.emacs.metadata

@@ -1,2 +1 @@
-53c01d987b2613701f42d9f941c2d5225a5874c4 SOURCES/emacs-26.1.tar.xz
-c962aff1571d9fb346775ec4329877dbb63307d6 SOURCES/package-keyring.gpg
+8d18e2bfb6e28cf060ce7587290954e9c582aa25 SOURCES/emacs-27.2.tar.xz

.gitignore

@@ -1,2 +1 @@
-SOURCES/emacs-26.1.tar.xz
-SOURCES/package-keyring.gpg
+SOURCES/emacs-27.2.tar.xz

SOURCES/emacs-27.2.tar.xz.sig

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABAgAGBQJgXHmkAAoJEJHBJi8B6405d2EIAIPafSj+sV3Hemu9CSPL+F38
+KutOo7nUF1AO0tgdijPGZ4BTBsWnsum0dLQ/JLtor7/NQuqrZTMJQbrorLluwCR7
+p1aVtwQ+enWn3G0Aq/4uWo0xaMCvJlEPOQuYE8Dtt12PFZzmfAE1r4KZa4cL073h
+suugT/tz7awq7QS6GbjI88mkJXVMuEwVYPPS2tzBUTkA2152dikFSyqBhUnIo3Ni
+eDN6NvSYBpL1I9HgNYuiBJp9xv8CzGtwm/7Nidntzl9SPVQlZkZIHNj8tRbE67Ge
+R0EXBgnDsSKlRUM51R7PejnSG6134VcLCaItMF6dIiVBu6BwQXw1t+zdqnzG6v8=
+=L6J6
+-----END PGP SIGNATURE-----

SOURCES/emacs-64KB-page-size-for-pdump.patch

@@ -0,0 +1,31 @@
+From 216c65b135c2b0be7e048cdc6683873b03b99b9a Mon Sep 17 00:00:00 2001
+From: Lars Ingebrigtsen <larsi@gnus.org>
+Date: Sun, 28 Mar 2021 19:13:00 +0200
+Subject: [PATCH] Use a 64KB page size for pdump
+
+* src/pdumper.c (dump_get_page_size): Use a 64KB page size on all
+architectures, as this many vary between systems (bug#47125).
+---
+ src/pdumper.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/src/pdumper.c b/src/pdumper.c
+index 337742fda4..fdd9b3bacb 100644
+--- a/src/pdumper.c
++++ b/src/pdumper.c
+@@ -162,11 +162,7 @@ ptrdiff_t_to_dump_off (ptrdiff_t value)
+ static int
+ dump_get_page_size (void)
+ {
+-#if defined (WINDOWSNT) || defined (CYGWIN)
+-  return 64 * 1024;  /* Worst-case allocation granularity.  */
+-#else
+-  return getpagesize ();
+-#endif
++  return 64 * 1024;
+ }
+ 
+ #define dump_offsetof(type, member)                             \
+-- 
+2.36.1
+

