Compare commits

...

No commits in common. "c8s" and "c9-beta" have entirely different histories.
c8s ... c9-beta

32 changed files with 9711 additions and 641 deletions

1
.emacs.metadata Normal file
View File

@ -0,0 +1 @@
8d18e2bfb6e28cf060ce7587290954e9c582aa25 SOURCES/emacs-27.2.tar.xz

5
.gitignore vendored
View File

@ -1,4 +1 @@
SOURCES/emacs-26.1.tar.xz
SOURCES/package-keyring.gpg
/emacs-26.1.tar.xz
/package-keyring.gpg
SOURCES/emacs-27.2.tar.xz

View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJgXHmkAAoJEJHBJi8B6405d2EIAIPafSj+sV3Hemu9CSPL+F38
KutOo7nUF1AO0tgdijPGZ4BTBsWnsum0dLQ/JLtor7/NQuqrZTMJQbrorLluwCR7
p1aVtwQ+enWn3G0Aq/4uWo0xaMCvJlEPOQuYE8Dtt12PFZzmfAE1r4KZa4cL073h
suugT/tz7awq7QS6GbjI88mkJXVMuEwVYPPS2tzBUTkA2152dikFSyqBhUnIo3Ni
eDN6NvSYBpL1I9HgNYuiBJp9xv8CzGtwm/7Nidntzl9SPVQlZkZIHNj8tRbE67Ge
R0EXBgnDsSKlRUM51R7PejnSG6134VcLCaItMF6dIiVBu6BwQXw1t+zdqnzG6v8=
=L6J6
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,31 @@
From 216c65b135c2b0be7e048cdc6683873b03b99b9a Mon Sep 17 00:00:00 2001
From: Lars Ingebrigtsen <larsi@gnus.org>
Date: Sun, 28 Mar 2021 19:13:00 +0200
Subject: [PATCH] Use a 64KB page size for pdump
* src/pdumper.c (dump_get_page_size): Use a 64KB page size on all
architectures, as this many vary between systems (bug#47125).
---
src/pdumper.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/pdumper.c b/src/pdumper.c
index 337742fda4..fdd9b3bacb 100644
--- a/src/pdumper.c
+++ b/src/pdumper.c
@@ -162,11 +162,7 @@ ptrdiff_t_to_dump_off (ptrdiff_t value)
static int
dump_get_page_size (void)
{
-#if defined (WINDOWSNT) || defined (CYGWIN)
- return 64 * 1024; /* Worst-case allocation granularity. */
-#else
- return getpagesize ();
-#endif
+ return 64 * 1024;
}
#define dump_offsetof(type, member) \
--
2.36.1

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,40 @@
From f97e07ea807cc6d38774a3888a15091b20645ac6 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 9 Mar 2021 11:22:59 -0800
Subject: [PATCH] Port alternate signal stack to upcoming glibc 2.34
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* src/sysdep.c (sigsegv_stack): Increase size to 64 KiB and align
it to max_align_t. This copies from Gnulibs c-stack.c, and works
around a portability bug in draft glibc 2.34, which no longer
defines SIGSTKSZ when _GNU_SOURCE is defined.
---
src/sysdep.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/sysdep.c b/src/sysdep.c
index 941b4e2fa2..24d8832b2f 100644
--- a/src/sysdep.c
+++ b/src/sysdep.c
@@ -1785,7 +1785,15 @@ handle_arith_signal (int sig)
/* Alternate stack used by SIGSEGV handler below. */
-static unsigned char sigsegv_stack[SIGSTKSZ];
+/* Storage for the alternate signal stack.
+ 64 KiB is not too large for Emacs, and is large enough
+ for all known platforms. Smaller sizes may run into trouble.
+ For example, libsigsegv 2.6 through 2.8 have a bug where some
+ architectures use more than the Linux default of an 8 KiB alternate
+ stack when deciding if a fault was caused by stack overflow. */
+static max_align_t sigsegv_stack[(64 * 1024
+ + sizeof (max_align_t) - 1)
+ / sizeof (max_align_t)];
/* Return true if SIGINFO indicates a stack overflow. */
--
2.29.2

