Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/emacs/28.2
diff options
context:
space:
mode:
Diffstat (limited to 'emacs/28.2')
-rw-r--r--emacs/28.2/04_all_gnus-nnml.patch38
-rw-r--r--emacs/28.2/05_all_etags-metachar.patch99
-rw-r--r--emacs/28.2/06_all_ruby-mode.patch22
-rw-r--r--emacs/28.2/07_all_htmlfontify.patch22
4 files changed, 181 insertions, 0 deletions
diff --git a/emacs/28.2/04_all_gnus-nnml.patch b/emacs/28.2/04_all_gnus-nnml.patch
new file mode 100644
index 0000000..eed2058
--- /dev/null
+++ b/emacs/28.2/04_all_gnus-nnml.patch
@@ -0,0 +1,38 @@
+Fix denial-of-service issue in Gnus
+Patch from emacs-28 branch
+
+commit ae9bfed50dbf5043c0b47f20473ef43d8aeebebd
+Author: Eli Zaretskii <eliz@gnu.org>
+Date: Mon Dec 19 19:01:04 2022 +0200
+
+ Fix storing email into nnmail by Gnus
+
+--- a/lisp/gnus/nnml.el
++++ b/lisp/gnus/nnml.el
+@@ -775,17 +775,22 @@
+ (nnml--encode-headers headers)
+ headers))))
+
++;; RFC2047-encode Subject and From, but leave invalid headers unencoded.
+ (defun nnml--encode-headers (headers)
+ (let ((subject (mail-header-subject headers))
+ (rfc2047-encoding-type 'mime))
+ (unless (string-match "\\`[[:ascii:]]*\\'" subject)
+- (setf (mail-header-subject headers)
+- (mail-encode-encoded-word-string subject t))))
++ (let ((encoded-subject
++ (ignore-errors (mail-encode-encoded-word-string subject t))))
++ (if encoded-subject
++ (setf (mail-header-subject headers) encoded-subject)))))
+ (let ((from (mail-header-from headers))
+ (rfc2047-encoding-type 'address-mime))
+ (unless (string-match "\\`[[:ascii:]]*\\'" from)
+- (setf (mail-header-from headers)
+- (rfc2047-encode-string from t)))))
++ (let ((encoded-from
++ (ignore-errors (rfc2047-encode-string from t))))
++ (if encoded-from
++ (setf (mail-header-from headers) encoded-from))))))
+
+ (defun nnml-get-nov-buffer (group &optional incrementalp)
+ (let ((buffer (gnus-get-buffer-create
diff --git a/emacs/28.2/05_all_etags-metachar.patch b/emacs/28.2/05_all_etags-metachar.patch
new file mode 100644
index 0000000..9371c17
--- /dev/null
+++ b/emacs/28.2/05_all_etags-metachar.patch
@@ -0,0 +1,99 @@
+Fix etags local command injection vulnerability (CVE-2022-48337)
+Patch from emacs-28 branch
+https://bugs.gentoo.org/897950
+https://debbugs.gnu.org/59817
+
+commit e339926272a598bd9ee7e02989c1662b89e64cf0
+Author: Xi Lu <lx@shellcodes.org>
+Date: Tue Dec 6 15:42:40 2022 +0800
+
+ Fix etags local command injection vulnerability
+
+--- a/lib-src/etags.c
++++ b/lib-src/etags.c
+@@ -408,6 +408,7 @@
+ static void put_entries (node *);
+ static void clean_matched_file_tag (char const * const, char const * const);
+
++static char *escape_shell_arg_string (char *);
+ static void do_move_file (const char *, const char *);
+ static char *concat (const char *, const char *, const char *);
+ static char *skip_spaces (char *);
+@@ -1704,13 +1705,16 @@
+ else
+ {
+ #if MSDOS || defined (DOS_NT)
+- char *cmd1 = concat (compr->command, " \"", real_name);
+- char *cmd = concat (cmd1, "\" > ", tmp_name);
++ int buf_len = strlen (compr->command) + strlen (" \"\" > \"\"") + strlen (real_name) + strlen (tmp_name) + 1;
++ char *cmd = xmalloc (buf_len);
++ snprintf (cmd, buf_len, "%s \"%s\" > \"%s\"", compr->command, real_name, tmp_name);
+ #else
+- char *cmd1 = concat (compr->command, " '", real_name);
+- char *cmd = concat (cmd1, "' > ", tmp_name);
++ char *new_real_name = escape_shell_arg_string (real_name);
++ char *new_tmp_name = escape_shell_arg_string (tmp_name);
++ int buf_len = strlen (compr->command) + strlen (" > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1;
++ char *cmd = xmalloc (buf_len);
++ snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name);
+ #endif
+- free (cmd1);
+ inf = (system (cmd) == -1
+ ? NULL
+ : fopen (tmp_name, "r" FOPEN_BINARY));
+@@ -7689,6 +7693,55 @@
+ return templt;
+ }
+
++/*
++ * Adds single quotes around a string, if found single quotes, escaped it.