SOURCES/emacs-etags-local-command-injection-vulnerability.patch

@@ -0,0 +1,105 @@
+From 01a4035c869b91c153af9a9132c87adb7669ea1c Mon Sep 17 00:00:00 2001
+From: lu4nx <lx@shellcodes.org>
+Date: Tue, 6 Dec 2022 15:42:40 +0800
+Subject: [PATCH] Fix etags local command injection vulnerability
+
+* lib-src/etags.c: (escape_shell_arg_string): New function.
+(process_file_name): Use it to quote file names passed to the
+shell.  (Bug#59817)
+---
+ lib-src/etags.c | 63 +++++++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 58 insertions(+), 5 deletions(-)
+
+diff --git a/lib-src/etags.c b/lib-src/etags.c
+index d1d20858cdd..ba0092cc637 100644
+--- a/lib-src/etags.c
++++ b/lib-src/etags.c
+@@ -399,6 +399,7 @@ static void put_entries (node *);
+ static void clean_matched_file_tag (char const * const, char const * const);
+ 
+ static void do_move_file (const char *, const char *);
++static char *escape_shell_arg_string (char *);
+ static char *concat (const char *, const char *, const char *);
+ static char *skip_spaces (char *);
+ static char *skip_non_spaces (char *);
+@@ -1670,13 +1671,16 @@ process_file_name (char *file, language *lang)
+       else
+ 	{
+ #if MSDOS || defined (DOS_NT)
+-	  char *cmd1 = concat (compr->command, " \"", real_name);
+-	  char *cmd = concat (cmd1, "\" > ", tmp_name);
++          int buf_len = strlen (compr->command) + strlen (" \"\" > \"\"") + strlen (real_name) + strlen (tmp_name) + 1;
++          char *cmd = xmalloc (buf_len);
++          snprintf (cmd, buf_len, "%s \"%s\" > \"%s\"", compr->command, real_name, tmp_name);
+ #else
+-	  char *cmd1 = concat (compr->command, " '", real_name);
+-	  char *cmd = concat (cmd1, "' > ", tmp_name);
++          char *new_real_name = escape_shell_arg_string (real_name);
++          char *new_tmp_name = escape_shell_arg_string (tmp_name);
++          int buf_len = strlen (compr->command) + strlen ("  > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1;
++          char *cmd = xmalloc (buf_len);
++          snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name);
+ #endif
+-	  free (cmd1);
+ 	  int tmp_errno;
+ 	  if (system (cmd) == -1)
+ 	    {
+@@ -7124,6 +7128,55 @@ etags_mktmp (void)
+   return templt;
+ }
+ 
++/*
++ * Adds single quotes around a string, if found single quotes, escaped it.
++ * Return a newly-allocated string.
++ *
++ * For example:
++ * escape_shell_arg_string("test.txt") => 'test.txt'
++ * escape_shell_arg_string("'test.txt") => ''\''test.txt'
++ */
++static char *
++escape_shell_arg_string (char *str)
++{
++  char *p = str;
++  int need_space = 2;           /* ' at begin and end */
++
++  while (*p != '\0')
++    {
++      if (*p == '\'')
++        need_space += 4;        /* ' to '\'', length is 4 */
++      else
++        need_space++;
++
++      p++;
++    }
++
++  char *new_str = xnew (need_space + 1, char);
++  new_str[0] = '\'';
++  new_str[need_space-1] = '\'';
++
++  int i = 1;                    /* skip first byte */
++  p = str;
++  while (*p != '\0')
++    {
++      new_str[i] = *p;
++      if (*p == '\'')
++        {
++          new_str[i+1] = '\\';
++          new_str[i+2] = '\'';
++          new_str[i+3] = '\'';
++          i += 3;
++        }
++
++      i++;
++      p++;
++    }
++
++  new_str[need_space] = '\0';
++  return new_str;
++}
++
+ static void
+ do_move_file(const char *src_file, const char *dst_file)
+ {
+-- 
+2.36.1
+

SOURCES/emacs-glibc-2.34.patch

@@ -0,0 +1,40 @@
+From f97e07ea807cc6d38774a3888a15091b20645ac6 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Tue, 9 Mar 2021 11:22:59 -0800
+Subject: [PATCH] Port alternate signal stack to upcoming glibc 2.34
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/sysdep.c (sigsegv_stack): Increase size to 64 KiB and align
+it to max_align_t.  This copies from Gnulib’s c-stack.c, and works
+around a portability bug in draft glibc 2.34, which no longer
+defines SIGSTKSZ when _GNU_SOURCE is defined.
+---
+ src/sysdep.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/sysdep.c b/src/sysdep.c
+index 941b4e2fa2..24d8832b2f 100644
+--- a/src/sysdep.c
++++ b/src/sysdep.c
+@@ -1785,7 +1785,15 @@ handle_arith_signal (int sig)
+ 
+ /* Alternate stack used by SIGSEGV handler below.  */
+ 
+-static unsigned char sigsegv_stack[SIGSTKSZ];
++/* Storage for the alternate signal stack.
++   64 KiB is not too large for Emacs, and is large enough
++   for all known platforms.  Smaller sizes may run into trouble.
++   For example, libsigsegv 2.6 through 2.8 have a bug where some
++   architectures use more than the Linux default of an 8 KiB alternate
++   stack when deciding if a fault was caused by stack overflow.  */
++static max_align_t sigsegv_stack[(64 * 1024
++				  + sizeof (max_align_t) - 1)
++				 / sizeof (max_align_t)];
+ 
+ 
+ /* Return true if SIGINFO indicates a stack overflow.  */
+-- 
+2.29.2
+

SOURCES/emacs-htmlfontify-command-injection-vulnerability.patch

@@ -0,0 +1,26 @@
+From 1b4dc4691c1f87fc970fbe568b43869a15ad0d4c Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Sat, 24 Dec 2022 16:28:54 +0800
+Subject: [PATCH] Fix htmlfontify.el command injection vulnerability.
+
+* lisp/htmlfontify.el (hfy-text-p): Fix command injection
+vulnerability.  (Bug#60295)
+---
+ lisp/htmlfontify.el | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lisp/htmlfontify.el b/lisp/htmlfontify.el
+index df4c6ab079c..389b92939cc 100644
+--- a/lisp/htmlfontify.el
++++ b/lisp/htmlfontify.el
+@@ -1912,7 +1912,7 @@ hfy-make-directory
+ 
+ (defun hfy-text-p (srcdir file)
+   "Is SRCDIR/FILE text?  Uses `hfy-istext-command' to determine this."
+-  (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir)))
++  (let* ((cmd (format hfy-istext-command (shell-quote-argument (expand-file-name file srcdir))))
+          (rsp (shell-command-to-string    cmd)))
+     (string-match "text" rsp)))
+ 
+-- 
+2.36.1

