From 924176d175ece2221d08dbb8f81ff1d40ca015d8 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Wed, 29 Jan 2025 12:47:45 +0800
Subject: [PATCH] add opensuse patch to fix CVE-2024-53920

---
 emacs-CVE-2024-53920.patch | 47 ++++++++++++++++++++++++++++++++++++++
 emacs.spec                 |  8 +++++--
 2 files changed, 53 insertions(+), 2 deletions(-)
 create mode 100644 emacs-CVE-2024-53920.patch

diff --git a/emacs-CVE-2024-53920.patch b/emacs-CVE-2024-53920.patch
new file mode 100644
index 0000000..532d14f
--- /dev/null
+++ b/emacs-CVE-2024-53920.patch
@@ -0,0 +1,47 @@
+From: Werner Fink <werner@suse.de>
+Date: Fri, 13 Dec 2024 14:32:39 +0000
+Subject: [PATCH] Disable flymake on start and save (CVE-2024-53920)
+
+Disable flymake on start and save to avoid to be attacked with elisp code
+like in this example:
+
+ > cat document.txt 
+ ;; -*- mode: emacs-lisp -*-
+ (rx (eval (call-process "touch" nil nil nil "/tmp/owned")))
+
+if not disabled the elisp code above is completed which means executed
+without any warning if `flymake-mode' would be enabled by default for
+`emacs-lisp-mode'.
+
+---
+ lisp/progmodes/flymake.el |   14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+--- a/lisp/progmodes/flymake.el
++++ b/lisp/progmodes/flymake.el	2024-12-13 14:26:43.833166494 +0000
+@@ -199,15 +199,21 @@ If nil, never start checking buffer auto
+ (define-obsolete-variable-alias 'flymake-start-syntax-check-on-find-file
+   'flymake-start-on-flymake-mode "26.1")
+ 
+-(defcustom flymake-start-on-flymake-mode t
++(defcustom flymake-start-on-flymake-mode nil
+   "If non-nil, start syntax check when `flymake-mode' is enabled.
+-Specifically, start it when the buffer is actually displayed."
++Specifically, start it when the buffer is actually displayed.
++Warning: if enabled and with elisp-mode the triggered code completion on
++untrusted Emacs Lisp source code allows attackers to execute arbitrary code.
++More information at https://www.cve.org/CVERecord?id=CVE-2024-53920"
+   :version "26.1"
+   :type 'boolean)
+ 
+-(defcustom flymake-start-on-save-buffer t
++(defcustom flymake-start-on-save-buffer nil
+   "If non-nil, start syntax check when a buffer is saved.
+-Specifically, start it when the saved buffer is actually displayed."
++Specifically, start it when the saved buffer is actually displayed.
++Warning: if enabled and with elisp-mode the triggered code completion on
++untrusted Emacs Lisp source code allows attackers to execute arbitrary code.
++More information at https://www.cve.org/CVERecord?id=CVE-2024-53920"
+   :version "27.1"
+   :type 'boolean)
+ 
diff --git a/emacs.spec b/emacs.spec
index 4ee8d89..8073524 100644
--- a/emacs.spec
+++ b/emacs.spec
@@ -8,7 +8,7 @@
 Name:          emacs
 Epoch:         1
 Version:       29.4
-Release:       1
+Release:       2
 Summary:       An extensible GNU text editor
 License:       GPL-3.0-or-later AND CC0-1.0
 URL:           https://www.gnu.org/software/emacs
@@ -25,7 +25,8 @@ Source7:       emacs-terminal.desktop
 Patch1001:        emacs-spellchecker.patch
 #https://src.fedoraproject.org/rpms/emacs/blob/rawhide/f/emacs-system-crypto-policies.patch
 Patch1002:        emacs-system-crypto-policies.patch
-
+#https://build.opensuse.org/package/show/openSUSE:Factory/emacs
+Patch1003:        emacs-CVE-2024-53920.patch
 Patch9000:        emacs-deal-taboo-words.patch
 
 BuildRequires: make gcc
@@ -412,6 +413,9 @@ cat el-*-files common-lisp-dir-files > el-filelist
 %{_mandir}/*/*
 
 %changelog
+* Wed Jan 29 2025 Funda Wang <fundawang@yeah.net> - 1:29.4-2
+- add opensuse patch to fix CVE-2024-53920
+
 * Mon Dec 02 2024 Funda Wang <fundawang@yeah.net> - 1:29.4-1
 - update to 29.4
 
-- 
Gitee