Compare commits
No commits in common. "c8-beta" and "c8s" have entirely different histories.
@ -1,2 +0,0 @@
|
||||
53c01d987b2613701f42d9f941c2d5225a5874c4 SOURCES/emacs-26.1.tar.xz
|
||||
c962aff1571d9fb346775ec4329877dbb63307d6 SOURCES/package-keyring.gpg
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,4 @@
|
||||
SOURCES/emacs-26.1.tar.xz
|
||||
SOURCES/package-keyring.gpg
|
||||
/emacs-26.1.tar.xz
|
||||
/package-keyring.gpg
|
||||
|
36
emacs-consider-org-file-contents-unsafe.patch
Normal file
36
emacs-consider-org-file-contents-unsafe.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From 2bc865ace050ff118db43f01457f95f95112b877 Mon Sep 17 00:00:00 2001
|
||||
From: Ihor Radchenko <yantar92@posteo.net>
|
||||
Date: Tue, 20 Feb 2024 14:59:20 +0300
|
||||
Subject: org-file-contents: Consider all remote files unsafe
|
||||
|
||||
* lisp/org/org.el (org-file-contents): When loading files, consider all
|
||||
remote files (like TRAMP-fetched files) unsafe, in addition to URLs.
|
||||
---
|
||||
lisp/org/org.el | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lisp/org/org.el b/lisp/org/org.el
|
||||
index 0f5d17d..76559c9 100644
|
||||
--- a/lisp/org/org.el
|
||||
+++ b/lisp/org/org.el
|
||||
@@ -4576,12 +4576,16 @@ from file or URL, and return nil.
|
||||
If NOCACHE is non-nil, do a fresh fetch of FILE even if cached version
|
||||
is available. This option applies only if FILE is a URL."
|
||||
(let* ((is-url (org-file-url-p file))
|
||||
+ (is-remote (condition-case nil
|
||||
+ (file-remote-p file)
|
||||
+ ;; In case of error, be safe.
|
||||
+ (t t)))
|
||||
(cache (and is-url
|
||||
(not nocache)
|
||||
(gethash file org--file-cache))))
|
||||
(cond
|
||||
(cache)
|
||||
- (is-url
|
||||
+ ((or is-url is-remote)
|
||||
(with-current-buffer (url-retrieve-synchronously file)
|
||||
(goto-char (point-min))
|
||||
;; Move point to after the url-retrieve header.
|
||||
--
|
||||
cgit v1.1
|
||||
|
25
emacs-mark-contents-untrusted.patch
Normal file
25
emacs-mark-contents-untrusted.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 937b9042ad7426acdcca33e3d931d8f495bdd804 Mon Sep 17 00:00:00 2001
|
||||
From: Ihor Radchenko <yantar92@posteo.net>
|
||||
Date: Tue, 20 Feb 2024 12:44:30 +0300
|
||||
Subject: * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark contents
|
||||
untrusted.
|
||||
|
||||
---
|
||||
lisp/gnus/mm-view.el | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
|
||||
index 2e1261c..5f234e5 100644
|
||||
--- a/lisp/gnus/mm-view.el
|
||||
+++ b/lisp/gnus/mm-view.el
|
||||
@@ -504,6 +504,7 @@ If MODE is not set, try to find mode automatically."
|
||||
(setq coding-system (mm-find-buffer-file-coding-system)))
|
||||
(setq text (buffer-string))))
|
||||
(with-temp-buffer
|
||||
+ (setq untrusted-content t)
|
||||
(buffer-disable-undo)
|
||||
(mm-enable-multibyte)
|
||||
(insert (cond ((eq charset 'gnus-decoded)
|
||||
--
|
||||
cgit v1.1
|
||||
|
78
emacs-org-link-expand-abbrev-unsafe-elisp.patch
Normal file
78
emacs-org-link-expand-abbrev-unsafe-elisp.patch
Normal file
@ -0,0 +1,78 @@
|
||||
From f4cc61636947b5c2f0afc67174dd369fe3277aa8 Mon Sep 17 00:00:00 2001
|
||||
From: Ihor Radchenko <yantar92@posteo.net>
|
||||
Date: Tue, 18 Jun 2024 13:06:44 +0200
|
||||
Subject: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
|
||||
|
||||
* lisp/org/org.el (org-link-expand-abbrev): Refuse expanding %(...) link
|
||||
abbrevs that specify unsafe function. Instead, display a warning, and
|
||||
do not expand the abbrev. Clear all the text properties from the
|
||||
returned link, to avoid any potential vulnerabilities caused by
|
||||
properties that may contain arbitrary Elisp.
