From 489168115403f955d59cfd0fda5aa564cc9e2b1e Mon Sep 17 00:00:00 2001 From: lingsheng <860373352@qq.com> Date: Mon, 1 Apr 2024 09:10:58 +0000 Subject: [PATCH] fix CVE-2024-30203 CVE-2024-30204 CVE-2024-30205 --- backport-CVE-2024-30203-pre.patch | 33 ++++++++++++++++++ backport-CVE-2024-30203.patch | 25 ++++++++++++++ backport-CVE-2024-30204.patch | 57 +++++++++++++++++++++++++++++++ backport-CVE-2024-30205.patch | 36 +++++++++++++++++++ emacs.spec | 10 +++++- 5 files changed, 160 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-30203-pre.patch create mode 100644 backport-CVE-2024-30203.patch create mode 100644 backport-CVE-2024-30204.patch create mode 100644 backport-CVE-2024-30205.patch diff --git a/backport-CVE-2024-30203-pre.patch b/backport-CVE-2024-30203-pre.patch new file mode 100644 index 0000000..93d6391 --- /dev/null +++ b/backport-CVE-2024-30203-pre.patch @@ -0,0 +1,33 @@ +From ccc188fcf98ad9166ee551fac9d94b2603c3a51b Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 12:43:51 +0300 +Subject: * lisp/files.el (untrusted-content): New variable. + +The new variable is to be used when buffer contents comes from untrusted +source. +--- + lisp/files.el | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/lisp/files.el b/lisp/files.el +index c0d26b2..5536af0 100644 +--- a/lisp/files.el ++++ b/lisp/files.el +@@ -695,6 +695,14 @@ Also see the `permanently-enabled-local-variables' variable." + Some modes may wish to set this to nil to prevent directory-local + settings being applied, but still respect file-local ones.") + ++(defvar-local untrusted-content nil ++ "Non-nil means that current buffer originated from an untrusted source. ++Email clients and some other modes may set this non-nil to mark the ++buffer contents as untrusted. ++ ++This variable might be subject to change without notice.") ++(put 'untrusted-content 'permanent-local t) ++ + ;; This is an odd variable IMO. + ;; You might wonder why it is needed, when we could just do: + ;; (set (make-local-variable 'enable-local-variables) nil) +-- +cgit v1.1 + diff --git a/backport-CVE-2024-30203.patch b/backport-CVE-2024-30203.patch new file mode 100644 index 0000000..31e8437 --- /dev/null +++ b/backport-CVE-2024-30203.patch @@ -0,0 +1,25 @@ +From 937b9042ad7426acdcca33e3d931d8f495bdd804 Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 12:44:30 +0300 +Subject: * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark contents + untrusted. + +--- + lisp/gnus/mm-view.el | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el +index 2e1261c..5f234e5 100644 +--- a/lisp/gnus/mm-view.el ++++ b/lisp/gnus/mm-view.el +@@ -504,6 +504,7 @@ If MODE is not set, try to find mode automatically." + (setq coding-system (mm-find-buffer-file-coding-system))) + (setq text (buffer-string)))) + (with-temp-buffer ++ (setq untrusted-content t) + (buffer-disable-undo) + (mm-enable-multibyte) + (insert (cond ((eq charset 'gnus-decoded) +-- +cgit v1.1 + diff --git a/backport-CVE-2024-30204.patch b/backport-CVE-2024-30204.patch new file mode 100644 index 0000000..29cbc74 --- /dev/null +++ b/backport-CVE-2024-30204.patch @@ -0,0 +1,57 @@ +From 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 12:47:24 +0300 +Subject: org-latex-preview: Add protection when `untrusted-content' is non-nil + +* lisp/org/org.el (org--latex-preview-when-risky): New variable +controlling how to handle LaTeX previews in Org files from untrusted +origin. +(org-latex-preview): Consult `org--latex-preview-when-risky' before +generating previews. + +This patch adds a layer of protection when LaTeX preview is requested +for an email attachment, where `untrusted-content' is set to non-nil. +--- + lisp/org/org.el | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/lisp/org/org.el b/lisp/org/org.el +index c75afbf..0f5d17d 100644 +--- a/lisp/org/org.el ++++ b/lisp/org/org.el +@@ -1140,6 +1140,24 @@ the following lines anywhere in the buffer: + :package-version '(Org . "8.0") + :type 'boolean) + ++(defvar untrusted-content) ; defined in files.el ++(defvar org--latex-preview-when-risky nil ++ "If non-nil, enable LaTeX preview in Org buffers from unsafe source. ++ ++Some specially designed LaTeX code may generate huge pdf or log files ++that may exhaust disk space. ++ ++This variable controls how to handle LaTeX preview when rendering LaTeX ++fragments that originate from incoming email messages. It has no effect ++when Org mode is unable to determine the origin of the Org buffer. ++ ++An Org buffer is considered to be from unsafe source when the ++variable `untrusted-content' has a non-nil value in the buffer. ++ ++If this variable is non-nil, LaTeX previews are rendered unconditionally. ++ ++This variable may be renamed or changed in the future.") ++ + (defcustom org-insert-mode-line-in-empty-file nil + "Non-nil means insert the first line setting Org mode in empty files. + When the function `org-mode' is called interactively in an empty file, this +@@ -15695,6 +15713,7 @@ fragments in the buffer." + (interactive "P") + (cond + ((not (display-graphic-p)) nil) ++ ((and untrusted-content (not org--latex-preview-when-risky)) nil) + ;; Clear whole buffer. + ((equal arg '(64)) + (org-clear-latex-preview (point-min) (point-max)) +-- +cgit v1.1 + diff --git a/backport-CVE-2024-30205.patch b/backport-CVE-2024-30205.patch new file mode 100644 index 0000000..146dc64 --- /dev/null +++ b/backport-CVE-2024-30205.patch @@ -0,0 +1,36 @@ +From 2bc865ace050ff118db43f01457f95f95112b877 Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 14:59:20 +0300 +Subject: org-file-contents: Consider all remote files unsafe + +* lisp/org/org.el (org-file-contents): When loading files, consider all +remote files (like TRAMP-fetched files) unsafe, in addition to URLs. +--- + lisp/org/org.el | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/lisp/org/org.el b/lisp/org/org.el +index 0f5d17d..76559c9 100644 +--- a/lisp/org/org.el ++++ b/lisp/org/org.el +@@ -4576,12 +4576,16 @@ from file or URL, and return nil. + If NOCACHE is non-nil, do a fresh fetch of FILE even if cached version + is available. This option applies only if FILE is a URL." + (let* ((is-url (org-file-url-p file)) ++ (is-remote (condition-case nil ++ (file-remote-p file) ++ ;; In case of error, be safe. ++ (t t))) + (cache (and is-url + (not nocache) + (gethash file org--file-cache)))) + (cond + (cache) +- (is-url ++ ((or is-url is-remote) + (with-current-buffer (url-retrieve-synchronously file) + (goto-char (point-min)) + ;; Move point to after the url-retrieve header. +-- +cgit v1.1 + diff --git a/emacs.spec b/emacs.spec index a9e5bea..6a6adb2 100644 --- a/emacs.spec +++ b/emacs.spec @@ -8,7 +8,7 @@ Name: emacs Epoch: 1 Version: 27.2 -Release: 12 +Release: 13 Summary: An extensible GNU text editor License: GPLv3+ and CC0-1.0 URL: http://www.gnu.org/software/emacs @@ -31,6 +31,11 @@ Patch6006: backport-CVE-2022-48338.patch Patch6007: backport-CVE-2022-48339.patch Patch6008: backport-CVE-2023-28617.patch Patch6009: backport-0002-CVE-2022-48337.patch +Patch6010: backport-CVE-2024-30203-pre.patch +Patch6011: backport-CVE-2024-30203.patch +Patch6012: backport-CVE-2024-30204.patch +Patch6013: backport-CVE-2024-30205.patch + Patch9000: emacs-deal-taboo-words.patch BuildRequires: gcc atk-devel cairo-devel freetype-devel fontconfig-devel dbus-devel giflib-devel @@ -419,6 +424,9 @@ fi %{_mandir}/*/* %changelog +* Mon Apr 01 2024 lingsheng - 1:27.2-13 +- fix CVE-2024-30203 CVE-2024-30204 CVE-2024-30205 + * Thu Feb 29 2024 zhangpan - 1:27.2-12 - fix emacs start slow -- Gitee