View File

@ -0,0 +1,57 @@
From 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c Mon Sep 17 00:00:00 2001
From: Ihor Radchenko <yantar92@posteo.net>
Date: Tue, 20 Feb 2024 12:47:24 +0300
Subject: org-latex-preview: Add protection when `untrusted-content' is non-nil
* lisp/org/org.el (org--latex-preview-when-risky): New variable
controlling how to handle LaTeX previews in Org files from untrusted
origin.
(org-latex-preview): Consult `org--latex-preview-when-risky' before
generating previews.
This patch adds a layer of protection when LaTeX preview is requested
for an email attachment, where `untrusted-content' is set to non-nil.
---
lisp/org/org.el | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/lisp/org/org.el b/lisp/org/org.el
index c75afbf..0f5d17d 100644
--- a/lisp/org/org.el
+++ b/lisp/org/org.el
@@ -1140,6 +1140,24 @@ the following lines anywhere in the buffer:
:package-version '(Org . "8.0")
:type 'boolean)
+(defvar untrusted-content) ; defined in files.el
+(defvar org--latex-preview-when-risky nil
+ "If non-nil, enable LaTeX preview in Org buffers from unsafe source.
+
+Some specially designed LaTeX code may generate huge pdf or log files
+that may exhaust disk space.
+
+This variable controls how to handle LaTeX preview when rendering LaTeX
+fragments that originate from incoming email messages. It has no effect
+when Org mode is unable to determine the origin of the Org buffer.
+
+An Org buffer is considered to be from unsafe source when the
+variable `untrusted-content' has a non-nil value in the buffer.
+
+If this variable is non-nil, LaTeX previews are rendered unconditionally.
+
+This variable may be renamed or changed in the future.")
+
(defcustom org-insert-mode-line-in-empty-file nil
"Non-nil means insert the first line setting Org mode in empty files.
When the function `org-mode' is called interactively in an empty file, this
@@ -15695,6 +15713,7 @@ fragments in the buffer."
(interactive "P")
(cond
((not (display-graphic-p)) nil)
+ ((and untrusted-content (not org--latex-preview-when-risky)) nil)
;; Clear whole buffer.
((equal arg '(64))
(org-clear-latex-preview (point-min) (point-max))
--
cgit v1.1

View File

@ -29,6 +29,29 @@ index 55cb938..d963964 100644
(if Man-downcase-section-letters-flag
(setq section (downcase section)))
(while slist
diff --git a/test/lisp/man-tests.el b/test/lisp/man-tests.el
index 140482e..11f5f80 100644
--- a/test/lisp/man-tests.el
+++ b/test/lisp/man-tests.el
@@ -161,6 +161,18 @@ DESCRIPTION
(let ((button (button-at (match-beginning 0))))
(should (and button (eq 'Man-xref-header-file (button-type button))))))))))
+(ert-deftest man-tests-Man-translate-references ()
+ (should (equal (Man-translate-references "basename")
+ "basename"))
+ (should (equal (Man-translate-references "basename(3)")
+ "3 basename"))
+ (should (equal (Man-translate-references "basename(3v)")
+ "3v basename"))
+ (should (equal (Man-translate-references ";id")
+ "\\;id"))
+ (should (equal (Man-translate-references "-k basename")
+ "-k basename")))
+
(provide 'man-tests)
;;; man-tests.el ends here
--
cgit v1.1