|
||||
---
|
||||
lisp/org/org.el | 40 +++++++++++++++++++++++++++++-----------
|
||||
1 file changed, 29 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/lisp/org/org.el b/lisp/org/org.el
|
||||
index 7a7f4f5..8a556c7 100644
|
||||
--- a/lisp/org/org.el
|
||||
+++ b/lisp/org/org.el
|
||||
@@ -1152,26 +1152,44 @@ Abbreviations are defined in `org-link-abbrev-alist'."
|
||||
|
||||
(defun org-link-expand-abbrev (link)
|
||||
"Apply replacements as defined in `org-link-abbrev-alist'."
|
||||
- (if (string-match "^\\([^:]*\\)\\(::?\\(.*\\)\\)?$" link)
|
||||
+ (if (not (string-match "^\\([^:]*\\)\\(::?\\(.*\\)\\)?$" link)) link
|
||||
(let* ((key (match-string 1 link))
|
||||
(as (or (assoc key org-link-abbrev-alist-local)
|
||||
(assoc key org-link-abbrev-alist)))
|
||||
(tag (and (match-end 2) (match-string 3 link)))
|
||||
rpl)
|
||||
(if (not as)
|
||||
link
|
||||
(setq rpl (cdr as))
|
||||
- (cond
|
||||
- ((symbolp rpl) (funcall rpl tag))
|
||||
- ((string-match "%(\\([^)]+\\))" rpl)
|
||||
- (replace-match
|
||||
- (save-match-data
|
||||
- (funcall (intern-soft (match-string 1 rpl)) tag)) t t rpl))
|
||||
- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
|
||||
- ((string-match "%h" rpl)
|
||||
- (replace-match (url-hexify-string (or tag "")) t t rpl))
|
||||
- (t (concat rpl tag)))))
|
||||
- link))
|
||||
+ ;; Drop any potentially dangerous text properties like
|
||||
+ ;; `modification-hooks' that may be used as an attack vector.
|
||||
+ (substring-no-properties
|
||||
+ (cond
|
||||
+ ((symbolp rpl) (funcall rpl tag))
|
||||
+ ((string-match "%(\\([^)]+\\))" rpl)
|
||||
+ (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl))))
|
||||
+ ;; Using `unsafep-function' is not quite enough because
|
||||
+ ;; Emacs considers functions like `genenv' safe, while
|
||||
+ ;; they can potentially be used to expose private system
|
||||
+ ;; data to attacker if abbreviated link is clicked.
