From patchwork Mon Oct 6 12:06:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 71691 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 854BACCA471 for ; Mon, 6 Oct 2025 12:06:38 +0000 (UTC) Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com [209.85.218.49]) by mx.groups.io with SMTP id smtpd.web10.32263.1759752393658066695 for ; Mon, 06 Oct 2025 05:06:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=BlHwzUG3; spf=pass (domain: gmail.com, ip: 209.85.218.49, mailfrom: skandigraun@gmail.com) Received: by mail-ej1-f49.google.com with SMTP id a640c23a62f3a-b41870fef44so957781366b.3 for ; Mon, 06 Oct 2025 05:06:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1759752392; x=1760357192; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=eDMkUpeDUpl2LGuEqmMZ+Wkl88uwo8Gvw7NRf+GG3+A=; b=BlHwzUG3LH8twRslgsbkFvDKsdp2wr4aOt1ANiMRttSvkylF9QcP8Bx0zOJub2XQe3 eiZJpV7+Z+A2+rN3dv1jOLJcEnAW9VTNmceAJk6pnTbYVO5oVe1YMKdtQrXP4JYv1fHw elpOb7o0qSR7InD+2g05FXks3VEgq1tAvdyZ5i9w7G+9kLffkN/m+jcnNEF9al9XZidc pIWTdrU4CMIkrSyzLPc9ExqB55NgIV12BwIHoj34rFUYMB+06Qj5WME59y3ewVZRQWJC xlBeHGeAhBLHPGG11JVEyRL17gnMPLfYBRGzAMWWUo5Bnh/iqBAKZa+x645IXZsJ186+ kzvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759752392; x=1760357192; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=eDMkUpeDUpl2LGuEqmMZ+Wkl88uwo8Gvw7NRf+GG3+A=; b=vJ2vTjmhFkZd+QmXoib51z/o2RtrhMwIQAAHMFpS5buYyafbPmkeydnCSr72qu0uMH lvnS7z9fG4WbwWrN11yLyIGYtYKEIgDMsJ5OCoa9ntdPBfNxLY5L9QzQNEOz6bXjL57S FFiQGfPW+0z8bV3+9lOC+ffd+yk7UNY7ljGJ5dSCKELotaqAXBKUc0aZRYkg9Kwkd3QQ CWU/6SzstVa7DkbNEO5II5wFkMDQlPjZ+7cwtbBRRD/A4EhH4vYRCt6SXMqRdJ6VnXBB H0NtaKCs7LPcuo6XvArwWLqDgdR45yitsGsI20ZUAK5WmADBZzc8Gky4T8AJQfwz5HSQ BZCw== X-Gm-Message-State: AOJu0YxUCtskg4N9kLYxo6wy4zsPEvpDOBPhl8h70bIhLZo1y69AnQYs 5B04JTpExQF6zmXW/8WX1WMT46TJLTVxNtgAWCnNNc85qgHqHq88QGYGGdC2Yw== X-Gm-Gg: ASbGncu0Ie24ipTvYbfVZhXYSp4sUhwnPhj9vW+70hSHXMs2RWdObMgyxMK2Pj53LRL PjEY1xrxetGzz/Hwu9GjHQGvNUtPUQP8IoRYBwxmKl/y7yOKc4HQmS4khQZYjRmVr/bi+ZGLPPW 3nyQfKBjsqDX9XYcuUGmt1GXkqE1PXUzqQ7VSNm6ZdqRXWyb6hTqbfbQXIZ+YdOarnggpnBEj7Q tv4JIKSL/LRV4rWAS4nuQ9+5ogX9OQRQiys4yhCbxVekvPcgyudwUf1zIkva4cIdLV79beUUIXG 4mP67w/NkK1gqzMSIp4LKsbFXOJvq6tGeOe+uB/xQdC+UFssHCiSQbOzgeQmAW/042Y+i0nqDYN j6JWE0X2Dh97gb6jwl4YXtbdhhtdY94T4Rtqu2OJ386qX X-Google-Smtp-Source: AGHT+IEXO2dNbbu0LUxcRoUKpZ4XJzS0SW61eowtRrKcf2brB35W3hqyaxhWI/Qor/YM3Wox/w51vw== X-Received: by 2002:a17:907:868f:b0:b40:2134:a877 with SMTP id a640c23a62f3a-b49c4292adcmr1488700666b.59.1759752391629; Mon, 06 Oct 2025 05:06:31 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-63788110219sm9949748a12.37.2025.10.06.05.06.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Oct 2025 05:06:31 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [PATCH][walnascar 1/5] emacs: patch CVE-2024-30202 Date: Mon, 6 Oct 2025 14:06:26 +0200 Message-ID: <20251006120630.414259-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Oct 2025 12:06:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120278 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30202 Backport the patch mentioned in the details of the link. Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/emacs/emacs_29.1.bb | 1 + ...et-templates-Prevent-code-evaluation.patch | 47 +++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 meta-oe/recipes-support/emacs/files/0001-org-macro-set-templates-Prevent-code-evaluation.patch diff --git a/meta-oe/recipes-support/emacs/emacs_29.1.bb b/meta-oe/recipes-support/emacs/emacs_29.1.bb index 5cbe4551c0..3701e17025 100644 --- a/meta-oe/recipes-support/emacs/emacs_29.1.bb +++ b/meta-oe/recipes-support/emacs/emacs_29.1.bb @@ -9,6 +9,7 @@ SRC_URI = "https://ftp.gnu.org/pub/gnu/emacs/emacs-${PV}.tar.xz \ SRC_URI:append:class-target = " \ file://use-emacs-native-tools-for-cross-compiling.patch \ file://avoid-running-host-binaries-for-sanity.patch \ + file://0001-org-macro-set-templates-Prevent-code-evaluation.patch \ " SRC_URI[sha256sum] = "d2f881a5cc231e2f5a03e86f4584b0438f83edd7598a09d24a21bd8d003e2e01" diff --git a/meta-oe/recipes-support/emacs/files/0001-org-macro-set-templates-Prevent-code-evaluation.patch b/meta-oe/recipes-support/emacs/files/0001-org-macro-set-templates-Prevent-code-evaluation.patch new file mode 100644 index 0000000000..c88843da59 --- /dev/null +++ b/meta-oe/recipes-support/emacs/files/0001-org-macro-set-templates-Prevent-code-evaluation.patch @@ -0,0 +1,47 @@ +From 7b1f10c152e69a32155c0291b9c8e83a8e28ebff Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 12:19:46 +0300 +Subject: [PATCH] org-macro--set-templates: Prevent code evaluation + +* lisp/org/org-macro.el (org-macro--set-templates): Get rid of any +risk to evaluate code when `org-macro--set-templates' is called as a +part of major mode initialization. This way, no code evaluation is +ever triggered when user merely opens the file or when +`mm-display-org-inline' invokes Org major mode to fontify mime part +preview in email messages. + +CVE: CVE-2024-30202 + +Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb] +Signed-off-by: Gyorgy Sarvari +--- + lisp/org/org-macro.el | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lisp/org/org-macro.el b/lisp/org/org-macro.el +index 481e431..a3b5c6e 100644 +--- a/lisp/org/org-macro.el ++++ b/lisp/org/org-macro.el +@@ -109,6 +109,13 @@ previous one, unless VALUE is nil. Return the updated list." + (let ((new-templates nil)) + (pcase-dolist (`(,name . ,value) templates) + (let ((old-definition (assoc name new-templates))) ++ ;; This code can be evaluated unconditionally, as a part of ++ ;; loading Org mode. We *must not* evaluate any code present ++ ;; inside the Org buffer while loading. Org buffers may come ++ ;; from various sources, like received email messages from ++ ;; potentially malicious senders. Org mode might be used to ++ ;; preview such messages and no code evaluation from inside the ++ ;; received Org text should ever happen without user consent. + (when (and (stringp value) (string-match-p "\\`(eval\\>" value)) + ;; Pre-process the evaluation form for faster macro expansion. + (let* ((args (org-macro--makeargs value)) +@@ -121,7 +128,7 @@ previous one, unless VALUE is nil. Return the updated list." + (cadr (read value)) + (error + (user-error "Invalid definition for macro %S" name))))) +- (setq value (eval (macroexpand-all `(lambda ,args ,body)) t)))) ++ (setq value `(lambda ,args ,body)))) + (cond ((and value old-definition) (setcdr old-definition value)) + (old-definition) + (t (push (cons name (or value "")) new-templates))))) From patchwork Mon Oct 6 12:06:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 71694 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9958BCCD185 for ; Mon, 6 Oct 2025 12:06:38 +0000 (UTC) Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) by mx.groups.io with SMTP id smtpd.web11.32324.1759752394498194549 for ; Mon, 06 Oct 2025 05:06:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=jTDE+R72; spf=pass (domain: gmail.com, ip: 209.85.208.49, mailfrom: skandigraun@gmail.com) Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-6349e3578adso8679940a12.1 for ; Mon, 06 Oct 2025 05:06:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1759752393; x=1760357193; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LOd8X4hlWb+B6JSU8cMmw8AMqnopnWgR2K0eL9huOOs=; b=jTDE+R72UF4E/aAtMsuSUJcPXF9yvVY1q1ZTwbcroWcDRAb74OG0iTEAsOjF4D/T5F BWfGvt3mPG2hkL1jlgVhpVy4Bbuz3nXAehTWRQ/TjXfA5iXd39nfX5Wi8fHAk791M8YL HB3kmutzTk2yr2ppAe4TBsfDwRB0/4LW2wnb/SOFiBOg9hlgfFVvLVcdeOTQT4MWrOrn GxhAlLbbWvKSANZk6CQ9EfegV5LGd7oQuC5GSrw3RiU40SYoE53HE5hHZ7qEdA6JZ2YF B8nkN4rDXR3F558yKkQANIfP5aEZKlpoRSmeWTjiTBJR1YakTHJcpC/j/ZmWbypuEryb H+8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759752393; x=1760357193; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LOd8X4hlWb+B6JSU8cMmw8AMqnopnWgR2K0eL9huOOs=; b=EVKoq/VCT2RPYonIwP48OC/nYdemLdhY7ensz/iDwzYpvUHG4UUN4CikyB0D38+7QY 