rpms/emacs
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS emacs-27.2-18.el9

Browse Source
This commit is contained in:
eabdullin 2025-09-15 11:55:52 +00:00
parent 719ec114a9
commit 6e8126e51b
7 changed files with 550 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

312
SOURCES/emacs-CVE-2024-53920.patch Normal file
View File

@ -0,0 +1,312 @@
---
emacs-27.2/doc/emacs/misc.texi | 33 +++++++++++++++++
emacs-27.2/doc/misc/efaq.texi | 7 +++
emacs-27.2/etc/NEWS | 23 ++++++++++++
emacs-27.2/lisp/emacs-lisp/macroexp.el | 10 ++++-
emacs-27.2/lisp/files.el | 60 +++++++++++++++++++++++++++++---
emacs-27.2/lisp/ielm.el | 3 +
emacs-27.2/lisp/progmodes/elisp-mode.el | 58 +++++++++++++++++++++++++-----
emacs-27.2/lisp/simple.el | 1
emacs-27.2/lisp/startup.el | 14 +++++--
9 files changed, 189 insertions(+), 20 deletions(-)
--- emacs-27.2/doc/emacs/misc.texi
+++ emacs-27.2/doc/emacs/misc.texi 2025-03-03 09:18:41.368169799 +0000
@@ -279,6 +279,39 @@ trusted and the default checking for the
you can set @code{enable-local-variables} to @code{:all}. @xref{Safe
File Variables}.
+@cindex trusted files and directories
+Loading a file of Emacs Lisp code with @code{load-file} or
+@code{load-library} (@pxref{Lisp Libraries}) can execute some of the
+Lisp code in the file being loaded, so you should only load Lisp files
+whose source you trust. However, some Emacs features can in certain
+situations execute Lisp code even without your explicit command or
+request. For example, Flymake, the on-the-fly syntax checker for Emacs
+(@pxref{Top,,, flymake, GNU Flymake}), if it is enabled, can
+automatically execute some of the code in a Lisp file you visit as part
+of its syntax-checking job. Similarly, some completion commands
+(@pxref{Completion}) in buffers visiting Lisp files sometimes need to
+expand Lisp macros for best results. In these cases, just visiting a
+Lisp file and performing some editing in it could trigger execution of
+Lisp code. If the visited file came from an untrusted source, it could
+include dangerous or even malicious code that Emacs would execute in
+those situations.
+
+To protect against this, Emacs disables execution of Lisp code by
+Flymake, completion, and some other features, unless the visited file is
+@dfn{trusted}. It is up to you to specify which files on your system
+should be trusted, by customizing the user option
+@code{trusted-content}.
+
+@defopt trusted-content
+The value of this option is @code{nil} by default, which means no file
+is trusted. You can customize the variable to be a list of one or more
+names of trusted files and directories. A file name that ends in a
+slash @file{/} is interpreted as a directory, which means all its files
+and subdirectories are also trusted. A special value @code{:all} means
+@emph{all} the files and directories on your system should be trusted;
+@strong{this is not recommended}, as it opens a gaping security hole.
+@end defopt
+
@xref{Security Considerations,,, elisp, The Emacs Lisp Reference
Manual}, for more information about security considerations when using
Emacs as part of a larger application.
--- emacs-27.2/doc/misc/efaq.texi
+++ emacs-27.2/doc/misc/efaq.texi 2025-03-03 09:18:41.368169799 +0000
@@ -1001,6 +1001,13 @@ Native support for @acronym{JSON} parsin
@file{json.el}.
@item
+New user option @code{trusted-contents} to allow potentially dangerous
+Emacs features which could execute arbitrary Lisp code. Use this
+variable to list files and directories whose contents Emacs should
+trust, thus allowing those potentially dangerous features when those
+files are visited.
+
+@item
Cairo drawing is no longer experimental.
@cindex portable dumper
--- emacs-27.2/etc/NEWS
+++ emacs-27.2/etc/NEWS 2025-03-03 09:18:41.368169799 +0000
@@ -15,6 +15,29 @@ in older Emacs versions.
You can narrow news to a specific version by calling 'view-emacs-news'
with a prefix argument or by typing 'C-u C-h C-n'.
+* Changes for CVE-2024-53920
+
+** New user option 'trusted-content' to allow potentially dangerous features.
+This variable lists those files and directories whose content Emacs should
+consider as sufficiently trusted to run any part of the code contained
+therein even without any explicit user request.
+For example, Flymake's backend for Emacs Lisp consults this variable
+and disables itself with an "untrusted content" warning if the file
+is not listed.
+
+Emacs Lisp authors should note that a major or minor mode must never set
+this variable to the ':all' value.
+