View File

@ -3,44 +3,34 @@ From: Ihor Radchenko <yantar92@posteo.net>
Date: Tue, 18 Jun 2024 13:06:44 +0200
Subject: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
* lisp/org/org.el (org-link-expand-abbrev): Refuse expanding %(...) link
* lisp/org/ol.el (org-link-expand-abbrev): Refuse expanding %(...) link
abbrevs that specify unsafe function. Instead, display a warning, and
do not expand the abbrev. Clear all the text properties from the
returned link, to avoid any potential vulnerabilities caused by
properties that may contain arbitrary Elisp.
---
lisp/org/org.el | 40 +++++++++++++++++++++++++++++-----------
lisp/org/ol.el | 40 +++++++++++++++++++++++++++++-----------
1 file changed, 29 insertions(+), 11 deletions(-)
diff --git a/lisp/org/org.el b/lisp/org/org.el
diff --git a/lisp/org/ol.el b/lisp/org/ol.el
index 7a7f4f5..8a556c7 100644
--- a/lisp/org/org.el
+++ b/lisp/org/org.el
@@ -1152,26 +1152,44 @@ Abbreviations are defined in `org-link-abbrev-alist'."
(defun org-link-expand-abbrev (link)
"Apply replacements as defined in `org-link-abbrev-alist'."
- (if (string-match "^\\([^:]*\\)\\(::?\\(.*\\)\\)?$" link)
+ (if (not (string-match "^\\([^:]*\\)\\(::?\\(.*\\)\\)?$" link)) link
(let* ((key (match-string 1 link))
(as (or (assoc key org-link-abbrev-alist-local)
(assoc key org-link-abbrev-alist)))
(tag (and (match-end 2) (match-string 3 link)))
rpl)
(if (not as)
link
(setq rpl (cdr as))
- (cond
- ((symbolp rpl) (funcall rpl tag))
- ((string-match "%(\\([^)]+\\))" rpl)
- (replace-match
- (save-match-data
- (funcall (intern-soft (match-string 1 rpl)) tag)) t t rpl))
- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
- ((string-match "%h" rpl)
- (replace-match (url-hexify-string (or tag "")) t t rpl))
- (t (concat rpl tag)))))
- link))
--- a/lisp/org/ol.el
+++ b/lisp/org/ol.el
@@ -1152,17 +1152,35 @@ Abbreviations are defined in `org-link-abbrev-alist'."
(if (not as)
link
(setq rpl (cdr as))
- (cond
- ((symbolp rpl) (funcall rpl tag))
- ((string-match "%(\\([^)]+\\))" rpl)
- (replace-match
- (save-match-data
- (funcall (intern-soft (match-string 1 rpl)) tag))
- t t rpl))
- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
- ((string-match "%h" rpl)
- (replace-match (url-hexify-string (or tag "")) t t rpl))
- (t (concat rpl tag)))))))
+ ;; Drop any potentially dangerous text properties like
+ ;; `modification-hooks' that may be used as an attack vector.
+ (substring-no-properties
@ -71,8 +61,8 @@ index 7a7f4f5..8a556c7 100644
+ (replace-match (url-hexify-string (or tag "")) t t rpl))
+ (t (concat rpl tag))))))))
;;; Storing and inserting links
(defun org-link-open (link &optional arg)
"Open a link object LINK.
--
cgit v1.1

View File

@ -0,0 +1,28 @@
From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Fri, 23 Dec 2022 12:52:48 +0800
Subject: [PATCH] Fix ruby-mode.el local command injection vulnerability
(bug#60268)
* lisp/progmodes/ruby-mode.el
(ruby-find-library-file): Fix local command injection vulnerability.
---
lisp/progmodes/ruby-mode.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el
index 1f3e9b6ae7b..a4aa61905e4 100644
--- a/lisp/progmodes/ruby-mode.el
+++ b/lisp/progmodes/ruby-mode.el
@@ -1820,7 +1820,7 @@ ruby-find-library-file
(setq feature-name (read-string "Feature name: " init))))
(let ((out
(substring
- (shell-command-to-string (concat "gem which " feature-name))
+ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
0 -1)))
(if (string-match-p "\\`ERROR" out)
(user-error "%s" out)
--
2.36.1