1j6hyuUEAsUd67KezYNWc1hNVsR2E0thxxGHXcWOOsCeo4cDVD9ne2VjQ0Ccx20oRwhS gSXn3Blw+Xgseo15DbkyU0a2qfRUpdc4nT7MS81ZzKVDXpedL2TPuNKmqduYjiRQP7hJ OBrN28uvWKV1p0q5QMleQRj2kpz+W1RC5uSsEIVa04Tn8MFrd0akUh33O/eBBzrjl5pv l0nXy8wILAe5LYD2o/c0ObvXZK+5xJ3iqh1pgMBcOarYhkAtcVRAP717JbHppQbUJ9WT oGkg== X-Gm-Message-State: AOJu0YxV17QswbUu6XBIgWA6ZzIrgqtw6jxmSTQgCHysQG9LIXQAAXg6 xSCK//RcS+jUBlfqOKLQdRnesCaYGp97jtNwJhaclgLdzGhi2Zsv/A4ys7TEBA== X-Gm-Gg: ASbGncvJE7gOF4xafa+D6leZxESzmPGHZXHW2mylAG8vr3dDfNhVWMUHVWF2V8cTUQm FOpCi8K7nfrgA9GxBdBLqXu1vJjMUgEW8RLZil/+iVOvkDGr2cuw2A8EC/+KaLxxY1JbWc62ceU bahjWmQ+R+7V6f980W2O45JfnqJqQr2C11B9MSGdJKJMV83YI5CEaUaJyOdN2dLmlW+TQZb3c6u 7pZ0jifxrAvSjgTLHwM3y+eptl3VHsX/wi2uiAvuuWfKVrleFT0wL10h223zghBtO2e21MHpKCx jZzPb96uRRscgfcnHJFLI/GxQnO6AgkEl6vIRG8hjB01MoSUPo7FB42rFZ1CR3dTyM3a78R0e/1 KWwMvUhSM238a3RZf+Fg7yr20uRrJyX/HZC2701k++Y7i X-Google-Smtp-Source: AGHT+IG/J719ikr3tzdMJEHRgl++ORRc3MNZEZY4zEC9O9lwm0xVoC+4K6AzKTsFDhlGyEXZ2UqCkg== X-Received: by 2002:a05:6402:278c:b0:62f:a3ae:ff0d with SMTP id 4fb4d7f45d1cf-639349005f8mr13931552a12.14.1759752392323; Mon, 06 Oct 2025 05:06:32 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-63788110219sm9949748a12.37.2025.10.06.05.06.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Oct 2025 05:06:31 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [PATCH][walnascar 2/5] emacs: patch CVE-2024-30203 Date: Mon, 6 Oct 2025 14:06:27 +0200 Message-ID: <20251006120630.414259-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251006120630.414259-1-skandigraun@gmail.com> References: <20251006120630.414259-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Oct 2025 12:06:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120279 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30203 Pick the patch mentioned in the description. Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/emacs/emacs_29.1.bb | 1 + ...w.el-mm-display-inline-fontify-Mark-.patch | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 meta-oe/recipes-support/emacs/files/0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch diff --git a/meta-oe/recipes-support/emacs/emacs_29.1.bb b/meta-oe/recipes-support/emacs/emacs_29.1.bb index 3701e17025..c5318db96e 100644 --- a/meta-oe/recipes-support/emacs/emacs_29.1.bb +++ b/meta-oe/recipes-support/emacs/emacs_29.1.bb @@ -10,6 +10,7 @@ SRC_URI:append:class-target = " \ file://use-emacs-native-tools-for-cross-compiling.patch \ file://avoid-running-host-binaries-for-sanity.patch \ file://0001-org-macro-set-templates-Prevent-code-evaluation.patch \ + file://0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch \ " SRC_URI[sha256sum] = "d2f881a5cc231e2f5a03e86f4584b0438f83edd7598a09d24a21bd8d003e2e01" diff --git a/meta-oe/recipes-support/emacs/files/0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch b/meta-oe/recipes-support/emacs/files/0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch new file mode 100644 index 0000000000..d951bf4205 --- /dev/null +++ b/meta-oe/recipes-support/emacs/files/0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch @@ -0,0 +1,27 @@ +From 0e7fe7809daa123921faa0bd088931cf8ddfd705 Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 12:44:30 +0300 +Subject: [PATCH] * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark + contents untrusted. + +CVE: CVE-2024-30203 + +Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804] + +Signed-off-by: Gyorgy Sarvari +--- + lisp/gnus/mm-view.el | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el +index 2c40735..e24f3f3 100644 +--- a/lisp/gnus/mm-view.el ++++ b/lisp/gnus/mm-view.el +@@ -504,6 +504,7 @@ If MODE is not set, try to find mode automatically." + (setq coding-system (mm-find-buffer-file-coding-system))) + (setq text (buffer-string)))) + (with-temp-buffer ++ (setq untrusted-content t) + (insert (cond ((eq charset 'gnus-decoded) + (with-current-buffer (mm-handle-buffer handle) + (buffer-string))) From patchwork Mon Oct 6 12:06:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 