pool/emacs
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1245402 from editors

Browse Source 
- Add patch CVE-2025-1244.patch
  * Avoid shell injection via custom "man" URI scheme (boo#1237091, CVE-2025-1244)

OBS-URL: https://build.opensuse.org/request/show/1245402
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/emacs?expand=0&rev=199
This commit is contained in:
Ana Guerrero 2025-02-12 20:30:48 +00:00 committed by Git OBS Bridge
commit 9f05514d4a
3 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
CVE-2025-1244.patch Normal file
View File

@ -0,0 +1,57 @@
From 820f0793f0b46448928905552726c1f1b999062f Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Tue, 10 Oct 2023 22:20:05 +0800
Subject: Fix man.el shell injection vulnerability
* lisp/man.el (Man-translate-references): Fix shell injection
vulnerability. (Bug#66390)
* test/lisp/man-tests.el (man-tests-Man-translate-references): New
test.
---
lisp/man.el | 6 +++++-
test/lisp/man-tests.el | 12 ++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/lisp/man.el b/lisp/man.el
index 55cb938..d963964 100644
--- a/lisp/man.el
+++ b/lisp/man.el
@@ -761,7 +761,11 @@ and the `Man-section-translations-alist' variables)."
(setq name (match-string 2 ref)
section (match-string 1 ref))))
(if (string= name "")
- ref ; Return the reference as is
+ ;; see Bug#66390
+ (mapconcat 'identity
+ (mapcar #'shell-quote-argument
+ (split-string ref "\\s-+"))
+ " ") ; Return the reference as is
(if Man-downcase-section-letters-flag
(setq section (downcase section)))
(while slist
diff --git a/test/lisp/man-tests.el b/test/lisp/man-tests.el
index 140482e..11f5f80 100644
--- a/test/lisp/man-tests.el
+++ b/test/lisp/man-tests.el
@@ -161,6 +161,18 @@ DESCRIPTION
(let ((button (button-at (match-beginning 0))))
(should (and button (eq 'Man-xref-header-file (button-type button))))))))))
+(ert-deftest man-tests-Man-translate-references ()
+ (should (equal (Man-translate-references "basename")
+ "basename"))
+ (should (equal (Man-translate-references "basename(3)")
+ "3 basename"))
+ (should (equal (Man-translate-references "basename(3v)")
+ "3v basename"))
+ (should (equal (Man-translate-references ";id")
+ "\\;id"))
+ (should (equal (Man-translate-references "-k basename")
+ "-k basename")))
+
(provide 'man-tests)
;;; man-tests.el ends here
--
cgit v1.1

6
emacs.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Feb 12 12:20:32 UTC 2025 - Dr. Werner Fink <werner@suse.de>
- Add patch CVE-2025-1244.patch
* Avoid shell injection via custom "man" URI scheme (boo#1237091, CVE-2025-1244)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 15 13:53:48 UTC 2025 - Dr. Werner Fink <werner@suse.de> Wed Jan 15 13:53:48 UTC 2025 - Dr. Werner Fink <werner@suse.de>

3
emacs.spec
View File

@ -224,6 +224,7 @@ Patch26: emacs-27.1-pdftex.patch
Patch29: emacs-27.1-Xauthority4server.patch Patch29: emacs-27.1-Xauthority4server.patch
Patch30: emacs-CVE-2024-53920.patch Patch30: emacs-CVE-2024-53920.patch
Patch31: emacs-29.4-boo1234673.patch Patch31: emacs-29.4-boo1234673.patch
Patch32: CVE-2025-1244.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{expand: %%global include_info %(test -s /usr/share/info/info.info* && echo 0 || echo 1)} %{expand: %%global include_info %(test -s /usr/share/info/info.info* && echo 0 || echo 1)}
%{expand: %%global _exec_prefix %(type -p pkg-config &>/dev/null && pkg-config --variable prefix x11 || echo /usr/X11R6)} %{expand: %%global _exec_prefix %(type -p pkg-config &>/dev/null && pkg-config --variable prefix x11 || echo /usr/X11R6)}
@ -394,6 +395,7 @@ and most assembler-like syntaxes.
%patch -P29 -p0 -b .xauth %patch -P29 -p0 -b .xauth
%patch -P30 -p0 -b .cve202453920 %patch -P30 -p0 -b .cve202453920
%patch -P31 -p0 -b .boo1234673 %patch -P31 -p0 -b .boo1234673
%patch -P32 -p1 -b .boo1237091
%patch -P0 -p0 -b .0 %patch -P0 -p0 -b .0
%if %{without tex4pdf} %if %{without tex4pdf}
pushd etc/refcards/ pushd etc/refcards/
@ -770,6 +772,7 @@ rm -vf %{buildroot}%{_datadir}/emacs/%{version}/lisp/htmlfontify.el.cve202248339
rm -vf %{buildroot}%{_datadir}/emacs/%{version}/lisp/progmodes/elisp-mode.el.el.cve202453920 rm -vf %{buildroot}%{_datadir}/emacs/%{version}/lisp/progmodes/elisp-mode.el.el.cve202453920
rm -vf %{buildroot}%{_datadir}/emacs/%{version}/lisp/progmodes/ruby-mode.el.cve202248338 rm -vf %{buildroot}%{_datadir}/emacs/%{version}/lisp/progmodes/ruby-mode.el.cve202248338
rm -vf %{buildroot}%{_datadir}/emacs/%{version}/lisp/emacs-lisp/comp.el.boo1234673 rm -vf %{buildroot}%{_datadir}/emacs/%{version}/lisp/emacs-lisp/comp.el.boo1234673
rm -vf %{buildroot}%{_datadir}/emacs/%{version}/lisp/man.el.boo1237091
rm -vf %{buildroot}%{_datadir}/emacs/%{version}/etc/emacsclient-mail.desktop.cve202327985 rm -vf %{buildroot}%{_datadir}/emacs/%{version}/etc/emacsclient-mail.desktop.cve202327985
rm -vf %{buildroot}%{_datadir}/emacs/%{version}/etc/emacsclient-mail.desktop.cve202327986 rm -vf %{buildroot}%{_datadir}/emacs/%{version}/etc/emacsclient-mail.desktop.cve202327986
rm -vf %{buildroot}%{_datadir}/emacs/%{version}/etc/emacsclient.desktop.cve202327985 rm -vf %{buildroot}%{_datadir}/emacs/%{version}/etc/emacsclient.desktop.cve202327985