From dcb2f23c30104aa29a0134b653beb2a10b3e96d3 Mon Sep 17 00:00:00 2001
From: zhuhongbo <zhuhongbo@uniontech.com>
Date: Tue, 18 Mar 2025 11:33:52 +0800
Subject: [PATCH] fix cve CVE-2025-1244

---
 0001-fix-cve-CVE-2025-1244.patch | 29 +++++++++++++++++++++++++++++
 emacs.spec                       |  9 +++++++--
 2 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 0001-fix-cve-CVE-2025-1244.patch

diff --git a/0001-fix-cve-CVE-2025-1244.patch b/0001-fix-cve-CVE-2025-1244.patch
new file mode 100644
index 0000000..4076b44
--- /dev/null
+++ b/0001-fix-cve-CVE-2025-1244.patch
@@ -0,0 +1,29 @@
+From 8e5ada96267badd4f8fe114924e6904a2c79d0e5 Mon Sep 17 00:00:00 2001
+From: zhuhongbo <zhuhongbo@uniontech.com>
+Date: Tue, 18 Mar 2025 11:20:26 +0800
+Subject: [PATCH] fix cve CVE-2025-1244
+
+---
+ lisp/man.el | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lisp/man.el b/lisp/man.el
+index b6a6c17..7c6d569 100644
+--- a/lisp/man.el
++++ b/lisp/man.el
+@@ -635,7 +635,11 @@ and the `Man-section-translations-alist' variables)."
+       (setq name (match-string 2 ref)
+ 	    section (match-string 1 ref))))
+     (if (string= name "")
+-	ref				; Return the reference as is
++        ;; see Bug#66390
++	(mapconcat 'identity
++                   (mapcar #'shell-quote-argument
++                           (split-string ref "\\s-+"))
++                   " ")                 ; Return the reference as is
+       (if Man-downcase-section-letters-flag
+ 	  (setq section (downcase section)))
+       (while slist
+-- 
+2.39.3
+
diff --git a/emacs.spec b/emacs.spec
index 25c5304..fbd9e7e 100644
--- a/emacs.spec
+++ b/emacs.spec
@@ -4,7 +4,7 @@ Summary:        GNU Emacs text editor
 Name:           emacs
 Epoch:          1
 Version:        24.3
-Release:        23%{?dist}.1
+Release:        23%{?dist}.2
 License:        GPLv3+
 URL:            http://www.gnu.org/software/emacs/
 Group:          Applications/Editors
@@ -56,7 +56,8 @@ Patch100:       emacs-24.3-hunspell.patch
 # Fix for emacs bug #827033
 Patch101:       emacs-24.3-hunspell.2.patch
 Patch102:       emacs-htmlfontify-command-injection-vulnerability.patch
-
+#add by uos
+Patch103:       0001-fix-cve-CVE-2025-1244.patch
 
 BuildRequires:  atk-devel cairo-devel freetype-devel fontconfig-devel dbus-devel giflib-devel glibc-devel libpng-devel
 BuildRequires:  libjpeg-devel libtiff-devel libX11-devel libXau-devel libXdmcp-devel libXrender-devel libXt-devel
@@ -221,6 +222,7 @@ packages that add functionality to Emacs.
 %patch100 -p1 -b .hunspell
 %patch101 -p1 -b .hunspell.2
 %patch102 -p1 -b .htmlfontify-command-injection-vulnerability
+%patch103 -p1
 if test configure.ac -nt aclocal.m4 -o m4/gnulib-comp.m4 -nt aclocal.m4 ; then
     sleep 1
     touch aclocal.m4
@@ -520,6 +522,9 @@ update-desktop-database &> /dev/null || :
 %dir %{_datadir}/emacs/site-lisp/site-start.d
 
 %changelog
+* Mon Mar 17 2025 zhuhongbo <zhuhongbo@uniontech.com> - 1:24.3-23.2
+- cve: fix cve CVE-2025-1244
+
 * Fri Apr 7 2023 Jacek Migacz <jmigacz@redhat.com> - 1:24.3-23.1
 - Fix htmlfontify.el command injection vulnerability (#2175177)
 
-- 
Gitee