rpms/emacs
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix man.el shell injection vulnerability

Browse Source 
Resolves: RHEL-79016
This commit is contained in:
Jacek Migacz 2025-02-19 20:34:19 +01:00
parent 9bc0181a5d
commit f90f68c9f9
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
emacs-man-el-shell-injection-vulnerability.patch Normal file
View File

@ -0,0 +1,34 @@
From 820f0793f0b46448928905552726c1f1b999062f Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Tue, 10 Oct 2023 22:20:05 +0800
Subject: Fix man.el shell injection vulnerability
* lisp/man.el (Man-translate-references): Fix shell injection
vulnerability. (Bug#66390)
* test/lisp/man-tests.el (man-tests-Man-translate-references): New
test.
---
lisp/man.el | 6 +++++-
test/lisp/man-tests.el | 12 ++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/lisp/man.el b/lisp/man.el
index 55cb938..d963964 100644
--- a/lisp/man.el
+++ b/lisp/man.el
@@ -761,7 +761,11 @@ and the `Man-section-translations-alist' variables)."
(setq name (match-string 2 ref)
section (match-string 1 ref))))
(if (string= name "")
- ref ; Return the reference as is
+ ;; see Bug#66390
+ (mapconcat 'identity
+ (mapcar #'shell-quote-argument
+ (split-string ref "\\s-+"))
+ " ") ; Return the reference as is
(if Man-downcase-section-letters-flag
(setq section (downcase section)))
(while slist
--
cgit v1.1

7
emacs.spec
View File

@ -5,7 +5,7 @@ Summary: GNU Emacs text editor
Name: emacs Name: emacs
Epoch: 1 Epoch: 1
Version: 26.1 Version: 26.1
Release: 12%{?dist} Release: 13%{?dist}
License: GPLv3+ and CC0-1.0 License: GPLv3+ and CC0-1.0
URL: http://www.gnu.org/software/emacs/ URL: http://www.gnu.org/software/emacs/
Group: Applications/Editors Group: Applications/Editors
@ -32,6 +32,7 @@ Patch7: emacs-ob-latex-command-injection-vulnerability.patch
Patch8: emacs-consider-org-file-contents-unsafe.patch Patch8: emacs-consider-org-file-contents-unsafe.patch
Patch9: emacs-org-link-expand-abbrev-unsafe-elisp.patch Patch9: emacs-org-link-expand-abbrev-unsafe-elisp.patch
Patch10: emacs-mark-contents-untrusted.patch Patch10: emacs-mark-contents-untrusted.patch
Patch11: emacs-man-el-shell-injection-vulnerability.patch
BuildRequires: atk-devel BuildRequires: atk-devel
BuildRequires: cairo-devel BuildRequires: cairo-devel
@ -193,6 +194,7 @@ packages that add functionality to Emacs.
%patch8 -p1 -b .consider-org-file-contents-unsafe %patch8 -p1 -b .consider-org-file-contents-unsafe
%patch9 -p1 -b .org-link-expand-abbrev-unsafe-elisp %patch9 -p1 -b .org-link-expand-abbrev-unsafe-elisp
%patch10 -p1 -b .mark-contents-untrusted %patch10 -p1 -b .mark-contents-untrusted
%patch11 -p1 -b .emacs-man-el-shell-injection-vulnerability
autoconf autoconf
# We prefer our emacs.desktop file # We prefer our emacs.desktop file
@ -479,6 +481,9 @@ fi
%dir %{_datadir}/emacs/site-lisp/site-start.d %dir %{_datadir}/emacs/site-lisp/site-start.d
%changelog %changelog
* Wed Feb 19 2025 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-13
- Fix man.el shell injection vulnerability (RHEL-79016)
* Fri Aug 23 2024 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-12 * Fri Aug 23 2024 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-12
- org-file-contents: Consider all remote files unsafe (CVE-2024-30205) - org-file-contents: Consider all remote files unsafe (CVE-2024-30205)
- org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331) - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331)