+This option is used to fix CVE-2024-53920. See below for details.
+
+** Emacs Lisp mode
+
+*** 'elisp-flymake-byte-compile' is disabled for untrusted files.
+For security reasons, this backend can be used only in those files
+specified as trusted according to 'trusted-content' and emits an
+"untrusted content" warning otherwise.
+This fixes CVE-2024-53920.
+
* Changes in Emacs 27.2
--- emacs-27.2/lisp/emacs-lisp/macroexp.el
+++ emacs-27.2/lisp/emacs-lisp/macroexp.el 2025-03-03 09:18:41.368169799 +0000
@@ -94,12 +94,20 @@ each clause."
(macroexp--all-forms clause skip)
clause)))
+(defvar macroexp-inhibit-compiler-macros nil
+ "Inhibit application of compiler macros if non-nil.")
+
(defun macroexp--compiler-macro (handler form)
+ "Apply compiler macro HANDLER to FORM and return the result.
+Unless `macroexp-inhibit-compiler-macros' is non-nil, in which
+case return FORM unchanged."
+ (if macroexp-inhibit-compiler-macros
+ form
(condition-case-unless-debug err
(apply handler form (cdr form))
(error
(message "Compiler-macro error for %S: %S" (car form) err)
- form)))
+ form))))
(defun macroexp--funcall-if-compiled (_form)
"Pseudo function used internally by macroexp to delay warnings.
--- emacs-27.2/lisp/files.el
+++ emacs-27.2/lisp/files.el 2025-03-03 09:20:04.078645249 +0000
@@ -591,6 +596,57 @@ buffer contents as untrusted.
Some modes may wish to set this to nil to prevent directory-local
settings being applied, but still respect file-local ones.")
+(defcustom trusted-content nil
+ "List of files and directories whose content we trust.
+Be extra careful here since trusting means that Emacs might execute the
+code contained within those files and directories without an explicit
+request by the user.
+One important case when this might happen is when `flymake-mode' is
+enabled (for example, when it is added to a mode hook).
+Each element of the list should be a string:
+- If it ends in \"/\", it is considered as a directory name and means that
+ Emacs should trust all the files whose name has this directory as a prefix.
+- Otherwise, it is considered a file name.
+Use abbreviated file names. For example, an entry \"~/mycode/\" means
+that Emacs will trust all the files in your directory \"mycode\".
+This variable can also be set to `:all', in which case Emacs will trust
+all files, which opens a gaping security hole. Emacs Lisp authors
+should note that this value must never be set by a major or minor mode."
+ :type '(choice (repeat :tag "List" file)
+ (const :tag "Trust everything (DANGEROUS!)" :all))
+ :version "27.2")
+(put 'trusted-content 'risky-local-variable t)
+
+(defun trusted-content-p ()
+ "Return non-nil if we trust the contents of the current buffer.
+Here, \"trust\" means that we are willing to run code found inside of it.
+See also `trusted-content'."
+ ;; We compare with `buffer-file-truename' i.s.o `buffer-file-name'
+ ;; to try and avoid marking as trusted a file that's merely accessed
+ ;; via a symlink that happens to be inside a trusted dir.
+ (and (not untrusted-content)
+ (or
+ (eq trusted-content :all)
+ (and
+ buffer-file-truename
+ (with-demoted-errors "trusted-content-p: %S"
+ (let ((exists (file-exists-p buffer-file-truename)))
+ (or
+ ;; We can't avoid trusting the user's init file.
+ (if (and exists user-init-file)
+ (file-equal-p buffer-file-truename user-init-file)
+ (equal buffer-file-truename user-init-file))
+ (let ((file (abbreviate-file-name buffer-file-truename))
+ (trusted nil))
+ (dolist (tf trusted-content)
+ (when (or (if exists (file-equal-p tf file) (equal tf file))
+ ;; We don't use `file-in-directory-p' here, because
+ ;; we want to err on the conservative side: "guilty
+ ;; until proven innocent".
+ (and (string-suffix-p "/" tf)
+ (string-prefix-p tf file)))
+ (setq trusted t)))
+ trusted))))))))
;; This is an odd variable IMO.
;; You might wonder why it is needed, when we could just do:
;; (set (make-local-variable 'enable-local-variables) nil)
--- emacs-27.2/lisp/ielm.el
+++ emacs-27.2/lisp/ielm.el 2025-03-03 09:18:41.372169725 +0000
@@ -616,7 +616,8 @@ See `inferior-emacs-lisp-mode' for detai
(unless (comint-check-proc buf-name)
(with-current-buffer (get-buffer-create buf-name)
(unless (zerop (buffer-size)) (setq old-point (point)))
- (inferior-emacs-lisp-mode)))
+ (inferior-emacs-lisp-mode)
+ (setq-local trusted-content :all)))
(pop-to-buffer-same-window buf-name)
(when old-point (push-mark old-point))))
--- emacs-27.2/lisp/progmodes/elisp-mode.el
+++ emacs-27.2/lisp/progmodes/elisp-mode.el 2025-03-03 09:18:41.372169725 +0000
