From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id 8BekFwrMOGa20QAA62LTzQ:P1 (envelope-from ) for ; Mon, 06 May 2024 14:24:42 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id 8BekFwrMOGa20QAA62LTzQ (envelope-from ) for ; Mon, 06 May 2024 14:24:42 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1714998282; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=LaM/BFjmLBBpPC1LfInEHZ3DJFroFCLjGJ9I7Q9j1HM=; b=X78HSfon7e6/zHEKC3+0AzC0tZTrFGoMk+FzozQUqPGuv8XupdS/cj2Xb4AhZ9XdQyS/u+ NtlYZ6lOE6zsFDhaJgUp1ybfv6A9qkZTR3BoJneafJdAnLLiAHQnx4aikg3xPvmlJ9qQd6 z7jkT50klvAFGQvvlU8Oct0zzOlvgol/5R/a8JOqhwVGVng/yd3hWW819PXwb6xf3JOeau O7U/mtekmBzKxHGaJWN6NbA5Adbq2zY2sIEXa+RAaWAne523iudJ/lfDKvlnqjZ1F/58bV X4tfcUUvkyXrJmlU11wDL79tQji9+YgUXR2ZouQqsW3eSGMJ3GsgWIY+PqZJnA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1714998282; a=rsa-sha256; cv=none; b=E8DPGFoBRMjO8AHvVVqx4Uf2qJAK1FKQtKIAH6xcUVxq6xo/LTe8H+YLzObHyNCsTlihr4 TgXrXpZUMeuYvruafujPRulkCjOUdsWrQ1VFLJ+Dj/jFJYeq+Y/Ao7hKppeHlB2DssTe9d vUjgLN1OHUgvivS7vdhoaunpiENsPO9kmYZmEjFoLdJ72Gk/QC+chkmq2NHFDO/bXZmUp3 PtRei94jKSOFJ2RD5WqZwlBfPtVh9NCZe35NDl86Wyr+Qm8OF0IgO3A+XUCYK6+xpNirVX CrNzmjhlsk6y8qv5re9C1mfTHFisDGkqGyqEfQ1fvGzh1QCrJZtb2G9tNxgJZA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D7C4A7DE88 for ; Mon, 6 May 2024 14:24:41 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s3xO8-0001M9-EX; Mon, 06 May 2024 08:24:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s3xO1-0001J7-3y for emacs-orgmode@gnu.org; Mon, 06 May 2024 08:24:07 -0400 Received: from ciao.gmane.io ([116.202.254.214]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s3xNw-0002uS-2I for emacs-orgmode@gnu.org; Mon, 06 May 2024 08:24:04 -0400 Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1s3xNs-0007Rx-W0 for emacs-orgmode@gnu.org; Mon, 06 May 2024 14:23:56 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: emacs-orgmode@gnu.org From: Max Nikulin Subject: [PATCH] test-org-macro.el: Add test for CVE-2024-30202 (was: Re: [ANN] Emergency bugfix release: Org mode 9.6.23) Date: Mon, 6 May 2024 19:23:47 +0700 Message-ID: References: <871q7zbldp.fsf@localhost> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------G1t7fiY0Rwyk9L7Cv0CnFv3j" User-Agent: Mozilla Thunderbird Content-Language: en-US, ru-RU In-Reply-To: <871q7zbldp.fsf@localhost> Received-SPF: pass client-ip=116.202.254.214; envelope-from=geo-emacs-orgmode@m.gmane-mx.org; helo=ciao.gmane.io X-Spam_score_int: 26 X-Spam_score: 2.6 X-Spam_bar: ++ X-Spam_report: (2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: 0.22 X-Migadu-Queue-Id: D7C4A7DE88 