Compare commits

...

No commits in common. "c8s" and "c9" have entirely different histories.
c8s ... c9

29 changed files with 9613 additions and 452 deletions

1
.emacs.metadata Normal file
View File

@ -0,0 +1 @@
8d18e2bfb6e28cf060ce7587290954e9c582aa25 SOURCES/emacs-27.2.tar.xz

5
.gitignore vendored
View File

@ -1,4 +1 @@
SOURCES/emacs-26.1.tar.xz
SOURCES/package-keyring.gpg
/emacs-26.1.tar.xz
/package-keyring.gpg
SOURCES/emacs-27.2.tar.xz

View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJgXHmkAAoJEJHBJi8B6405d2EIAIPafSj+sV3Hemu9CSPL+F38
KutOo7nUF1AO0tgdijPGZ4BTBsWnsum0dLQ/JLtor7/NQuqrZTMJQbrorLluwCR7
p1aVtwQ+enWn3G0Aq/4uWo0xaMCvJlEPOQuYE8Dtt12PFZzmfAE1r4KZa4cL073h
suugT/tz7awq7QS6GbjI88mkJXVMuEwVYPPS2tzBUTkA2152dikFSyqBhUnIo3Ni
eDN6NvSYBpL1I9HgNYuiBJp9xv8CzGtwm/7Nidntzl9SPVQlZkZIHNj8tRbE67Ge
R0EXBgnDsSKlRUM51R7PejnSG6134VcLCaItMF6dIiVBu6BwQXw1t+zdqnzG6v8=
=L6J6
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,31 @@
From 216c65b135c2b0be7e048cdc6683873b03b99b9a Mon Sep 17 00:00:00 2001
From: Lars Ingebrigtsen <larsi@gnus.org>
Date: Sun, 28 Mar 2021 19:13:00 +0200
Subject: [PATCH] Use a 64KB page size for pdump
* src/pdumper.c (dump_get_page_size): Use a 64KB page size on all
architectures, as this many vary between systems (bug#47125).
---
src/pdumper.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/pdumper.c b/src/pdumper.c
index 337742fda4..fdd9b3bacb 100644
--- a/src/pdumper.c
+++ b/src/pdumper.c
@@ -162,11 +162,7 @@ ptrdiff_t_to_dump_off (ptrdiff_t value)
static int
dump_get_page_size (void)
{
-#if defined (WINDOWSNT) || defined (CYGWIN)
- return 64 * 1024; /* Worst-case allocation granularity. */
-#else
- return getpagesize ();
-#endif
+ return 64 * 1024;
}
#define dump_offsetof(type, member) \
--
2.36.1

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,40 @@
From f97e07ea807cc6d38774a3888a15091b20645ac6 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 9 Mar 2021 11:22:59 -0800
Subject: [PATCH] Port alternate signal stack to upcoming glibc 2.34
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* src/sysdep.c (sigsegv_stack): Increase size to 64 KiB and align
it to max_align_t. This copies from Gnulibs c-stack.c, and works
around a portability bug in draft glibc 2.34, which no longer
defines SIGSTKSZ when _GNU_SOURCE is defined.
---
src/sysdep.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/sysdep.c b/src/sysdep.c
index 941b4e2fa2..24d8832b2f 100644
--- a/src/sysdep.c
+++ b/src/sysdep.c
@@ -1785,7 +1785,15 @@ handle_arith_signal (int sig)
/* Alternate stack used by SIGSEGV handler below. */
-static unsigned char sigsegv_stack[SIGSTKSZ];
+/* Storage for the alternate signal stack.
+ 64 KiB is not too large for Emacs, and is large enough
+ for all known platforms. Smaller sizes may run into trouble.
+ For example, libsigsegv 2.6 through 2.8 have a bug where some
+ architectures use more than the Linux default of an 8 KiB alternate
+ stack when deciding if a fault was caused by stack overflow. */
+static max_align_t sigsegv_stack[(64 * 1024
+ + sizeof (max_align_t) - 1)
+ / sizeof (max_align_t)];
/* Return true if SIGINFO indicates a stack overflow. */
--
2.29.2

