diff --git a/emacs-latex-preview.patch b/emacs-latex-preview.patch deleted file mode 100644 index 29cbc74..0000000 --- a/emacs-latex-preview.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c Mon Sep 17 00:00:00 2001 -From: Ihor Radchenko -Date: Tue, 20 Feb 2024 12:47:24 +0300 -Subject: org-latex-preview: Add protection when `untrusted-content' is non-nil - -* lisp/org/org.el (org--latex-preview-when-risky): New variable -controlling how to handle LaTeX previews in Org files from untrusted -origin. -(org-latex-preview): Consult `org--latex-preview-when-risky' before -generating previews. - -This patch adds a layer of protection when LaTeX preview is requested -for an email attachment, where `untrusted-content' is set to non-nil. ---- - lisp/org/org.el | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/lisp/org/org.el b/lisp/org/org.el -index c75afbf..0f5d17d 100644 ---- a/lisp/org/org.el -+++ b/lisp/org/org.el -@@ -1140,6 +1140,24 @@ the following lines anywhere in the buffer: - :package-version '(Org . "8.0") - :type 'boolean) - -+(defvar untrusted-content) ; defined in files.el -+(defvar org--latex-preview-when-risky nil -+ "If non-nil, enable LaTeX preview in Org buffers from unsafe source. -+ -+Some specially designed LaTeX code may generate huge pdf or log files -+that may exhaust disk space. -+ -+This variable controls how to handle LaTeX preview when rendering LaTeX -+fragments that originate from incoming email messages. It has no effect -+when Org mode is unable to determine the origin of the Org buffer. -+ -+An Org buffer is considered to be from unsafe source when the -+variable `untrusted-content' has a non-nil value in the buffer. -+ -+If this variable is non-nil, LaTeX previews are rendered unconditionally. -+ -+This variable may be renamed or changed in the future.") -+ - (defcustom org-insert-mode-line-in-empty-file nil - "Non-nil means insert the first line setting Org mode in empty files. - When the function `org-mode' is called interactively in an empty file, this -@@ -15695,6 +15713,7 @@ fragments in the buffer." - (interactive "P") - (cond - ((not (display-graphic-p)) nil) -+ ((and untrusted-content (not org--latex-preview-when-risky)) nil) - ;; Clear whole buffer. - ((equal arg '(64)) - (org-clear-latex-preview (point-min) (point-max)) --- -cgit v1.1 - diff --git a/emacs.spec b/emacs.spec index e9cbd9f..3cf75e9 100644 --- a/emacs.spec +++ b/emacs.spec @@ -32,7 +32,6 @@ Patch7: emacs-ob-latex-command-injection-vulnerability.patch Patch8: emacs-consider-org-file-contents-unsafe.patch Patch9: emacs-org-link-expand-abbrev-unsafe-elisp.patch Patch10: emacs-mark-contents-untrusted.patch -Patch11: emacs-latex-preview.patch BuildRequires: atk-devel BuildRequires: cairo-devel @@ -194,7 +193,6 @@ packages that add functionality to Emacs. %patch8 -p1 -b .consider-org-file-contents-unsafe %patch9 -p1 -b .org-link-expand-abbrev-unsafe-elisp %patch10 -p1 -b .mark-contents-untrusted -%patch11 -p1 -b .latex-preview autoconf # We prefer our emacs.desktop file @@ -485,7 +483,6 @@ fi - org-file-contents: Consider all remote files unsafe (CVE-2024-30205) - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331) - Make Gnus treats inline MIME contents as untrusted (CVE-2024-30203) -- Add protection for LaTeX preview (CVE-2024-30204) - Disable xwidgets (RHEL-14549) * Wed Apr 12 2023 Jacek Migacz - 1:26.1-11