|
||||
+ (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe))
|
||||
+ (eq t (get rpl-fun-symbol 'pure)))
|
||||
+ (replace-match
|
||||
+ (save-match-data
|
||||
+ (funcall (intern-soft (match-string 1 rpl)) tag))
|
||||
+ t t rpl)
|
||||
+ (org-display-warning
|
||||
+ (format "Disabling unsafe link abbrev: %s
|
||||
+You may mark function safe via (put '%s 'org-link-abbrev-safe t)"
|
||||
+ rpl (match-string 1 rpl)))
|
||||
+ (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local)
|
||||
+ org-link-abbrev-alist (delete as org-link-abbrev-alist))
|
||||
+ link
|
||||
+ )))
|
||||
+ ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
|
||||
+ ((string-match "%h" rpl)
|
||||
+ (replace-match (url-hexify-string (or tag "")) t t rpl))
|
||||
+ (t (concat rpl tag))))))))
|
||||
|
||||
;;; Storing and inserting links
|
||||
|
||||
--
|
||||
cgit v1.1
|
||||
|
@ -5,7 +5,7 @@ Summary: GNU Emacs text editor
|
||||
Name: emacs
|
||||
Epoch: 1
|
||||
Version: 26.1
|
||||
Release: 11%{?dist}
|
||||
Release: 12%{?dist}
|
||||
License: GPLv3+ and CC0-1.0
|
||||
URL: http://www.gnu.org/software/emacs/
|
||||
Group: Applications/Editors
|
||||
@ -29,6 +29,9 @@ Patch4: emacs-mh-rmail-nonempty-dir.patch
|
||||
Patch5: emacs-etags-local-command-injection-vulnerability.patch
|
||||
Patch6: emacs-htmlfontify-command-injection-vulnerability.patch
|
||||
Patch7: emacs-ob-latex-command-injection-vulnerability.patch
|
||||
Patch8: emacs-consider-org-file-contents-unsafe.patch
|
||||
Patch9: emacs-org-link-expand-abbrev-unsafe-elisp.patch
|
||||
Patch10: emacs-mark-contents-untrusted.patch
|
||||
|
||||
BuildRequires: atk-devel
|
||||
BuildRequires: cairo-devel
|
||||
@ -68,7 +71,6 @@ BuildRequires: desktop-file-utils
|
||||
BuildRequires: libacl-devel
|
||||
|
||||
BuildRequires: gtk3-devel
|
||||
BuildRequires: webkit2gtk3-devel
|
||||
|
||||
# For lucid
|
||||
BuildRequires: Xaw3d-devel
|
||||
@ -188,6 +190,9 @@ packages that add functionality to Emacs.
|
||||
%patch5 -p1 -b .etags-local-command-injection-vulnerability
|
||||
%patch6 -p1 -b .htmlfontify-command-injection-vulnerability
|
||||
%patch7 -p1 -b .ob-latex-command-injection-vulnerability
|
||||
%patch8 -p1 -b .consider-org-file-contents-unsafe
|
||||
%patch9 -p1 -b .org-link-expand-abbrev-unsafe-elisp
|
||||
%patch10 -p1 -b .mark-contents-untrusted
|
||||
autoconf
|
||||
|
||||
# We prefer our emacs.desktop file
|
||||
@ -243,7 +248,7 @@ ln -s ../configure .
|
||||
|
||||
%configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \
|
||||
--with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3 --with-gpm=no \
|
||||
--with-xwidgets --with-modules
|
||||
--with-modules
|
||||
make bootstrap
|
||||
%{setarch} make %{?_smp_mflags}
|
||||
cd ..
|
||||
@ -474,6 +479,12 @@ fi
|
||||
%dir %{_datadir}/emacs/site-lisp/site-start.d
|
||||
|
||||
%changelog
|
||||
* Fri Aug 23 2024 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-12
|
||||
- org-file-contents: Consider all remote files unsafe (CVE-2024-30205)
|
||||
- org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331)
|
||||
- Make Gnus treats inline MIME contents as untrusted (CVE-2024-30203)
|
||||
- Disable xwidgets (RHEL-14549)
|
||||
|
||||
* Wed Apr 12 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-11
|
||||
- Bump version
|
||||
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-8
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
2
sources
Normal file
2
sources
Normal file
@ -0,0 +1,2 @@
|
||||
SHA512 (emacs-26.1.tar.xz) = 537c2cfdd281151b360002419dde6280c313e07a937ed96405c67f754b3401ec5541091a3c0aa6690929bc33dd79e8e0d8844e7a6b014b7798c63cb15de210c2
|
||||
SHA512 (package-keyring.gpg) = ca0dfa2edda9a6de5837dd6d754d574b13e007561e8dcc99c178d24f6a5dbb6880edc95db9d6afbea8bdf0b409671657fe22a778003ea0ccf351dce5e4fd429f
|
Loading…
Reference in New Issue
Block a user