71693 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 930BFCCD182 for ; Mon, 6 Oct 2025 12:06:38 +0000 (UTC) Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) by mx.groups.io with SMTP id smtpd.web11.32325.1759752394901426284 for ; Mon, 06 Oct 2025 05:06:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=YmbIu4qt; spf=pass (domain: gmail.com, ip: 209.85.208.50, mailfrom: skandigraun@gmail.com) Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-62f24b7be4fso8752464a12.0 for ; Mon, 06 Oct 2025 05:06:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1759752393; x=1760357193; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QYZVxGlTl0+DSff4UNw9iceKwlDH97VKpf3mwiOA6a0=; b=YmbIu4qtgZsg0T5HFu6EANQ013CtJtGRJOtAEjWKfM2S2s6bBknwQVD4KHpgotsJ+b OAU4xd+kCvaVIV80kxz6zBqpC7NPPpGRTkPc8EnNJiDXxPuRr1xi5fWT1fwYwanmC32O sWO9tzhwn2BD23Zt2PNetz+4/Awz9Uk3pcr49425+2+Uyt62y8eLC9qAN7na3Q2LRwoP PsT4+MP8zPhlgosZBCHjZCEurgOOrRZkHXXIi3A42QVbCkMnRXzJDdskqkellx3EV8ng Ger8i5JpGjqdV8MWxu0iJj8Jtid6+vz0qO707U1cpWYIcjD37dKPH58ZbLz1x/GKtmkY Cy7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759752393; x=1760357193; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QYZVxGlTl0+DSff4UNw9iceKwlDH97VKpf3mwiOA6a0=; b=DyW8xM/SOYQ8VW3IqaO3ovABUOCh56VkXgst8I2EUqEssoS/7Q+gLBVf7cDF/XDPVH GusExlxsJ9X5uYnhbMnaKwhyItTdJHt2zibn/fp1RYexJ4m7w7JXUDoob0RLChlhg97Z vuPyjyStaEhYJumQOsJmBIZVS26Gq2O8lBdbwk2pcpEsBBT7FE/LH7ILXQWHufoXJY0C Xui/JJDDNvKgvquBwb/30OFoA/UsMe5F+u1zwHxrKuZ4oLuVZ4IxHhC34akw50nn/aSO LZ6H4rKZqEzrC5K4in/u5CNn2u2a4BqQbsheF8GlXW3PKmrE+P+dWU/igdZBLSkunkWF /Smw== X-Gm-Message-State: AOJu0Yxwxl6EhCrO7b7eq1N+aUzXqQMXrrMEm6pG+Nlw/OAao0AE2UDu Mshgu+rifz4H437jmxzYHMypPKfepW+gnJDhuMPebN9QlIpVxXRWt+fJCDxlPA== X-Gm-Gg: ASbGncsiDcdunQyOfgxRUDyVk9W6zFMNPUxzZimuGbHIRuWSAEYMlKA+LlP5bRJYX2n qWvVKzwFHEgWbBtWaR28lFggNL9qZjc2L09q0ZHlGm1DNWf3nhSDVvgJy78ASM0SWSnJFGmrdSS N6eBJ53TCVnQnVO1+Lsovay7AnJkjCRgngmV4fKZYDt36MghMCNu7DgKKbhqOUryDsMocWX9j3/ k7B1ssCZP2QgAIjfHk8p/xE0zvbSdC5s4MxxOePHVYCK1QbnfyLuaKysfjy3n01qI9Krsg36SuN rpJRIymShuDCCy57KCZxKIG4wXin2jqzF2g8qkQRg0eVBKAZvYqsJtZq1Ta4TTqz8paviE9rX1H oR9WamDmxYaDmh0KuN2DTnYXM4p2kipkAkqjBxJ1+oaZtHb7QnM6+s/k= X-Google-Smtp-Source: AGHT+IEeu4/DfOX/rkATZ5nH0kk+p1k4/IAqOJ7Bm/MQdYTq2vk+X9A1JupD1YSi8dDcB68OI9mwOA== X-Received: by 2002:a05:6402:34d5:b0:637:ea39:d73f with SMTP id 4fb4d7f45d1cf-63939c233c5mr13013670a12.18.1759752393061; Mon, 06 Oct 2025 05:06:33 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-63788110219sm9949748a12.37.2025.10.06.05.06.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Oct 2025 05:06:32 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [PATCH][walnascar 3/5] emacs: patch CVE-2024-30204 Date: Mon, 6 Oct 2025 14:06:28 +0200 Message-ID: <20251006120630.414259-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251006120630.414259-1-skandigraun@gmail.com> References: <20251006120630.414259-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Oct 2025 12:06:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120280 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30204 Pick the patch that's mentioned in the description. Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/emacs/emacs_29.1.bb | 1 + ...w-Add-protection-when-untrusted-cont.patch | 60 +++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 meta-oe/recipes-support/emacs/files/0001-org-latex-preview-Add-protection-when-untrusted-cont.patch diff --git a/meta-oe/recipes-support/emacs/emacs_29.1.bb b/meta-oe/recipes-support/emacs/emacs_29.1.bb index c5318db96e..c4ae7be6d8 100644 --- a/meta-oe/recipes-support/emacs/emacs_29.1.bb +++ b/meta-oe/recipes-support/emacs/emacs_29.1.bb @@ -11,6 +11,7 @@ SRC_URI:append:class-target = " \ file://avoid-running-host-binaries-for-sanity.patch \ file://0001-org-macro-set-templates-Prevent-code-evaluation.patch \ file://0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch \ + file://0001-org-latex-preview-Add-protection-when-untrusted-cont.patch \ " SRC_URI[sha256sum] = "d2f881a5cc231e2f5a03e86f4584b0438f83edd7598a09d24a21bd8d003e2e01" diff --git a/meta-oe/recipes-support/emacs/files/0001-org-latex-preview-Add-protection-when-untrusted-cont.patch b/meta-oe/recipes-support/emacs/files/0001-org-latex-preview-Add-protection-when-untrusted-cont.patch new file mode 100644 index 0000000000..085bc31c17 --- /dev/null +++ b/meta-oe/recipes-support/emacs/files/0001-org-latex-preview-Add-protection-when-untrusted-cont.patch @@ -0,0 +1,60 @@ +From c5cc03c196306372e53700553e0fb5135f6105e6 Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 12:47:24 +0300 +Subject: [PATCH] org-latex-preview: Add protection when `untrusted-content' is + non-nil + +* lisp/org/org.el (org--latex-preview-when-risky): New variable +controlling how to handle LaTeX previews in Org files from untrusted +origin. +(org-latex-preview): Consult `org--latex-preview-when-risky' before +generating previews. + +This patch adds a layer of protection when LaTeX preview is requested +for an email attachment, where `untrusted-content' is set to non-nil. + +CVE: CVE-2024-30204 + +Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c] +Signed-off-by: Gyorgy Sarvari +--- + lisp/org/org.el | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/lisp/org/org.el b/lisp/org/org.el +index d3e14fe..ab58978 100644 +--- a/lisp/org/org.el ++++ b/lisp/org/org.el +@@ -1140,6 +1140,24 @@ the following lines anywhere in the buffer: + :package-version '(Org . "8.0") + :type 'boolean) + ++(defvar untrusted-content) ; defined in files.el ++(defvar org--latex-preview-when-risky nil ++ "If non-nil, enable LaTeX preview in Org buffers from unsafe source. ++ ++Some specially designed LaTeX code may generate huge pdf or log files ++that may exhaust disk space. ++ ++This variable controls how to handle LaTeX preview when rendering LaTeX ++fragments that originate from incoming email messages. It has no effect ++when Org mode is unable to determine the origin of the Org buffer. ++ ++An Org buffer is considered to be from unsafe source when the ++variable `untrusted-content' has a non-nil value in the buffer. ++ ++If this variable is non-nil, LaTeX previews are rendered unconditionally. ++ ++This variable may be renamed or changed in the future.") ++ + (defcustom org-insert-mode-line-in-empty-file nil + "Non-nil means insert the first line setting Org mode in empty files. + When the function `org-mode' is called interactively in an empty file, this +@@ -15687,6 +15705,7 @@ fragments in the buffer." + (interactive "P") + (cond + ((not (display-graphic-p)) nil) ++ ((and untrusted-content (not org--latex-preview-when-risky)) nil) + ;; Clear whole buffer. + ((equal arg '(64)) + (org-clear-latex-preview (point-min) (point-max)) From patchwork Mon Oct 6 12:06:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 71692 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 86868CCA476 for ; Mon, 6 Oct 2025 12:06:38 +0000 (UTC) Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) by mx.groups.io with SMTP id smtpd.web10.32264.1759752395658363031 for ; Mon, 06 Oct 2025 05:06:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=UKt4/FL+; spf=pass (domain: gmail.com, ip: 209.85.208.48, mailfrom: skandigraun@gmail.com) Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-62fca216e4aso11664446a12.0 for ; Mon, 06 Oct 2025 05:06:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1759752394; x=1760357194; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=u48Y38JTCtbqBUijPbBEtWv8/S4cp7Nx8P9jYozjMks=; b=UKt4/FL+lvnS4wM6HbuoqrjpeRFLelVicx415blnQ2y9LTVGiJAit/9msqiF2Tw+fk oWU+kN+HC31+iFWrHn/qE+TcBlJ7bLqaBXnl6wysL/1nUuEJDiecqh1hCEsRzTX8OqIp HgwjX43N1CMObCuTUSDf6JRt6C8xM7stcWzINne/9pc5kX2prQXGO6FcWN/OlGba40Jm QeClHIb8ATFC3bLoCbm3ADLMJ5lkdB+X+lELrWnUlqzdZl31e7C9h2lZxQRvkZfLrlwO Kl7Vi6DSdVb90orGO9+1ASCGdaBzVKUlFdaYiPxBkM0ILESIYJqlxpq5lG5xoPZmBJPe