View File

@ -3,44 +3,34 @@ From: Ihor Radchenko <yantar92@posteo.net>
Date: Tue, 18 Jun 2024 13:06:44 +0200
Subject: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
* lisp/org/org.el (org-link-expand-abbrev): Refuse expanding %(...) link
* lisp/org/ol.el (org-link-expand-abbrev): Refuse expanding %(...) link
abbrevs that specify unsafe function. Instead, display a warning, and
do not expand the abbrev. Clear all the text properties from the
returned link, to avoid any potential vulnerabilities caused by
properties that may contain arbitrary Elisp.
---
lisp/org/org.el | 40 +++++++++++++++++++++++++++++-----------
lisp/org/ol.el | 40 +++++++++++++++++++++++++++++-----------
1 file changed, 29 insertions(+), 11 deletions(-)
diff --git a/lisp/org/org.el b/lisp/org/org.el
diff --git a/lisp/org/ol.el b/lisp/org/ol.el
index 7a7f4f5..8a556c7 100644
--- a/lisp/org/org.el
+++ b/lisp/org/org.el
@@ -1152,26 +1152,44 @@ Abbreviations are defined in `org-link-abbrev-alist'."
(defun org-link-expand-abbrev (link)
"Apply replacements as defined in `org-link-abbrev-alist'."
- (if (string-match "^\\([^:]*\\)\\(::?\\(.*\\)\\)?$" link)
+ (if (not (string-match "^\\([^:]*\\)\\(::?\\(.*\\)\\)?$" link)) link
(let* ((key (match-string 1 link))
(as (or (assoc key org-link-abbrev-alist-local)
(assoc key org-link-abbrev-alist)))
(tag (and (match-end 2) (match-string 3 link)))
rpl)
(if (not as)
link
(setq rpl (cdr as))
- (cond
- ((symbolp rpl) (funcall rpl tag))
- ((string-match "%(\\([^)]+\\))" rpl)
- (replace-match
- (save-match-data
- (funcall (intern-soft (match-string 1 rpl)) tag)) t t rpl))
- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
- ((string-match "%h" rpl)
- (replace-match (url-hexify-string (or tag "")) t t rpl))
- (t (concat rpl tag)))))
- link))
--- a/lisp/org/ol.el
+++ b/lisp/org/ol.el
@@ -1152,17 +1152,35 @@ Abbreviations are defined in `org-link-abbrev-alist'."
(if (not as)
link
(setq rpl (cdr as))
- (cond
- ((symbolp rpl) (funcall rpl tag))
- ((string-match "%(\\([^)]+\\))" rpl)
- (replace-match
- (save-match-data
- (funcall (intern-soft (match-string 1 rpl)) tag))
- t t rpl))
- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
- ((string-match "%h" rpl)
- (replace-match (url-hexify-string (or tag "")) t t rpl))
- (t (concat rpl tag)))))))
+ ;; Drop any potentially dangerous text properties like
+ ;; `modification-hooks' that may be used as an attack vector.
+ (substring-no-properties
@ -71,8 +61,8 @@ index 7a7f4f5..8a556c7 100644
+ (replace-match (url-hexify-string (or tag "")) t t rpl))
+ (t (concat rpl tag))))))))
;;; Storing and inserting links
(defun org-link-open (link &optional arg)
"Open a link object LINK.
--
cgit v1.1

View File

@ -0,0 +1,28 @@
From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Fri, 23 Dec 2022 12:52:48 +0800
Subject: [PATCH] Fix ruby-mode.el local command injection vulnerability
(bug#60268)
* lisp/progmodes/ruby-mode.el
(ruby-find-library-file): Fix local command injection vulnerability.
---
lisp/progmodes/ruby-mode.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el
index 1f3e9b6ae7b..a4aa61905e4 100644
--- a/lisp/progmodes/ruby-mode.el
+++ b/lisp/progmodes/ruby-mode.el
@@ -1820,7 +1820,7 @@ ruby-find-library-file
(setq feature-name (read-string "Feature name: " init))))
(let ((out
(substring
- (shell-command-to-string (concat "gem which " feature-name))
+ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
0 -1)))
(if (string-match-p "\\`ERROR" out)
(user-error "%s" out)
--
2.36.1