SOURCES/emacs-mh-rmail-nonempty-dir.patch

@@ -1,31 +0,0 @@
-From b73cde5e2815c531df7f5fd13e214a7d92f78239 Mon Sep 17 00:00:00 2001
-From: Mike Kupfer <mkupfer@alum.berkeley.edu>
-Date: Wed, 4 Jul 2018 15:43:04 -0700
-Subject: [PATCH] Fix MH-E mail composition with GNU Mailutils (SF#485)
-
-* lisp/mh-e/mh-comp.el (mh-bare-components): Recursively delete
-the temporary folder.
----
- lisp/mh-e/mh-comp.el | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/lisp/mh-e/mh-comp.el b/lisp/mh-e/mh-comp.el
-index a9f809cfa1..aa22df8b18 100644
---- a/lisp/mh-e/mh-comp.el
-+++ b/lisp/mh-e/mh-comp.el
-@@ -925,8 +925,10 @@ mh-bare-components
-                      (list "-form" mh-comp-formfile)))
-     (setq new (make-temp-file "comp."))
-     (rename-file (concat temp-folder "/" "1") new t)
--    (delete-file (concat temp-folder "/" ".mh_sequences"))
--    (delete-directory temp-folder)
-+    ;; The temp folder could contain various metadata files.  Rather
-+    ;; than trying to enumerate all the known files, just do a
-+    ;; recursive delete on the directory.
-+    (delete-directory temp-folder t)
-     new))
- 
- (defun mh-read-draft (use initial-contents delete-contents-file)
--- 
-2.36.1
-

SOURCES/emacs-ob-latex-command-injection-vulnerability.patch

@@ -0,0 +1,43 @@
+From a8006ea580ed74f27f974d60b598143b04ad1741 Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Sat, 11 Mar 2023 18:53:37 +0800
+Subject: * lisp/org/ob-latex.el: Fix command injection vulnerability
+
+(org-babel-execute:latex):
+Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'.
+
+TINYCHANGE
+---
+ lisp/org/ob-latex.el | 13 +++++--------
+ 1 file changed, 5 insertions(+), 8 deletions(-)
+
+diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el
+index a2c24b3..ce39628 100644
+--- a/lisp/org/ob-latex.el
++++ b/lisp/org/ob-latex.el
+@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'."
+ 	    (if (string-suffix-p ".svg" out-file)
+ 		(progn
+ 		  (shell-command "pwd")
+-		  (shell-command (format "mv %s %s"
+-					 (concat (file-name-sans-extension tex-file) "-1.svg")
+-					 out-file)))
++                  (rename-file (concat (file-name-sans-extension tex-file) "-1.svg")
++                               out-file t))
+ 	      (error "SVG file produced but HTML file requested")))
+ 	   ((file-exists-p (concat (file-name-sans-extension tex-file) ".html"))
+ 	    (if (string-suffix-p ".html" out-file)
+-		(shell-command "mv %s %s"
+-			       (concat (file-name-sans-extension tex-file)
+-				       ".html")
+-			       out-file)
+-	      (error "HTML file produced but SVG file requested")))))
++                (rename-file (concat (file-name-sans-extension tex-file) ".html")
++                             out-file t)
++              (error "HTML file produced but SVG file requested")))))
+ 	 ((or (string= "pdf" extension) imagemagick)
+ 	  (with-temp-file tex-file
+ 	    (require 'ox-latex)
+-- 
+cgit v1.1
+

SOURCES/emacs-ruby-mode-local-command-injection-vulnerability.patch

@@ -0,0 +1,28 @@
+From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Fri, 23 Dec 2022 12:52:48 +0800
+Subject: [PATCH] Fix ruby-mode.el local command injection vulnerability
+ (bug#60268)
+
+* lisp/progmodes/ruby-mode.el
+(ruby-find-library-file): Fix local command injection vulnerability.
+---
+ lisp/progmodes/ruby-mode.el | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el
+index 1f3e9b6ae7b..a4aa61905e4 100644
+--- a/lisp/progmodes/ruby-mode.el
++++ b/lisp/progmodes/ruby-mode.el
+@@ -1820,7 +1820,7 @@ ruby-find-library-file
+       (setq feature-name (read-string "Feature name: " init))))
+   (let ((out
+          (substring
+-          (shell-command-to-string (concat "gem which " feature-name))
++          (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
+           0 -1)))
+     (if (string-match-p "\\`ERROR" out)
+         (user-error "%s" out)
+-- 
+2.36.1
+

