parent
5aade31796
commit
7812dc2fdf
43
emacs-ob-latex-command-injection-vulnerability.patch
Normal file
43
emacs-ob-latex-command-injection-vulnerability.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From a8006ea580ed74f27f974d60b598143b04ad1741 Mon Sep 17 00:00:00 2001
|
||||
From: Xi Lu <lx@shellcodes.org>
|
||||
Date: Sat, 11 Mar 2023 18:53:37 +0800
|
||||
Subject: * lisp/org/ob-latex.el: Fix command injection vulnerability
|
||||
|
||||
(org-babel-execute:latex):
|
||||
Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'.
|
||||
|
||||
TINYCHANGE
|
||||
---
|
||||
lisp/org/ob-latex.el | 13 +++++--------
|
||||
1 file changed, 5 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el
|
||||
index a2c24b3..ce39628 100644
|
||||
--- a/lisp/org/ob-latex.el
|
||||
+++ b/lisp/org/ob-latex.el
|
||||
@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'."
|
||||
(if (string-suffix-p ".svg" out-file)
|
||||
(progn
|
||||
(shell-command "pwd")
|
||||
- (shell-command (format "mv %s %s"
|
||||
- (concat (file-name-sans-extension tex-file) "-1.svg")
|
||||
- out-file)))
|
||||
+ (rename-file (concat (file-name-sans-extension tex-file) "-1.svg")
|
||||
+ out-file t))
|
||||
(error "SVG file produced but HTML file requested")))
|
||||
((file-exists-p (concat (file-name-sans-extension tex-file) ".html"))
|
||||
(if (string-suffix-p ".html" out-file)
|
||||
- (shell-command "mv %s %s"
|
||||
- (concat (file-name-sans-extension tex-file)
|
||||
- ".html")
|
||||
- out-file)
|
||||
- (error "HTML file produced but SVG file requested")))))
|
||||
+ (rename-file (concat (file-name-sans-extension tex-file) ".html")
|
||||
+ out-file t)
|
||||
+ (error "HTML file produced but SVG file requested")))))
|
||||
((or (string= "pdf" extension) imagemagick)
|
||||
(with-temp-file tex-file
|
||||
(require 'ox-latex)
|
||||
--
|
||||
cgit v1.1
|
||||
|
@ -28,6 +28,7 @@ Patch3: emacs-ctags-local-command-execute-vulnerability.patch
|
||||
Patch4: emacs-mh-rmail-nonempty-dir.patch
|
||||
Patch5: emacs-etags-local-command-injection-vulnerability.patch
|
||||
Patch6: emacs-htmlfontify-command-injection-vulnerability.patch
|
||||
Patch7: emacs-ob-latex-command-injection-vulnerability.patch
|
||||
|
||||
BuildRequires: atk-devel
|
||||
BuildRequires: cairo-devel
|
||||
@ -186,6 +187,7 @@ packages that add functionality to Emacs.
|
||||
%patch4 -p1 -b .mh-rmail-nonempty-dir.patch
|
||||
%patch5 -p1 -b .etags-local-command-injection-vulnerability
|
||||
%patch6 -p1 -b .htmlfontify-command-injection-vulnerability
|
||||
%patch7 -p1 -b .ob-latex-command-injection-vulnerability
|
||||
autoconf
|
||||
|
||||
# We prefer our emacs.desktop file
|
||||
|
Loading…
Reference in New Issue
Block a user