@@ -333,6 +333,43 @@ Blank lines separate paragraphs. Semico
(defvar warning-minimum-log-level)
+(defvar elisp--local-macroenv
+ `((cl-eval-when . ,(lambda (&rest args) `(progn . ,(cdr args))))
+ (eval-when-compile . ,(lambda (&rest args) `(progn . ,args)))
+ (eval-and-compile . ,(lambda (&rest args) `(progn . ,args))))
+ "Environment to use while tentatively expanding macros.
+This is used to try and avoid the most egregious problems linked to the
+use of `macroexpand-all' as a way to find the \"underlying raw code\".")
+
+(defvar elisp--macroexpand-untrusted-warning t)
+
+(defun elisp--safe-macroexpand-all (sexp)
+ (if (not (trusted-content-p))
+ ;; FIXME: We should try and do better here, either using a notion
+ ;; of "safe" macros, or with `bwrap', or ...
+ (progn
+ (when elisp--macroexpand-untrusted-warning
+ (setq-local elisp--macroexpand-untrusted-warning nil) ;Don't spam!
+ (let ((inhibit-message t)) ;Only log.
+ (message "Completion of local vars is disabled in %s (untrusted content)"
+ (buffer-name))))
+ sexp)
+ (let ((macroexpand-advice
+ (lambda (expander form &rest args)
+ (condition-case err
+ (apply expander form args)
+ (error
+ (message "Ignoring macroexpansion error: %S" err) form)))))
+ (unwind-protect
+ ;; Silence any macro expansion errors when
+ ;; attempting completion at point (bug#58148).
+ (let ((inhibit-message t)
+ (macroexp-inhibit-compiler-macros t)
+ (warning-minimum-log-level :emergency))
+ (advice-add 'macroexpand-1 :around macroexpand-advice)
+ (macroexpand-all sexp elisp--local-macroenv))
+ (advice-remove 'macroexpand-1 macroexpand-advice)))))
+
(defun elisp--local-variables ()
"Return a list of locally let-bound variables at point."
(save-excursion
@@ -348,17 +385,8 @@ Blank lines separate paragraphs. Semico
(car (read-from-string
(concat txt "elisp--witness--lisp" closer)))
((invalid-read-syntax end-of-file) nil)))
- (macroexpand-advice (lambda (expander form &rest args)
- (condition-case nil
- (apply expander form args)
- (error form))))
- (sexp
- (unwind-protect
- (let ((warning-minimum-log-level :emergency))
- (advice-add 'macroexpand :around macroexpand-advice)
- (macroexpand-all sexp))
- (advice-remove 'macroexpand macroexpand-advice)))
- (vars (elisp--local-variables-1 nil sexp)))
+ (vars (elisp--local-variables-1
+ nil (elisp--safe-macroexpand-all sexp))))
(delq nil
(mapcar (lambda (var)
(and (symbolp var)
@@ -1721,6 +1749,14 @@ directory of the buffer being compiled,
"A Flymake backend for elisp byte compilation.
Spawn an Emacs process that byte-compiles a file representing the
current buffer state and calls REPORT-FN when done."
+ (unless (trusted-content-p)
+ ;; FIXME: Use `bwrap' and friends to compile untrusted content.
+ ;; FIXME: We emit a message *and* signal an error, because by default
+ ;; Flymake doesn't display the warning it puts into "*flmake log*".
+ (message "Disabling elisp-flymake-byte-compile in %s (untrusted content)"
+ (buffer-name))
+ (error "Disabling elisp-flymake-byte-compile in %s (untrusted content)"
+ (buffer-name)))
(when elisp-flymake--byte-compile-process
(when (process-live-p elisp-flymake--byte-compile-process)
(kill-process elisp-flymake--byte-compile-process)))
--- emacs-27.2/lisp/simple.el
+++ emacs-27.2/lisp/simple.el 2025-03-03 09:18:41.372169725 +0000
@@ -1621,6 +1621,7 @@ display the result of expression evaluat
;; `eldoc--eval-expression-setup')?
(add-hook 'completion-at-point-functions
#'elisp-completion-at-point nil t)
+ (setq-local trusted-content :all)
(run-hooks 'eval-expression-minibuffer-setup-hook))
(read-from-minibuffer prompt initial-contents
read-expression-map t
--- emacs-27.2/lisp/startup.el
+++ emacs-27.2/lisp/startup.el 2025-03-03 09:18:41.372169725 +0000
@@ -2316,9 +2316,17 @@ A fancy display is used on graphic displ
(defun startup--get-buffer-create-scratch ()
(or (get-buffer "*scratch*")
- (with-current-buffer (get-buffer-create "*scratch*")
- (set-buffer-major-mode (current-buffer))
- (current-buffer))))
+ (let ((scratch (get-buffer-create "*scratch*")))
+ ;; Don't touch the buffer contents or mode unless we know that
+ ;; we just created it.
+ (with-current-buffer scratch
+ (when initial-scratch-message
+ (insert (substitute-command-keys initial-scratch-message))
+ (set-buffer-modified-p nil))
+ (funcall initial-major-mode)
+ (when (eq initial-major-mode 'lisp-interaction-mode)
+ (setq-local trusted-content :all)))
+ scratch)))
(defun command-line-1 (args-left)
"A subroutine of `command-line'."

