26.3, 27.2, 28.2: Backport org-mode fix from 29.4emacs-28.2-patches-8emacs-27.2-patches-10emacs-26.3-patches-9

Signed-off-by: Ulrich Müller <ulm@gentoo.org>

3 files changed, 173 insertions, 0 deletions

diff --git a/emacs/26.3/11_all_ol-expand-abbrev.patch b/emacs/26.3/11_all_ol-expand-abbrev.patch
new file mode 100644
index 0000000..9c5d2ce
--- /dev/null
+++ b/emacs/26.3/11_all_ol-expand-abbrev.patch
@@ -0,0 +1,57 @@
+org-mode should not expand link abbrevs that specify an unsafe function
+Backported from emacs-29 branch
+
+commit c645e1d8205f0f0663ec4a2d27575b238c646c7c
+Author: Ihor Radchenko <yantar92@posteo.net>
+Date:   Fri Jun 21 15:45:25 2024 +0200
+
+    org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
+
+--- emacs-26.3/lisp/org/org.el
++++ emacs-26.3/lisp/org/org.el
+@@ -9589,16 +9589,35 @@
+ 	(if (not as)
+ 	    link
+ 	  (setq rpl (cdr as))
+-	  (cond
+-	   ((symbolp rpl) (funcall rpl tag))
+-	   ((string-match "%(\\([^)]+\\))" rpl)
+-	    (replace-match
+-	     (save-match-data
+-	       (funcall (intern-soft (match-string 1 rpl)) tag)) t t rpl))
+-	   ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
+-	   ((string-match "%h" rpl)
+-	    (replace-match (url-hexify-string (or tag "")) t t rpl))
+-	   (t (concat rpl tag)))))
++	  ;; Drop any potentially dangerous text properties like
++	  ;; `modification-hooks' that may be used as an attack vector.
++	  (substring-no-properties
++	   (cond
++	    ((symbolp rpl) (funcall rpl tag))
++	    ((string-match "%(\\([^)]+\\))" rpl)
++	     (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl))))
++	       ;; Using `unsafep-function' is not quite enough because
++	       ;; Emacs considers functions like `genenv' safe, while
++	       ;; they can potentially be used to expose private system
++	       ;; data to attacker if abbreviated link is clicked.
++	       (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe))
++		       (eq t (get rpl-fun-symbol 'pure)))
++		   (replace-match
++		    (save-match-data
++		      (funcall (intern-soft (match-string 1 rpl)) tag))
++		    t t rpl)
++		 (org-display-warning
++		  (format "Disabling unsafe link abbrev: %s
++You may mark function safe via (put '%s 'org-link-abbrev-safe t)"
++			  rpl (match-string 1 rpl)))
++		 (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local)
++		       org-link-abbrev-alist (delete as org-link-abbrev-alist))
++		 link
++		 )))
++	    ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
++	    ((string-match "%h" rpl)
++	     (replace-match (url-hexify-string (or tag "")) t t rpl))
++	    (t (concat rpl tag))))))
+     link))
+ 
+ ;;; Storing and inserting links
diff --git a/emacs/27.2/13_all_ol-expand-abbrev.patch b/emacs/27.2/13_all_ol-expand-abbrev.patch
new file mode 100644
index 0000000..6b8761f
--- /dev/null
+++ b/emacs/27.2/13_all_ol-expand-abbrev.patch
@@ -0,0 +1,58 @@
+org-mode should not expand link abbrevs that specify an unsafe function
+Backported from emacs-29 branch
+
+commit c645e1d8205f0f0663ec4a2d27575b238c646c7c
+Author: Ihor Radchenko <yantar92@posteo.net>
+Date:   Fri Jun 21 15:45:25 2024 +0200
+
+    org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
+
+--- emacs-27.2/lisp/org/ol.el
++++ emacs-27.2/lisp/org/ol.el
+@@ -1007,17 +1007,35 @@
+       (if (not as)
+ 	  link
+ 	(setq rpl (cdr as))
+-	(cond
+-	 ((symbolp rpl) (funcall rpl tag))
+-	 ((string-match "%(\\([^)]+\\))" rpl)
+-	  (replace-match
+-	   (save-match-data
+-	     (funcall (intern-soft (match-string 1 rpl)) tag))
+-	   t t rpl))
+-	 ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
+-	 ((string-match "%h" rpl)
+-	  (replace-match (url-hexify-string (or tag "")) t t rpl))
+-	 (t (concat rpl tag)))))))
++	;; Drop any potentially dangerous text properties like
