diff --git a/SOURCES/emacs-CVE-2024-53920.patch b/SOURCES/emacs-CVE-2024-53920.patch new file mode 100644 index 0000000..ed68901 --- /dev/null +++ b/SOURCES/emacs-CVE-2024-53920.patch @@ -0,0 +1,312 @@ +--- + emacs-27.2/doc/emacs/misc.texi | 33 +++++++++++++++++ + emacs-27.2/doc/misc/efaq.texi | 7 +++ + emacs-27.2/etc/NEWS | 23 ++++++++++++ + emacs-27.2/lisp/emacs-lisp/macroexp.el | 10 ++++- + emacs-27.2/lisp/files.el | 60 +++++++++++++++++++++++++++++--- + emacs-27.2/lisp/ielm.el | 3 + + emacs-27.2/lisp/progmodes/elisp-mode.el | 58 +++++++++++++++++++++++++----- + emacs-27.2/lisp/simple.el | 1 + emacs-27.2/lisp/startup.el | 14 +++++-- + 9 files changed, 189 insertions(+), 20 deletions(-) + +--- emacs-27.2/doc/emacs/misc.texi ++++ emacs-27.2/doc/emacs/misc.texi 2025-03-03 09:18:41.368169799 +0000 +@@ -279,6 +279,39 @@ trusted and the default checking for the + you can set @code{enable-local-variables} to @code{:all}. @xref{Safe + File Variables}. + ++@cindex trusted files and directories ++Loading a file of Emacs Lisp code with @code{load-file} or ++@code{load-library} (@pxref{Lisp Libraries}) can execute some of the ++Lisp code in the file being loaded, so you should only load Lisp files ++whose source you trust. However, some Emacs features can in certain ++situations execute Lisp code even without your explicit command or ++request. For example, Flymake, the on-the-fly syntax checker for Emacs ++(@pxref{Top,,, flymake, GNU Flymake}), if it is enabled, can ++automatically execute some of the code in a Lisp file you visit as part ++of its syntax-checking job. Similarly, some completion commands ++(@pxref{Completion}) in buffers visiting Lisp files sometimes need to ++expand Lisp macros for best results. In these cases, just visiting a ++Lisp file and performing some editing in it could trigger execution of ++Lisp code. If the visited file came from an untrusted source, it could ++include dangerous or even malicious code that Emacs would execute in ++those situations. ++ ++To protect against this, Emacs disables execution of Lisp code by ++Flymake, completion, and some other features, unless the visited file is ++@dfn{trusted}. It is up to you to specify which files on your system ++should be trusted, by customizing the user option ++@code{trusted-content}. ++ ++@defopt trusted-content ++The value of this option is @code{nil} by default, which means no file ++is trusted. You can customize the variable to be a list of one or more ++names of trusted files and directories. A file name that ends in a ++slash @file{/} is interpreted as a directory, which means all its files ++and subdirectories are also trusted. A special value @code{:all} means ++@emph{all} the files and directories on your system should be trusted; ++@strong{this is not recommended}, as it opens a gaping security hole. ++@end defopt ++ + @xref{Security Considerations,,, elisp, The Emacs Lisp Reference + Manual}, for more information about security considerations when using + Emacs as part of a larger application. +--- emacs-27.2/doc/misc/efaq.texi ++++ emacs-27.2/doc/misc/efaq.texi 2025-03-03 09:18:41.368169799 +0000 +@@ -1001,6 +1001,13 @@ Native support for @acronym{JSON} parsin + @file{json.el}. + + @item ++New user option @code{trusted-contents} to allow potentially dangerous ++Emacs features which could execute arbitrary Lisp code. Use this ++variable to list files and directories whose contents Emacs should ++trust, thus allowing those potentially dangerous features when those ++files are visited. ++ ++@item + Cairo drawing is no longer experimental. + + @cindex