28
SOURCES/emacs-fix-flymake-tests-with-gcc-14.patch Normal file
View File

@ -0,0 +1,28 @@
From a769f171e7ebb8e30f198f4328d46f47fe7958fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm@gentoo.org>
Date: Mon, 24 Jun 2024 15:20:26 +0200
Subject: [PATCH] ; Fix flymake tests with GCC 14.
* test/lisp/progmodes/flymake-tests.el (included-c-header-files):
Fix test failure with GCC 14. (Bug#71749)
---
test/lisp/progmodes/flymake-tests.el | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/test/lisp/progmodes/flymake-tests.el b/test/lisp/progmodes/flymake-tests.el
index 21dbb0711d2..93bc9028031 100644
--- a/test/lisp/progmodes/flymake-tests.el
+++ b/test/lisp/progmodes/flymake-tests.el
@@ -174,7 +174,8 @@ included-c-header-files
(flymake-tests--with-flymake
("some-problems.h")
(flymake-goto-next-error)
- (should (eq 'flymake-warning (face-at-point)))
+ ;; implicit-int was promoted from warning to error in GCC 14
+ (should (memq (face-at-point) '(flymake-warning flymake-error)))
(flymake-goto-next-error)
(should (eq 'flymake-error (face-at-point)))
(should-error (flymake-goto-next-error nil nil t)))
--
2.45.2