X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: 0.22 X-TUID: fXA/pKoPPS/k This is a multi-part message in MIME format. --------------G1t7fiY0Rwyk9L7Cv0CnFv3j Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 25/03/2024 00:16, Ihor Radchenko wrote: > > I just released Org mode 9.6.23 that fixes several critical > vulnerabilities. Since a variant of exploit has been published, it is time to add a test that might prevent code change re-introducing the most severe vulnerability. --------------G1t7fiY0Rwyk9L7Cv0CnFv3j Content-Type: text/x-patch; charset=UTF-8; name="0001-test-org-macro.el-Add-test-for-CVE-2024-30202.patch" Content-Disposition: attachment; filename="0001-test-org-macro.el-Add-test-for-CVE-2024-30202.patch" Content-Transfer-Encoding: base64 RnJvbSBhZjhjZGRiNDRmNWVlMDFmYjFjN2M5Y2Y2NjRkZGJjODNjNjNhYzU2IE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBNYXggTmlrdWxpbiA8bWFuaWt1bGluQGdtYWlsLmNv bT4KRGF0ZTogTW9uLCA2IE1heSAyMDI0IDE5OjA0OjE3ICswNzAwClN1YmplY3Q6IFtQQVRD SF0gdGVzdC1vcmctbWFjcm8uZWw6IEFkZCB0ZXN0IGZvciBDVkUtMjAyNC0zMDIwMgoKKiB0 ZXN0aW5nL2xpc3AvdGVzdC1vcmctbWFjcm8uZWwgKHRlc3Qtb3JnLW1hY3JvL2luaXRpYWxp emUtdGVtcGxhdGVzKToKQSBuZXcgdGVzdCB0aGF0IG5vIGNvZGUgaXMgZXZhbHVhdGVkIHdo ZW4gYW4gT3JnIGZpbGUgaXMgb3BlbmVkCihDVkUtMjAyNC0zMDIwMikuCgpJaG9yIFJhZGNo ZW5rbyBbQU5OXSBFbWVyZ2VuY3kgYnVnZml4IHJlbGVhc2U6IE9yZyBtb2RlIDkuNi4yMy4K U3VuLCAyNCBNYXIgMjAyNCAxNzoxNjo1MCArMDAwMC4KPGh0dHBzOi8vbGlzdC5vcmdtb2Rl Lm9yZy84NzFxN3pibGRwLmZzZkBsb2NhbGhvc3Q+Ci0tLQogdGVzdGluZy9saXNwL3Rlc3Qt b3JnLW1hY3JvLmVsIHwgMTAgKysrKysrKysrKwogMSBmaWxlIGNoYW5nZWQsIDEwIGluc2Vy dGlvbnMoKykKCmRpZmYgLS1naXQgYS90ZXN0aW5nL2xpc3AvdGVzdC1vcmctbWFjcm8uZWwg Yi90ZXN0aW5nL2xpc3AvdGVzdC1vcmctbWFjcm8uZWwKaW5kZXggMzMzOTk0NWZhLi44OGE1 MTY5M2MgMTAwNjQ0Ci0tLSBhL3Rlc3RpbmcvbGlzcC90ZXN0LW9yZy1tYWNyby5lbAorKysg Yi90ZXN0aW5nL2xpc3AvdGVzdC1vcmctbWFjcm8uZWwKQEAgLTIyLDYgKzIyLDE2IEBAIDs7 OyBDb2RlOgogDAogOzs7IE1hY3JvcwogCisoZXJ0LWRlZnRlc3QgdGVzdC1vcmctbWFjcm8v aW5pdGlhbGl6ZS10ZW1wbGF0ZXMgKCkKKyAgIlRlc3QgYG9yZy1tYWNyby1pbml0aWFsaXpl LXRlbXBsYXRlcycuIgorICA7OyBObyBjb2RlIGlzIGV4ZWN1dGVkIGR1cmluZyBsb2FkaW5n IG9mIE9yZyBtb2RlIGZpbGVzLiIKKyAgKHNob3VsZAorICAgKG9yZy10ZXN0LXdpdGgtdGVt cC10ZXh0CisgICAgICAgIiMrTUFDUk86IHRpdGxlIChldmFsIChldmFsLWFuZC1jb21waWxl IChlcnJvciBcIkNWRS0yMDI0LTMwMjAyXCIpKSkiCisgICAgIChwcm9nbgorICAgICAgIChv cmctbWFjcm8taW5pdGlhbGl6ZS10ZW1wbGF0ZXMpCisgICAgICAgdCkpKSkKKwogKGVydC1k ZWZ0ZXN0IHRlc3Qtb3JnL21hY3JvLXJlcGxhY2UtYWxsICgpCiAgICJUZXN0IGBvcmctbWFj cm8tcmVwbGFjZS1hbGwnIHNwZWNpZmljYXRpb25zLiIKICAgOzsgU3RhbmRhcmQgdGVzdC4K LS0gCjIuMzkuMgoK --------------G1t7fiY0Rwyk9L7Cv0CnFv3j--