portable dumper +--- emacs-27.2/etc/NEWS ++++ emacs-27.2/etc/NEWS 2025-03-03 09:18:41.368169799 +0000 +@@ -15,6 +15,29 @@ in older Emacs versions. + You can narrow news to a specific version by calling 'view-emacs-news' + with a prefix argument or by typing 'C-u C-h C-n'. + ++* Changes for CVE-2024-53920 ++ ++** New user option 'trusted-content' to allow potentially dangerous features. ++This variable lists those files and directories whose content Emacs should ++consider as sufficiently trusted to run any part of the code contained ++therein even without any explicit user request. ++For example, Flymake's backend for Emacs Lisp consults this variable ++and disables itself with an "untrusted content" warning if the file ++is not listed. ++ ++Emacs Lisp authors should note that a major or minor mode must never set ++this variable to the ':all' value. ++ ++This option is used to fix CVE-2024-53920. See below for details. ++ ++** Emacs Lisp mode ++ ++*** 'elisp-flymake-byte-compile' is disabled for untrusted files. ++For security reasons, this backend can be used only in those files ++specified as trusted according to 'trusted-content' and emits an ++"untrusted content" warning otherwise. ++This fixes CVE-2024-53920. ++ + + * Changes in Emacs 27.2 + +--- emacs-27.2/lisp/emacs-lisp/macroexp.el ++++ emacs-27.2/lisp/emacs-lisp/macroexp.el 2025-03-03 09:18:41.368169799 +0000 +@@ -94,12 +94,20 @@ each clause." + (macroexp--all-forms clause skip) + clause))) + ++(defvar macroexp-inhibit-compiler-macros nil ++ "Inhibit application of compiler macros if non-nil.") ++ + (defun macroexp--compiler-macro (handler form) ++ "Apply compiler macro HANDLER to FORM and return the result. ++Unless `macroexp-inhibit-compiler-macros' is non-nil, in which ++case return FORM unchanged." ++ (if macroexp-inhibit-compiler-macros ++ form + (condition-case-unless-debug err + (apply handler form (cdr form)) + (error + (message "Compiler-macro error for %S: %S" (car form) err) +- form))) ++ form)))) + + (defun macroexp--funcall-if-compiled (_form) + "Pseudo function used internally by macroexp to delay warnings. +--- emacs-27.2/lisp/files.el ++++ emacs-27.2/lisp/files.el 2025-03-03 09:20:04.078645249 +0000 +@@ -591,6 +596,57 @@ buffer contents as untrusted. + Some modes may wish to set this to nil to prevent directory-local + settings being applied, but still respect file-local ones.") + ++(defcustom trusted-content nil ++ "List of files and directories whose content we trust. ++Be extra careful here since trusting means that Emacs might execute the ++code contained within those files and directories without an explicit ++request by the user. ++One important case when this might happen is when `flymake-mode' is ++enabled (for example, when it is added to a mode hook). ++Each element of the list should be a string: ++- If it ends in \"/\", it is considered as a directory name and means that ++ Emacs should trust all the files whose name has this directory as a prefix. ++- Otherwise, it is considered a file name. ++Use abbreviated file names. For example, an entry \"~/mycode/\" means ++that Emacs will trust all the files in your directory \"mycode\". ++This variable can also be set to `:all', in which case Emacs will trust ++all files, which opens a gaping security hole. Emacs Lisp authors ++should note that this value must never be set by a major or minor mode." ++ :type '(choice (repeat :tag "List" file) ++ (const :tag "Trust everything (DANGEROUS!)" :all)) ++ :version "27.2") ++(put 'trusted-content 'risky-local-variable t) ++ ++(defun trusted-content-p () ++ "Return non-nil if we trust the contents of the current buffer. ++Here, \"trust\" means that we are willing to run code found inside of it. ++See also `trusted-content'." ++ ;; We compare with `buffer-file-truename' i.s.o `buffer-file-name' ++ ;; to try and avoid marking as trusted a file that's merely accessed ++ ;; via a symlink that happens to be inside a trusted dir. ++ (and (not untrusted-content) ++ (or ++ (eq trusted-content :all) ++ (and ++ buffer-file-truename ++ (with-demoted-errors "trusted-content-p: %S" ++ (let ((exists (file-exists-p buffer-file-truename))) ++ (or ++ ;; We can't avoid trusting the user's init file. ++ (if (and exists user-init-file) ++ (file-equal-p buffer-file-truename user-init-file) ++ (equal buffer-file-truename user-init-file)) ++ (let ((file (abbreviate-file-name buffer-file-truename)) ++ (trusted nil)) ++ (dolist (tf trusted-content) ++ (when (or (if exists (file-equal-p tf file) (equal tf file)) ++ ;; We don't use `file-in-directory-p' here, because ++ ;; we want to err on the conservative side: "guilty ++ ;; until proven innocent". ++ (and (string-suffix-p "/" tf) ++ (string-prefix-p tf file))) ++ (setq trusted t))) ++ trusted)))))))) + ;; This is an odd variable IMO. + ;; You might wonder why it is needed, when we could just do: + ;; (set (make-local-variable 'enable-local-variables) nil) +--- emacs-27.2/lisp/ielm.el ++++ emacs-27.2/lisp/ielm.el 2025-03-03 09:18:41.372169725 +0000 +@@ -616,7 +616,8 @@ See `inferior-emacs-lisp-mode' for detai + (unless (comint-check-proc buf-name) + (with-current-buffer (get-buffer-create buf-name) + (unless (zerop (buffer-size)) (setq old-point (point))) +- (inferior-emacs-lisp-mode))) ++ (inferior-emacs-lisp-mode) ++ (setq-local trusted-content :all))) + (pop-to-buffer-same-window buf-name) + (when old-point (push-mark old-point)))) + +--- emacs-27.2/lisp/progmodes/elisp-mode.el ++++ emacs-27.2/lisp/progmodes/elisp-mode.el 2025-03-03 09:18:41.372169725 +0000 +@@ -333,6 +333,43 @@ Blank lines separate paragraphs. Semico + + (defvar warning-minimum-log-level) + ++(defvar elisp--local-macroenv ++ `((cl-eval-when . ,(lambda (&rest args) `(progn . ,(cdr args)))) ++ (eval-when-compile . ,(lambda (&rest args) `(progn . ,args))) ++ (eval-and-compile . ,(lambda (&rest args) `(progn . ,args)))) ++ "Environment to use while tentatively expanding macros. ++This is used to try and avoid the most egregious problems linked to the ++use of `macroexpand-all' as a way to find the \"underlying raw code\".") ++ ++(defvar elisp--macroexpand-untrusted-warning t) ++ ++(defun elisp--safe-macroexpand-all (sexp) ++ (if (not (trusted-content-p)) ++ ;; FIXME: We should try and do better here, either using a notion ++ ;; of "safe" macros, or with `bwrap', or ... ++ (progn ++ (when elisp--macroexpand-untrusted-warning ++ (setq-local elisp--macroexpand-untrusted-warning nil) ;Don't spam! ++ (let ((inhibit-message t)) ;Only log. ++ (message "Completion of local vars is disabled in %s (untrusted content)" ++ (buffer-name)))) ++ sexp) ++ (let ((macroexpand-advice ++ (lambda (expander form &rest args) ++ (condition-case err ++ (apply expander form args) ++ (error ++ (message "Ignoring macroexpansion error: %S" err) form))))) ++ (unwind-protect ++ ;; Silence any macro expansion errors when ++ ;; attempting completion at point (bug#58148). ++ (let ((inhibit-message t) ++ (macroexp-inhibit-compiler-macros t) ++ (warning-minimum-log-level :emergency)) ++ (advice-add 'macroexpand-1 :around macroexpand-advice) ++ (macroexpand-all sexp elisp--local-macroenv)) ++ (advice-remove 'macroexpand-1 