28
SOURCES/emacs-nsm-should-check.patch Normal file
View File

@ -0,0 +1,28 @@
From 6dc4fc7d621008086388dae48f6794f7d69edff9 Mon Sep 17 00:00:00 2001
From: Robert Pluim <rpluim@gmail.com>
Date: Tue, 12 Jan 2021 18:36:01 +0100
Subject: Fix nsm-should-check for "google.com" failure
* lisp/net/nsm.el (nsm-should-check): Extract the mask from
'network-interface-list' rather than the broadcast
address (Bug#45798).
---
lisp/net/nsm.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 3f3e7133713..0ce65a35ead 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -239,7 +239,7 @@ otherwise."
(mapc
(lambda (info)
(let ((local-ip (nth 1 info))
- (mask (nth 2 info)))
+ (mask (nth 3 info)))
(when
(nsm-network-same-subnet (substring local-ip 0 -1)
(substring mask 0 -1)
--
cgit v1.2.3

71
SOURCES/emacs-pong-and-tetris-are-excluded.patch Normal file
View File

@ -0,0 +1,71 @@
From 6f29ac0393bb0bb70c8122d9f1bda0ae5d8cee24 Mon Sep 17 00:00:00 2001
From: Peter Oliver <git@mavit.org.uk>
Date: Thu, 26 Sep 2024 13:20:06 +0100
Subject: [PATCH] Pong and Tetris are excluded.
---
doc/emacs/ack.texi | 2 +-
doc/emacs/misc.texi | 7 +------
lisp/menu-bar.el | 6 ------
test/src/doc-tests.el | 4 ++--
4 files changed, 4 insertions(+), 15 deletions(-)
diff --git a/doc/emacs/ack.texi b/doc/emacs/ack.texi
index 5ec5cd53fa6..26f174831ca 100644
--- a/doc/emacs/ack.texi
+++ b/doc/emacs/ack.texi
@@ -228,7 +228,7 @@ Acknowledgments
@item
Glynn Clements provided @file{gamegrid.el} and a couple of games that
-use it, Snake and Tetris.
+use it, including Snake.
@item
Andrew Cohen wrote @file{spam-wash.el}, to decode and clean email before
diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi
index 41e37fd094e..38e281bf59c 100644
--- a/doc/emacs/misc.texi
+++ b/doc/emacs/misc.texi
@@ -3248,14 +3248,9 @@ Amusements
nato-region} converts the text in the region to NATO phonetic
alphabet; @kbd{M-x denato-region} converts it back.
-@findex pong
-@cindex Pong game
-@findex tetris
-@cindex Tetris
@findex snake
@cindex Snake
- @kbd{M-x pong}, @kbd{M-x snake} and @kbd{M-x tetris} are
-implementations of the well-known Pong, Snake and Tetris games.
+ @kbd{M-x snake} is an implementation of the well-known Snake game.
@findex solitaire
@cindex solitaire
diff --git a/lisp/menu-bar.el b/lisp/menu-bar.el
index bcfa83cf8e4..1b0a0bce6a5 100644
--- a/lisp/menu-bar.el
+++ b/lisp/menu-bar.el
@@ -1658,18 +1658,12 @@ menu-bar-games-menu
(bindings--define-key menu [zone]
'(menu-item "Zone Out" zone
:help "Play tricks with Emacs display when Emacs is idle"))
- (bindings--define-key menu [tetris]
- '(menu-item "Tetris" tetris
- :help "Falling blocks game"))
(bindings--define-key menu [solitaire]
'(menu-item "Solitaire" solitaire
:help "Get rid of all the stones"))
(bindings--define-key menu [snake]
'(menu-item "Snake" snake
:help "Move snake around avoiding collisions"))
- (bindings--define-key menu [pong]
- '(menu-item "Pong" pong
- :help "Bounce the ball to your opponent"))
(bindings--define-key menu [mult]
'(menu-item "Multiplication Puzzle" mpuz
:help "Exercise brain with multiplication"))
--
2.46.1