View File

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF+pf4UBCAC6vjkWLSAsQpe8YIGKLQzNOJx/IjGtCdFF8uzmO5jmME+SD8RO
uJN+t5KXVw58uzu75EFD0vHTY9e+udJ2gkpuy0NnzkFcbumdLLo2ERKCoSctZZRh
zKXI5z5cHxCqW0B2ygHRrRLtoNlGID7bAgcgSViT1ptGqTXO7zGVu4Airok7dNzc
PtHgns8GlR5YAFX0TvE6oGd0l2VPghNeVJKJOjrbfhoDxl3ucFpqbqMH8z9HTLDO
Fpz8UaYYUdJMi3xX6vwTZxI2sM2RRVLUpZyllAkSMI4lln1OOgazM/62DJUs/rKI
HKBnF6h3/qsJUjUYXaAHbrXY26mWllAd536lABEBAAG0I0VsaSBaYXJldHNraWkg
KGVsaXopIDxlbGl6QGdudS5vcmc+iQE4BBMBAgAiBQJfqX+FAhsDBgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAAKCRCRwSYvAeuNOYUQB/4/iIKKOG45ijNaRoTvmJJZ
Mvj1S07WQxEm7c5SHEeEQbLOAxB9vESOV7sLueuN3oqEndtzyYt4x1WTSBmHFF7h
5fcCMjBs41siOIp5Sj/xD0Bvaa0IKGCRSZ7PAo8Mq3wgajXpTpn9vxE2PmtzA8Kd
EE0K1+f9pVAfOpUIcCl44rIxLUW352XG0y7iz6c/O6LB1deOKMiKFctKO7pBti1d
JEm1ImewLH3H8uTbwspLOs3EB8xhsESxmTidnze68HX2jt+2EeMgCdkiNU+LWbex
QZPfIS7+ZmE06ll0v6+Jy7ZdTkCCRypKWTnW7pIFsq/p4kybV8O/kHSV6B4vvQBf
uQENBF+pf4UBCACvFrdx/m22lgObypSmSS4TNlNvQnMUorrMmp0U32hv5adt6CKX
eMjk05F+GcIfVMrpxqMBn4sEUIXWhhogQJa9ZbWEP/HbS8XjMMbz0Q0Siaty9+DS
spK/9u2GWKsz3uQzLCexIJtzmXvjAVmvoMCAU/F2t038ggygjYLRgyLRNLgbbart
u2dMkvrfxRjheip60S4S3utOcwUf/qdoa1grNannCFluHr/ftXCeeuGB4H8iO0BX
WNby6NZPizxJttx9gdcH8/OmDOJkXyRMTT/3sSem76CSOjfXcz7saJlg680NQhG5
TmuYERjJD4+U02K5RuqTsEnOuWeFy4p+/mslABEBAAGJAR8EGAECAAkFAl+pf4UC
GwwACgkQkcEmLwHrjTno7Af/a1XoLHxAUkS43nmF8iazn3ZnuwWKWLEAsNrxk56y
UxhUPRzNs0/fsABDQR1o0DyTqbScKOcOMSG2YMCctLiDd7FdfMWwkUsV9GUpPBiR
tD60Ewmn9sbNJKrEoZ5L6sqOUEslJRVABu5taOzVIRfeUPPaMRjvCcr0d+epKjW8
1J9Aqj8SskuNkHwvHchTYFYVT22aemjjZ1MGOUm7QiybWQgYL6aSPV2gR+NQQ7pE
hOBoEi6GLEiBkoYOIXvmxsqQLBrUPbsJq8lItYEaw4HGt8BaPxtK2yZ9mSqC2xhW
Yr1j1YAIHffzubC0jxc5znXERsRANoJOwNUXmiddD7UM9A==
=g4R7
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -4,35 +4,38 @@
Summary: GNU Emacs text editor
Name: emacs
Epoch: 1
Version: 26.1
Release: 12%{?dist}
Version: 27.2
Release: 10%{?dist}
License: GPLv3+ and CC0-1.0
URL: http://www.gnu.org/software/emacs/
Group: Applications/Editors
Source0: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz
Source1: emacs.desktop
Source3: dotemacs.el
Source4: site-start.el
Source5: default.el
Source1: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz.sig
# generate the keyring via:
# wget https://ftp.gnu.org/gnu/gnu-keyring.gpg
# gpg2 --keyring ./gnu-keyring.gpg --armor --export E6C9029C363AD41D787A8EBB91C1262F01EB8D39 > gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
Source2: gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
Source3: emacs.desktop
Source4: dotemacs.el
Source5: site-start.el
Source6: default.el
# Emacs Terminal Mode, #551949, #617355
Source6: emacs-terminal.desktop
Source7: emacs-terminal.sh
Source8: emacs.service
Source9: %{name}.appdata.xml
# rhbz#1810729
Source10: package-keyring.gpg
Source7: emacs-terminal.desktop
Source8: emacs-terminal.sh
Source9: emacs.service
Source10: %{name}.appdata.xml
# rhbz#713600
Patch1: emacs-spellchecker.patch
Patch2: emacs-system-crypto-policies.patch
Patch3: emacs-ctags-local-command-execute-vulnerability.patch
Patch4: emacs-mh-rmail-nonempty-dir.patch
Patch5: emacs-etags-local-command-injection-vulnerability.patch
Patch6: emacs-htmlfontify-command-injection-vulnerability.patch
Patch7: emacs-ob-latex-command-injection-vulnerability.patch
Patch8: emacs-consider-org-file-contents-unsafe.patch
Patch9: emacs-org-link-expand-abbrev-unsafe-elisp.patch
Patch10: emacs-mark-contents-untrusted.patch
Patch3: emacs-glibc-2.34.patch
Patch4: emacs-ctags-local-command-execute-vulnerability.patch
Patch5: emacs-64KB-page-size-for-pdump.patch
Patch6: emacs-etags-local-command-injection-vulnerability.patch
Patch7: emacs-htmlfontify-command-injection-vulnerability.patch
Patch8: emacs-ruby-mode-local-command-injection-vulnerability.patch
Patch9: emacs-ob-latex-command-injection-vulnerability.patch
Patch10: emacs-org-link-expand-abbrev-unsafe-elisp.patch
BuildRequires: gcc
BuildRequires: atk-devel
BuildRequires: cairo-devel
BuildRequires: freetype-devel
@ -58,26 +61,33 @@ BuildRequires: librsvg2-devel
BuildRequires: m17n-lib-devel
BuildRequires: libotf-devel
BuildRequires: libselinux-devel
BuildRequires: GConf2-devel
BuildRequires: alsa-lib-devel
BuildRequires: gpm-devel
BuildRequires: liblockfile-devel
BuildRequires: libxml2-devel
BuildRequires: autoconf
BuildRequires: bzip2
BuildRequires: cairo
BuildRequires: texinfo
BuildRequires: gzip
BuildRequires: desktop-file-utils
BuildRequires: libacl-devel
BuildRequires: harfbuzz-devel
BuildRequires: jansson-devel
BuildRequires: systemd-devel
BuildRequires: gtk3-devel
BuildRequires: gnupg2
# For lucid
BuildRequires: Xaw3d-devel
%ifarch %{ix86}
BuildRequires: util-linux
%endif
BuildRequires: make
# Emacs doesn't run without dejavu-sans-mono-fonts, rhbz#732422
Requires: desktop-file-utils
@ -103,7 +113,6 @@ This package provides an emacs binary with support for X windows.
%package lucid
Summary: GNU Emacs text editor with LUCID toolkit X support
Group: Applications/Editors
Requires(preun): %{_sbindir}/alternatives
Requires(posttrans): %{_sbindir}/alternatives
Requires: emacs-common = %{epoch}:%{version}-%{release}
@ -120,7 +129,6 @@ using LUCID toolkit.
%package nox
Summary: GNU Emacs text editor without X support
Group: Applications/Editors
Requires(preun): %{_sbindir}/alternatives
Requires(posttrans): %{_sbindir}/alternatives
Requires: emacs-common = %{epoch}:%{version}-%{release}
@ -140,11 +148,8 @@ Summary: Emacs common files
# The entire source code is GPLv3+ except lib-src/etags.c which is
# also BSD. Manual (info) is GFDL.
License: GPLv3+ and GFDL and BSD
Group: Applications/Editors
Requires(preun): /sbin/install-info
Requires(preun): %{_sbindir}/alternatives
Requires(posttrans): %{_sbindir}/alternatives
Requires(post): /sbin/install-info
Requires: %{name}-filesystem = %{epoch}:%{version}-%{release}
Provides: %{name}-el = %{epoch}:%{version}-%{release}
Obsoletes: emacs-el < 1:24.3-29
@ -160,7 +165,6 @@ or emacs-nox.
%package terminal
Summary: A desktop menu item for GNU Emacs terminal.
Group: Applications/Editors
Requires: emacs = %{epoch}:%{version}-%{release}
BuildArch: noarch
@ -173,33 +177,36 @@ removed when another terminal becomes capable of handling Malayalam.
%package filesystem
Summary: Emacs filesystem layout
