From ff4d9b15e12c58517e2fab47be0b9a2f8e0f9268 Mon Sep 17 00:00:00 2001
From: zhangpan <zp1224248514@163.com>
Date: Thu, 13 Feb 2025 06:34:29 +0000
Subject: [PATCH] fix CVE-2025-1244

(cherry picked from commit 7b001effa7f2866994507f6d0dd3cb703b165568)
---
 backport-CVE-2025-1244.patch | 61 ++++++++++++++++++++++++++++++++++++
 emacs.spec                   |  6 +++-
 2 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-1244.patch

diff --git a/backport-CVE-2025-1244.patch b/backport-CVE-2025-1244.patch
new file mode 100644
index 0000000..e1b91f6
--- /dev/null
+++ b/backport-CVE-2025-1244.patch
@@ -0,0 +1,61 @@
+From 820f0793f0b46448928905552726c1f1b999062f Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Tue, 10 Oct 2023 22:20:05 +0800
+Subject: Fix man.el shell injection vulnerability
+
+* lisp/man.el (Man-translate-references): Fix shell injection
+vulnerability.  (Bug#66390)
+* test/lisp/man-tests.el (man-tests-Man-translate-references): New
+test.
+
+Reference:https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=820f0793f0b46448928905552726c1f1b999062f
+Conflict:NA
+
+---
+ lisp/man.el            |  6 +++++-
+ test/lisp/man-tests.el | 12 ++++++++++++
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/lisp/man.el b/lisp/man.el
+index 55cb938..d963964 100644
+--- a/lisp/man.el
++++ b/lisp/man.el
+@@ -761,7 +761,11 @@ and the `Man-section-translations-alist' variables)."
+       (setq name (match-string 2 ref)
+ 	    section (match-string 1 ref))))
+     (if (string= name "")
+-	ref				; Return the reference as is
++        ;; see Bug#66390
++	(mapconcat 'identity
++                   (mapcar #'shell-quote-argument
++                           (split-string ref "\\s-+"))
++                   " ")                 ; Return the reference as is
+       (if Man-downcase-section-letters-flag
+ 	  (setq section (downcase section)))
+       (while slist
+diff --git a/test/lisp/man-tests.el b/test/lisp/man-tests.el
+index 140482e..11f5f80 100644
+--- a/test/lisp/man-tests.el
++++ b/test/lisp/man-tests.el
+@@ -161,6 +161,18 @@ DESCRIPTION
+           (let ((button (button-at (match-beginning 0))))
+             (should (and button (eq 'Man-xref-header-file (button-type button))))))))))
+ 
++(ert-deftest man-tests-Man-translate-references ()
++  (should (equal (Man-translate-references "basename")
++                 "basename"))
++  (should (equal (Man-translate-references "basename(3)")
++                 "3 basename"))
++  (should (equal (Man-translate-references "basename(3v)")
++                 "3v basename"))
++  (should (equal (Man-translate-references ";id")
++                 "\\;id"))
++  (should (equal (Man-translate-references "-k basename")
++                 "-k basename")))
++
+ (provide 'man-tests)
+ 
+ ;;; man-tests.el ends here
+-- 
+cgit v1.1
+
diff --git a/emacs.spec b/emacs.spec
index b23959a..2b90880 100644
--- a/emacs.spec
+++ b/emacs.spec
@@ -8,7 +8,7 @@
 Name:          emacs
 Epoch:         1
 Version:       29.1
-Release:       3
+Release:       4
 Summary:       An extensible GNU text editor
 License:       GPLv3+ and CC0-1.0
 URL:           http://www.gnu.org/software/emacs
@@ -32,6 +32,7 @@ Patch6005:        backport-CVE-2024-30203.patch
 Patch6006:        backport-CVE-2024-30204.patch
 Patch6007:        backport-CVE-2024-30205.patch
 Patch6008:        backport-CVE-2024-39331.patch
+Patch6009:        backport-CVE-2025-1244.patch
 
 Patch9000:        emacs-deal-taboo-words.patch
 
@@ -416,6 +417,9 @@ fi
 %{_mandir}/*/*
 
 %changelog
+* Thu Feb 13 2025 zhangpan <zhangpan103@h-partners.com> - 1:29.1-4
+- fix CVE-2025-1244
+
 * Tue Jul 02 2024 zhangpan <zhangpan103@h-partners.com> - 1:29.1-3
 - fix CVE-2024-39331
 
-- 
Gitee