40
SOURCES/emacs-tests-for-tetris.patch Normal file
View File

@ -0,0 +1,40 @@
From 81969482e23b1c046354d9d860e548259f118b4e Mon Sep 17 00:00:00 2001
From: Glenn Morris <rgm@gnu.org>
Date: Mon, 28 Dec 2020 11:03:30 -0800
Subject: Fix package tests for tetris no longer existing as a package
* test/lisp/emacs-lisp/package-tests.el
(package-test-list-filter-by-name, package-test-list-clear-filter):
Use ansi-color instead of tetris, which no longer has a version:.
---
test/lisp/emacs-lisp/package-tests.el | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/lisp/emacs-lisp/package-tests.el b/test/lisp/emacs-lisp/package-tests.el
index 23267545f83..92e593328c6 100644
--- a/test/lisp/emacs-lisp/package-tests.el
+++ b/test/lisp/emacs-lisp/package-tests.el
@@ -405,9 +405,9 @@ Must called from within a `tar-mode' buffer."
"Ensure package list is filtered correctly by package name."
(with-package-test ()
(let ((buf (package-list-packages)))
- (package-menu-filter-by-name "tetris")
+ (package-menu-filter-by-name "ansi-color")
(goto-char (point-min))
- (should (re-search-forward "^\\s-+tetris" nil t))
+ (should (re-search-forward "^\\s-+ansi-color" nil t))
(should (= (count-lines (point-min) (point-max)) 1))
(kill-buffer buf))))
@@ -463,7 +463,7 @@ Must called from within a `tar-mode' buffer."
(let ((buf (package-list-packages)))
(let ((num-packages (count-lines (point-min) (point-max))))
(should (> num-packages 1))
- (package-menu-filter-by-name "tetris")
+ (package-menu-filter-by-name "ansi-color")
(should (= (count-lines (point-min) (point-max)) 1))
(package-menu-clear-filter)
(should (= (count-lines (point-min) (point-max)) num-packages)))
--
cgit v1.2.3

33
SOURCES/emacs-untrusted-content.patch Normal file
View File

@ -0,0 +1,33 @@
From ccc188fcf98ad9166ee551fac9d94b2603c3a51b Mon Sep 17 00:00:00 2001
From: Ihor Radchenko <yantar92@posteo.net>
Date: Tue, 20 Feb 2024 12:43:51 +0300
Subject: * lisp/files.el (untrusted-content): New variable.
The new variable is to be used when buffer contents comes from untrusted
source.
---
lisp/files.el | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lisp/files.el b/lisp/files.el
index c0d26b2343c..5536af014f6 100644
--- a/lisp/files.el
+++ b/lisp/files.el
@@ -695,6 +695,14 @@ Also see the `permanently-enabled-local-variables' variable."
Some modes may wish to set this to nil to prevent directory-local
settings being applied, but still respect file-local ones.")
+(defvar-local untrusted-content nil
+ "Non-nil means that current buffer originated from an untrusted source.
+Email clients and some other modes may set this non-nil to mark the
+buffer contents as untrusted.
+
+This variable might be subject to change without notice.")
+(put 'untrusted-content 'permanent-local t)
+
(defcustom trusted-content nil
"List of files and directories whose content we trust.
Be extra careful here since trusting means that Emacs might execute the
--
cgit v1.2.3