Group: Applications/Editors
BuildArch: noarch
%description filesystem
This package provides some directories which are required by other
packages that add functionality to Emacs.
%package devel
Summary: Development header files for Emacs
%description devel
Development header files for Emacs.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%setup -q
%patch1 -p1 -b .spellchecker
%patch2 -p1 -b .system-crypto-policies
%patch3 -p1 -b .ctags-local-command-execute-vulnerability
%patch4 -p1 -b .mh-rmail-nonempty-dir.patch
%patch5 -p1 -b .etags-local-command-injection-vulnerability
%patch6 -p1 -b .htmlfontify-command-injection-vulnerability
%patch7 -p1 -b .ob-latex-command-injection-vulnerability
%patch8 -p1 -b .consider-org-file-contents-unsafe
%patch9 -p1 -b .org-link-expand-abbrev-unsafe-elisp
%patch10 -p1 -b .mark-contents-untrusted
%patch3 -p1 -b .glibc2.34
%patch4 -p1 -b .ctags-local-command-execute-vulnerability
%patch5 -p1 -b .64KB-page-size-for-pdump
%patch6 -p1 -b .etags-local-command-injection-vulnerability
%patch7 -p1 -b .htmlfontify-command-injection-vulnerability
%patch8 -p1 -b .ruby-mode-local-command-injection-vulnerability
%patch9 -p1 -b .ob-latex-command-injection-vulnerability
%patch10 -p1 -b .org-link-expand-abbrev-unsafe-elisp
autoconf
# We prefer our emacs.desktop file
cp %SOURCE1 etc/emacs.desktop
# GPG key for GNU ELPA packages backported from Emacs 26.3 (#1810729)
cp %SOURCE10 etc/package-keyring.gpg
cp %SOURCE3 etc/emacs.desktop
grep -v "tetris.elc" lisp/Makefile.in > lisp/Makefile.in.new \
&& mv lisp/Makefile.in.new lisp/Makefile.in
@ -239,8 +246,8 @@ ln -s ../../%{name}/%{version}/etc/NEWS doc
%build
export CFLAGS="-DMAIL_USE_LOCKF $RPM_OPT_FLAGS"
export LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now -fpie"
export CFLAGS="-DMAIL_USE_LOCKF %{build_cflags}"
%set_build_flags
# Build GTK+ binary
mkdir build-gtk && cd build-gtk
@ -248,9 +255,9 @@ ln -s ../configure .
%configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \
--with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3 --with-gpm=no \
--with-modules
--with-modules --with-harfbuzz --with-cairo --with-json
make bootstrap
%{setarch} make %{?_smp_mflags}
%{setarch} %make_build
cd ..
# Build Lucid binary
@ -259,16 +266,16 @@ ln -s ../configure .
%configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \
--with-tiff --with-xft --with-xpm --with-x-toolkit=lucid --with-gpm=no \
--with-modules
--with-modules --with-harfbuzz --with-cairo --with-json
make bootstrap
%{setarch} make %{?_smp_mflags}
%{setarch} %make_build
cd ..
# Build binary without X support
mkdir build-nox && cd build-nox
ln -s ../configure .
%configure --with-x=no --with-modules
%{setarch} make %{?_smp_mflags}
%configure --with-x=no --with-modules --with-json
%{setarch} %make_build
cd ..
# Remove versioned file so that we end up with .1 suffix and only one DOC file
@ -296,29 +303,37 @@ EOF
%install
cd build-gtk
make install INSTALL="%{__install} -p" DESTDIR=%{buildroot}
%make_install
cd ..
# Let alternatives manage the symlink
rm %{buildroot}%{_bindir}/emacs
touch %{buildroot}%{_bindir}/emacs
# Remove emacs.pdmp from common
rm %{buildroot}%{emacs_libexecdir}/emacs.pdmp
# Do not compress the files which implement compression itself (#484830)
gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-compr.el.gz
gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-cmpr-hook.el.gz
# Install emacs.pdmp of the emacs with GTK+
install -p -m 0644 build-gtk/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}.pdmp
# Install the emacs with LUCID toolkit
install -p -m 0755 build-lucid/src/emacs %{buildroot}%{_bindir}/emacs-%{version}-lucid
install -p -m 0644 build-lucid/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}-lucid.pdmp
# Install the emacs without X
install -p -m 0755 build-nox/src/emacs %{buildroot}%{_bindir}/emacs-%{version}-nox
install -p -m 0644 build-nox/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}-nox.pdmp
# Make sure movemail isn't setgid
chmod 755 %{buildroot}%{emacs_libexecdir}/movemail
mkdir -p %{buildroot}%{site_lisp}
install -p -m 0644 %SOURCE4 %{buildroot}%{site_lisp}/site-start.el
install -p -m 0644 %SOURCE5 %{buildroot}%{site_lisp}
install -p -m 0644 %SOURCE5 %{buildroot}%{site_lisp}/site-start.el
install -p -m 0644 %SOURCE6 %{buildroot}%{site_lisp}
# This solves bz#474958, "update-directory-autoloads" now finally
# works the path is different each version, so we'll generate it here
@ -336,7 +351,7 @@ mkdir -p %{buildroot}%{site_lisp}/site-start.d
# Default initialization file
mkdir -p %{buildroot}%{_sysconfdir}/skel
install -p -m 0644 %SOURCE3 %{buildroot}%{_sysconfdir}/skel/.emacs
install -p -m 0644 %SOURCE4 %{buildroot}%{_sysconfdir}/skel/.emacs
# Install pkgconfig file
mkdir -p %{buildroot}/%{pkgconfig}
@ -344,30 +359,32 @@ install -p -m 0644 emacs.pc %{buildroot}/%{pkgconfig}
# Install app data
mkdir -p %{buildroot}/%{_datadir}/appdata
cp -a %SOURCE9 %{buildroot}/%{_datadir}/appdata
cp -a %SOURCE10 %{buildroot}/%{_datadir}/appdata
# Upstream ships its own appdata file, but it's quite terse.
rm %{buildroot}/%{_datadir}/metainfo/emacs.appdata.xml
# Install rpm macro definition file
mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d
install -p -m 0644 macros.emacs %{buildroot}%{_rpmconfigdir}/macros.d/
# Installing emacs-terminal binary
install -p -m 755 %SOURCE7 %{buildroot}%{_bindir}/emacs-terminal
install -p -m 755 %SOURCE8 %{buildroot}%{_bindir}/emacs-terminal
# After everything is installed, remove info dir
rm -f %{buildroot}%{_infodir}/dir
# Installing service file
mkdir -p %{buildroot}%{_userunitdir}
install -p -m 0644 %SOURCE8 %{buildroot}%{_userunitdir}/emacs.service
install -p -m 0644 %SOURCE9 %{buildroot}%{_userunitdir}/emacs.service
# Emacs 26.1 installs the upstream unit file to /usr/lib64 on 64bit archs, we don't want that
rm -f %{buildroot}/usr/lib64/systemd/user/emacs.service
# Install desktop files
mkdir -p %{buildroot}%{_datadir}/applications
desktop-file-install --dir=%{buildroot}%{_datadir}/applications \
%SOURCE1
%SOURCE3
desktop-file-install --dir=%{buildroot}%{_datadir}/applications \
%SOURCE6
%SOURCE7
#
# Create file lists
@ -413,18 +430,8 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg
%{_sbindir}/alternatives --install %{_bindir}/emacs emacs %{_bindir}/emacs-%{version}-nox 70
%{_sbindir}/alternatives --install %{_bindir}/emacs-nox emacs-nox %{_bindir}/emacs-%{version}-nox 60
%post common
for f in %{info_files}; do
/sbin/install-info %{_infodir}/$f.info.gz %{_infodir}/dir 2> /dev/null || :
done
%preun common
%{_sbindir}/alternatives --remove emacs.etags %{_bindir}/etags.emacs
if [ "$1" = 0 ]; then
for f in %{info_files}; do
/sbin/install-info --delete %{_infodir}/$f.info.gz %{_infodir}/dir 2> /dev/null || :
done
fi
%posttrans common
%{_sbindir}/alternatives --install %{_bindir}/etags emacs.etags %{_bindir}/etags.emacs 80 \
@ -432,20 +439,24 @@ fi
%files
%{_bindir}/emacs-%{version}
%{_bindir}/emacs-%{version}.pdmp
%attr(0755,-,-) %ghost %{_bindir}/emacs
%{_datadir}/applications/emacs.desktop
%{_datadir}/appdata/%{name}.appdata.xml
%{_datadir}/icons/hicolor/*/apps/emacs.png
%{_datadir}/icons/hicolor/scalable/apps/emacs.svg
%{_datadir}/icons/hicolor/scalable/apps/emacs.ico
%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document.svg
%files lucid
%{_bindir}/emacs-%{version}-lucid
%{_bindir}/emacs-%{version}-lucid.pdmp
%attr(0755,-,-) %ghost %{_bindir}/emacs
%attr(0755,-,-) %ghost %{_bindir}/emacs-lucid
%files nox
%{_bindir}/emacs-%{version}-nox
%{_bindir}/emacs-%{version}-nox.pdmp
%attr(0755,-,-) %ghost %{_bindir}/emacs
%attr(0755,-,-) %ghost %{_bindir}/emacs-nox
@ -478,44 +489,97 @@ fi
%dir %{_datadir}/emacs/site-lisp
%dir %{_datadir}/emacs/site-lisp/site-start.d
%files devel
%{_includedir}/emacs-module.h
%changelog
* Fri Aug 23 2024 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-12
- org-file-contents: Consider all remote files unsafe (CVE-2024-30205)
* Fri Aug 23 2024 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-10
- org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331)
- Make Gnus treats inline MIME contents as untrusted (CVE-2024-30203)
- Disable xwidgets (RHEL-14549)
- Disable xwidgets (RHEL-33447)
* Wed Apr 12 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-11
- Bump version
* Sun Apr 02 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-9
- Fix etags local command injection vulnerability (#2175190)
- Fix htmlfontify.el command injection vulnerability (#2175179)
- Fix ruby-mode.el local command injection vulnerability (#2175142)
- Fix ob-latex.el command injection vulnerability (#2180590)
* Fri Apr 7 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-10
- Fix etags local command injection vulnerability (#2175189)
- Fix htmlfontify.el command injection vulnerability (#2175178)
- Fix ob-latex.el command injection vulnerability (#2180587)
* Tue Jan 10 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-8
- Use a 64KB page size for pdump (#1979804)
* Tue Jan 10 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-9
- Fix MH-E mail composition with GNU Mailutils (#1991156)
* Wed Jan 04 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-7
- Fix ctags local command execute vulnerability (#2149387)
* Thu Jan 05 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-8
- Fix ctags local command execute vulnerability (#2149386)
* Wed Sep 22 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-6
- Adapt hardening options from _hardened_build macro (#2006856)
* Thu Aug 5 2021 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-7
- provide gating.yaml for CI
* Wed Aug 18 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-5
- Provide gating.yaml for CI (#1975151)
* Mon Jul 19 2021 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-6
- a new GPG key for GNU ELPA packages (#1810729)
* Tue Aug 10 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-4
- Fix FTBFS with glibc 2.34 (#1975151)
* Mon Sep 10 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-5
- review annocheck distro flag failures (#1624109)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:27.2-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Aug 14 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-4
- remove ImageMagick dependency (#1564992)
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:27.2-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Aug 13 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-3
* Sat Mar 27 2021 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.2-1
- emacs-27.2 is available
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:27.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Aug 18 2020 Jan Synáček <jsynacek@redhat.com> - 1:27.1-2
- use make macros (original patch provided by Tom Stellard)
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Tue Aug 11 2020 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.1-1
- emacs-27.1 is available (#1867841)
- Add systemd-devel to support Type=notify in unit file
- Build with Cairo and Jansson support
- Remove ImageMagick dependency as it's no longer used
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Apr 16 2020 Dan Čermák <dan.cermak@cgc-instruments.com> - 1:26.3-3
- Drop dependency on GConf2
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sun Sep 08 2019 Maximiliano Sandoval <msandoval@protonmail.com> - 1:26.3-1
- emacs-26.3 is available (#1747101)
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Apr 17 2019 Jan Synáček <jsynacek@redhat.com> - 1:26.2-1
- emacs-26.2 is available (#1699434)
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Aug 28 2018 Michael Cronenworth <mike@cchtml.com> - 1:26.1-7
- Rebuild for new ImageMagick 6.9.10
* Mon Aug 13 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-6
- remove python dependencies, emacs*.py have not been there for a while
* Mon Jun 18 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-2
- remove build dependency on python2 (#1591707)
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1:26.1-4
- Rebuilt for Python 3.7
* Tue Jun 26 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-3
- Refix: Emacs crashes when loading color fonts (#1519038)
+ emacs SIGABRT after XProtocolError on displaying an email in Gnus (#1591223)
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1:26.1-2
- Rebuilt for Python 3.7
* Wed May 30 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-1
- emacs-26.1 is available (#1583433)