View File

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF+pf4UBCAC6vjkWLSAsQpe8YIGKLQzNOJx/IjGtCdFF8uzmO5jmME+SD8RO
uJN+t5KXVw58uzu75EFD0vHTY9e+udJ2gkpuy0NnzkFcbumdLLo2ERKCoSctZZRh
zKXI5z5cHxCqW0B2ygHRrRLtoNlGID7bAgcgSViT1ptGqTXO7zGVu4Airok7dNzc
PtHgns8GlR5YAFX0TvE6oGd0l2VPghNeVJKJOjrbfhoDxl3ucFpqbqMH8z9HTLDO
Fpz8UaYYUdJMi3xX6vwTZxI2sM2RRVLUpZyllAkSMI4lln1OOgazM/62DJUs/rKI
HKBnF6h3/qsJUjUYXaAHbrXY26mWllAd536lABEBAAG0I0VsaSBaYXJldHNraWkg
KGVsaXopIDxlbGl6QGdudS5vcmc+iQE4BBMBAgAiBQJfqX+FAhsDBgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAAKCRCRwSYvAeuNOYUQB/4/iIKKOG45ijNaRoTvmJJZ
Mvj1S07WQxEm7c5SHEeEQbLOAxB9vESOV7sLueuN3oqEndtzyYt4x1WTSBmHFF7h
5fcCMjBs41siOIp5Sj/xD0Bvaa0IKGCRSZ7PAo8Mq3wgajXpTpn9vxE2PmtzA8Kd
EE0K1+f9pVAfOpUIcCl44rIxLUW352XG0y7iz6c/O6LB1deOKMiKFctKO7pBti1d
JEm1ImewLH3H8uTbwspLOs3EB8xhsESxmTidnze68HX2jt+2EeMgCdkiNU+LWbex
QZPfIS7+ZmE06ll0v6+Jy7ZdTkCCRypKWTnW7pIFsq/p4kybV8O/kHSV6B4vvQBf
uQENBF+pf4UBCACvFrdx/m22lgObypSmSS4TNlNvQnMUorrMmp0U32hv5adt6CKX
eMjk05F+GcIfVMrpxqMBn4sEUIXWhhogQJa9ZbWEP/HbS8XjMMbz0Q0Siaty9+DS
spK/9u2GWKsz3uQzLCexIJtzmXvjAVmvoMCAU/F2t038ggygjYLRgyLRNLgbbart
u2dMkvrfxRjheip60S4S3utOcwUf/qdoa1grNannCFluHr/ftXCeeuGB4H8iO0BX
WNby6NZPizxJttx9gdcH8/OmDOJkXyRMTT/3sSem76CSOjfXcz7saJlg680NQhG5
TmuYERjJD4+U02K5RuqTsEnOuWeFy4p+/mslABEBAAGJAR8EGAECAAkFAl+pf4UC
GwwACgkQkcEmLwHrjTno7Af/a1XoLHxAUkS43nmF8iazn3ZnuwWKWLEAsNrxk56y
UxhUPRzNs0/fsABDQR1o0DyTqbScKOcOMSG2YMCctLiDd7FdfMWwkUsV9GUpPBiR
tD60Ewmn9sbNJKrEoZ5L6sqOUEslJRVABu5taOzVIRfeUPPaMRjvCcr0d+epKjW8
1J9Aqj8SskuNkHwvHchTYFYVT22aemjjZ1MGOUm7QiybWQgYL6aSPV2gR+NQQ7pE
hOBoEi6GLEiBkoYOIXvmxsqQLBrUPbsJq8lItYEaw4HGt8BaPxtK2yZ9mSqC2xhW
Yr1j1YAIHffzubC0jxc5znXERsRANoJOwNUXmiddD7UM9A==
=g4R7
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -4,37 +4,41 @@
Summary: GNU Emacs text editor
Name: emacs
Epoch: 1
Version: 26.1
Release: 15%{?dist}
Version: 27.2
Release: 13%{?dist}
License: GPLv3+ and CC0-1.0
URL: http://www.gnu.org/software/emacs/
Group: Applications/Editors
Source0: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz
Source1: emacs.desktop
Source3: dotemacs.el
Source4: site-start.el
Source5: default.el
Source1: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz.sig
# generate the keyring via:
# wget https://ftp.gnu.org/gnu/gnu-keyring.gpg
# gpg2 --keyring ./gnu-keyring.gpg --armor --export E6C9029C363AD41D787A8EBB91C1262F01EB8D39 > gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
Source2: gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
Source3: emacs.desktop
Source4: dotemacs.el
Source5: site-start.el
Source6: default.el
# Emacs Terminal Mode, #551949, #617355
Source6: emacs-terminal.desktop
Source7: emacs-terminal.sh
Source8: emacs.service
Source9: %{name}.appdata.xml
# rhbz#1810729
Source10: package-keyring.gpg
Source7: emacs-terminal.desktop
Source8: emacs-terminal.sh
Source9: emacs.service
Source10: %{name}.appdata.xml
# rhbz#713600
Patch1: emacs-spellchecker.patch
Patch2: emacs-system-crypto-policies.patch
Patch3: emacs-ctags-local-command-execute-vulnerability.patch
Patch4: emacs-mh-rmail-nonempty-dir.patch
Patch5: emacs-etags-local-command-injection-vulnerability.patch
Patch6: emacs-htmlfontify-command-injection-vulnerability.patch
Patch7: emacs-ob-latex-command-injection-vulnerability.patch
Patch8: emacs-consider-org-file-contents-unsafe.patch
Patch9: emacs-org-link-expand-abbrev-unsafe-elisp.patch
Patch10: emacs-mark-contents-untrusted.patch