48
SPECS/emacs.spec
View File

@ -5,7 +5,7 @@ Summary: GNU Emacs text editor
Name: emacs
Epoch: 1
Version: 27.2
Release: 13%{?dist}
Release: 18%{?dist}
License: GPLv3+ and CC0-1.0
URL: http://www.gnu.org/software/emacs/
Source0: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz
@ -38,6 +38,14 @@ Patch11: emacs-mark-contents-untrusted.patch
Patch12: emacs-latex-preview.patch
Patch13: emacs-org-link-expand-abbrev-unsafe-elisp.patch
Patch14: emacs-man-el-shell-injection-vulnerability.patch
Patch15: emacs-CVE-2024-53920.patch
# Avoid trademark issues
Patch16: emacs-pong-and-tetris-are-excluded.patch
Patch17: emacs-fix-flymake-tests-with-gcc-14.patch
Patch18: emacs-nsm-should-check.patch
Patch19: emacs-tests-for-tetris.patch
Patch20: emacs-untrusted-content.patch
BuildRequires: gcc
BuildRequires: atk-devel
BuildRequires: cairo-devel
@ -210,20 +218,22 @@ Development header files for Emacs.
%patch -P 12 -p1 -b .latex-preview
%patch -P 13 -p1 -b .org-link-expand-abbrev-unsafe-elisp
%patch -P 14 -p1 -b .man-el-shell-injection-vulnerability
%patch -P 15 -p1 -b .CVE-2024-53920
%patch -P 16 -p1 -b .pong-and-tetris-are-excluded
%patch -P 17 -p1 -b .fix-flymake-tests-with-gcc-14
%patch -P 18 -p1 -b .nsm-should-check
%patch -P 19 -p1 -b .tests-for-tetris
%patch -P 20 -p1 -b .untrusted-content
# Avoid trademark issues
rm lisp/play/pong.el lisp/play/pong.elc \
lisp/play/tetris.el lisp/play/tetris.elc
autoconf
# We prefer our emacs.desktop file
cp %SOURCE3 etc/emacs.desktop
grep -v "tetris.elc" lisp/Makefile.in > lisp/Makefile.in.new \
&& mv lisp/Makefile.in.new lisp/Makefile.in
grep -v "pong.elc" lisp/Makefile.in > lisp/Makefile.in.new \
&& mv lisp/Makefile.in.new lisp/Makefile.in
# Avoid trademark issues
rm -f lisp/play/tetris.el lisp/play/tetris.elc
rm -f lisp/play/pong.el lisp/play/pong.el
# Sorted list of info files
%define info_files ada-mode auth autotype bovine calc ccmode cl dbus dired-x ebrowse ede ediff edt efaq-w32 efaq eieio eintr elisp emacs-gnutls emacs-mime emacs epa erc ert eshell eudc eww flymake forms gnus htmlfontify idlwave ido info mairix-el message mh-e newsticker nxml-mode octave-mode org pcl-cvs pgg rcirc reftex remember sasl sc semantic ses sieve smtpmail speedbar srecode todo-mode tramp url vhdl-mode vip viper widget wisent woman
@ -500,6 +510,24 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg
%{_includedir}/emacs-module.h
%changelog
* Mon Jun 23 2025 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-18
- Fix nsm-should-check for "google.com" failure (RHEL-94297)
- Fix package tests for tetris no longer existing as a package (RHEL-94297)
- Introduce untrusted-content variable (RHEL-94297)
* Wed Jun 18 2025 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-17
- Pong and Tetris are excluded (RHEL-94297)
- Fix flymake tests with GCC 14 (RHEL-94297)
* Fri May 09 2025 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-16
- Restore definition of variable "enable-dir-local-variables" (RHEL-92550)
* Fri May 09 2025 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-15
- Fix arbitrary code execution via Lisp macro expansion (RHEL-90181)
* Mon Apr 28 2025 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-14
- Fix arbitrary code execution via Lisp macro expansion (RHEL-69399)
* Mon Feb 24 2025 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-13
- Bump release