diff --git a/emacs.spec b/emacs.spec index f88c3572b220fbd5e27b3c9c5eae846f0829ec4c..95c44b277dba2af9782dc62449419ee11d5d899a 100644 --- a/emacs.spec +++ b/emacs.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 %global _hardened_build 1 # This file is encoded in UTF-8. -*- coding: utf-8 -*- @@ -19,6 +19,9 @@ Patch1: emacs-spellchecker.patch Patch2: emacs-system-crypto-policies.patch Patch3: emacs-libdir-vs-systemd.patch +#https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29.4&id=c645e1d8205f0f0663ec4a2d27575b238c646c7c +Patch4: fix-cve-2024-39331.patch + BuildRequires: gcc BuildRequires: atk-devel BuildRequires: cairo-devel @@ -511,6 +514,9 @@ desktop-file-validate %{buildroot}/%{_datadir}/applications/*.desktop %{_includedir}/emacs-module.h %changelog +* Fri Aug 02 2024 yangxinyu - 1:29.1-2 +- fix the CVE-2024-39331 + * Thu Aug 24 2023 happy_orange - 1:29.1-1 - update to 29.1 to fix the CVE-2023-27985 and CVE-2022-45939 diff --git a/fix-cve-2024-39331.patch b/fix-cve-2024-39331.patch new file mode 100644 index 0000000000000000000000000000000000000000..f8e0dc9bd0d5b48f475bb4ee16ad1312d04e8536 --- /dev/null +++ b/fix-cve-2024-39331.patch @@ -0,0 +1,63 @@ +From de0635bc37915cb47f7d8e565c03f3a585029905 Mon Sep 17 00:00:00 2001 +From: Stefan Kangas +Date: Fri, 2 Aug 2024 14:29:28 +0800 +Subject: [PATCH] fix-cve-2024-39331 + +--- + lisp/org/ol.el | 40 +++++++++++++++++++++++++++++----------- + 1 file changed, 29 insertions(+), 11 deletions(-) + +diff --git a/lisp/org/ol.el b/lisp/org/ol.el +index 9ad191c..0b990c4 100644 +--- a/lisp/org/ol.el ++++ b/lisp/org/ol.el +@@ -1063,17 +1063,35 @@ Abbreviations are defined in `org-link-abbrev-alist'." + (if (not as) + link + (setq rpl (cdr as)) +- (cond +- ((symbolp rpl) (funcall rpl tag)) +- ((string-match "%(\\([^)]+\\))" rpl) +- (replace-match +- (save-match-data +- (funcall (intern-soft (match-string 1 rpl)) tag)) +- t t rpl)) +- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) +- ((string-match "%h" rpl) +- (replace-match (url-hexify-string (or tag "")) t t rpl)) +- (t (concat rpl tag))))))) ++ ;; Drop any potentially dangerous text properties like ++ ;; `modification-hooks' that may be used as an attack vector. ++ (substring-no-properties ++ (cond ++ ((symbolp rpl) (funcall rpl tag)) ++ ((string-match "%(\\([^)]+\\))" rpl) ++ (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl)))) ++ ;; Using `unsafep-function' is not quite enough because ++ ;; Emacs considers functions like `genenv' safe, while ++ ;; they can potentially be used to expose private system ++ ;; data to attacker if abbreviated link is clicked. ++ (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe)) ++ (eq t (get rpl-fun-symbol 'pure))) ++ (replace-match ++ (save-match-data ++ (funcall (intern-soft (match-string 1 rpl)) tag)) ++ t t rpl) ++ (org-display-warning ++ (format "Disabling unsafe link abbrev: %s ++ You may mark function safe via (put '%s 'org-link-abbrev-safe t)" ++ rpl (match-string 1 rpl))) ++ (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local) ++ org-link-abbrev-alist (delete as org-link-abbrev-alist)) ++ link ++ ))) ++ ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) ++ ((string-match "%h" rpl) ++ (replace-match (url-hexify-string (or tag "")) t t rpl)) ++ (t (concat rpl tag)))))))) + + (defun org-link-open (link &optional arg) + "Open a link object LINK. +-- +2.33.0 +