开源软件构建与测试

Changes of Revision 4

_service:tar_scm:emacs.spec Changed

@@ -8,7 +8,7 @@
 Name:          emacs
 Epoch:         1
 Version:       28.2
-Release:       2
+Release:       4
 Summary:       An extensible GNU text editor
 License:       GPLv3+ and CC0-1.0
 URL:           http://www.gnu.org/software/emacs
@@ -31,6 +31,11 @@
 Patch6004:        backport-CVE-2022-48337.patch
 Patch6005:        backport-CVE-2022-48338.patch
 Patch6006:        backport-CVE-2022-48339.patch
+Patch6007:	  backport-CVE-2023-27985.patch
+Patch6008:	  backport-CVE-2023-27986.patch
+Patch6009:        backport-0001-CVE-2023-28617.patch
+Patch6010:        backport-0002-CVE-2023-28617.patch
+
 Patch9000:        emacs-deal-taboo-words.patch
 
 BuildRequires: gcc atk-devel cairo-devel freetype-devel fontconfig-devel dbus-devel giflib-devel
@@ -414,6 +419,12 @@
 %{_mandir}/*/*
 
 %changelog
+* Fri Mar 24 2023 zhangpan <zhangpan103@h-partners.com> - 1:28.2-4
+- fix CVE-2023-28617
+
+* Wed Mar 15 2023 yanglongkang <yanglongkang@h-partners.com> - 1:28.2-3
+- fix CVE-2023-27985 CVE-2023-27986
+
 * Wed Feb 22 2023 zhangpan <zhangpan103@h-partners.com> - 1:28.2-2
 - fix CVE-2022-48337 CVE-2022-48338 CVE-2022-48339

_service:tar_scm:backport-0001-CVE-2023-28617.patch Added

@@ -0,0 +1,32 @@
+From 8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Sat, 18 Feb 2023 18:03:28 +0800
+Subject: * lisp/ob-latex.el (org-babel-execute:latex): Fix command injection
+ vulnerability
+
+Link: https://orgmode.org/list/tencent_5C4D5D0DEFDDBBFC66F855703927E60C7706@qq.com
+
+TINYCHANGE
+
+Reference:https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485
+Conflict:NA
+
+---
+ lisp/org/ob-latex.el | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el
+index 428907a..a0154bf 100644
+--- a/lisp/org/ob-latex.el
++++ b/lisp/org/ob-latex.el
+@@ -180,7 +180,7 @@ This function is called by `org-babel-execute-src-block'."
+ 	                     tmp-pdf
+                              (list org-babel-latex-pdf-svg-process)
+                              extension err-msg log-buf)))
+-              (shell-command (format "mv %s %s" img-out out-file)))))
++              (rename-file img-out out-file t))))
+          ((string-suffix-p ".tikz" out-file)
+ 	  (when (file-exists-p out-file) (delete-file out-file))
+ 	  (with-temp-file out-file
+-- 
+cgit v1.1

_service:tar_scm:backport-0002-CVE-2023-28617.patch Added

@@ -0,0 +1,46 @@
+From a8006ea580ed74f27f974d60b598143b04ad1741 Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Sat, 11 Mar 2023 18:53:37 +0800
+Subject: * lisp/ob-latex.el: Fix command injection vulnerability
+
+(org-babel-execute:latex):
+Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'.
+
+TINYCHANGE
+
+Reference:https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741
+Conflict:NA
+
+---
+ lisp/org/ob-latex.el | 13 +++++--------
+ 1 file changed, 5 insertions(+), 8 deletions(-)
+
+diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el
+index a2c24b3..ce39628 100644
+--- a/lisp/org/ob-latex.el
++++ b/lisp/org/ob-latex.el
+@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'."
+ 	    (if (string-suffix-p ".svg" out-file)
+ 		(progn
+ 		  (shell-command "pwd")
+-		  (shell-command (format "mv %s %s"
+-					 (concat (file-name-sans-extension tex-file) "-1.svg")
+-					 out-file)))
++                  (rename-file (concat (file-name-sans-extension tex-file) "-1.svg")
++                               out-file t))
+ 	      (error "SVG file produced but HTML file requested")))
+ 	   ((file-exists-p (concat (file-name-sans-extension tex-file) ".html"))
+ 	    (if (string-suffix-p ".html" out-file)
+-		(shell-command "mv %s %s"
+-			       (concat (file-name-sans-extension tex-file)
+-				       ".html")
+-			       out-file)
+-	      (error "HTML file produced but SVG file requested")))))
++                (rename-file (concat (file-name-sans-extension tex-file) ".html")
++                             out-file t)
++              (error "HTML file produced but SVG file requested")))))
+ 	 ((or (string= "pdf" extension) imagemagick)
+ 	  (with-temp-file tex-file
+ 	    (require 'ox-latex)
+-- 
+cgit v1.1