SOURCES/gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg

@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBF+pf4UBCAC6vjkWLSAsQpe8YIGKLQzNOJx/IjGtCdFF8uzmO5jmME+SD8RO
+uJN+t5KXVw58uzu75EFD0vHTY9e+udJ2gkpuy0NnzkFcbumdLLo2ERKCoSctZZRh
+zKXI5z5cHxCqW0B2ygHRrRLtoNlGID7bAgcgSViT1ptGqTXO7zGVu4Airok7dNzc
+PtHgns8GlR5YAFX0TvE6oGd0l2VPghNeVJKJOjrbfhoDxl3ucFpqbqMH8z9HTLDO
+Fpz8UaYYUdJMi3xX6vwTZxI2sM2RRVLUpZyllAkSMI4lln1OOgazM/62DJUs/rKI
+HKBnF6h3/qsJUjUYXaAHbrXY26mWllAd536lABEBAAG0I0VsaSBaYXJldHNraWkg
+KGVsaXopIDxlbGl6QGdudS5vcmc+iQE4BBMBAgAiBQJfqX+FAhsDBgsJCAcDAgYV
+CAIJCgsEFgIDAQIeAQIXgAAKCRCRwSYvAeuNOYUQB/4/iIKKOG45ijNaRoTvmJJZ
+Mvj1S07WQxEm7c5SHEeEQbLOAxB9vESOV7sLueuN3oqEndtzyYt4x1WTSBmHFF7h
+5fcCMjBs41siOIp5Sj/xD0Bvaa0IKGCRSZ7PAo8Mq3wgajXpTpn9vxE2PmtzA8Kd
+EE0K1+f9pVAfOpUIcCl44rIxLUW352XG0y7iz6c/O6LB1deOKMiKFctKO7pBti1d
+JEm1ImewLH3H8uTbwspLOs3EB8xhsESxmTidnze68HX2jt+2EeMgCdkiNU+LWbex
+QZPfIS7+ZmE06ll0v6+Jy7ZdTkCCRypKWTnW7pIFsq/p4kybV8O/kHSV6B4vvQBf
+uQENBF+pf4UBCACvFrdx/m22lgObypSmSS4TNlNvQnMUorrMmp0U32hv5adt6CKX
+eMjk05F+GcIfVMrpxqMBn4sEUIXWhhogQJa9ZbWEP/HbS8XjMMbz0Q0Siaty9+DS
+spK/9u2GWKsz3uQzLCexIJtzmXvjAVmvoMCAU/F2t038ggygjYLRgyLRNLgbbart
+u2dMkvrfxRjheip60S4S3utOcwUf/qdoa1grNannCFluHr/ftXCeeuGB4H8iO0BX
+WNby6NZPizxJttx9gdcH8/OmDOJkXyRMTT/3sSem76CSOjfXcz7saJlg680NQhG5
+TmuYERjJD4+U02K5RuqTsEnOuWeFy4p+/mslABEBAAGJAR8EGAECAAkFAl+pf4UC
+GwwACgkQkcEmLwHrjTno7Af/a1XoLHxAUkS43nmF8iazn3ZnuwWKWLEAsNrxk56y
+UxhUPRzNs0/fsABDQR1o0DyTqbScKOcOMSG2YMCctLiDd7FdfMWwkUsV9GUpPBiR
+tD60Ewmn9sbNJKrEoZ5L6sqOUEslJRVABu5taOzVIRfeUPPaMRjvCcr0d+epKjW8
+1J9Aqj8SskuNkHwvHchTYFYVT22aemjjZ1MGOUm7QiybWQgYL6aSPV2gR+NQQ7pE
+hOBoEi6GLEiBkoYOIXvmxsqQLBrUPbsJq8lItYEaw4HGt8BaPxtK2yZ9mSqC2xhW
+Yr1j1YAIHffzubC0jxc5znXERsRANoJOwNUXmiddD7UM9A==
+=g4R7
+-----END PGP PUBLIC KEY BLOCK-----