Patch11: emacs-man-el-shell-injection-vulnerability.patch
Patch12: emacs-CVE-2024-53920.patch
Patch3: emacs-glibc-2.34.patch
Patch4: emacs-ctags-local-command-execute-vulnerability.patch
Patch5: emacs-64KB-page-size-for-pdump.patch
Patch6: emacs-etags-local-command-injection-vulnerability.patch
Patch7: emacs-htmlfontify-command-injection-vulnerability.patch
Patch8: emacs-ruby-mode-local-command-injection-vulnerability.patch
Patch9: emacs-ob-latex-command-injection-vulnerability.patch
Patch10: emacs-consider-org-file-contents-unsafe.patch
Patch11: emacs-mark-contents-untrusted.patch
Patch12: emacs-latex-preview.patch
Patch13: emacs-org-link-expand-abbrev-unsafe-elisp.patch
Patch14: emacs-man-el-shell-injection-vulnerability.patch
BuildRequires: gcc
BuildRequires: atk-devel
BuildRequires: cairo-devel
BuildRequires: freetype-devel
@ -60,26 +64,33 @@ BuildRequires: librsvg2-devel
BuildRequires: m17n-lib-devel
BuildRequires: libotf-devel
BuildRequires: libselinux-devel
BuildRequires: GConf2-devel
BuildRequires: alsa-lib-devel
BuildRequires: gpm-devel
BuildRequires: liblockfile-devel
BuildRequires: libxml2-devel
BuildRequires: autoconf
BuildRequires: bzip2
BuildRequires: cairo
BuildRequires: texinfo
BuildRequires: gzip
BuildRequires: desktop-file-utils
BuildRequires: libacl-devel
BuildRequires: harfbuzz-devel
BuildRequires: jansson-devel
BuildRequires: systemd-devel
BuildRequires: gtk3-devel
BuildRequires: gnupg2
# For lucid
BuildRequires: Xaw3d-devel
%ifarch %{ix86}
BuildRequires: util-linux
%endif
BuildRequires: make
# Emacs doesn't run without dejavu-sans-mono-fonts, rhbz#732422
Requires: desktop-file-utils
@ -105,7 +116,6 @@ This package provides an emacs binary with support for X windows.
%package lucid
Summary: GNU Emacs text editor with LUCID toolkit X support
Group: Applications/Editors
Requires(preun): %{_sbindir}/alternatives
Requires(posttrans): %{_sbindir}/alternatives
Requires: emacs-common = %{epoch}:%{version}-%{release}
@ -122,7 +132,6 @@ using LUCID toolkit.
%package nox
Summary: GNU Emacs text editor without X support
Group: Applications/Editors
Requires(preun): %{_sbindir}/alternatives
Requires(posttrans): %{_sbindir}/alternatives
Requires: emacs-common = %{epoch}:%{version}-%{release}
@ -142,11 +151,8 @@ Summary: Emacs common files
# The entire source code is GPLv3+ except lib-src/etags.c which is
# also BSD. Manual (info) is GFDL.
License: GPLv3+ and GFDL and BSD
Group: Applications/Editors
Requires(preun): /sbin/install-info
Requires(preun): %{_sbindir}/alternatives
Requires(posttrans): %{_sbindir}/alternatives
Requires(post): /sbin/install-info
Requires: %{name}-filesystem = %{epoch}:%{version}-%{release}
Provides: %{name}-el = %{epoch}:%{version}-%{release}
Obsoletes: emacs-el < 1:24.3-29
@ -162,7 +168,6 @@ or emacs-nox.
%package terminal
Summary: A desktop menu item for GNU Emacs terminal.
Group: Applications/Editors
Requires: emacs = %{epoch}:%{version}-%{release}
BuildArch: noarch
@ -175,35 +180,40 @@ removed when another terminal becomes capable of handling Malayalam.
%package filesystem
Summary: Emacs filesystem layout
Group: Applications/Editors
BuildArch: noarch
%description filesystem
This package provides some directories which are required by other
packages that add functionality to Emacs.
%package devel
Summary: Development header files for Emacs
%description devel
