diff --git a/emacs-CVE-2024-53920.patch b/emacs-CVE-2024-53920.patch index 920f93a..ed68901 100644 --- a/emacs-CVE-2024-53920.patch +++ b/emacs-CVE-2024-53920.patch @@ -126,14 +126,10 @@ "Pseudo function used internally by macroexp to delay warnings. --- emacs-27.2/lisp/files.el +++ emacs-27.2/lisp/files.el 2025-03-03 09:20:04.078645249 +0000 -@@ -591,10 +596,57 @@ buffer contents as untrusted. - (other :tag "Query" other)) - :group 'find-file) +@@ -591,6 +596,57 @@ buffer contents as untrusted. + Some modes may wish to set this to nil to prevent directory-local + settings being applied, but still respect file-local ones.") --(defvar enable-dir-local-variables t -- "Non-nil means enable use of directory-local variables. --Some modes may wish to set this to nil to prevent directory-local --settings being applied, but still respect file-local ones.") +(defcustom trusted-content nil + "List of files and directories whose content we trust. +Be extra careful here since trusting means that Emacs might execute the @@ -185,9 +181,9 @@ + (string-prefix-p tf file))) + (setq trusted t))) + trusted)))))))) - ;; This is an odd variable IMO. ;; You might wonder why it is needed, when we could just do: + ;; (set (make-local-variable 'enable-local-variables) nil) --- emacs-27.2/lisp/ielm.el +++ emacs-27.2/lisp/ielm.el 2025-03-03 09:18:41.372169725 +0000 @@ -616,7 +616,8 @@ See `inferior-emacs-lisp-mode' for detai diff --git a/emacs.spec b/emacs.spec index 69ab128..4b52c7a 100644 --- a/emacs.spec +++ b/emacs.spec @@ -5,7 +5,7 @@ Summary: GNU Emacs text editor Name: emacs Epoch: 1 Version: 27.2 -Release: 15%{?dist} +Release: 16%{?dist} License: GPLv3+ and CC0-1.0 URL: http://www.gnu.org/software/emacs/ Source0: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz @@ -502,6 +502,9 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg %{_includedir}/emacs-module.h %changelog +* Fri May 09 2025 Jacek Migacz - 1:27.2-16 +- Restore definition of variable "enable-dir-local-variables" (RHEL-92550) + * Fri May 09 2025 Jacek Migacz - 1:27.2-15 - Fix arbitrary code execution via Lisp macro expansion (RHEL-90181)