SPECS/emacs.spec

@@ -4,29 +4,36 @@
 Summary:       GNU Emacs text editor
 Name:          emacs
 Epoch:         1
-Version:       26.1
+Version:       27.2
 Release:       9%{?dist}
 License:       GPLv3+ and CC0-1.0
 URL:           http://www.gnu.org/software/emacs/
-Group:         Applications/Editors
 Source0:       https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz
-Source1:       emacs.desktop
-Source3:       dotemacs.el
-Source4:       site-start.el
-Source5:       default.el
+Source1:       https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz.sig
+# generate the keyring via:
+# wget https://ftp.gnu.org/gnu/gnu-keyring.gpg
+# gpg2 --keyring ./gnu-keyring.gpg --armor --export E6C9029C363AD41D787A8EBB91C1262F01EB8D39 > gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
+Source2:       gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
+Source3:       emacs.desktop
+Source4:       dotemacs.el
+Source5:       site-start.el
+Source6:       default.el
 # Emacs Terminal Mode, #551949, #617355
-Source6:       emacs-terminal.desktop
-Source7:       emacs-terminal.sh
-Source8:       emacs.service
-Source9:       %{name}.appdata.xml
-# rhbz#1810729
-Source10:      package-keyring.gpg
+Source7:       emacs-terminal.desktop
+Source8:       emacs-terminal.sh
+Source9:       emacs.service
+Source10:      %{name}.appdata.xml
 # rhbz#713600
 Patch1:        emacs-spellchecker.patch
 Patch2:        emacs-system-crypto-policies.patch
-Patch3:        emacs-ctags-local-command-execute-vulnerability.patch
-Patch4:        emacs-mh-rmail-nonempty-dir.patch
-
+Patch3:        emacs-glibc-2.34.patch
+Patch4:        emacs-ctags-local-command-execute-vulnerability.patch
+Patch5:        emacs-64KB-page-size-for-pdump.patch
+Patch6:        emacs-etags-local-command-injection-vulnerability.patch
+Patch7:        emacs-htmlfontify-command-injection-vulnerability.patch
+Patch8:        emacs-ruby-mode-local-command-injection-vulnerability.patch
+Patch9:        emacs-ob-latex-command-injection-vulnerability.patch
+BuildRequires: gcc
 BuildRequires: atk-devel
 BuildRequires: cairo-devel
 BuildRequires: freetype-devel
@@ -52,27 +59,34 @@ BuildRequires: librsvg2-devel
 BuildRequires: m17n-lib-devel
 BuildRequires: libotf-devel
 BuildRequires: libselinux-devel
-BuildRequires: GConf2-devel
 BuildRequires: alsa-lib-devel
 BuildRequires: gpm-devel
 BuildRequires: liblockfile-devel
 BuildRequires: libxml2-devel
+BuildRequires: autoconf
 BuildRequires: bzip2
 BuildRequires: cairo
 BuildRequires: texinfo
 BuildRequires: gzip
 BuildRequires: desktop-file-utils
 BuildRequires: libacl-devel
+BuildRequires: harfbuzz-devel
+BuildRequires: jansson-devel
+BuildRequires: systemd-devel
 
 BuildRequires: gtk3-devel
 BuildRequires: webkit2gtk3-devel
 
+BuildRequires: gnupg2
+
 # For lucid
 BuildRequires: Xaw3d-devel
 
 %ifarch %{ix86}
 BuildRequires: util-linux
 %endif
+BuildRequires: make
+
 
 # Emacs doesn't run without dejavu-sans-mono-fonts, rhbz#732422
 Requires:      desktop-file-utils
@@ -98,7 +112,6 @@ This package provides an emacs binary with support for X windows.
 
 %package lucid
 Summary:       GNU Emacs text editor with LUCID toolkit X support
-Group:         Applications/Editors
 Requires(preun): %{_sbindir}/alternatives
 Requires(posttrans): %{_sbindir}/alternatives
 Requires:      emacs-common = %{epoch}:%{version}-%{release}
@@ -115,7 +128,6 @@ using LUCID toolkit.
 
 %package nox
 Summary:       GNU Emacs text editor without X support
-Group:         Applications/Editors
 Requires(preun): %{_sbindir}/alternatives
 Requires(posttrans): %{_sbindir}/alternatives
 Requires:      emacs-common = %{epoch}:%{version}-%{release}
@@ -135,11 +147,8 @@ Summary:       Emacs common files
 # The entire source code is GPLv3+ except lib-src/etags.c which is
 # also BSD.  Manual (info) is GFDL.
 License:       GPLv3+ and GFDL and BSD
-Group:         Applications/Editors
-Requires(preun): /sbin/install-info
 Requires(preun): %{_sbindir}/alternatives
 Requires(posttrans): %{_sbindir}/alternatives
-Requires(post): /sbin/install-info
 Requires:      %{name}-filesystem = %{epoch}:%{version}-%{release}
 Provides:      %{name}-el = %{epoch}:%{version}-%{release}
 Obsoletes:     emacs-el < 1:24.3-29
@@ -155,7 +164,6 @@ or emacs-nox.
 
