packages/emacs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!84 修复cve-2022-48337造成的后续问题

Browse Source 
From: @leeffo 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
This commit is contained in:
openeuler-ci-bot 2023-09-25 08:19:22 +00:00 committed by Gitee
commit 614f35fddf
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
backport-0002-CVE-2022-48337.patch Normal file
View File

@ -0,0 +1,25 @@
From ab998b90206733f2cd9b009dcdb8e5567834ed3b Mon Sep 17 00:00:00 2001
From: Super User <root@localhost.localdomain>
Date: Mon, 25 Sep 2023 14:32:05 +0800
Subject: [PATCH] backport 0002 CVE-2022-48337
---
lib-src/etags.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib-src/etags.c b/lib-src/etags.c
index 5d0eed2..5399008 100644
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@@ -1680,6 +1680,8 @@ process_file_name (char *file, language *lang)
int buf_len = strlen (compr->command) + strlen (" > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1;
char *cmd = xmalloc (buf_len);
snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name);
+ free (new_real_name);
+ free (new_tmp_name);
#endif
int tmp_errno;
if (system (cmd) == -1)
--
2.41.0

6
emacs.spec
View File

@ -8,7 +8,7 @@
Name: emacs
Epoch: 1
Version: 27.2
Release: 10
Release: 11
Summary: An extensible GNU text editor
License: GPLv3+ and CC0-1.0
URL: http://www.gnu.org/software/emacs
@ -30,6 +30,7 @@ Patch6005: backport-CVE-2022-48337.patch
Patch6006: backport-CVE-2022-48338.patch
Patch6007: backport-CVE-2022-48339.patch
Patch6008: backport-CVE-2023-28617.patch
Patch6009: backport-0002-CVE-2022-48337.patch
Patch9000: emacs-deal-taboo-words.patch
BuildRequires: gcc atk-devel cairo-devel freetype-devel fontconfig-devel dbus-devel giflib-devel
@ -412,6 +413,9 @@ fi
%{_mandir}/*/*
%changelog
* Mon Sep 25 2023 leeffo <liweiganga@uniontech.com> - 1:27.2-11
- fix CVE-2022-48337
* Fri Mar 24 2023 zhangpan <zhangpan103@h-partners.com> - 1:27.2-10
- fix CVE-2023-28617