++ * Return a newly-allocated string.
++ *
++ * For example:
++ * escape_shell_arg_string("test.txt") => 'test.txt'
++ * escape_shell_arg_string("'test.txt") => ''\''test.txt'
++ */
++static char *
++escape_shell_arg_string (char *str)
++{
++ char *p = str;
++ int need_space = 2; /* ' at begin and end */
++
++ while (*p != '\0')
++ {
++ if (*p == '\'')
++ need_space += 4; /* ' to '\'', length is 4 */
++ else
++ need_space++;
++
++ p++;
++ }
++
++ char *new_str = xnew (need_space + 1, char);
++ new_str[0] = '\'';
++ new_str[need_space-1] = '\'';
++
++ int i = 1; /* skip first byte */
++ p = str;
++ while (*p != '\0')
++ {
++ new_str[i] = *p;
++ if (*p == '\'')
++ {
++ new_str[i+1] = '\\';
++ new_str[i+2] = '\'';
++ new_str[i+3] = '\'';
++ i += 3;
++ }
++
++ i++;
++ p++;
++ }
++
++ new_str[need_space] = '\0';
++ return new_str;
++}
++
+ static void
+ do_move_file(const char *src_file, const char *dst_file)
+ {
diff --git a/emacs/28.2/06_all_ruby-mode.patch b/emacs/28.2/06_all_ruby-mode.patch
new file mode 100644
index 0000000..6b1b054
--- /dev/null
+++ b/emacs/28.2/06_all_ruby-mode.patch
@@ -0,0 +1,22 @@
+Fix ruby-mode.el local command injection vulnerability (CVE-2022-48338)
+Patch from emacs-28 branch
+https://bugs.gentoo.org/897950
+https://debbugs.gnu.org/60268
+
+commit 22fb5ff5126dc8bb01edaa0252829d853afb284f
+Author: Xi Lu <lx@shellcodes.org>
+Date: Fri Dec 23 12:52:48 2022 +0800
+
+ Fix ruby-mode.el local command injection vulnerability (bug#60268)
+
+--- a/lisp/progmodes/ruby-mode.el
++++ b/lisp/progmodes/ruby-mode.el
+@@ -1819,7 +1819,7 @@
+ (setq feature-name (read-string "Feature name: " init))))
+ (let ((out
+ (substring
+- (shell-command-to-string (concat "gem which " feature-name))
++ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
+ 0 -1)))
+ (if (string-match-p "\\`ERROR" out)
+ (user-error "%s" out)
diff --git a/emacs/28.2/07_all_htmlfontify.patch b/emacs/28.2/07_all_htmlfontify.patch
new file mode 100644
index 0000000..acfccc5
--- /dev/null
+++ b/emacs/28.2/07_all_htmlfontify.patch
@@ -0,0 +1,22 @@
+Fix htmlfontify.el command injection vulnerability (CVE-2022-48339)
+Patch from emacs-28 branch
+https://bugs.gentoo.org/897950
+https://debbugs.gnu.org/60295
+
+commit 807d2d5b3a7cd1d0e3f7dd24de22770f54f5ae16
+Author: Xi Lu <lx@shellcodes.org>
+Date: Sat Dec 24 16:28:54 2022 +0800
+
+ Fix htmlfontify.el command injection vulnerability.
+
+--- a/lisp/htmlfontify.el
++++ b/lisp/htmlfontify.el
+@@ -1882,7 +1882,7 @@
+
+ (defun hfy-text-p (srcdir file)
+ "Is SRCDIR/FILE text? Use `hfy-istext-command' to determine this."
+- (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir)))
++ (let* ((cmd (format hfy-istext-command (shell-quote-argument (expand-file-name file srcdir))))
+ (rsp (shell-command-to-string cmd)))
+ (string-match "text" rsp)))
+