 %package terminal
 Summary:       A desktop menu item for GNU Emacs terminal.
-Group:         Applications/Editors
 Requires:      emacs = %{epoch}:%{version}-%{release}
 BuildArch:     noarch
 
@@ -168,27 +176,35 @@ removed when another terminal becomes capable of handling Malayalam.
 
 %package filesystem
 Summary:       Emacs filesystem layout
-Group:         Applications/Editors
 BuildArch:     noarch
 
 %description filesystem
 This package provides some directories which are required by other
 packages that add functionality to Emacs.
 
+%package devel
+Summary: Development header files for Emacs
+
+%description devel
+Development header files for Emacs.
+
 %prep
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %setup -q
 
 %patch1 -p1 -b .spellchecker
 %patch2 -p1 -b .system-crypto-policies
-%patch3 -p1 -b .ctags-local-command-execute-vulnerability
-%patch4 -p1 -b .mh-rmail-nonempty-dir.patch
+%patch3 -p1 -b .glibc2.34
+%patch4 -p1 -b .ctags-local-command-execute-vulnerability
+%patch5 -p1 -b .64KB-page-size-for-pdump
+%patch6 -p1 -b .etags-local-command-injection-vulnerability
+%patch7 -p1 -b .htmlfontify-command-injection-vulnerability
+%patch8 -p1 -b .ruby-mode-local-command-injection-vulnerability
+%patch9 -p1 -b .ob-latex-command-injection-vulnerability
 autoconf
 
 # We prefer our emacs.desktop file
-cp %SOURCE1 etc/emacs.desktop
-
-# GPG key for GNU ELPA packages backported from Emacs 26.3 (#1810729)
-cp %SOURCE10 etc/package-keyring.gpg
+cp %SOURCE3 etc/emacs.desktop
 
 grep -v "tetris.elc" lisp/Makefile.in > lisp/Makefile.in.new \
    && mv lisp/Makefile.in.new lisp/Makefile.in
@@ -228,8 +244,8 @@ ln -s ../../%{name}/%{version}/etc/NEWS doc
 
 
 %build
-export CFLAGS="-DMAIL_USE_LOCKF $RPM_OPT_FLAGS"
-export LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now -fpie"
+export CFLAGS="-DMAIL_USE_LOCKF %{build_cflags}"
+%set_build_flags
 
 # Build GTK+ binary
 mkdir build-gtk && cd build-gtk
@@ -237,9 +253,9 @@ ln -s ../configure .
 
 %configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \
            --with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3 --with-gpm=no \
-           --with-xwidgets --with-modules
+           --with-xwidgets --with-modules --with-harfbuzz --with-cairo --with-json
 make bootstrap
-%{setarch} make %{?_smp_mflags}
+%{setarch} %make_build
 cd ..
 
 # Build Lucid binary
@@ -248,16 +264,16 @@ ln -s ../configure .
 
 %configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \
            --with-tiff --with-xft --with-xpm --with-x-toolkit=lucid --with-gpm=no \
-           --with-modules
+           --with-modules --with-harfbuzz --with-cairo --with-json
 make bootstrap
-%{setarch} make %{?_smp_mflags}
+%{setarch} %make_build
 cd ..
 
 # Build binary without X support
 mkdir build-nox && cd build-nox
 ln -s ../configure .
-%configure --with-x=no --with-modules
-%{setarch} make %{?_smp_mflags}
+%configure --with-x=no --with-modules --with-json
+%{setarch} %make_build
 cd ..
 
 # Remove versioned file so that we end up with .1 suffix and only one DOC file
@@ -285,29 +301,37 @@ EOF
 
 %install
 cd build-gtk
-make install INSTALL="%{__install} -p" DESTDIR=%{buildroot}
+%make_install
 cd ..
 
