From 285f5e95b47c9dfca6331c6a1ea3f8846246aaeb Mon Sep 17 00:00:00 2001
From: zhangxingrong <zhangxingrong@uniontech.com>
Date: Thu, 28 Mar 2024 14:51:37 +0800
Subject: [PATCH] Fix-CVE-2024-30204

---
 0001-Fix-CVE-2024-30204.patch | 49 +++++++++++++++++++++++++++++++++++
 emacs.spec                    |  6 ++++-
 2 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 0001-Fix-CVE-2024-30204.patch

diff --git a/0001-Fix-CVE-2024-30204.patch b/0001-Fix-CVE-2024-30204.patch
new file mode 100644
index 0000000..077987c
--- /dev/null
+++ b/0001-Fix-CVE-2024-30204.patch
@@ -0,0 +1,49 @@
+From a16eb4f374fc70be45f0353e1832fb73fb890efc Mon Sep 17 00:00:00 2001
+From: zhangxingrong <zhangxingrong@uniontech.com>
+Date: Wed, 27 Mar 2024 21:08:10 +0800
+Subject: [PATCH] Fix-CVE-2024-30204
+
+---
+ lisp/org/org.el | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/lisp/org/org.el b/lisp/org/org.el
+index d3e14fe..ab58978 100644
+--- a/lisp/org/org.el
++++ b/lisp/org/org.el
+@@ -1140,6 +1140,24 @@ the following lines anywhere in the buffer:
+   :package-version '(Org . "8.0")
+   :type 'boolean)
+ 
++(defvar untrusted-content) ; defined in files.el
++(defvar org--latex-preview-when-risky nil
++  "If non-nil, enable LaTeX preview in Org buffers from unsafe source.
++
++Some specially designed LaTeX code may generate huge pdf or log files
++that may exhaust disk space.
++
++This variable controls how to handle LaTeX preview when rendering LaTeX
++fragments that originate from incoming email messages.  It has no effect
++when Org mode is unable to determine the origin of the Org buffer.
++
++An Org buffer is considered to be from unsafe source when the
++variable `untrusted-content' has a non-nil value in the buffer.
++
++If this variable is non-nil, LaTeX previews are rendered unconditionally.
++
++This variable may be renamed or changed in the future.")
++
+ (defcustom org-insert-mode-line-in-empty-file nil
+   "Non-nil means insert the first line setting Org mode in empty files.
+ When the function `org-mode' is called interactively in an empty file, this
+@@ -15687,6 +15705,7 @@ fragments in the buffer."
+   (interactive "P")
+   (cond
+    ((not (display-graphic-p)) nil)
++   ((and untrusted-content (not org--latex-preview-when-risky)) nil)
+    ;; Clear whole buffer.
+    ((equal arg '(64))
+     (org-clear-latex-preview (point-min) (point-max))
+-- 
+2.43.0
+
diff --git a/emacs.spec b/emacs.spec
index 003ae74..9fea546 100644
--- a/emacs.spec
+++ b/emacs.spec
@@ -8,7 +8,7 @@
 Name:          emacs
 Epoch:         1
 Version:       29.1
-Release:       1
+Release:       2
 Summary:       An extensible GNU text editor
 License:       GPLv3+ and CC0-1.0
 URL:           http://www.gnu.org/software/emacs
@@ -26,6 +26,7 @@ Source7:       emacs-terminal.desktop
 Patch6001:        emacs-spellchecker.patch
 #https://src.fedoraproject.org/rpms/emacs/blob/rawhide/f/emacs-system-crypto-policies.patch
 Patch6002:        emacs-system-crypto-policies.patch
+Patch6003:	  0001-Fix-CVE-2024-30204.patch
 
 Patch9000:        emacs-deal-taboo-words.patch
 
@@ -410,6 +411,9 @@ fi
 %{_mandir}/*/*
 
 %changelog
+* Thu Mar 28 2024 zhangxingrong <zhangxingrong@uniontech.com> - 1:29.1-2
+- fix CVE-2024-30204
+
 * Tue Jan 23 2024 zhangpan <zhangpan103@h-partners.com> - 1:29.1-1
 - update to 29.1
 
-- 
Gitee