View File

@ -1,36 +0,0 @@
From 2bc865ace050ff118db43f01457f95f95112b877 Mon Sep 17 00:00:00 2001
From: Ihor Radchenko <yantar92@posteo.net>
Date: Tue, 20 Feb 2024 14:59:20 +0300
Subject: org-file-contents: Consider all remote files unsafe
* lisp/org/org.el (org-file-contents): When loading files, consider all
remote files (like TRAMP-fetched files) unsafe, in addition to URLs.
---
lisp/org/org.el | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lisp/org/org.el b/lisp/org/org.el
index 0f5d17d..76559c9 100644
--- a/lisp/org/org.el
+++ b/lisp/org/org.el
@@ -4576,12 +4576,16 @@ from file or URL, and return nil.
If NOCACHE is non-nil, do a fresh fetch of FILE even if cached version
is available. This option applies only if FILE is a URL."
(let* ((is-url (org-file-url-p file))
+ (is-remote (condition-case nil
+ (file-remote-p file)
+ ;; In case of error, be safe.
+ (t t)))
(cache (and is-url
(not nocache)
(gethash file org--file-cache))))
(cond
(cache)
- (is-url
+ ((or is-url is-remote)
(with-current-buffer (url-retrieve-synchronously file)
(goto-char (point-min))
;; Move point to after the url-retrieve header.
--
cgit v1.1