 # Let alternatives manage the symlink
 rm %{buildroot}%{_bindir}/emacs
 touch %{buildroot}%{_bindir}/emacs
 
+# Remove emacs.pdmp from common
+rm %{buildroot}%{emacs_libexecdir}/emacs.pdmp
+
 # Do not compress the files which implement compression itself (#484830)
 gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-compr.el.gz
 gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-cmpr-hook.el.gz
 
+# Install emacs.pdmp of the emacs with GTK+
+install -p -m 0644 build-gtk/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}.pdmp
+
 # Install the emacs with LUCID toolkit
 install -p -m 0755 build-lucid/src/emacs %{buildroot}%{_bindir}/emacs-%{version}-lucid
+install -p -m 0644 build-lucid/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}-lucid.pdmp
 
 # Install the emacs without X
 install -p -m 0755 build-nox/src/emacs %{buildroot}%{_bindir}/emacs-%{version}-nox
+install -p -m 0644 build-nox/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}-nox.pdmp
 
 # Make sure movemail isn't setgid
 chmod 755 %{buildroot}%{emacs_libexecdir}/movemail
 
 mkdir -p %{buildroot}%{site_lisp}
-install -p -m 0644 %SOURCE4 %{buildroot}%{site_lisp}/site-start.el
-install -p -m 0644 %SOURCE5 %{buildroot}%{site_lisp}
+install -p -m 0644 %SOURCE5 %{buildroot}%{site_lisp}/site-start.el
+install -p -m 0644 %SOURCE6 %{buildroot}%{site_lisp}
 
 # This solves bz#474958, "update-directory-autoloads" now finally
 # works the path is different each version, so we'll generate it here
@@ -325,7 +349,7 @@ mkdir -p %{buildroot}%{site_lisp}/site-start.d
 
 # Default initialization file
 mkdir -p %{buildroot}%{_sysconfdir}/skel
-install -p -m 0644 %SOURCE3 %{buildroot}%{_sysconfdir}/skel/.emacs
+install -p -m 0644 %SOURCE4 %{buildroot}%{_sysconfdir}/skel/.emacs
 
 # Install pkgconfig file
 mkdir -p %{buildroot}/%{pkgconfig}
@@ -333,30 +357,32 @@ install -p -m 0644 emacs.pc %{buildroot}/%{pkgconfig}
 
 # Install app data
 mkdir -p %{buildroot}/%{_datadir}/appdata
-cp -a %SOURCE9 %{buildroot}/%{_datadir}/appdata
+cp -a %SOURCE10 %{buildroot}/%{_datadir}/appdata
+# Upstream ships its own appdata file, but it's quite terse.
+rm %{buildroot}/%{_datadir}/metainfo/emacs.appdata.xml
 
 # Install rpm macro definition file
 mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d
 install -p -m 0644 macros.emacs %{buildroot}%{_rpmconfigdir}/macros.d/
 
 # Installing emacs-terminal binary
-install -p -m 755 %SOURCE7 %{buildroot}%{_bindir}/emacs-terminal
+install -p -m 755 %SOURCE8 %{buildroot}%{_bindir}/emacs-terminal
 
 # After everything is installed, remove info dir
 rm -f %{buildroot}%{_infodir}/dir
 
 # Installing service file
 mkdir -p %{buildroot}%{_userunitdir}
-install -p -m 0644 %SOURCE8 %{buildroot}%{_userunitdir}/emacs.service
+install -p -m 0644 %SOURCE9 %{buildroot}%{_userunitdir}/emacs.service
 # Emacs 26.1 installs the upstream unit file to /usr/lib64 on 64bit archs, we don't want that
 rm -f %{buildroot}/usr/lib64/systemd/user/emacs.service
 
 # Install desktop files
 mkdir -p %{buildroot}%{_datadir}/applications
 desktop-file-install --dir=%{buildroot}%{_datadir}/applications \
-                     %SOURCE1
+                     %SOURCE3
 desktop-file-install --dir=%{buildroot}%{_datadir}/applications \
-                     %SOURCE6
+                     %SOURCE7
 
 #
 # Create file lists
@@ -402,18 +428,8 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg
 %{_sbindir}/alternatives --install %{_bindir}/emacs emacs %{_bindir}/emacs-%{version}-nox 70
 %{_sbindir}/alternatives --install %{_bindir}/emacs-nox emacs-nox %{_bindir}/emacs-%{version}-nox 60
 
-%post common
-for f in %{info_files}; do
-  /sbin/install-info %{_infodir}/$f.info.gz %{_infodir}/dir 2> /dev/null || :
-done
-
 %preun common
 %{_sbindir}/alternatives --remove emacs.etags %{_bindir}/etags.emacs
-if [ "$1" = 0 ]; then
-  for f in %{info_files}; do
-    /sbin/install-info --delete %{_infodir}/$f.info.gz %{_infodir}/dir 2> /dev/null || :
-  done
-fi
 
 %posttrans common
 %{_sbindir}/alternatives --install %{_bindir}/etags emacs.etags %{_bindir}/etags.emacs 80 \
@@ -421,20 +437,24 @@ fi
 
