From 5e6d56db9658b198235aeb1323008add347058e2 Mon Sep 17 00:00:00 2001 From: lingsheng <860373352@qq.com> Date: Mon, 1 Apr 2024 07:51:45 +0000 Subject: [PATCH] fix CVE-2024-30202 CVE-2024-30203 CVE-2024-30204 CVE-2024-30205 (cherry picked from commit 2579dacb55a0102c3e1636dede4be3a21b797e0a) --- backport-CVE-2024-30202.patch | 45 ++++++++++++++++++++++++ backport-CVE-2024-30203-pre.patch | 33 ++++++++++++++++++ backport-CVE-2024-30203.patch | 25 ++++++++++++++ backport-CVE-2024-30204.patch | 57 +++++++++++++++++++++++++++++++ backport-CVE-2024-30205.patch | 36 +++++++++++++++++++ emacs.spec | 10 +++++- 6 files changed, 205 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-30202.patch create mode 100644 backport-CVE-2024-30203-pre.patch create mode 100644 backport-CVE-2024-30203.patch create mode 100644 backport-CVE-2024-30204.patch create mode 100644 backport-CVE-2024-30205.patch diff --git a/backport-CVE-2024-30202.patch b/backport-CVE-2024-30202.patch new file mode 100644 index 0000000..10d10d6 --- /dev/null +++ b/backport-CVE-2024-30202.patch @@ -0,0 +1,45 @@ +From befa9fcaae29a6c9a283ba371c3c5234c7f644eb Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 12:19:46 +0300 +Subject: org-macro--set-templates: Prevent code evaluation + +* lisp/org/org-macro.el (org-macro--set-templates): Get rid of any +risk to evaluate code when `org-macro--set-templates' is called as a +part of major mode initialization. This way, no code evaluation is +ever triggered when user merely opens the file or when +`mm-display-org-inline' invokes Org major mode to fontify mime part +preview in email messages. +--- + lisp/org/org-macro.el | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lisp/org/org-macro.el b/lisp/org/org-macro.el +index 776d162..0be51ee 100644 +--- a/lisp/org/org-macro.el ++++ b/lisp/org/org-macro.el +@@ -109,6 +109,13 @@ previous one, unless VALUE is nil. Return the updated list." + (let ((new-templates nil)) + (pcase-dolist (`(,name . ,value) templates) + (let ((old-definition (assoc name new-templates))) ++ ;; This code can be evaluated unconditionally, as a part of ++ ;; loading Org mode. We *must not* evaluate any code present ++ ;; inside the Org buffer while loading. Org buffers may come ++ ;; from various sources, like received email messages from ++ ;; potentially malicious senders. Org mode might be used to ++ ;; preview such messages and no code evaluation from inside the ++ ;; received Org text should ever happen without user consent. + (when (and (stringp value) (string-match-p "\\`(eval\\>" value)) + ;; Pre-process the evaluation form for faster macro expansion. + (let* ((args (org-macro--makeargs value)) +@@ -121,7 +128,7 @@ previous one, unless VALUE is nil. Return the updated list." + (cadr (read value)) + (error + (user-error "Invalid definition for macro %S" name))))) +- (setq value (eval (macroexpand-all `(lambda ,args ,body)) t)))) ++ (setq value `(lambda ,args ,body)))) + (cond ((and value old-definition) (setcdr old-definition value)) + (old-definition) + (t (push (cons name (or value "")) new-templates))))) +-- +cgit v1.1 + diff --git a/backport-CVE-2024-30203-pre.patch b/backport-CVE-2024-30203-pre.patch new file mode 100644 index 0000000..edc3b82 --- /dev/null +++ b/backport-CVE-2024-30203-pre.patch @@ -0,0 +1,33 @@ +From ccc188fcf98ad9166ee551fac9d94b2603c3a51b Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 12:43:51 +0300 +Subject: * lisp/files.el (untrusted-content): New variable. + +The new variable is to be used when buffer contents comes from untrusted +source. +--- + lisp/files.el | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/lisp/files.el b/lisp/files.el +index c0d26b2..5536af0 100644 +--- a/lisp/files.el ++++ b/lisp/files.el +@@ -695,6 +695,14 @@ Also see the `permanently-enabled-local-variables' variable." + Some modes may wish to set this to nil to prevent directory-local + settings being applied, but still respect file-local ones.") + ++(defvar-local untrusted-content nil ++ "Non-nil means that current buffer originated from an untrusted source. ++Email clients and some other modes may set this non-nil to mark the ++buffer contents as untrusted. ++ ++This variable might be subject to change without notice.") ++(put 'untrusted-content 'permanent-local t) ++ + ;; This is an odd variable IMO. + ;; You might wonder why it is needed, when we could just do: + ;; (setq-local enable-local-variables nil) +-- +cgit v1.1 + diff --git a/backport-CVE-2024-30203.patch b/backport-CVE-2024-30203.patch new file mode 100644 index 0000000..bdda416 --- /dev/null +++ b/backport-CVE-2024-30203.patch @@ -0,0 +1,25 @@ +From 937b9042ad7426acdcca33e3d931d8f495bdd804 Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 12:44:30 +0300 +Subject: * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark contents + untrusted. + +--- + lisp/gnus/mm-view.el | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el +index 2e1261c..5f234e5 100644 +--- a/lisp/gnus/mm-view.el ++++ b/lisp/gnus/mm-view.el +@@ -504,6 +504,7 @@ If MODE is not set, try to find mode automatically." + (setq coding-system (mm-find-buffer-file-coding-system))) + (setq text (buffer-string)))) + (with-temp-buffer ++ (setq untrusted-content t) + (insert (cond ((eq charset 'gnus-decoded) + (with-current-buffer (mm-handle-buffer handle) + (buffer-string))) +-- +cgit v1.1 + diff --git a/backport-CVE-2024-30204.patch b/backport-CVE-2024-30204.patch new file mode 100644 index 0000000..29cbc74 --- /dev/null +++ b/backport-CVE-2024-30204.patch @@ -0,0 +1,57 @@ +From 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 12:47:24 +0300 +Subject: org-latex-preview: Add protection when `untrusted-content' is non-nil + +* lisp/org/org.el (org--latex-preview-when-risky): New variable +controlling how to handle LaTeX previews in Org files from untrusted +origin. +(org-latex-preview): Consult `org--latex-preview-when-risky' before +generating previews. + +This patch adds a layer of protection when LaTeX preview is requested +for an email attachment, where `untrusted-content' is set to non-nil. +--- + lisp/org/org.el | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/lisp/org/org.el b/lisp/org/org.el +index c75afbf..0f5d17d 100644 +--- a/lisp/org/org.el ++++ b/lisp/org/org.el +@@ -1140,6 +1140,24 @@ the following lines anywhere in the buffer: + :package-version '(Org . "8.0") + :type 'boolean) + ++(defvar untrusted-content) ; defined in files.el ++(defvar org--latex-preview-when-risky nil ++ "If non-nil, enable LaTeX preview in Org buffers from unsafe source. ++ ++Some specially designed LaTeX code may generate huge pdf or log files ++that may exhaust disk space. ++ ++This variable controls how to handle LaTeX preview when rendering LaTeX ++fragments that originate from incoming email messages. It has no effect ++when Org mode is unable to determine the origin of the Org buffer. ++ ++An Org buffer is considered to be from unsafe source when the ++variable `untrusted-content' has a non-nil value in the buffer. ++ ++If this variable is non-nil, LaTeX previews are rendered unconditionally. ++ ++This variable may be renamed or changed in the future.") ++ + (defcustom org-insert-mode-line-in-empty-file nil + "Non-nil means insert the first line setting Org mode in empty files. + When the function `org-mode' is called interactively in an empty file, this +@@ -15695,6 +15713,7 @@ fragments in the buffer." + (interactive "P") + (cond + ((not (display-graphic-p)) nil) ++ ((and untrusted-content (not org--latex-preview-when-risky)) nil) + ;; Clear whole buffer. + ((equal arg '(64)) + (org-clear-latex-preview (point-min) (point-max)) +-- +cgit v1.1 + diff --git a/backport-CVE-2024-30205.patch b/backport-CVE-2024-30205.patch new file mode 100644 index 0000000..83c0de2 --- /dev/null +++ b/backport-CVE-2024-30205.patch @@ -0,0 +1,36 @@ +From 2bc865ace050ff118db43f01457f95f95112b877 Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 14:59:20 +0300 +Subject: org-file-contents: Consider all remote files unsafe + +* lisp/org/org.el (org-file-contents): When loading files, consider all +remote files (like TRAMP-fetched files) unsafe, in addition to URLs. +--- + lisp/org/org.el | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/lisp/org/org.el b/lisp/org/org.el +index 0f5d17d..76559c9 100644 +--- a/lisp/org/org.el ++++ b/lisp/org/org.el +@@ -4576,12 +4576,16 @@ from file or URL, and return nil. + If NOCACHE is non-nil, do a fresh fetch of FILE even if cached version + is available. This option applies only if FILE is a URL." + (let* ((is-url (org-url-p file)) ++ (is-remote (condition-case nil ++ (file-remote-p file) ++ ;; In case of error, be safe. ++ (t t))) + (cache (and is-url + (not nocache) + (gethash file org--file-cache)))) + (cond + (cache) +- (is-url ++ ((or is-url is-remote) + (if (org--should-fetch-remote-resource-p file) + (condition-case error + (with-current-buffer (url-retrieve-synchronously file) +-- +cgit v1.1 + diff --git a/emacs.spec b/emacs.spec index 003ae74..ddcc6c4 100644 --- a/emacs.spec +++ b/emacs.spec @@ -8,7 +8,7 @@ Name: emacs Epoch: 1 Version: 29.1 -Release: 1 +Release: 2 Summary: An extensible GNU text editor License: GPLv3+ and CC0-1.0 URL: http://www.gnu.org/software/emacs @@ -26,6 +26,11 @@ Source7: emacs-terminal.desktop Patch6001: emacs-spellchecker.patch #https://src.fedoraproject.org/rpms/emacs/blob/rawhide/f/emacs-system-crypto-policies.patch Patch6002: emacs-system-crypto-policies.patch +Patch6003: backport-CVE-2024-30202.patch +Patch6004: backport-CVE-2024-30203-pre.patch +Patch6005: backport-CVE-2024-30203.patch +Patch6006: backport-CVE-2024-30204.patch +Patch6007: backport-CVE-2024-30205.patch Patch9000: emacs-deal-taboo-words.patch @@ -410,6 +415,9 @@ fi %{_mandir}/*/* %changelog +* Mon Apr 01 2024 lingsheng - 1:29.1-2 +- fix CVE-2024-30202 CVE-2024-30203 CVE-2024-30204 CVE-2024-30205 + * Tue Jan 23 2024 zhangpan - 1:29.1-1 - update to 29.1 -- Gitee