Development header files for Emacs.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%setup -q
%patch1 -p1 -b .spellchecker
%patch2 -p1 -b .system-crypto-policies
%patch3 -p1 -b .ctags-local-command-execute-vulnerability
%patch4 -p1 -b .mh-rmail-nonempty-dir.patch
%patch5 -p1 -b .etags-local-command-injection-vulnerability
%patch6 -p1 -b .htmlfontify-command-injection-vulnerability
%patch7 -p1 -b .ob-latex-command-injection-vulnerability
%patch8 -p1 -b .consider-org-file-contents-unsafe
%patch9 -p1 -b .org-link-expand-abbrev-unsafe-elisp
%patch10 -p1 -b .mark-contents-untrusted
%patch11 -p1 -b .emacs-man-el-shell-injection-vulnerability
%patch12 -p1 -b .CVE-2024-53920
%patch -P 1 -p1 -b .spellchecker
%patch -P 2 -p1 -b .system-crypto-policies
%patch -P 3 -p1 -b .glibc2.34
%patch -P 4 -p1 -b .ctags-local-command-execute-vulnerability
%patch -P 5 -p1 -b .64KB-page-size-for-pdump
%patch -P 6 -p1 -b .etags-local-command-injection-vulnerability
%patch -P 7 -p1 -b .htmlfontify-command-injection-vulnerability
%patch -P 8 -p1 -b .ruby-mode-local-command-injection-vulnerability
%patch -P 9 -p1 -b .ob-latex-command-injection-vulnerability
%patch -P 10 -p1 -b .consider-org-file-contents-unsafe
%patch -P 11 -p1 -b .mark-contents-untrusted
%patch -P 12 -p1 -b .latex-preview
%patch -P 13 -p1 -b .org-link-expand-abbrev-unsafe-elisp
%patch -P 14 -p1 -b .man-el-shell-injection-vulnerability
autoconf
# We prefer our emacs.desktop file
cp %SOURCE1 etc/emacs.desktop
# GPG key for GNU ELPA packages backported from Emacs 26.3 (#1810729)
cp %SOURCE10 etc/package-keyring.gpg
cp %SOURCE3 etc/emacs.desktop
grep -v "tetris.elc" lisp/Makefile.in > lisp/Makefile.in.new \
&& mv lisp/Makefile.in.new lisp/Makefile.in
@ -243,8 +253,8 @@ ln -s ../../%{name}/%{version}/etc/NEWS doc
%build
export CFLAGS="-DMAIL_USE_LOCKF $RPM_OPT_FLAGS"
export LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now -fpie"
export CFLAGS="-DMAIL_USE_LOCKF %{build_cflags}"
%set_build_flags
# Build GTK+ binary
mkdir build-gtk && cd build-gtk
@ -252,9 +262,9 @@ ln -s ../configure .
%configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \
--with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3 --with-gpm=no \
--with-modules
--with-modules --with-harfbuzz --with-cairo --with-json
make bootstrap
%{setarch} make %{?_smp_mflags}
%{setarch} %make_build
cd ..
# Build Lucid binary
@ -263,16 +273,16 @@ ln -s ../configure .
%configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \
--with-tiff --with-xft --with-xpm --with-x-toolkit=lucid --with-gpm=no \
--with-modules
--with-modules --with-harfbuzz --with-cairo --with-json
make bootstrap
%{setarch} make %{?_smp_mflags}
%{setarch} %make_build
cd ..
# Build binary without X support
mkdir build-nox && cd build-nox
ln -s ../configure .
%configure --with-x=no --with-modules
%{setarch} make %{?_smp_mflags}
%configure --with-x=no --with-modules --with-json
%{setarch} %make_build
cd ..
# Remove versioned file so that we end up with .1 suffix and only one DOC file
@ -300,29 +310,37 @@ EOF
%install
cd build-gtk
make install INSTALL="%{__install} -p" DESTDIR=%{buildroot}
%make_install
cd ..
# Let alternatives manage the symlink
rm %{buildroot}%{_bindir}/emacs
touch %{buildroot}%{_bindir}/emacs
# Remove emacs.pdmp from common
rm %{buildroot}%{emacs_libexecdir}/emacs.pdmp
# Do not compress the files which implement compression itself (#484830)
gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-compr.el.gz
gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-cmpr-hook.el.gz
# Install emacs.pdmp of the emacs with GTK+
install -p -m 0644 build-gtk/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}.pdmp
# Install the emacs with LUCID toolkit
install -p -m 0755 build-lucid/src/emacs %{buildroot}%{_bindir}/emacs-%{version}-lucid
install -p -m 0644 build-lucid/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}-lucid.pdmp
# Install the emacs without X
install -p -m 0755 build-nox/src/emacs %{buildroot}%{_bindir}/emacs-%{version}-nox
install -p -m 0644 build-nox/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}-nox.pdmp
# Make sure movemail isn't setgid
chmod 755 %{buildroot}%{emacs_libexecdir}/movemail
mkdir -p %{buildroot}%{site_lisp}
install -p -m 0644 %SOURCE4 %{buildroot}%{site_lisp}/site-start.el
install -p -m 0644 %SOURCE5 %{buildroot}%{site_lisp}
install -p -m 0644 %SOURCE5 %{buildroot}%{site_lisp}/site-start.el
install -p -m 0644 %SOURCE6 %{buildroot}%{site_lisp}
# This solves bz#474958, "update-directory-autoloads" now finally
# works the path is different each version, so we'll generate it here
@ -340,7 +358,7 @@ mkdir -p %{buildroot}%{site_lisp}/site-start.d
# Default initialization file
mkdir -p %{buildroot}%{_sysconfdir}/skel
install -p -m 0644 %SOURCE3 %{buildroot}%{_sysconfdir}/skel/.emacs
install -p -m 0644 %SOURCE4 %{buildroot}%{_sysconfdir}/skel/.emacs
# Install pkgconfig file
mkdir -p %{buildroot}/%{pkgconfig}
@ -348,30 +366,32 @@ install -p -m 0644 emacs.pc %{buildroot}/%{pkgconfig}
# Install app data
mkdir -p %{buildroot}/%{_datadir}/appdata
cp -a %SOURCE9 %{buildroot}/%{_datadir}/appdata
cp -a %SOURCE10 %{buildroot}/%{_datadir}/appdata
# Upstream ships its own appdata file, but it's quite terse.
rm %{buildroot}/%{_datadir}/metainfo/emacs.appdata.xml
# Install rpm macro definition file
mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d
install -p -m 0644 macros.emacs %{buildroot}%{_rpmconfigdir}/macros.d/
# Installing emacs-terminal binary
install -p -m 755 %SOURCE7 %{buildroot}%{_bindir}/emacs-terminal
install -p -m 755 %SOURCE8 %{buildroot}%{_bindir}/emacs-terminal
# After everything is installed, remove info dir
rm -f %{buildroot}%{_infodir}/dir
# Installing service file
mkdir -p %{buildroot}%{_userunitdir}
install -p -m 0644 %SOURCE8 %{buildroot}%{_userunitdir}/emacs.service
install -p -m 0644 %SOURCE9 %{buildroot}%{_userunitdir}/emacs.service
# Emacs 26.1 installs the upstream unit file to /usr/lib64 on 64bit archs, we don't want that
rm -f %{buildroot}/usr/lib64/systemd/user/emacs.service
# Install desktop files
mkdir -p %{buildroot}%{_datadir}/applications
desktop-file-install --dir=%{buildroot}%{_datadir}/applications \
%SOURCE1
%SOURCE3
desktop-file-install --dir=%{buildroot}%{_datadir}/applications \
%SOURCE6
%SOURCE7
#
# Create file lists
@ -417,18 +437,8 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg
%{_sbindir}/alternatives --install %{_bindir}/emacs emacs %{_bindir}/emacs-%{version}-nox 70
%{_sbindir}/alternatives --install %{_bindir}/emacs-nox emacs-nox %{_bindir}/emacs-%{version}-nox 60
%post common
for f in %{info_files}; do
/sbin/install-info %{_infodir}/$f.info.gz %{_infodir}/dir 2> /dev/null || :
done
%preun common
%{_sbindir}/alternatives --remove emacs.etags %{_bindir}/etags.emacs
if [ "$1" = 0 ]; then
for f in %{info_files}; do