macroexpand-advice))))) ++ + (defun elisp--local-variables () + "Return a list of locally let-bound variables at point." + (save-excursion +@@ -348,17 +385,8 @@ Blank lines separate paragraphs. Semico + (car (read-from-string + (concat txt "elisp--witness--lisp" closer))) + ((invalid-read-syntax end-of-file) nil))) +- (macroexpand-advice (lambda (expander form &rest args) +- (condition-case nil +- (apply expander form args) +- (error form)))) +- (sexp +- (unwind-protect +- (let ((warning-minimum-log-level :emergency)) +- (advice-add 'macroexpand :around macroexpand-advice) +- (macroexpand-all sexp)) +- (advice-remove 'macroexpand macroexpand-advice))) +- (vars (elisp--local-variables-1 nil sexp))) ++ (vars (elisp--local-variables-1 ++ nil (elisp--safe-macroexpand-all sexp)))) + (delq nil + (mapcar (lambda (var) + (and (symbolp var) +@@ -1721,6 +1749,14 @@ directory of the buffer being compiled, + "A Flymake backend for elisp byte compilation. + Spawn an Emacs process that byte-compiles a file representing the + current buffer state and calls REPORT-FN when done." ++ (unless (trusted-content-p) ++ ;; FIXME: Use `bwrap' and friends to compile untrusted content. ++ ;; FIXME: We emit a message *and* signal an error, because by default ++ ;; Flymake doesn't display the warning it puts into "*flmake log*". ++ (message "Disabling elisp-flymake-byte-compile in %s (untrusted content)" ++ (buffer-name)) ++ (error "Disabling elisp-flymake-byte-compile in %s (untrusted content)" ++ (buffer-name))) + (when elisp-flymake--byte-compile-process + (when (process-live-p elisp-flymake--byte-compile-process) + (kill-process elisp-flymake--byte-compile-process))) +--- emacs-27.2/lisp/simple.el ++++ emacs-27.2/lisp/simple.el 2025-03-03 09:18:41.372169725 +0000 +@@ -1621,6 +1621,7 @@ display the result of expression evaluat + ;; `eldoc--eval-expression-setup')? + (add-hook 'completion-at-point-functions + #'elisp-completion-at-point nil t) ++ (setq-local trusted-content :all) + (run-hooks 'eval-expression-minibuffer-setup-hook)) + (read-from-minibuffer prompt initial-contents + read-expression-map t +--- emacs-27.2/lisp/startup.el ++++ emacs-27.2/lisp/startup.el 2025-03-03 09:18:41.372169725 +0000 +@@ -2316,9 +2316,17 @@ A fancy display is used on graphic displ + + (defun startup--get-buffer-create-scratch () + (or (get-buffer "*scratch*") +- (with-current-buffer (get-buffer-create "*scratch*") +- (set-buffer-major-mode (current-buffer)) +- (current-buffer)))) ++ (let ((scratch (get-buffer-create "*scratch*"))) ++ ;; Don't touch the buffer contents or mode unless we know that ++ ;; we just created it. ++ (with-current-buffer scratch ++ (when initial-scratch-message ++ (insert (substitute-command-keys initial-scratch-message)) ++ (set-buffer-modified-p nil)) ++ (funcall initial-major-mode) ++ (when (eq initial-major-mode 'lisp-interaction-mode) ++ (setq-local trusted-content :all))) ++ scratch))) + + (defun command-line-1 (args-left) + "A subroutine of `command-line'." diff --git a/SOURCES/emacs-fix-flymake-tests-with-gcc-14.patch b/SOURCES/emacs-fix-flymake-tests-with-gcc-14.patch new file mode 100644 index 0000000..484561d --- /dev/null +++ b/SOURCES/emacs-fix-flymake-tests-with-gcc-14.patch @@ -0,0 +1,28 @@ +From a769f171e7ebb8e30f198f4328d46f47fe7958fb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ulrich=20M=C3=BCller?