 %files
 %{_bindir}/emacs-%{version}
+%{_bindir}/emacs-%{version}.pdmp
 %attr(0755,-,-) %ghost %{_bindir}/emacs
 %{_datadir}/applications/emacs.desktop
 %{_datadir}/appdata/%{name}.appdata.xml
 %{_datadir}/icons/hicolor/*/apps/emacs.png
 %{_datadir}/icons/hicolor/scalable/apps/emacs.svg
+%{_datadir}/icons/hicolor/scalable/apps/emacs.ico
 %{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document.svg
 
 %files lucid
 %{_bindir}/emacs-%{version}-lucid
+%{_bindir}/emacs-%{version}-lucid.pdmp
 %attr(0755,-,-) %ghost %{_bindir}/emacs
 %attr(0755,-,-) %ghost %{_bindir}/emacs-lucid
 
 %files nox
 %{_bindir}/emacs-%{version}-nox
+%{_bindir}/emacs-%{version}-nox.pdmp
 %attr(0755,-,-) %ghost %{_bindir}/emacs
 %attr(0755,-,-) %ghost %{_bindir}/emacs-nox
 
@@ -467,30 +487,93 @@ fi
 %dir %{_datadir}/emacs/site-lisp
 %dir %{_datadir}/emacs/site-lisp/site-start.d
 
+%files devel
+%{_includedir}/emacs-module.h
+
 %changelog
-* Tue Jan 10 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-9
-- Fix MH-E mail composition with GNU Mailutils (#1991156)
+* Sun Apr 2 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-9
+- Fix etags local command injection vulnerability (#2175190)
+- Fix htmlfontify.el command injection vulnerability (#2175179)
+- Fix ruby-mode.el local command injection vulnerability (#2175142)
+- Fix ob-latex.el command injection vulnerability (#2180590)
 
-* Thu Jan 05 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-8
-- Fix ctags local command execute vulnerability (#2149386)
+* Tue Jan 10 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-8
+- Use a 64KB page size for pdump (#1979804)
 
-* Thu Aug 5 2021 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-7
-- provide gating.yaml for CI
+* Wed Jan 04 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-7
+- Fix ctags local command execute vulnerability (#2149387)
 
-* Mon Jul 19 2021 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-6
-- a new GPG key for GNU ELPA packages (#1810729)
+* Wed Sep 22 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-6
+- Adapt hardening options from _hardened_build macro (#2006856)
 
-* Mon Sep 10 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-5
-- review annocheck distro flag failures (#1624109)
+* Wed Aug 18 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-5
+- Provide gating.yaml for CI (#1975151)
 
-* Tue Aug 14 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-4
-- remove ImageMagick dependency (#1564992)
+* Tue Aug 10 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-4
+- Fix FTBFS with glibc 2.34 (#1975151)
 
-* Mon Aug 13 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-3
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:27.2-3
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:27.2-2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Sat Mar 27 2021 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.2-1
+- emacs-27.2 is available
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:27.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Aug 18 2020 Jan Synáček <jsynacek@redhat.com> - 1:27.1-2
+- use make macros (original patch provided by Tom Stellard)
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Tue Aug 11 2020 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.1-1
+- emacs-27.1 is available (#1867841)
+- Add systemd-devel to support Type=notify in unit file
+- Build with Cairo and Jansson support
+- Remove ImageMagick dependency as it's no longer used
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Apr 16 2020 Dan Čermák <dan.cermak@cgc-instruments.com> - 1:26.3-3
+- Drop dependency on GConf2
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sun Sep 08 2019 Maximiliano Sandoval <msandoval@protonmail.com> - 1:26.3-1
+- emacs-26.3 is available (#1747101)
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed Apr 17 2019 Jan Synáček <jsynacek@redhat.com> - 1:26.2-1
+- emacs-26.2 is available (#1699434)
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Aug 28 2018 Michael Cronenworth <mike@cchtml.com> - 1:26.1-7
+- Rebuild for new ImageMagick 6.9.10
+
+* Mon Aug 13 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-6
 - remove python dependencies, emacs*.py have not been there for a while
 
-* Mon Jun 18 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-2
-- remove build dependency on python2 (#1591707)
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1:26.1-4
+- Rebuilt for Python 3.7
+
+* Tue Jun 26 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-3
+- Refix: Emacs crashes when loading color fonts (#1519038)
+  + emacs SIGABRT after XProtocolError on displaying an email in Gnus (#1591223)
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1:26.1-2
+- Rebuilt for Python 3.7
 
 * Wed May 30 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-1
 - emacs-26.1 is available (#1583433)