--- /dev/null
- 595617abab6964ac0c6e617bae3d82692bf298b9
- 595617abab6964ac0c6e617bae3d82692bf298b9
+# see git-dpm(1) from git-dpm package
++f8822cd42a828c42d9b76bcd32de7e595ffb73c1
++f8822cd42a828c42d9b76bcd32de7e595ffb73c1
+279b82e64e15b5e2df3cb522636c6db85a8ee659
+279b82e64e15b5e2df3cb522636c6db85a8ee659
+emacs_28.2+1.orig.tar.xz
+d7f49858bdec2d47110c2ed7b1d0005f157e20c3
+26988304
--- /dev/null
--- /dev/null
++From 665489d7de786a61fa0c0883b9dffbc76487e37e Mon Sep 17 00:00:00 2001
++From: Xi Lu <lx@shellcodes.org>
++Date: Sat, 24 Dec 2022 16:28:54 +0800
++Subject: Fix htmlfontify.el command injection vulnerability (CVE-2022-48339)
++
++This upstream patch has been incorporated to fix the problem:
++
++ Fix htmlfontify.el command injection vulnerability.
++
++ * lisp/htmlfontify.el (hfy-text-p): Fix command injection
++ vulnerability. (Bug#60295)
++
++Origin: upstream, commit 807d2d5b3a7cd1d0e3f7dd24de22770f54f5ae16
++Bug: https://debbugs.gnu.org/60295
++Bug-Debian: https://bugs.debian.org/1031730
++Forwarded: not-needed
++---
++ lisp/htmlfontify.el | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/lisp/htmlfontify.el b/lisp/htmlfontify.el
++index 115f67c9560..f8d1e205369 100644
++--- a/lisp/htmlfontify.el
+++++ b/lisp/htmlfontify.el
++@@ -1882,7 +1882,7 @@ hfy-make-directory
++
++ (defun hfy-text-p (srcdir file)
++ "Is SRCDIR/FILE text? Use `hfy-istext-command' to determine this."
++- (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir)))
+++ (let* ((cmd (format hfy-istext-command (shell-quote-argument (expand-file-name file srcdir))))
++ (rsp (shell-command-to-string cmd)))
++ (string-match "text" rsp)))
++
--- /dev/null
--- /dev/null
++From 52fb40cf6a3c50c996cff79b0d4f81fc39c7badf Mon Sep 17 00:00:00 2001
++From: Xi Lu <lx@shellcodes.org>
++Date: Fri, 23 Dec 2022 12:52:48 +0800
++Subject: Fix ruby-mode.el command injection vulnerability (CVE-2022-48338)
++
++This upstream patch has been incorporated to fix the problem:
++
++ Fix ruby-mode.el local command injection vulnerability (bug#60268)
++
++ * lisp/progmodes/ruby-mode.el
++ (ruby-find-library-file): Fix local command injection vulnerability.
++
++Origin: upstream, commit 22fb5ff5126dc8bb01edaa0252829d853afb284f
++Bug: https://debbugs.gnu.org/60268
++Bug-Debian: https://bugs.debian.org/1031730
++Forwarded: not-needed
++---
++ lisp/progmodes/ruby-mode.el | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el
++index 72631a6557f..9b05b04a52c 100644
++--- a/lisp/progmodes/ruby-mode.el
+++++ b/lisp/progmodes/ruby-mode.el
++@@ -1819,7 +1819,7 @@ ruby-find-library-file
++ (setq feature-name (read-string "Feature name: " init))))
++ (let ((out
++ (substring
++- (shell-command-to-string (concat "gem which " feature-name))
+++ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
++ 0 -1)))
++ (if (string-match-p "\\`ERROR" out)
++ (user-error "%s" out)
--- /dev/null
--- /dev/null
++From f8822cd42a828c42d9b76bcd32de7e595ffb73c1 Mon Sep 17 00:00:00 2001
++From: lu4nx <lx@shellcodes.org>
++Date: Tue, 6 Dec 2022 15:42:40 +0800
++Subject: Fix etags local command injection vulnerability (CVE-2022-48337)
++
++This upstream patch has been incorporated to fix the problem:
++
++ Fix etags local command injection vulnerability
++
++ * lib-src/etags.c: (escape_shell_arg_string): New function.
