diff --git a/dist b/dist new file mode 100644 index 0000000000000000000000000000000000000000..ad8eb77ba59be071474988a034571694eaa9db8e --- /dev/null +++ b/dist @@ -0,0 +1 @@ +an7_9 diff --git a/download b/download new file mode 100644 index 0000000000000000000000000000000000000000..85e77ae141e82dcc737f45b9647ecb05ee004bcf --- /dev/null +++ b/download @@ -0,0 +1 @@ +ea9ed000ca165280265aabb55b9afbd7 emacs-24.3.tar.xz diff --git a/emacs-24.3.tar.xz b/emacs-24.3.tar.xz deleted file mode 100644 index 7bbec8aa78148b8b0c8538f1c27ec5a706633073..0000000000000000000000000000000000000000 Binary files a/emacs-24.3.tar.xz and /dev/null differ diff --git a/emacs-htmlfontify-command-injection-vulnerability.patch b/emacs-htmlfontify-command-injection-vulnerability.patch new file mode 100644 index 0000000000000000000000000000000000000000..73122c83eb0c0c3bf9d93d43225c392c3f69a080 --- /dev/null +++ b/emacs-htmlfontify-command-injection-vulnerability.patch @@ -0,0 +1,26 @@ +From 1b4dc4691c1f87fc970fbe568b43869a15ad0d4c Mon Sep 17 00:00:00 2001 +From: Xi Lu +Date: Sat, 24 Dec 2022 16:28:54 +0800 +Subject: [PATCH] Fix htmlfontify.el command injection vulnerability. + +* lisp/htmlfontify.el (hfy-text-p): Fix command injection +vulnerability. (Bug#60295) +--- + lisp/htmlfontify.el | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lisp/htmlfontify.el b/lisp/htmlfontify.el +index df4c6ab079c..389b92939cc 100644 +--- a/lisp/htmlfontify.el ++++ b/lisp/htmlfontify.el +@@ -1912,7 +1912,7 @@ hfy-make-directory + + (defun hfy-text-p (srcdir file) + "Is SRCDIR/FILE text? Uses `hfy-istext-command' to determine this." +- (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir))) ++ (let* ((cmd (format hfy-istext-command (shell-quote-argument (expand-file-name file srcdir)))) + (rsp (shell-command-to-string cmd))) + (string-match "text" rsp))) + +-- +2.36.1 diff --git a/emacs.spec b/emacs.spec index 0f4a7b4b3d7cc2a2eca63c7c11a367d62a5c76ef..25c530449fc75e835350919a4e5f713c560ac576 100644 --- a/emacs.spec +++ b/emacs.spec @@ -1,11 +1,10 @@ -%define anolis_release .0.1 %undefine _hardened_build # This file is encoded in UTF-8. -*- coding: utf-8 -*- Summary: GNU Emacs text editor Name: emacs Epoch: 1 Version: 24.3 -Release: 23%{anolis_release}%{?dist} +Release: 23%{?dist}.1 License: GPLv3+ URL: http://www.gnu.org/software/emacs/ Group: Applications/Editors @@ -56,6 +55,7 @@ Patch32: emacs-0013-gnutls.el-increase-gnutls-min-prime-bits-to-1024-by-. Patch100: emacs-24.3-hunspell.patch # Fix for emacs bug #827033 Patch101: emacs-24.3-hunspell.2.patch +Patch102: emacs-htmlfontify-command-injection-vulnerability.patch BuildRequires: atk-devel cairo-devel freetype-devel fontconfig-devel dbus-devel giflib-devel glibc-devel libpng-devel @@ -220,6 +220,7 @@ packages that add functionality to Emacs. %patch100 -p1 -b .hunspell %patch101 -p1 -b .hunspell.2 +%patch102 -p1 -b .htmlfontify-command-injection-vulnerability if test configure.ac -nt aclocal.m4 -o m4/gnulib-comp.m4 -nt aclocal.m4 ; then sleep 1 touch aclocal.m4 @@ -479,7 +480,6 @@ update-desktop-database &> /dev/null || : %{_datadir}/applications/emacs.desktop %{_datadir}/applications/emacsclient.desktop %{_datadir}/icons/hicolor/*/apps/emacs.png -#%{_datadir}/icons/hicolor/*/apps/emacs22.png %{_datadir}/icons/hicolor/scalable/apps/emacs.svg %{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document.svg @@ -496,7 +496,6 @@ update-desktop-database &> /dev/null || : %{_bindir}/etags.emacs %{_bindir}/gctags %{_bindir}/grep-changelog -#%{_bindir}/rcs-checkin %{_mandir}/*/* %{_infodir}/* %dir %{_datadir}/emacs/%{version} @@ -521,8 +520,8 @@ update-desktop-database &> /dev/null || : %dir %{_datadir}/emacs/site-lisp/site-start.d %changelog -* Wed Mar 01 2023 yangxiaoxuan - 1:24.3-23.0.1 -- spec: rebuild for ImageMagick +* Fri Apr 7 2023 Jacek Migacz - 1:24.3-23.1 +- Fix htmlfontify.el command injection vulnerability (#2175177) * Fri Nov 01 2019 Tomas Pelka - 1:24.3-23 - Resolves: #1765208 rebuild against new IM