OO4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759752394; x=1760357194; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=u48Y38JTCtbqBUijPbBEtWv8/S4cp7Nx8P9jYozjMks=; b=gEN3PGxBHEnTxfhEGfvtw5zp03fxc9C/qun8O9za1tKVRLAYKP8H2+sOQdH1U4G8oK KS4SU23XaC/SyJnJ1cVHCi2S9fMdiRkwJHBAUZLfUXR2ysvlYsQsKQF4TBds8iyPOTUE IAjUDEmc5vXBVVF5PxfbKtm+q1BqRR/7SX3nBLSMRYTc+x1/exo8z3AtuCQ6dzWDKrdN 4LxQaaG3i9YdZ6yp+Nj02LCnGevE8ZrHgKm+88DgS9d/0SSb2DHUCnnLXeEyDwOk1aAM ASQq5kk8xG1FpBrkAzUu1t/J8Q6XNNIv6covA0EWkAqPHUKdzDiIxSScZFW9a973AJB3 j9hg== X-Gm-Message-State: AOJu0YxiK1s8L593xtLlxIq7rxniTt+TzGzyjKL5NMSvgLvnxuaiNuII VoPnT5wFBlioaSJ8mOTIVU/BGcbuLEKDo5fMH+ndHkkm5vx3mESawwJtMg8CuQ== X-Gm-Gg: ASbGncsBxLE8slzf9XA0QRBR5pKimcZw4fnGRjZzPTFrd9e0KUE8K2v/AcM6+Rnrzmi wwrIpz9D2pDguHoicAf76d3kyB3D/Z3xsD0Q/4n9lSmCiBZTLY1pz6fR0h2notZFdXtReoxOd+p YB1JVLUx1UfZD+F5s4A2j1BZIWeCmKY9JKCpk6bF/xyMTG4aVm8Xb9C2iy5hSl9KU8cuMnsu+MG eiM9NZ3rj4+0FqWCDUBqd5mj2lp5lQdlB8bLfSB1K4iNCzpsBBmXEn3dITzQLmJfmiOk9sHrrTx NcMYySF3lOJzdRinSS4g8d+hP7n+8oW5WxZOGnShBGquVAHo8haTQO3L0E15QSCc12ibEi3sjsY FqTFHjwaOJ7fmO0P2bPyY9aZWYQIWpDRMcuXmjILXP66BoPJ2vHrwQiQ= X-Google-Smtp-Source: AGHT+IG7PN8IcQDXcAAFmK7vc2aoWA/qxidsrnBFF6S29ypw5+ebatJkgI3vckf+Utl93KDIEbeKKw== X-Received: by 2002:a05:6402:13d6:b0:636:6e11:2fd1 with SMTP id 4fb4d7f45d1cf-638fcb65499mr15445653a12.4.1759752393813; Mon, 06 Oct 2025 05:06:33 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-63788110219sm9949748a12.37.2025.10.06.05.06.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Oct 2025 05:06:33 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [PATCH][walnascar 4/5] emacs: patch CVE-2024-30205 Date: Mon, 6 Oct 2025 14:06:29 +0200 Message-ID: <20251006120630.414259-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251006120630.414259-1-skandigraun@gmail.com> References: <20251006120630.414259-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Oct 2025 12:06:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120281 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30205 Pick the patch that's in the description. Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/emacs/emacs_29.1.bb | 1 + ...nts-Consider-all-remote-files-unsafe.patch | 38 +++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 meta-oe/recipes-support/emacs/files/0001-org-file-contents-Consider-all-remote-files-unsafe.patch diff --git a/meta-oe/recipes-support/emacs/emacs_29.1.bb b/meta-oe/recipes-support/emacs/emacs_29.1.bb index c4ae7be6d8..704a8210a1 100644 --- a/meta-oe/recipes-support/emacs/emacs_29.1.bb +++ b/meta-oe/recipes-support/emacs/emacs_29.1.bb @@ -12,6 +12,7 @@ SRC_URI:append:class-target = " \ file://0001-org-macro-set-templates-Prevent-code-evaluation.patch \ file://0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch \ file://0001-org-latex-preview-Add-protection-when-untrusted-cont.patch \ + file://0001-org-file-contents-Consider-all-remote-files-unsafe.patch \ " SRC_URI[sha256sum] = "d2f881a5cc231e2f5a03e86f4584b0438f83edd7598a09d24a21bd8d003e2e01" diff --git a/meta-oe/recipes-support/emacs/files/0001-org-file-contents-Consider-all-remote-files-unsafe.patch b/meta-oe/recipes-support/emacs/files/0001-org-file-contents-Consider-all-remote-files-unsafe.patch new file mode 100644 index 0000000000..7408f0e404 --- /dev/null +++ b/meta-oe/recipes-support/emacs/files/0001-org-file-contents-Consider-all-remote-files-unsafe.patch @@ -0,0 +1,38 @@ +From 3a3bc6df4295ff7d5ea7193dfe0492cd858e1664 Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 14:59:20 +0300 +Subject: [PATCH] org-file-contents: Consider all remote files unsafe + +* lisp/org/org.el (org-file-contents): When loading files, consider all +remote files (like TRAMP-fetched files) unsafe, in addition to URLs. + +CVE: CVE-2024-30205 +Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877] + +Signed-off-by: Gyorgy Sarvari +--- + lisp/org/org.el | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/lisp/org/org.el b/lisp/org/org.el +index ab58978..03140bd 100644 +--- a/lisp/org/org.el ++++ b/lisp/org/org.el +@@ -4576,12 +4576,16 @@ from file or URL, and return nil. + If NOCACHE is non-nil, do a fresh fetch of FILE even if cached version + is available. This option applies only if FILE is a URL." + (let* ((is-url (org-url-p file)) ++ (is-remote (condition-case nil ++ (file-remote-p file) ++ ;; In case of error, be safe. ++ (t t))) + (cache (and is-url + (not nocache) + (gethash file org--file-cache)))) + (cond + (cache) +- (is-url ++ ((or is-url is-remote) + (if (org--should-fetch-remote-resource-p file) + (condition-case error + (with-current-buffer (url-retrieve-synchronously file) From patchwork Mon Oct 6 12:06:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 71695 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87E61CAC5B8 for ; Mon, 6 Oct 2025 12:06:38 +0000 (UTC) Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com [209.85.218.52]) by mx.groups.io with SMTP id smtpd.web10.32268.1759752396623713571 for ; Mon, 06 Oct 2025 05:06:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ROWcacWf; spf=pass (domain: gmail.com, ip: 209.85.218.52, mailfrom: skandigraun@gmail.com) Received: by mail-ej1-f52.google.com with SMTP id a640c23a62f3a-b07d4d24d09so905868766b.2 for ; Mon, 06 Oct 2025 05:06:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1759752395; x=1760357195; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PDHBXfgeEIZbSiJlGa2OVG3tnRx3AQObA/VA0qL6Kjw=; b=ROWcacWfo/ZNNmqDgpNYXof0zwV3/DjWqk/dDXhPVhQI2pSSJOR9ycjDQkb+KO5Pwh WFrpzb6n9oIa028xB8iDdTT5nd6/Wt5rRDIi88EGUwPMtQBxTeUCVOKOzC4l2OLf+Ril kRzhEhj9l52guewT0YsXu0DKI3xaK5ZDWjlQsjXIiYxGK6/FIBI58huXuWMDq4n1ygWq CzE2nnmicKGQc2c/yIu2VAywbFLCqwqPw4vEFtp4VMf+/C+30th2NsqKqgnZ65rtK7pI GEn6I6jOG+2iud9p9O6/TzlOIOSjM+6dl6CZoWd/z7d1iUpUHikOwGBfLTq7xb9MuMwl +rIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759752395; x=1760357195; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PDHBXfgeEIZbSiJlGa2OVG3tnRx3AQObA/VA0qL6Kjw=; b=FqI9wSyvF78JFHrtS0eLsue+CMCHErZ7sNfIHRiBrNhYsqE86ySvh1RtSHlGSzE5Pw ZISHF22ZR+NBm+AIuQOI+eua1Cj/lWjN2VRAfVX6oCAI8dTXF3CRlGM93aHwkBbNhOlO Z+Bs2o2gPSm0YQYHnm/ckwzxtJf3NNRhRDoygokCvnlANpiaBaO7mLb3rzEOxX6OCu7b Zpt5zejBnUIVivAwynrqpVg7TFXHJUrbj+PQB3GYCzHZSGiOpBzKsdI4oimXl3idDOrx ogVwir/OM7SPGNrvtCWJcnEWqiDVn+dlQiKqBolUvQIZY+Wr/wzKwy9Dx27zoKhICJz3 Em0g== X-Gm-Message-State: AOJu0YwYqKrbpWw3lHazBjjgvezBk1tgRySJliAlLx34LHgBJ6Nu4mVa yc75mWujyqgUjt21bGJEBVniEjai5Fe4yFyhGjhe+kDawV64hFgbemSvRYYPLw== X-Gm-Gg: ASbGncu/oosFgVqp9Ap6raTbn0QR50gEvMF5+52Hxfvl7UZwYBVMb+RHykMJqeUHN2Z 1pC2j30FRuYVa2tbY5fp2GsZnNTroR7bECwgUHl7rEIBS2Jo/YQsy3H5AAjXw1ndVi49r9GHD8L Zz2GqT6fCuA7VP1br/6xMon3Oyf1LnRmhSLk8R4hMBGAHlVYdfH6hYjmijEjaQFYMROrSPHby/H DZsF9IHm9FRRjQj+sr83PfnMlRw0h4HrcNRIAGiFN1YvfFZWQBsZibucE2OFrG5eb28+qaBJ7H7 9Yc44rlDncQjxbk6IQgFNPWnfMLSNiDVi69nFM7zbnHsV5ZSH4aSfPqpSA1cgkGgzMLg7Fy51mB 7HIezLRRL+H9qoYh3OD4MjJYPyy1u1vJOo+sW+Ndd/Vkp X-Google-Smtp-Source: AGHT+IF9civpNHdzgHEMoa1IQeCBAk7Nl3F7Qj6I7VBJ7LprP5Fs3YF7LLj1M4e4WT+XYw48iWwtHg== X-Received: by 2002:a17:907:3f0a:b0:b33:671:8a58 with SMTP id a640c23a62f3a-b49c374019dmr1498516866b.37.1759752394623; Mon, 06 Oct 2025 05:06:34 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-63788110219sm9949748a12.37.2025.10.06.05.06.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Oct 2025 05:06:34 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [PATCH][walnascar 5/5] emacs: patch CVE-2024-39331 Date: Mon, 6 Oct 2025 14:06:30 +0200 Message-ID: <20251006120630.414259-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251006120630.414259-1-skandigraun@gmail.com> References: <20251006120630.414259-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Oct 2025 12:06:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120282 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39331 Pick the patch that's mentioned in thee details. Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/emacs/emacs_29.1.bb | 1 + ...abbrev-Do-not-evaluate-arbitrary-uns.patch | 71 +++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 meta-oe/recipes-support/emacs/files/0001-org-link-expand-abbrev-Do-not-evaluate-arbitrary-uns.patch diff --git a/meta-oe/recipes-support/emacs/emacs_29.1.bb b/meta-oe/recipes-support/emacs/emacs_29.1.bb index 704a8210a1..10c148b216 100644 --- a/meta-oe/recipes-support/emacs/emacs_29.1.bb +++ b/meta-oe/recipes-support/emacs/emacs_29.1.bb @@ -13,6 +13,7 @@ SRC_URI:append:class-target = " \ file://0001-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch \ file://0001-org-latex-preview-Add-protection-when-untrusted-cont.patch \ file://0001-org-file-contents-Consider-all-remote-files-unsafe.patch \ + file://0001-org-link-expand-abbrev-Do-not-evaluate-arbitrary-uns.patch \ " SRC_URI[sha256sum] = "d2f881a5cc231e2f5a03e86f4584b0438f83edd7598a09d24a21bd8d003e2e01" diff --git a/meta-oe/recipes-support/emacs/files/0001-org-link-expand-abbrev-Do-not-evaluate-arbitrary-uns.patch b/meta-oe/recipes-support/emacs/files/0001-org-link-expand-abbrev-Do-not-evaluate-arbitrary-uns.patch new file mode 100644 index 0000000000..88fdaaf22d --- /dev/null +++ b/meta-oe/recipes-support/emacs/files/0001-org-link-expand-abbrev-Do-not-evaluate-arbitrary-uns.patch @@ -0,0 +1,71 @@ +From 8b8866eb94c7b7140ba94eb2b4e6ead14c0d986d Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Fri, 21 Jun 2024 15:45:25 +0200 +Subject: [PATCH] org-link-expand-abbrev: Do not evaluate arbitrary unsafe + Elisp code + +* lisp/org/ol.el (org-link-expand-abbrev): Refuse expanding %(...) +link abbrevs that specify unsafe function. Instead, display a +warning, and do not expand the abbrev. Clear all the text properties +from the returned link, to avoid any potential vulnerabilities caused +by properties that may contain arbitrary Elisp. + +CVE: CVE-2024-39331 +Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/emacs.git/commit/?id=c645e1d8205f0f0663ec4a2d27575b238c646c7c] + +Signed-off-by: Gyorgy Sarvari +--- + lisp/org/ol.el | 40 +++++++++++++++++++++++++++++----------- + 1 file changed, 29 insertions(+), 11 deletions(-) + +diff --git a/lisp/org/ol.el b/lisp/org/ol.el +index 9ad191c..c15128f 100644 +--- a/lisp/org/ol.el ++++ b/lisp/org/ol.el +@@ -1063,17 +1063,35 @@ Abbreviations are defined in `org-link-abbrev-alist'." + (if (not as) + link + (setq rpl (cdr as)) +- (cond +- ((symbolp rpl) (funcall rpl tag)) +- ((string-match "%(\\([^)]+\\))" rpl) +- (replace-match +- (save-match-data +- (funcall (intern-soft (match-string 1 rpl)) tag)) +- t t rpl)) +- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) +- ((string-match "%h" rpl) +- (replace-match (url-hexify-string (or tag "")) t t rpl)) +- (t (concat rpl tag))))))) ++ ;; Drop any potentially dangerous text properties like ++ ;; `modification-hooks' that may be used as an attack vector. ++ (substring-no-properties ++ (cond ++ ((symbolp rpl) (funcall rpl tag)) ++ ((string-match "%(\\([^)]+\\))" rpl) ++ (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl)))) ++ ;; Using `unsafep-function' is not quite enough because ++ ;; Emacs considers functions like `genenv' safe, while ++ ;; they can potentially be used to expose private system ++ ;; data to attacker if abbreviated link is clicked. ++ (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe)) ++ (eq t (get rpl-fun-symbol 'pure))) ++ (replace-match ++ (save-match-data ++ (funcall (intern-soft (match-string 1 rpl)) tag)) ++ t t rpl) ++ (org-display-warning ++ (format "Disabling unsafe link abbrev: %s ++You may mark function safe via (put '%s 'org-link-abbrev-safe t)" ++ rpl (match-string 1 rpl))) ++ (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local) ++ org-link-abbrev-alist (delete as org-link-abbrev-alist)) ++ link ++ ))) ++ ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) ++ ((string-match "%h" rpl) ++ (replace-match (url-hexify-string (or tag "")) t t rpl)) ++ (t (concat rpl tag)))))))) + + (defun org-link-open (link &optional arg) + "Open a link object LINK.