++ (process_file_name): Use it to quote file names passed to the
++ shell. (Bug#59817)
++
++Origin: upstream, commit e339926272a598bd9ee7e02989c1662b89e64cf0
++Bug: https://debbugs.gnu.org/59817
++Bug-Debian: https://bugs.debian.org/1031730
++Forwarded: not-needed
++---
++ lib-src/etags.c | 63 +++++++++++++++++++++++++++++++++++++++++++++----
++ 1 file changed, 58 insertions(+), 5 deletions(-)
++
++diff --git a/lib-src/etags.c b/lib-src/etags.c
++index c9c32691016..a6bd7f66e29 100644
++--- a/lib-src/etags.c
+++++ b/lib-src/etags.c
++@@ -408,6 +408,7 @@ #define xrnew(op, n, m) ((op) = xnrealloc (op, n, (m) * sizeof *(op)))
++ static void put_entries (node *);
++ static void clean_matched_file_tag (char const * const, char const * const);
++
+++static char *escape_shell_arg_string (char *);
++ static void do_move_file (const char *, const char *);
++ static char *concat (const char *, const char *, const char *);
++ static char *skip_spaces (char *);
++@@ -1704,13 +1705,16 @@ process_file_name (char *file, language *lang)
++ else
++ {
++ #if MSDOS || defined (DOS_NT)
++- char *cmd1 = concat (compr->command, " \"", real_name);
++- char *cmd = concat (cmd1, "\" > ", tmp_name);
+++ int buf_len = strlen (compr->command) + strlen (" \"\" > \"\"") + strlen (real_name) + strlen (tmp_name) + 1;
+++ char *cmd = xmalloc (buf_len);
+++ snprintf (cmd, buf_len, "%s \"%s\" > \"%s\"", compr->command, real_name, tmp_name);
++ #else
++- char *cmd1 = concat (compr->command, " '", real_name);
++- char *cmd = concat (cmd1, "' > ", tmp_name);
+++ char *new_real_name = escape_shell_arg_string (real_name);
+++ char *new_tmp_name = escape_shell_arg_string (tmp_name);
+++ int buf_len = strlen (compr->command) + strlen (" > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1;
+++ char *cmd = xmalloc (buf_len);
+++ snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name);
++ #endif
++- free (cmd1);
++ inf = (system (cmd) == -1
++ ? NULL
++ : fopen (tmp_name, "r" FOPEN_BINARY));
++@@ -7689,6 +7693,55 @@ etags_mktmp (void)
++ return templt;
++ }
++
+++/*
+++ * Adds single quotes around a string, if found single quotes, escaped it.
+++ * Return a newly-allocated string.
+++ *
+++ * For example:
+++ * escape_shell_arg_string("test.txt") => 'test.txt'
+++ * escape_shell_arg_string("'test.txt") => ''\''test.txt'
+++ */
+++static char *
+++escape_shell_arg_string (char *str)
+++{
+++ char *p = str;
+++ int need_space = 2; /* ' at begin and end */
+++
+++ while (*p != '\0')
+++ {
+++ if (*p == '\'')
+++ need_space += 4; /* ' to '\'', length is 4 */
+++ else
+++ need_space++;
+++
+++ p++;
+++ }
+++
+++ char *new_str = xnew (need_space + 1, char);
+++ new_str[0] = '\'';
+++ new_str[need_space-1] = '\'';
+++
+++ int i = 1; /* skip first byte */
+++ p = str;
+++ while (*p != '\0')
+++ {
+++ new_str[i] = *p;
+++ if (*p == '\'')
+++ {
+++ new_str[i+1] = '\\';
+++ new_str[i+2] = '\'';
+++ new_str[i+3] = '\'';
+++ i += 3;
+++ }
+++
+++ i++;
+++ p++;
+++ }
+++
+++ new_str[need_space] = '\0';
+++ return new_str;
+++}
+++
++ static void
++ do_move_file(const char *src_file, const char *dst_file)
++ {
--- /dev/null
+0001-Prefer-usr-share-info-emacs.patch
+0002-Run-debian-startup-and-set-debian-emacs-flavor.patch
+0003-Remove-files-that-appear-to-be-incompatible-with-the.patch
+0004-Adjust-documentation-references-for-Debian.patch
+0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch
+0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch
+0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch
+0008-Mark-vc-bzr-test-fauilt-bzr-autoloads-as-unstable-fo.patch
+0009-pdumper-set-DUMP_RELOC_ALIGNMENT_BITS-1-for-m68k.patch
+0010-Avoid-fork-bomb-caused-by-native-compilation.patch
+0011-Avoid-fork-bomb-caused-by-native-compilation-trampol.patch
+0012-Fix-eln-files-not-being-generated-when-native-comp-a.patch
+0013-Fix-large-core-dumps-from-background-processes.patch
+0014-Mark-test-undo-region-as-unstable.patch
+0015-Mark-flaky-test-process-tests-multiple-threads-waiti.patch
+0016-Fix-ctags-local-command-execution-vulnerability-CVE-.patch
+0017-Add-inhibit-native-compilation.patch
+0018-Rename-to-inhibit-automatic-native-compilation.patch
+0019-Fix-copyright-tests-for-2023-onwards.patch
++0020-Fix-htmlfontify.el-command-injection-vulnerability-C.patch
++0021-Fix-ruby-mode.el-command-injection-vulnerability-CVE.patch
++0022-Fix-etags-local-command-injection-vulnerability-CVE-.patch
projects / emacs.git / commitdiff