_service:tar_scm:backport-CVE-2023-27985.patch Added

@@ -0,0 +1,64 @@
+From d32091199ae5de590a83f1542a01d75fba000467 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm@gentoo.org>
+Date: Mon, 19 Dec 2022 16:51:20 +0100
+Subject: Fix quoted argument in emacsclient-mail.desktop Exec key
+
+Apparently the emacsclient-mail.desktop file doesn't conform to the
+Desktop Entry Specification at
+https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables
+which says about the Exec key:
+
+| Field codes must not be used inside a quoted argument, the result of
+| field code expansion inside a quoted argument is undefined.
+
+However, the %u field code is used inside a quoted argument of the
+Exec key in both the Desktop Entry and Desktop Action new-window
+sections.
+* etc/emacsclient-mail.desktop (Exec): The Desktop Entry
+Specification does not allow field codes like %u inside a quoted
+argument. Work around it by passing %u as first parameter ($1)
+to the shell wrapper.
+* etc/emacsclient.desktop (Exec): Use `sh` rather than `placeholder`
+as the command name of the shell wrapper.  (Bug#60204)
+---
+ etc/emacsclient-mail.desktop | 4 ++--
+ etc/emacsclient.desktop      | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/etc/emacsclient-mail.desktop b/etc/emacsclient-mail.desktop
+index b575a41..91df122 100644
+--- a/etc/emacsclient-mail.desktop
++++ b/etc/emacsclient-mail.desktop
+@@ -1,7 +1,7 @@
+ Desktop Entry
+ Categories=Network;Email;
+ Comment=GNU Emacs is an extensible, customizable text editor - and more
+-Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\\$message-mailto\\\\ \\\\\\"%u\\\\\\"\\\$"
++Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
+ Icon=emacs
+ Name=Emacs (Mail, Client)
+ MimeType=x-scheme-handler/mailto;
+@@ -13,7 +13,7 @@ Actions=new-window;new-instance;
+ 
+ Desktop Action new-window
+ Name=New Window
+-Exec=emacsclient --alternate-editor= --create-frame --eval "(message-mailto \\"%u\\")"
++Exec=sh -c "exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
+ 
+ Desktop Action new-instance
+ Name=New Instance
+diff --git a/etc/emacsclient.desktop b/etc/emacsclient.desktop
+index 1ecdecf..a9f840c7 100644
+--- a/etc/emacsclient.desktop
++++ b/etc/emacsclient.desktop
+@@ -3,7 +3,7 @@ Name=Emacs (Client)
+ GenericName=Text Editor
+ Comment=Edit text
+ MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++;
+-Exec=sh -c "if  -n \\"\\$*\\" ; then exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" \\"\\$@\\"; else exec emacsclient --alternate-editor= --create-frame; fi" placeholder %F
++Exec=sh -c "if  -n \\"\\$*\\" ; then exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" \\"\\$@\\"; else exec emacsclient --alternate-editor= --create-frame; fi" sh %F
+ Icon=emacs
+ Type=Application
+ Terminal=false
+-- 
+cgit v1.1

_service:tar_scm:backport-CVE-2023-27986.patch Added

@@ -0,0 +1,50 @@
+From 3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm@gentoo.org>
+Date: Tue, 7 Mar 2023 18:25:37 +0100
+Subject: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
+
+A crafted mailto URI could contain unescaped double-quote
+characters, allowing injection of Elisp code.  Therefore, any
+'\' and '"' characters are replaced by '\\' and '\"', using Bash
+pattern substitution (which is not available in the POSIX shell).
+
+We want to pass literal 'u=${1//\\/\\\\}; u=${u//\"/\\\"};' in the
+bash -c command, but in the desktop entry '"', '$', and '\' must
+be escaped as '\\"', '\\$', and '\\\\', respectively (backslashes
+are expanded twice, see the Desktop Entry Specification).
+
+Reported by Gabriel Corona <gabriel.corona@free.fr>.
+
+* etc/emacsclient-mail.desktop (Exec): Escape backslash and
+double-quote characters.
+---
+ etc/emacsclient-mail.desktop | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/etc/emacsclient-mail.desktop b/etc/emacsclient-mail.desktop
+index 91df122..49c6f99 100644
+--- a/etc/emacsclient-mail.desktop
++++ b/etc/emacsclient-mail.desktop
+@@ -1,7 +1,10 @@
+ Desktop Entry
+ Categories=Network;Email;
+ Comment=GNU Emacs is an extensible, customizable text editor - and more
+-Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
++# We want to pass the following commands to the shell wrapper:
++# u=${1//\\/\\\\}; u=${u//\"/\\\"}; exec emacsclient --alternate-editor= --display="$DISPLAY" --eval "(message-mailto \"$u\")"
++# Special chars '"', '$', and '\' must be escaped as '\\"', '\\$', and '\\\\'.
++Exec=bash -c "u=\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=\\${u//\\\\\\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u
+ Icon=emacs
+ Name=Emacs (Mail, Client)
+ MimeType=x-scheme-handler/mailto;
+@@ -13,7 +16,7 @@ Actions=new-window;new-instance;
+ 
+ Desktop Action new-window
+ Name=New Window
+-Exec=sh -c "exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
++Exec=bash -c "u=\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=\\${u//\\\\\\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u
+ 
+ Desktop Action new-instance
+ Name=New Instance
+-- 
+cgit v1.1