++	;; `modification-hooks' that may be used as an attack vector.
++	(substring-no-properties
++	 (cond
++	  ((symbolp rpl) (funcall rpl tag))
++	  ((string-match "%(\\([^)]+\\))" rpl)
++	   (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl))))
++	     ;; Using `unsafep-function' is not quite enough because
++	     ;; Emacs considers functions like `genenv' safe, while
++	     ;; they can potentially be used to expose private system
++	     ;; data to attacker if abbreviated link is clicked.
++	     (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe))
++		     (eq t (get rpl-fun-symbol 'pure)))
++		 (replace-match
++		  (save-match-data
++		    (funcall (intern-soft (match-string 1 rpl)) tag))
++		  t t rpl)
++	       (org-display-warning
++		(format "Disabling unsafe link abbrev: %s
++You may mark function safe via (put '%s 'org-link-abbrev-safe t)"
++			rpl (match-string 1 rpl)))
++	       (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local)
++		     org-link-abbrev-alist (delete as org-link-abbrev-alist))
++	       link
++	       )))
++	  ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
++	  ((string-match "%h" rpl)
++	   (replace-match (url-hexify-string (or tag "")) t t rpl))
++	  (t (concat rpl tag))))))))
+ 
+ (defun org-link-open (link &optional arg)
+   "Open a link object LINK.
diff --git a/emacs/28.2/15_all_ol-expand-abbrev.patch b/emacs/28.2/15_all_ol-expand-abbrev.patch
new file mode 100644
index 0000000..df04355
--- /dev/null
+++ b/emacs/28.2/15_all_ol-expand-abbrev.patch
@@ -0,0 +1,58 @@
+org-mode should not expand link abbrevs that specify an unsafe function
+Backported from emacs-29 branch
+
+commit c645e1d8205f0f0663ec4a2d27575b238c646c7c
+Author: Ihor Radchenko <yantar92@posteo.net>
+Date:   Fri Jun 21 15:45:25 2024 +0200
+
+    org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
+
+--- emacs-28.2/lisp/org/ol.el
++++ emacs-28.2/lisp/org/ol.el
+@@ -1020,17 +1020,35 @@
+       (if (not as)
+ 	  link
+ 	(setq rpl (cdr as))
+-	(cond
+-	 ((symbolp rpl) (funcall rpl tag))
+-	 ((string-match "%(\\([^)]+\\))" rpl)
+-	  (replace-match
+-	   (save-match-data
+-	     (funcall (intern-soft (match-string 1 rpl)) tag))
+-	   t t rpl))
+-	 ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
+-	 ((string-match "%h" rpl)
+-	  (replace-match (url-hexify-string (or tag "")) t t rpl))
+-	 (t (concat rpl tag)))))))
++	;; Drop any potentially dangerous text properties like
++	;; `modification-hooks' that may be used as an attack vector.
++	(substring-no-properties
++	 (cond
++	  ((symbolp rpl) (funcall rpl tag))
++	  ((string-match "%(\\([^)]+\\))" rpl)
++	   (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl))))
++	     ;; Using `unsafep-function' is not quite enough because
++	     ;; Emacs considers functions like `genenv' safe, while
++	     ;; they can potentially be used to expose private system
++	     ;; data to attacker if abbreviated link is clicked.
++	     (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe))
++		     (eq t (get rpl-fun-symbol 'pure)))
++		 (replace-match
++		  (save-match-data
++		    (funcall (intern-soft (match-string 1 rpl)) tag))
++		  t t rpl)
++	       (org-display-warning
++		(format "Disabling unsafe link abbrev: %s
++You may mark function safe via (put '%s 'org-link-abbrev-safe t)"
++			rpl (match-string 1 rpl)))
++	       (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local)
++		     org-link-abbrev-alist (delete as org-link-abbrev-alist))
++	       link
++	       )))
++	  ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
++	  ((string-match "%h" rpl)
++	   (replace-match (url-hexify-string (or tag "")) t t rpl))
++	  (t (concat rpl tag))))))))
+ 
+ (defun org-link-open (link &optional arg)
+   "Open a link object LINK.