org-latex-preview: Add protection when `untrusted-content' is non-nil

Resolves: RHEL-36244
2024-08-23 14:23:29 +02:00 · 2024-08-23 14:23:29 +02:00 · 2ce8547484
commit 2ce8547484
parent 888ba3821c
2 changed files with 60 additions and 0 deletions
--- a/emacs-latex-preview.patch
+++ b/emacs-latex-preview.patch
@ -0,0 +1,57 @@
 From 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c Mon Sep 17 00:00:00 2001
 From: Ihor Radchenko <yantar92@posteo.net>
 Date: Tue, 20 Feb 2024 12:47:24 +0300
 Subject: org-latex-preview: Add protection when `untrusted-content' is non-nil
 * lisp/org/org.el (org--latex-preview-when-risky): New variable
 controlling how to handle LaTeX previews in Org files from untrusted
 origin.
 (org-latex-preview): Consult `org--latex-preview-when-risky' before
 generating previews.
 This patch adds a layer of protection when LaTeX preview is requested
 for an email attachment, where `untrusted-content' is set to non-nil.
 ---
 lisp/org/org.el | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 diff --git a/lisp/org/org.el b/lisp/org/org.el
 index c75afbf..0f5d17d 100644
 --- a/lisp/org/org.el
 +++ b/lisp/org/org.el
@@ -1140,6 +1140,24 @@ the following lines anywhere in the buffer:
   :package-version '(Org . "8.0")
   :type 'boolean)
 +(defvar untrusted-content) ; defined in files.el
 +(defvar org--latex-preview-when-risky nil
 +  "If non-nil, enable LaTeX preview in Org buffers from unsafe source.
 +
 +Some specially designed LaTeX code may generate huge pdf or log files
 +that may exhaust disk space.
 +
 +This variable controls how to handle LaTeX preview when rendering LaTeX
 +fragments that originate from incoming email messages.  It has no effect
 +when Org mode is unable to determine the origin of the Org buffer.
 +
 +An Org buffer is considered to be from unsafe source when the
 +variable `untrusted-content' has a non-nil value in the buffer.
 +
 +If this variable is non-nil, LaTeX previews are rendered unconditionally.
 +
 +This variable may be renamed or changed in the future.")
 +
 (defcustom org-insert-mode-line-in-empty-file nil
   "Non-nil means insert the first line setting Org mode in empty files.
 When the function `org-mode' is called interactively in an empty file, this
@@ -15695,6 +15713,7 @@ fragments in the buffer."
   (interactive "P")
   (cond
    ((not (display-graphic-p)) nil)
 +   ((and untrusted-content (not org--latex-preview-when-risky)) nil)
    ;; Clear whole buffer.
    ((equal arg '(64))
     (org-clear-latex-preview (point-min) (point-max))
 -- 
 cgit v1.1
--- a/emacs.spec
+++ b/emacs.spec
@ -32,6 +32,7 @@ Patch7:        emacs-ob-latex-command-injection-vulnerability.patch
 Patch8:        emacs-consider-org-file-contents-unsafe.patch
 Patch9:        emacs-org-link-expand-abbrev-unsafe-elisp.patch
 Patch10:       emacs-mark-contents-untrusted.patch
 Patch11:       emacs-latex-preview.patch
 BuildRequires: atk-devel
 BuildRequires: cairo-devel
@ -194,6 +195,7 @@ packages that add functionality to Emacs.
 %patch8 -p1 -b .consider-org-file-contents-unsafe
 %patch9 -p1 -b .org-link-expand-abbrev-unsafe-elisp
 %patch10 -p1 -b .mark-contents-untrusted
 %patch11 -p1 -b .latex-preview
 autoconf
 # We prefer our emacs.desktop file
@ -484,6 +486,7 @@ fi
 - org-file-contents: Consider all remote files unsafe (CVE-2024-30205)
 - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331)
 - Make Gnus treats inline MIME contents as untrusted (CVE-2024-30203)
 - Add protection for LaTeX preview (CVE-2024-30204)
 * Wed Apr 12 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-11
 - Bump version