[walnascar,2/5] emacs: patch CVE-2024-30203

Message ID	20251006120630.414259-2-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.208.49, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [PATCH][walnascar 2/5] emacs: patch CVE-2024-30203 Date: Mon, 6 Oct 2025 14:06:27 +0200 Message-ID: <20251006120630.414259-2-skandigraun@gmail.com> In-Reply-To: <20251006120630.414259-1-skandigraun@gmail.com> References: <20251006120630.414259-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[walnascar,1/5] emacs: patch CVE-2024-30202 \| expand [walnascar,1/5] emacs: patch CVE-2024-30202 [walnascar,2/5] emacs: patch CVE-2024-30203 [walnascar,3/5] emacs: patch CVE-2024-30204 [walnascar,4/5] emacs: patch CVE-2024-30205 [walnascar,5/5] emacs: patch CVE-2024-39331

Message ID

20251006120630.414259-2-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [PATCH][walnascar 2/5] emacs: patch CVE-2024-30203
Date: Mon,  6 Oct 2025 14:06:27 +0200
Message-ID: <20251006120630.414259-2-skandigraun@gmail.com>
In-Reply-To: <20251006120630.414259-1-skandigraun@gmail.com>
References: <20251006120630.414259-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[walnascar,1/5] emacs: patch CVE-2024-30202 | expand

Commit Message

Gyorgy Sarvari Oct. 6, 2025, 12:06 p.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30203

Pick the patch mentioned in the description.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-support/emacs/emacs_29.1.bb   |  1 +
 ...w.el-mm-display-inline-fontify-Mark-.patch | 27 +++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 meta-oe/recipes-support/emacs/files/0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch

diff --git a/meta-oe/recipes-support/emacs/emacs_29.1.bb b/meta-oe/recipes-support/emacs/emacs_29.1.bb
index 3701e17025..c5318db96e 100644
--- a/meta-oe/recipes-support/emacs/emacs_29.1.bb
+++ b/meta-oe/recipes-support/emacs/emacs_29.1.bb
@@ -10,6 +10,7 @@  SRC_URI:append:class-target = " \
     file://use-emacs-native-tools-for-cross-compiling.patch \
     file://avoid-running-host-binaries-for-sanity.patch \
     file://0001-org-macro-set-templates-Prevent-code-evaluation.patch \
+    file://0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch \
 "
 
 SRC_URI[sha256sum] = "d2f881a5cc231e2f5a03e86f4584b0438f83edd7598a09d24a21bd8d003e2e01"
diff --git a/meta-oe/recipes-support/emacs/files/0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch b/meta-oe/recipes-support/emacs/files/0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch
new file mode 100644
index 0000000000..d951bf4205
--- /dev/null
+++ b/meta-oe/recipes-support/emacs/files/0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch
@@ -0,0 +1,27 @@ 
+From 0e7fe7809daa123921faa0bd088931cf8ddfd705 Mon Sep 17 00:00:00 2001
+From: Ihor Radchenko <yantar92@posteo.net>
+Date: Tue, 20 Feb 2024 12:44:30 +0300
+Subject: [PATCH] * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark
+ contents untrusted.
+
+CVE: CVE-2024-30203
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ lisp/gnus/mm-view.el | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
+index 2c40735..e24f3f3 100644
+--- a/lisp/gnus/mm-view.el
++++ b/lisp/gnus/mm-view.el
+@@ -504,6 +504,7 @@ If MODE is not set, try to find mode automatically."
+ 	  (setq coding-system (mm-find-buffer-file-coding-system)))
+ 	(setq text (buffer-string))))
+     (with-temp-buffer
++      (setq untrusted-content t)
+       (insert (cond ((eq charset 'gnus-decoded)
+ 		     (with-current-buffer (mm-handle-buffer handle)
+ 		       (buffer-string)))

[walnascar,2/5] emacs: patch CVE-2024-30203

Commit Message

Patch