Fix quoted argument in emacsclient-mail.desktop (CVE-2023-27985)

This upstream patch has been incorporated to fix the problem:

  Fix quoted argument in emacsclient-mail.desktop Exec key

  Apparently the emacsclient-mail.desktop file doesn't conform to the
  Desktop Entry Specification at
  https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables
  which says about the Exec key:

  | Field codes must not be used inside a quoted argument, the result of
  | field code expansion inside a quoted argument is undefined.

  However, the %u field code is used inside a quoted argument of the
  Exec key in both the [Desktop Entry] and [Desktop Action new-window]
  sections.
  * etc/emacsclient-mail.desktop (Exec): The Desktop Entry
  Specification does not allow field codes like %u inside a quoted
  argument. Work around it by passing %u as first parameter ($1)
  to the shell wrapper.
  * etc/emacsclient.desktop (Exec): Use `sh` rather than `placeholder`
  as the command name of the shell wrapper.  (Bug#60204)

Origin: upstream, commit d32091199ae5de590a83f1542a01d75fba000467
Bug: https://debbugs.gnu.org/60204
Bug-Debian: https://bugs.debian.org/1032538
Forwarded: not-needed

diff --git a/etc/emacsclient-mail.desktop b/etc/emacsclient-mail.desktop
index b575a41758a4b3e551133f456b06570e8798c20c..91df122c594c1af404c69febfd9b59496e6e072b 100644 (file)
--- a/etc/emacsclient-mail.desktop
+++ b/etc/emacsclient-mail.desktop
@@ -1,7 +1,7 @@
 [Desktop Entry]
 Categories=Network;Email;
 Comment=GNU Emacs is an extensible, customizable text editor - and more
-Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\\\(message-mailto\\\\ \\\\\\"%u\\\\\\"\\\\)"
+Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
 Icon=emacs
 Name=Emacs (Mail, Client)
 MimeType=x-scheme-handler/mailto;
@@ -13,7 +13,7 @@ Actions=new-window;new-instance;
 
 [Desktop Action new-window]
 Name=New Window
-Exec=emacsclient --alternate-editor= --create-frame --eval "(message-mailto \\"%u\\")"
+Exec=sh -c "exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
 
 [Desktop Action new-instance]
 Name=New Instance

diff --git a/etc/emacsclient.desktop b/etc/emacsclient.desktop
index 1ecdecffafd856999265d464edad192bcded0586..a9f840c703369f524e2b91edb1198a7a8972190e 100644 (file)
--- a/etc/emacsclient.desktop
+++ b/etc/emacsclient.desktop
@@ -3,7 +3,7 @@ Name=Emacs (Client)
 GenericName=Text Editor
 Comment=Edit text
 MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++;
-Exec=sh -c "if [ -n \\"\\$*\\" ]; then exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" \\"\\$@\\"; else exec emacsclient --alternate-editor= --create-frame; fi" placeholder %F
+Exec=sh -c "if [ -n \\"\\$*\\" ]; then exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" \\"\\$@\\"; else exec emacsclient --alternate-editor= --create-frame; fi" sh %F
 Icon=emacs
 Type=Application
 Terminal=false