Fix man.el shell injection vulnerability

Resolves: RHEL-79016
2025-02-19 20:34:19 +01:00 · 2025-02-19 20:34:19 +01:00 · f90f68c9f9
commit f90f68c9f9
parent 9bc0181a5d
2 changed files with 40 additions and 1 deletions
--- a/emacs-man-el-shell-injection-vulnerability.patch
+++ b/emacs-man-el-shell-injection-vulnerability.patch
@ -0,0 +1,34 @@
+From 820f0793f0b46448928905552726c1f1b999062f Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Tue, 10 Oct 2023 22:20:05 +0800
+Subject: Fix man.el shell injection vulnerability
+
+* lisp/man.el (Man-translate-references): Fix shell injection
+vulnerability.  (Bug#66390)
+* test/lisp/man-tests.el (man-tests-Man-translate-references): New
+test.
+---
+ lisp/man.el            |  6 +++++-
+ test/lisp/man-tests.el | 12 ++++++++++++
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/lisp/man.el b/lisp/man.el
+index 55cb938..d963964 100644
+--- a/lisp/man.el
+++ b/lisp/man.el
+@@ -761,7 +761,11 @@ and the `Man-section-translations-alist' variables)."
+       (setq name (match-string 2 ref)
+ 	    section (match-string 1 ref))))
+     (if (string= name "")
+-	ref				; Return the reference as is
+        ;; see Bug#66390
+	(mapconcat 'identity
+                   (mapcar #'shell-quote-argument
+                           (split-string ref "\\s-+"))
+                   " ")                 ; Return the reference as is
+       (if Man-downcase-section-letters-flag
+ 	  (setq section (downcase section)))
+       (while slist
+-- 
+cgit v1.1
+
--- a/emacs.spec
+++ b/emacs.spec
@ -5,7 +5,7 @@ Summary:       GNU Emacs text editor
 Name:          emacs
 Epoch:         1
 Version:       26.1
-Release:       12%{?dist}
+Release:       13%{?dist}
 License:       GPLv3+ and CC0-1.0
 URL:           http://www.gnu.org/software/emacs/
 Group:         Applications/Editors
@ -32,6 +32,7 @@ Patch7:        emacs-ob-latex-command-injection-vulnerability.patch
 Patch8:        emacs-consider-org-file-contents-unsafe.patch
 Patch9:        emacs-org-link-expand-abbrev-unsafe-elisp.patch
 Patch10:       emacs-mark-contents-untrusted.patch
+Patch11:       emacs-man-el-shell-injection-vulnerability.patch

 BuildRequires: atk-devel
 BuildRequires: cairo-devel
@ -193,6 +194,7 @@ packages that add functionality to Emacs.
 %patch8 -p1 -b .consider-org-file-contents-unsafe
 %patch9 -p1 -b .org-link-expand-abbrev-unsafe-elisp
 %patch10 -p1 -b .mark-contents-untrusted
+%patch11 -p1 -b .emacs-man-el-shell-injection-vulnerability
 autoconf

 # We prefer our emacs.desktop file
@ -479,6 +481,9 @@ fi
 %dir %{_datadir}/emacs/site-lisp/site-start.d

 %changelog
+* Wed Feb 19 2025 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-13
+- Fix man.el shell injection vulnerability (RHEL-79016)
+
 * Fri Aug 23 2024 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-12
 - org-file-contents: Consider all remote files unsafe (CVE-2024-30205)
 - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331)