= +Date: Mon, 24 Jun 2024 15:20:26 +0200 +Subject: [PATCH] ; Fix flymake tests with GCC 14. + +* test/lisp/progmodes/flymake-tests.el (included-c-header-files): +Fix test failure with GCC 14. (Bug#71749) +--- + test/lisp/progmodes/flymake-tests.el | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/test/lisp/progmodes/flymake-tests.el b/test/lisp/progmodes/flymake-tests.el +index 21dbb0711d2..93bc9028031 100644 +--- a/test/lisp/progmodes/flymake-tests.el ++++ b/test/lisp/progmodes/flymake-tests.el +@@ -174,7 +174,8 @@ included-c-header-files + (flymake-tests--with-flymake + ("some-problems.h") + (flymake-goto-next-error) +- (should (eq 'flymake-warning (face-at-point))) ++ ;; implicit-int was promoted from warning to error in GCC 14 ++ (should (memq (face-at-point) '(flymake-warning flymake-error))) + (flymake-goto-next-error) + (should (eq 'flymake-error (face-at-point))) + (should-error (flymake-goto-next-error nil nil t))) +-- +2.45.2 + diff --git a/SOURCES/emacs-nsm-should-check.patch b/SOURCES/emacs-nsm-should-check.patch new file mode 100644 index 0000000..4b7bba2 --- /dev/null +++ b/SOURCES/emacs-nsm-should-check.patch @@ -0,0 +1,28 @@ +From 6dc4fc7d621008086388dae48f6794f7d69edff9 Mon Sep 17 00:00:00 2001 +From: Robert Pluim +Date: Tue, 12 Jan 2021 18:36:01 +0100 +Subject: Fix nsm-should-check for "google.com" failure + +* lisp/net/nsm.el (nsm-should-check): Extract the mask from +'network-interface-list' rather than the broadcast +address (Bug#45798). +--- + lisp/net/nsm.el | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el +index 3f3e7133713..0ce65a35ead 100644 +--- a/lisp/net/nsm.el ++++ b/lisp/net/nsm.el +@@ -239,7 +239,7 @@ otherwise." + (mapc + (lambda (info) + (let ((local-ip (nth 1 info)) +- (mask (nth 2 info))) ++ (mask (nth 3 info))) + (when + (nsm-network-same-subnet (substring local-ip 0 -1) + (substring mask 0 -1) +-- +cgit v1.2.3 + diff --git a/SOURCES/emacs-pong-and-tetris-are-excluded.patch b/SOURCES/emacs-pong-and-tetris-are-excluded.patch new file mode 100644 index 0000000..8d3cc2e --- /dev/null +++ b/SOURCES/emacs-pong-and-tetris-are-excluded.patch @@ -0,0 +1,71 @@ +From 6f29ac0393bb0bb70c8122d9f1bda0ae5d8cee24 Mon Sep 17 00:00:00 2001 +From: Peter Oliver +Date: Thu, 26 Sep 2024 13:20:06 +0100 +Subject: [PATCH] Pong and Tetris are excluded. + +--- + doc/emacs/ack.texi | 2 +- + doc/emacs/misc.texi | 7 +------ + lisp/menu-bar.el | 6 ------ + test/src/doc-tests.el | 4 ++-- + 4 files changed, 4 insertions(+), 15 deletions(-) + +diff --git a/doc/emacs/ack.texi b/doc/emacs/ack.texi +index 5ec5cd53fa6..26f174831ca 100644 +--- a/doc/emacs/ack.texi ++++ b/doc/emacs/ack.texi +@@ -228,7 +228,7 @@ Acknowledgments + + @item + Glynn Clements provided @file{gamegrid.el} and a couple of games that +-use it, Snake and Tetris. ++use it, including Snake. + + @item + Andrew Cohen wrote @file{spam-wash.el}, to decode and clean email before +diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi +index 41e37fd094e..38e281bf59c 100644 +--- a/doc/emacs/misc.texi ++++ b/doc/emacs/misc.texi +@@ -3248,14 +3248,9 @@ Amusements + nato-region} converts the text in the region to NATO phonetic + alphabet; @kbd{M-x denato-region} converts it back. + +-@findex pong +-@cindex Pong game +-@findex tetris +-@cindex Tetris + @findex snake + @cindex Snake +- @kbd{M-x pong}, @kbd{M-x snake} and @kbd{M-x tetris} are +-implementations of the well-known Pong, Snake and Tetris games. ++ @kbd{M-x snake} is an implementation of the well-known Snake game. + + @findex solitaire + @cindex solitaire +diff --git a/lisp/menu-bar.el b/lisp/menu-bar.el +index bcfa83cf8e4..1b0a0bce6a5 100644 +--- a/lisp/menu-bar.el ++++ b/lisp/menu-bar.el +@@ -1658,18 +1658,12 @@ menu-bar-games-menu + (bindings--define-key menu [zone] + '(menu-item "Zone Out" zone + :help "Play tricks with