From 637129dc552e0201a3d17b5cba0d60b77b5d5627 Mon Sep 17 00:00:00 2001 From: yangchunchun Date: Fri, 23 Aug 2024 09:36:51 +0800 Subject: [PATCH 1/2] CVE-2024-39331 --- 1002-CVE-2024-39331.patch | 60 +++++++++++++++++++++++++++++++++++++++ emacs.spec | 8 +++++- 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 1002-CVE-2024-39331.patch diff --git a/1002-CVE-2024-39331.patch b/1002-CVE-2024-39331.patch new file mode 100644 index 0000000..a77e180 --- /dev/null +++ b/1002-CVE-2024-39331.patch @@ -0,0 +1,60 @@ +From bdd2eceb34db63888ce4032dcc5a70eb9eb62ad1 Mon Sep 17 00:00:00 2001 +From: yangchunchun +Date: Wed, 21 Aug 2024 16:08:16 +0800 +Subject: [PATCH] cqos CVE-2024-39331 + + +diff --git a/lisp/org/ol.el b/lisp/org/ol.el +index d1db168..49e9d4c 100644 +--- a/lisp/org/ol.el ++++ b/lisp/org/ol.el +@@ -1007,17 +1007,36 @@ Abbreviations are defined in `org-link-abbrev-alist'." + (if (not as) + link + (setq rpl (cdr as)) ++ ;; Drop any potentially dangerous text properties like ++ ;; `modification-hooks' that may be used as an attack vector. ++ (substring-no-properties + (cond +- ((symbolp rpl) (funcall rpl tag)) +- ((string-match "%(\\([^)]+\\))" rpl) +- (replace-match +- (save-match-data +- (funcall (intern-soft (match-string 1 rpl)) tag)) +- t t rpl)) +- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) +- ((string-match "%h" rpl) +- (replace-match (url-hexify-string (or tag "")) t t rpl)) +- (t (concat rpl tag))))))) ++ ((symbolp rpl) (funcall rpl tag)) ++ ((string-match "%(\\([^)]+\\))" rpl) ++ (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl)))) ++ ;; Using `unsafep-function' is not quite enough because ++ ;; Emacs considers functions like `genenv' safe, while ++ ;; they can potentially be used to expose private system ++ ;; data to attacker if abbreviated link is clicked. ++ (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe)) ++ (eq t (get rpl-fun-symbol 'pure))) ++ (replace-match ++ (save-match-data ++ (funcall (intern-soft (match-string 1 rpl)) tag)) ++ t t rpl) ++ (org-display-warning ++ (format "Disabling unsafe link abbrev: %s ++You may mark function safe via (put '%s 'org-link-abbrev-safe t)" ++ rpl (match-string 1 rpl))) ++ (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local) ++ org-link-abbrev-alist (delete as org-link-abbrev-alist)) ++ link ++ ))) ++ ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) ++ ((string-match "%h" rpl) ++ (replace-match (url-hexify-string (or tag "")) t t rpl)) ++ (t (concat rpl tag)))))))) ++ + + (defun org-link-open (link &optional arg) + "Open a link object LINK. +-- +2.31.1 + diff --git a/emacs.spec b/emacs.spec index d3b4e85..9698245 100644 --- a/emacs.spec +++ b/emacs.spec @@ -1,5 +1,5 @@ %global _hardened_build 1 -%define anolis_release .0.2 +%define anolis_release .0.3 # This file is encoded in UTF-8. -*- coding: utf-8 -*- Summary: GNU Emacs text editor @@ -38,6 +38,8 @@ BuildRequires: gcc # Add by Anolis Patch1001: 1001-emacs-add-sw.patch # End of Anolis +Patch1002: 1002-CVE-2024-39331.patch + BuildRequires: atk-devel BuildRequires: cairo-devel @@ -217,6 +219,7 @@ Doc pages for %{name}. %patch7 -p1 -b .htmlfontify-command-injection-vulnerability %patch8 -p1 -b .ruby-mode-local-command-injection-vulnerability %patch9 -p1 -b .ob-latex-command-injection-vulnerability +%patch1002 -p1 %ifarch loongarch64 %_update_config_guess @@ -519,6 +522,9 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg %doc doc/NEWS BUGS README %changelog +* Thu Aug 22 2024 Chunchun Yang - 1:27.2-9.0.3 +- Fxed CVE-2024-39331 + * Tue Mar 19 2024 wxiat - 1:27.2-9.0.2 - cherry-pick `add sw patch #349896d0a48b80b530cfa5cc2bd1fc4ceff68e42`. -- Gitee From 5ccfd939411356999aa5cf770d9773d893e3a945 Mon Sep 17 00:00:00 2001 From: yangchunc Date: Thu, 26 Sep 2024 01:28:09 +0000 Subject: [PATCH 2/2] update 1002-CVE-2024-39331.patch. Signed-off-by: yangchunc --- 1002-CVE-2024-39331.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1002-CVE-2024-39331.patch b/1002-CVE-2024-39331.patch index a77e180..8e89052 100644 --- a/1002-CVE-2024-39331.patch +++ b/1002-CVE-2024-39331.patch @@ -1,5 +1,5 @@ From bdd2eceb34db63888ce4032dcc5a70eb9eb62ad1 Mon Sep 17 00:00:00 2001 -From: yangchunchun +From: yangchunchun Date: Wed, 21 Aug 2024 16:08:16 +0800 Subject: [PATCH] cqos CVE-2024-39331 -- Gitee