
||||
- fallback = case takeExtension fp of
|
||||
- ".gz" -> getMimeTypeDef $ dropExtension fp
|
||||
- _ -> getMimeTypeDef fp
|
||||
+ fallback = case takeExtension fp'' of
|
||||
+ ".gz" -> getMimeTypeDef $ dropExtension fp''
|
||||
+ _ -> getMimeTypeDef fp''
|
||||
mt = fromMaybe fallback mbMime
|
||||
- path = maybe fp uriPath uri
|
||||
+ path = maybe fp'' (unEscapeString . uriPath) uri
|
||||
ext = case takeExtension path of
|
||||
'.':e -> e
|
||||
_ -> maybe "" T.unpack $ extensionFromMimeType mt
|
||||
@ -0,0 +1,49 @@
|
||||
commit eddedbfc14916aa06fc01ff04b38aeb30ae2e625
|
||||
Author: John MacFarlane <jgm@berkeley.edu>
|
||||
Date: Thu Jul 20 09:26:38 2023 -0700
|
||||
|
||||
Fix new variant of the vulnerability in CVE-2023-35936.
|
||||
|
||||
Guilhem Moulin noticed that the fix to CVE-2023-35936 was incomplete.
|
||||
An attacker could get around it by double-encoding the malicious
|
||||
extension to create or override arbitrary files.
|
||||
|
||||
$ echo '' >b.md
|
||||
$ .cabal/bin/pandoc b.md --extract-media=bar
|
||||
<p><img
|
||||
src="bar/2a0eaa89f43fada3e6c577beea4f2f8f53ab6a1d.lua+%2f%2e%2e%2f%2e%2e%2fb%2elua" /></p>
|
||||
$ cat b.lua
|
||||
print "hello"
|
||||
$ find bar
|
||||
bar/
|
||||
bar/2a0eaa89f43fada3e6c577beea4f2f8f53ab6a1d.lua+
|
||||
|
||||
This commit adds a test case for this more complex attack and fixes
|
||||
the vulnerability. (The fix is quite simple: if the URL-unescaped
|
||||
filename or extension contains a '%', we just use the sha1 hash of the
|
||||
contents as the canonical name, just as we do if the filename contains
|
||||
'..'.)
|
||||
|
||||
--- pandoc-2.14.0.3/src/Text/Pandoc/MediaBag.hs.orig 2024-03-22 16:40:07.874200094 +0800
|
||||
+++ pandoc-2.14.0.3/src/Text/Pandoc/MediaBag.hs 2024-03-22 16:42:13.289905373 +0800
|
||||
@@ -85,16 +85,17 @@
|
||||
newpath = if isRelative fp''
|
||||
&& isNothing uri
|
||||
&& not (".." `T.isInfixOf` fp')
|
||||
+ && '%' `notElem` fp''
|
||||
then fp''
|
||||
- else showDigest (sha1 contents) <> "." <> ext
|
||||
+ else showDigest (sha1 contents) <> ext
|
||||
fallback = case takeExtension fp'' of
|
||||
".gz" -> getMimeTypeDef $ dropExtension fp''
|
||||
_ -> getMimeTypeDef fp''
|
||||
mt = fromMaybe fallback mbMime
|
||||
path = maybe fp'' (unEscapeString . uriPath) uri
|
||||
ext = case takeExtension path of
|
||||
- '.':e -> e
|
||||
- _ -> maybe "" T.unpack $ extensionFromMimeType mt
|
||||
+ '.':e | '%' `notElem` e -> '.':e
|
||||
+ _ -> maybe "" (\x -> '.':T.unpack x) $ extensionFromMimeType mt
|
||||
|
||||
|
||||
-- | Lookup a media item in a 'MediaBag', returning mime type and contents.
|
||||
@ -1,11 +0,0 @@
|
||||
SHA512 (pandoc-2.14.0.3.tar.gz) = 38ac4f35ac6483e30e234cf5df74795c80594425092fe059cd870d8b8af15249d88655c13477346a7eaf51a0152078e30915867fb55b7cef801074c618f3c262
|
||||
SHA512 (hslua-module-system-0.2.2.1.tar.gz) = 66cf57b8c80605bdfa5145fc61dbe59b66dd67a82a8365006b80e2ab74a71fff0fdf0ffa690daab66e82b8ad086adbcd622a6844b2107c0b9719b8cdabdf542b
|
||||
SHA512 (ipynb-0.1.0.1.tar.gz) = b1e547ac9353c84619832c723586146d2fd72c85c75d11b9ff99c16852ae2dfd1a2d61382ab9cc54bc9ad2bf8e1c3c0a8dc50d49c034d525e7a3393057a0275b
|
||||
SHA512 (emojis-0.1.tar.gz) = 587c67bff3f77c362b16c93889762a9aad6fb5250c0bced45f5053f59dd6a11ab2886e53f286bbc4de2b8793be133708b1f9c5d4d52bcef1820f5a7c1ecfa7d2
|
||||
SHA512 (jira-wiki-markup-1.4.0.tar.gz) = f20bf4b5242657a34cae1aeeb88ba6de61748ccc212243ae6a6d5a4defc3e2ad25445705a87a55d5cb3b6378f5f500887bf509459a66741a75a49025e1549750
|
||||
SHA512 (citeproc-0.4.0.1.tar.gz) = 1d9d166a0915eba722c4e6b0af6f987dd48f850f3649c873ecfc6cf4eda4cfea2749c853efd2880e28214eb2e19410a741a950a3532994e6cc9c0dc567e01757
|
||||
SHA512 (commonmark-0.2.1.tar.gz) = b91a02d44c95d1691fe8df8e380e4754cda98d0b3c5ec93163a71ecf596c5a5ac9bb54d618a13427211837c80e4e83c4a3dcc7b9ef18655ff0dadddc6121d665
|
||||
SHA512 (commonmark-extensions-0.2.1.2.tar.gz) = f2a41ad2f71d67512affc0c5882d86256e7b9f7dce1194c8a6708ba5dfbb0807d8dbdd8a7972c6c2e0a0dcf6695fe68cd1430488756222dc1a545671e0aa10e1
|
||||
SHA512 (commonmark-pandoc-0.2.1.1.tar.gz) = fe3dfee3eec4e400c896db5427a6f228b94b71e7bb6d6ace6eead0fe2a495d931e355649f1652cc3b3a928b8abd22f37e6005b3a43d3c95e255c858c89246842
|
||||
SHA512 (hslua-module-path-0.1.0.1.tar.gz) = b6448d187ffff02340612c69d28fde429186de44874f52a01b3b3cc77cfe7a105426b4cdbe8e27b13620869a64ac0893abbfc5ffd7d2d500008efb94af00a3bb
|
||||
SHA512 (unicode-collation-0.1.3.tar.gz) = ad952a10ee259f9c8d43b3d04a4bc4f093de51d3254092b168c79811a0ded2fdf7004a291e999c5f11a8f6971444e7745b471534343ab294325293d1a23b21bc
|
||||
Loading…
Reference in new issue