Emacs display when Emacs is idle")) +- (bindings--define-key menu [tetris] +- '(menu-item "Tetris" tetris +- :help "Falling blocks game")) + (bindings--define-key menu [solitaire] + '(menu-item "Solitaire" solitaire + :help "Get rid of all the stones")) + (bindings--define-key menu [snake] + '(menu-item "Snake" snake + :help "Move snake around avoiding collisions")) +- (bindings--define-key menu [pong] +- '(menu-item "Pong" pong +- :help "Bounce the ball to your opponent")) + (bindings--define-key menu [mult] + '(menu-item "Multiplication Puzzle" mpuz + :help "Exercise brain with multiplication")) +-- +2.46.1 + diff --git a/SOURCES/emacs-tests-for-tetris.patch b/SOURCES/emacs-tests-for-tetris.patch new file mode 100644 index 0000000..79c009e --- /dev/null +++ b/SOURCES/emacs-tests-for-tetris.patch @@ -0,0 +1,40 @@ +From 81969482e23b1c046354d9d860e548259f118b4e Mon Sep 17 00:00:00 2001 +From: Glenn Morris +Date: Mon, 28 Dec 2020 11:03:30 -0800 +Subject: Fix package tests for tetris no longer existing as a package + +* test/lisp/emacs-lisp/package-tests.el +(package-test-list-filter-by-name, package-test-list-clear-filter): +Use ansi-color instead of tetris, which no longer has a version:. +--- + test/lisp/emacs-lisp/package-tests.el | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/test/lisp/emacs-lisp/package-tests.el b/test/lisp/emacs-lisp/package-tests.el +index 23267545f83..92e593328c6 100644 +--- a/test/lisp/emacs-lisp/package-tests.el ++++ b/test/lisp/emacs-lisp/package-tests.el +@@ -405,9 +405,9 @@ Must called from within a `tar-mode' buffer." + "Ensure package list is filtered correctly by package name." + (with-package-test () + (let ((buf (package-list-packages))) +- (package-menu-filter-by-name "tetris") ++ (package-menu-filter-by-name "ansi-color") + (goto-char (point-min)) +- (should (re-search-forward "^\\s-+tetris" nil t)) ++ (should (re-search-forward "^\\s-+ansi-color" nil t)) + (should (= (count-lines (point-min) (point-max)) 1)) + (kill-buffer buf)))) + +@@ -463,7 +463,7 @@ Must called from within a `tar-mode' buffer." + (let ((buf (package-list-packages))) + (let ((num-packages (count-lines (point-min) (point-max)))) + (should (> num-packages 1)) +- (package-menu-filter-by-name "tetris") ++ (package-menu-filter-by-name "ansi-color") + (should (= (count-lines (point-min) (point-max)) 1)) + (package-menu-clear-filter) + (should (= (count-lines (point-min) (point-max)) num-packages))) +-- +cgit v1.2.3 + diff --git a/SOURCES/emacs-untrusted-content.patch b/SOURCES/emacs-untrusted-content.patch new file mode 100644 index 0000000..7fae519 --- /dev/null +++ b/SOURCES/emacs-untrusted-content.patch @@ -0,0 +1,33 @@ +From ccc188fcf98ad9166ee551fac9d94b2603c3a51b Mon Sep 17 00:00:00 2001 +From: Ihor Radchenko +Date: Tue, 20 Feb 2024 12:43:51 +0300 +Subject: * lisp/files.el (untrusted-content): New variable. + +The new variable is to be used when buffer contents comes from untrusted +source. +--- + lisp/files.el | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/lisp/files.el b/lisp/files.el +index c0d26b2343c..5536af014f6 100644 +--- a/lisp/files.el ++++ b/lisp/files.el +@@ -695,6 +695,14 @@ Also see the `permanently-enabled-local-variables' variable." + Some modes may wish to set this to nil to prevent directory-local + settings being applied, but still respect file-local ones.") + ++(defvar-local untrusted-content nil ++ "Non-nil means that current buffer originated from an untrusted source. ++Email clients and some other modes may set this non-nil to mark the ++buffer contents as untrusted. ++ ++This variable