View File

@ -1,223 +0,0 @@
diff --git a/lib-src/etags.c b/lib-src/etags.c
index 588921bc70..a156444281 100644
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@@ -371,7 +371,7 @@ static void just_read_file (FILE *);
static language *get_language_from_langname (const char *);
static void readline (linebuffer *, FILE *);
-static long readline_internal (linebuffer *, FILE *, char const *);
+static long readline_internal (linebuffer *, FILE *, char const *, const bool);
static bool nocase_tail (const char *);
static void get_tag (char *, char **);
static void get_lispy_tag (char *);
@@ -394,7 +394,9 @@ static void free_fdesc (fdesc *);
static void pfnote (char *, bool, char *, int, int, long);
static void invalidate_nodes (fdesc *, node **);
static void put_entries (node *);
+static void clean_matched_file_tag (char const * const, char const * const);
+static void do_move_file (const char *, const char *);
static char *concat (const char *, const char *, const char *);
static char *skip_spaces (char *);
static char *skip_non_spaces (char *);
@@ -1307,7 +1309,7 @@ main (int argc, char **argv)
if (parsing_stdin)
fatal ("cannot parse standard input "
"AND read file names from it");
- while (readline_internal (&filename_lb, stdin, "-") > 0)
+ while (readline_internal (&filename_lb, stdin, "-", false) > 0)
process_file_name (filename_lb.buffer, lang);
}
else
@@ -1355,9 +1357,6 @@ main (int argc, char **argv)
/* From here on, we are in (CTAGS && !cxref_style) */
if (update)
{
- char *cmd =
- xmalloc (strlen (tagfile) + whatlen_max +
- sizeof "mv..OTAGS;grep -Fv '\t\t' OTAGS >;rm OTAGS");
for (i = 0; i < current_arg; ++i)
{
switch (argbuffer[i].arg_type)
@@ -1368,17 +1367,8 @@ main (int argc, char **argv)
default:
continue; /* the for loop */
}
- char *z = stpcpy (cmd, "mv ");
- z = stpcpy (z, tagfile);
- z = stpcpy (z, " OTAGS;grep -Fv '\t");
- z = stpcpy (z, argbuffer[i].what);
- z = stpcpy (z, "\t' OTAGS >");
- z = stpcpy (z, tagfile);
- strcpy (z, ";rm OTAGS");
- if (system (cmd) != EXIT_SUCCESS)
- fatal ("failed to execute shell command");
+ clean_matched_file_tag (tagfile, argbuffer[i].what);
}
- free (cmd);
append_to_tagfile = true;
}
@@ -1407,6 +1397,51 @@ main (int argc, char **argv)
return EXIT_SUCCESS;
}
+/*
+ * Equivalent to: mv tags OTAGS;grep -Fv ' filename ' OTAGS >tags;rm OTAGS
+ */
+static void
+clean_matched_file_tag (const char* tagfile, const char* match_file_name)
+{
+ FILE *otags_f = fopen ("OTAGS", "wb");
+ FILE *tag_f = fopen (tagfile, "rb");
+
+ if (otags_f == NULL)
+ pfatal ("OTAGS");
+
+ if (tag_f == NULL)
+ pfatal (tagfile);
+
+ int buf_len = strlen (match_file_name) + sizeof ("\t\t ") + 1;
+ char *buf = xmalloc (buf_len);
+ snprintf (buf, buf_len, "\t%s\t", match_file_name);
+
+ linebuffer line;
+ linebuffer_init (&line);
+ while (readline_internal (&line, tag_f, tagfile, true) > 0)
+ {
+ if (ferror (tag_f))
+ pfatal (tagfile);
+
+ if (strstr (line.buffer, buf) == NULL)
+ {
+ fprintf (otags_f, "%s\n", line.buffer);
+ if (ferror (tag_f))
+ pfatal (tagfile);
+ }
+ }
+ free (buf);
+ free (line.buffer);
+
+ if (fclose (otags_f) == EOF)
+ pfatal ("OTAGS");
+
+ if (fclose (tag_f) == EOF)
+ pfatal (tagfile);
+
+ do_move_file ("OTAGS", tagfile);
+ return;
+}
/*
* Return a compressor given the file name. If EXTPTR is non-zero,
@@ -1794,7 +1829,7 @@ find_entries (FILE *inf)
/* Else look for sharp-bang as the first two characters. */
if (parser == NULL
- && readline_internal (&lb, inf, infilename) > 0
+ && readline_internal (&lb, inf, infilename, false) > 0
&& lb.len >= 2
&& lb.buffer[0] == '#'
&& lb.buffer[1] == '!')
@@ -6293,7 +6328,7 @@ analyze_regex (char *regex_arg)
if (regexfp == NULL)
pfatal (regexfile);
linebuffer_init (&regexbuf);
- while (readline_internal (&regexbuf, regexfp, regexfile) > 0)
+ while (readline_internal (&regexbuf, regexfp, regexfile, false) > 0)
analyze_regex (regexbuf.buffer);
free (regexbuf.buffer);
if (fclose (regexfp) != 0)
@@ -6648,11 +6683,13 @@ get_lispy_tag (register char *bp)
/*
* Read a line of text from `stream' into `lbp', excluding the
- * newline or CR-NL, if any. Return the number of characters read from
- * `stream', which is the length of the line including the newline.
+ * newline or CR-NL (if `leave_cr` is false), if any. Return the
+ * number of characters read from `stream', which is the length
+ * of the line including the newline.
*
- * On DOS or Windows we do not count the CR character, if any before the
- * NL, in the returned length; this mirrors the behavior of Emacs on those
+ * On DOS or Windows, if `leave_cr` is false, we do not count the
+ * CR character, if any before the NL, in the returned length;
+ * this mirrors the behavior of Emacs on those
* platforms (for text files, it translates CR-NL to NL as it reads in the
* file).
*
@@ -6660,7 +6697,7 @@ get_lispy_tag (register char *bp)
* appended to `filebuf'.
*/
static long
-readline_internal (linebuffer *lbp, FILE *stream, char const *filename)
+readline_internal (linebuffer *lbp, FILE *stream, char const *filename, const bool leave_cr)
{
char *buffer = lbp->buffer;
char *p = lbp->buffer;
@@ -6691,7 +6728,7 @@ readline_internal (linebuffer *lbp, FILE *stream, char const *filename)
}
if (c == '\n')
{
- if (p > buffer && p[-1] == '\r')
+ if (!leave_cr && p > buffer && p[-1] == '\r')
{
p -= 1;
chars_deleted = 2;
@@ -6736,7 +6773,7 @@ readline (linebuffer *lbp, FILE *stream)
long result;
linecharno = charno; /* update global char number of line start */
- result = readline_internal (lbp, stream, infilename); /* read line */
+ result = readline_internal (lbp, stream, infilename, false); /* read line */
lineno += 1; /* increment global line number */
charno += result; /* increment global char number */
@@ -7104,6 +7141,46 @@ etags_mktmp (void)
return templt;
}
+static void
+do_move_file(const char *src_file, const char *dst_file)
+{
+ if (rename (src_file, dst_file) == 0)
+ return;
+
+ FILE *src_f = fopen (src_file, "rb");
+ FILE *dst_f = fopen (dst_file, "wb");
+
+ if (src_f == NULL)
+ pfatal (src_file);
+
+ if (dst_f == NULL)
+ pfatal (dst_file);
+
+ int c;
+ while ((c = fgetc (src_f)) != EOF)
+ {
+ if (ferror (src_f))
+ pfatal (src_file);
+
+ if (ferror (dst_f))
+ pfatal (dst_file);
+
+ if (fputc (c, dst_f) == EOF)
+ pfatal ("cannot write");
+ }
+
+ if (fclose (src_f) == EOF)
+ pfatal (src_file);
+
+ if (fclose (dst_f) == EOF)
+ pfatal (dst_file);
+
+ if (unlink (src_file) == -1)
+ pfatal ("unlink error");
+
+ return;
+}
+
/* Return a newly allocated string containing the file name of FILE
relative to the absolute directory DIR (which should end with a slash). */
static char *

