org-latex-preview: Add protection when `untrusted-content' is non-nil
Resolves: RHEL-36244
This commit is contained in:
parent
888ba3821c
commit
2ce8547484
57
emacs-latex-preview.patch
Normal file
57
emacs-latex-preview.patch
Normal file
@ -0,0 +1,57 @@
|
||||
From 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c Mon Sep 17 00:00:00 2001
|
||||
From: Ihor Radchenko <yantar92@posteo.net>
|
||||
Date: Tue, 20 Feb 2024 12:47:24 +0300
|
||||
Subject: org-latex-preview: Add protection when `untrusted-content' is non-nil
|
||||
|
||||
* lisp/org/org.el (org--latex-preview-when-risky): New variable
|
||||
controlling how to handle LaTeX previews in Org files from untrusted
|
||||
origin.
|
||||
(org-latex-preview): Consult `org--latex-preview-when-risky' before
|
||||
generating previews.
|
||||
|
||||
This patch adds a layer of protection when LaTeX preview is requested
|
||||
for an email attachment, where `untrusted-content' is set to non-nil.
|
||||
---
|
||||
lisp/org/org.el | 19 +++++++++++++++++++
|
||||
1 file changed, 19 insertions(+)
|
||||
|
||||
diff --git a/lisp/org/org.el b/lisp/org/org.el
|
||||
index c75afbf..0f5d17d 100644
|
||||
--- a/lisp/org/org.el
|
||||
+++ b/lisp/org/org.el
|
||||
@@ -1140,6 +1140,24 @@ the following lines anywhere in the buffer:
|
||||
:package-version '(Org . "8.0")
|
||||
:type 'boolean)
|
||||
|
||||
+(defvar untrusted-content) ; defined in files.el
|
||||
+(defvar org--latex-preview-when-risky nil
|
||||
+ "If non-nil, enable LaTeX preview in Org buffers from unsafe source.
|
||||
+
|
||||
+Some specially designed LaTeX code may generate huge pdf or log files
|
||||
+that may exhaust disk space.
|
||||
+
|
||||
+This variable controls how to handle LaTeX preview when rendering LaTeX
|
||||
+fragments that originate from incoming email messages. It has no effect
|
||||
+when Org mode is unable to determine the origin of the Org buffer.
|
||||
+
|
||||
+An Org buffer is considered to be from unsafe source when the
|
||||
+variable `untrusted-content' has a non-nil value in the buffer.
|
||||
+
|
||||
+If this variable is non-nil, LaTeX previews are rendered unconditionally.
|
||||
+
|
||||
+This variable may be renamed or changed in the future.")
|
||||
+
|
||||
(defcustom org-insert-mode-line-in-empty-file nil
|
||||
"Non-nil means insert the first line setting Org mode in empty files.
|
||||
When the function `org-mode' is called interactively in an empty file, this
|
||||
@@ -15695,6 +15713,7 @@ fragments in the buffer."
|
||||
(interactive "P")
|
||||
(cond
|
||||
((not (display-graphic-p)) nil)
|
||||
+ ((and untrusted-content (not org--latex-preview-when-risky)) nil)
|
||||
;; Clear whole buffer.
|
||||
((equal arg '(64))
|
||||
(org-clear-latex-preview (point-min) (point-max))
|
||||
--
|
||||
cgit v1.1
|
||||
|
@ -32,6 +32,7 @@ Patch7: emacs-ob-latex-command-injection-vulnerability.patch
|
||||
Patch8: emacs-consider-org-file-contents-unsafe.patch
|
||||
Patch9: emacs-org-link-expand-abbrev-unsafe-elisp.patch
|
||||
Patch10: emacs-mark-contents-untrusted.patch
|
||||
Patch11: emacs-latex-preview.patch
|
||||
|
||||
BuildRequires: atk-devel
|
||||
BuildRequires: cairo-devel
|
||||
@ -194,6 +195,7 @@ packages that add functionality to Emacs.
|
||||
%patch8 -p1 -b .consider-org-file-contents-unsafe
|
||||
%patch9 -p1 -b .org-link-expand-abbrev-unsafe-elisp
|
||||
%patch10 -p1 -b .mark-contents-untrusted
|
||||
%patch11 -p1 -b .latex-preview
|
||||
autoconf
|
||||
|
||||
# We prefer our emacs.desktop file
|
||||
@ -484,6 +486,7 @@ fi
|
||||
- org-file-contents: Consider all remote files unsafe (CVE-2024-30205)
|
||||
- org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331)
|
||||
- Make Gnus treats inline MIME contents as untrusted (CVE-2024-30203)
|
||||
- Add protection for LaTeX preview (CVE-2024-30204)
|
||||
|
||||
* Wed Apr 12 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-11
|
||||
- Bump version
|
||||
|
Loading…
Reference in New Issue
Block a user