might be subject to change without notice.") ++(put 'untrusted-content 'permanent-local t) ++ + (defcustom trusted-content nil + "List of files and directories whose content we trust. + Be extra careful here since trusting means that Emacs might execute the +-- +cgit v1.2.3 + diff --git a/SPECS/emacs.spec b/SPECS/emacs.spec index a0bccb6..841f370 100644 --- a/SPECS/emacs.spec +++ b/SPECS/emacs.spec @@ -5,7 +5,7 @@ Summary: GNU Emacs text editor Name: emacs Epoch: 1 Version: 27.2 -Release: 13%{?dist} +Release: 18%{?dist} License: GPLv3+ and CC0-1.0 URL: http://www.gnu.org/software/emacs/ Source0: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz @@ -38,6 +38,14 @@ Patch11: emacs-mark-contents-untrusted.patch Patch12: emacs-latex-preview.patch Patch13: emacs-org-link-expand-abbrev-unsafe-elisp.patch Patch14: emacs-man-el-shell-injection-vulnerability.patch +Patch15: emacs-CVE-2024-53920.patch +# Avoid trademark issues +Patch16: emacs-pong-and-tetris-are-excluded.patch +Patch17: emacs-fix-flymake-tests-with-gcc-14.patch +Patch18: emacs-nsm-should-check.patch +Patch19: emacs-tests-for-tetris.patch +Patch20: emacs-untrusted-content.patch + BuildRequires: gcc BuildRequires: atk-devel BuildRequires: cairo-devel @@ -210,20 +218,22 @@ Development header files for Emacs. %patch -P 12 -p1 -b .latex-preview %patch -P 13 -p1 -b .org-link-expand-abbrev-unsafe-elisp %patch -P 14 -p1 -b .man-el-shell-injection-vulnerability +%patch -P 15 -p1 -b .CVE-2024-53920 +%patch -P 16 -p1 -b .pong-and-tetris-are-excluded +%patch -P 17 -p1 -b .fix-flymake-tests-with-gcc-14 +%patch -P 18 -p1 -b .nsm-should-check +%patch -P 19 -p1 -b .tests-for-tetris +%patch -P 20 -p1 -b .untrusted-content + +# Avoid trademark issues +rm lisp/play/pong.el lisp/play/pong.elc \ + lisp/play/tetris.el lisp/play/tetris.elc + autoconf # We prefer our emacs.desktop file cp %SOURCE3 etc/emacs.desktop -grep -v "tetris.elc" lisp/Makefile.in > lisp/Makefile.in.new \ - && mv lisp/Makefile.in.new lisp/Makefile.in -grep -v "pong.elc" lisp/Makefile.in > lisp/Makefile.in.new \ - && mv lisp/Makefile.in.new lisp/Makefile.in - -# Avoid trademark issues -rm -f lisp/play/tetris.el lisp/play/tetris.elc -rm -f lisp/play/pong.el lisp/play/pong.el - # Sorted list of info files %define info_files ada-mode auth autotype bovine calc ccmode cl dbus dired-x ebrowse ede ediff edt efaq-w32 efaq eieio eintr elisp emacs-gnutls emacs-mime emacs epa erc ert eshell eudc eww flymake forms gnus htmlfontify idlwave ido info mairix-el message mh-e newsticker nxml-mode octave-mode org pcl-cvs pgg rcirc reftex remember sasl sc semantic ses sieve smtpmail speedbar srecode todo-mode tramp url vhdl-mode vip viper widget wisent woman @@ -500,6 +510,24 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg %{_includedir}/emacs-module.h %changelog +* Mon Jun 23 2025 Jacek Migacz - 1:27.2-18 +- Fix nsm-should-check for "google.com" failure (RHEL-94297) +- Fix package tests for tetris no longer existing as a package (RHEL-94297) +- Introduce untrusted-content variable (RHEL-94297) + +* Wed Jun 18 2025 Jacek Migacz - 1:27.2-17 +- Pong and Tetris are excluded (RHEL-94297) +- Fix flymake tests with GCC 14 (RHEL-94297) + +* Fri May 09 2025 Jacek Migacz - 1:27.2-16 +- Restore definition of variable "enable-dir-local-variables" (RHEL-92550) + +* Fri May 09 2025 Jacek Migacz - 1:27.2-15 +- Fix arbitrary code execution via Lisp macro expansion (RHEL-90181) + +* Mon Apr 28 2025 Jacek Migacz - 1:27.2-14 +- Fix arbitrary code execution via Lisp macro expansion (RHEL-69399) + * Mon Feb 24 2025 Jacek Migacz - 1:27.2-13 - Bump release