View File

@ -1,25 +0,0 @@
From 937b9042ad7426acdcca33e3d931d8f495bdd804 Mon Sep 17 00:00:00 2001
From: Ihor Radchenko <yantar92@posteo.net>
Date: Tue, 20 Feb 2024 12:44:30 +0300
Subject: * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark contents
untrusted.
---
lisp/gnus/mm-view.el | 1 +
1 file changed, 1 insertion(+)
diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
index 2e1261c..5f234e5 100644
--- a/lisp/gnus/mm-view.el
+++ b/lisp/gnus/mm-view.el
@@ -504,6 +504,7 @@ If MODE is not set, try to find mode automatically."
(setq coding-system (mm-find-buffer-file-coding-system)))
(setq text (buffer-string))))
(with-temp-buffer
+ (setq untrusted-content t)
(buffer-disable-undo)
(mm-enable-multibyte)
(insert (cond ((eq charset 'gnus-decoded)
--
cgit v1.1

View File

@ -1,31 +0,0 @@
From b73cde5e2815c531df7f5fd13e214a7d92f78239 Mon Sep 17 00:00:00 2001
From: Mike Kupfer <mkupfer@alum.berkeley.edu>
Date: Wed, 4 Jul 2018 15:43:04 -0700
Subject: [PATCH] Fix MH-E mail composition with GNU Mailutils (SF#485)
* lisp/mh-e/mh-comp.el (mh-bare-components): Recursively delete
the temporary folder.
---
lisp/mh-e/mh-comp.el | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lisp/mh-e/mh-comp.el b/lisp/mh-e/mh-comp.el
index a9f809cfa1..aa22df8b18 100644
--- a/lisp/mh-e/mh-comp.el
+++ b/lisp/mh-e/mh-comp.el
@@ -925,8 +925,10 @@ mh-bare-components
(list "-form" mh-comp-formfile)))
(setq new (make-temp-file "comp."))
(rename-file (concat temp-folder "/" "1") new t)
- (delete-file (concat temp-folder "/" ".mh_sequences"))
- (delete-directory temp-folder)
+ ;; The temp folder could contain various metadata files. Rather
+ ;; than trying to enumerate all the known files, just do a
+ ;; recursive delete on the directory.
+ (delete-directory temp-folder t)
new))
(defun mh-read-draft (use initial-contents delete-contents-file)
--
2.36.1

View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

View File

@ -1,2 +0,0 @@
SHA512 (emacs-26.1.tar.xz) = 537c2cfdd281151b360002419dde6280c313e07a937ed96405c67f754b3401ec5541091a3c0aa6690929bc33dd79e8e0d8844e7a6b014b7798c63cb15de210c2
SHA512 (package-keyring.gpg) = ca0dfa2edda9a6de5837dd6d754d574b13e007561e8dcc99c178d24f6a5dbb6880edc95db9d6afbea8bdf0b409671657fe22a778003ea0ccf351dce5e4fd429f