From 240a683e6f4867afd1d44c4cb2b4bd50f51b5d59 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Tue, 28 Mar 2023 10:36:14 -0700 Subject: [PATCH] Patched `emacs` to fix CVE-2023-28617. (#5158) --- SPECS/emacs/CVE-2023-28617.patch | 69 ++++++++++++++++++++++++++++++++ SPECS/emacs/emacs.spec | 6 ++- 2 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 SPECS/emacs/CVE-2023-28617.patch diff --git a/SPECS/emacs/CVE-2023-28617.patch b/SPECS/emacs/CVE-2023-28617.patch new file mode 100644 index 0000000000..601cc423ca --- /dev/null +++ b/SPECS/emacs/CVE-2023-28617.patch @@ -0,0 +1,69 @@ +From 8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 Mon Sep 17 00:00:00 2001 +From: Xi Lu +Date: Sat, 18 Feb 2023 18:03:28 +0800 +Subject: * lisp/ob-latex.el (org-babel-execute:latex): Fix command injection + vulnerability + +Link: https://orgmode.org/list/tencent_5C4D5D0DEFDDBBFC66F855703927E60C7706@qq.com + +TINYCHANGE +--- + lisp/org/ob-latex.el | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el +index 428907a..a0154bf 100644 +--- a/lisp/org/ob-latex.el ++++ b/lisp/org/ob-latex.el +@@ -180,7 +180,7 @@ This function is called by `org-babel-execute-src-block'." + tmp-pdf + (list org-babel-latex-pdf-svg-process) + extension err-msg log-buf))) +- (shell-command (format "mv %s %s" img-out out-file))))) ++ (rename-file img-out out-file t)))) + ((string-suffix-p ".tikz" out-file) + (when (file-exists-p out-file) (delete-file out-file)) + (with-temp-file out-file +-- + +From a8006ea580ed74f27f974d60b598143b04ad1741 Mon Sep 17 00:00:00 2001 +From: Xi Lu +Date: Sat, 11 Mar 2023 18:53:37 +0800 +Subject: * lisp/ob-latex.el: Fix command injection vulnerability + +(org-babel-execute:latex): +Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'. + +TINYCHANGE +--- + lisp/org/ob-latex.el | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el +index a2c24b3..ce39628 100644 +--- a/lisp/org/ob-latex.el ++++ b/lisp/org/ob-latex.el +@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'." + (if (string-suffix-p ".svg" out-file) + (progn + (shell-command "pwd") +- (shell-command (format "mv %s %s" +- (concat (file-name-sans-extension tex-file) "-1.svg") +- out-file))) ++ (rename-file (concat (file-name-sans-extension tex-file) "-1.svg") ++ out-file t)) + (error "SVG file produced but HTML file requested"))) + ((file-exists-p (concat (file-name-sans-extension tex-file) ".html")) + (if (string-suffix-p ".html" out-file) +- (shell-command "mv %s %s" +- (concat (file-name-sans-extension tex-file) +- ".html") +- out-file) +- (error "HTML file produced but SVG file requested"))))) ++ (rename-file (concat (file-name-sans-extension tex-file) ".html") ++ out-file t) ++ (error "HTML file produced but SVG file requested"))))) + ((or (string= "pdf" extension) imagemagick) + (with-temp-file tex-file + (require 'ox-latex) +-- diff --git a/SPECS/emacs/emacs.spec b/SPECS/emacs/emacs.spec index 93ee1c1360..f1ddb27743 100644 --- a/SPECS/emacs/emacs.spec +++ b/SPECS/emacs/emacs.spec @@ -1,7 +1,7 @@ Summary: GNU Emacs text editor Name: emacs Version: 28.2 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv3+ AND CC0-1.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -13,6 +13,7 @@ Patch1: CVE-2022-48337.patch Patch2: CVE-2022-48338.patch Patch3: CVE-2022-48339.patch Patch4: CVE-2023-27986.patch +Patch5: CVE-2023-28617.patch BuildRequires: gcc BuildRequires: glibc-devel BuildRequires: gnutls-devel @@ -89,6 +90,9 @@ mkdir -p %{buildroot}%{_datadir}/emacs/site-lisp/site-start.d %dir %{_datadir}/emacs/site-lisp/site-start.d %changelog +* Mon Mar 27 2023 Pawel Winogrodzki - 28.2-5 +- Applied upstream patches to fix CVE-2023-28617. + * Thu Mar 16 2023 Nicolas Guibourge - 28.2-4 - Apply upstream patches to fix CVE-2023-27986, CVE-2023-27985