/sbin/install-info --delete %{_infodir}/$f.info.gz %{_infodir}/dir 2> /dev/null || :
done
fi
%posttrans common
%{_sbindir}/alternatives --install %{_bindir}/etags emacs.etags %{_bindir}/etags.emacs 80 \
@ -436,20 +446,24 @@ fi
%files
%{_bindir}/emacs-%{version}
%{_bindir}/emacs-%{version}.pdmp
%attr(0755,-,-) %ghost %{_bindir}/emacs
%{_datadir}/applications/emacs.desktop
%{_datadir}/appdata/%{name}.appdata.xml
%{_datadir}/icons/hicolor/*/apps/emacs.png
%{_datadir}/icons/hicolor/scalable/apps/emacs.svg
%{_datadir}/icons/hicolor/scalable/apps/emacs.ico
%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document.svg
%files lucid
%{_bindir}/emacs-%{version}-lucid
%{_bindir}/emacs-%{version}-lucid.pdmp
%attr(0755,-,-) %ghost %{_bindir}/emacs
%attr(0755,-,-) %ghost %{_bindir}/emacs-lucid
%files nox
%{_bindir}/emacs-%{version}-nox
%{_bindir}/emacs-%{version}-nox.pdmp
%attr(0755,-,-) %ghost %{_bindir}/emacs
%attr(0755,-,-) %ghost %{_bindir}/emacs-nox
@ -482,53 +496,109 @@ fi
%dir %{_datadir}/emacs/site-lisp
%dir %{_datadir}/emacs/site-lisp/site-start.d
%files devel
%{_includedir}/emacs-module.h
%changelog
* Wed May 21 2025 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-15
- Restore definition of variable "enable-dir-local-variables" (RHEL-92830)
* Mon Feb 24 2025 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-13
- Bump release
* Mon May 05 2025 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-14
- Fix arbitrary code execution via Lisp macro expansion (RHEL-69394)
* Mon Feb 24 2025 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-12
- Eliminate use of obsolete patch syntax (RHEL-80443)
* Wed Feb 19 2025 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-13
- Fix man.el shell injection vulnerability (RHEL-79016)
* Wed Feb 19 2025 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-11
- Fix man.el shell injection vulnerability (RHEL-79025)
* Fri Aug 23 2024 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-12
* Fri Mar 15 2024 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-10
- Disable xwidgets (RHEL-14551)
- org-file-contents: Consider all remote files unsafe (CVE-2024-30205)
- org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331)
- Make Gnus treats inline MIME contents as untrusted (CVE-2024-30203)
- Disable xwidgets (RHEL-14549)
- Add protection for LaTeX preview (CVE-2024-30204)
- org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331)
* Wed Apr 12 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-11
- Bump version
* Sun Apr 2 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-9
- Fix etags local command injection vulnerability (#2175190)
- Fix htmlfontify.el command injection vulnerability (#2175179)
- Fix ruby-mode.el local command injection vulnerability (#2175142)
- Fix ob-latex.el command injection vulnerability (#2180590)
* Fri Apr 7 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-10
- Fix etags local command injection vulnerability (#2175189)
- Fix htmlfontify.el command injection vulnerability (#2175178)
- Fix ob-latex.el command injection vulnerability (#2180587)
* Tue Jan 10 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-8
- Use a 64KB page size for pdump (#1979804)
* Tue Jan 10 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-9
- Fix MH-E mail composition with GNU Mailutils (#1991156)
* Wed Jan 04 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-7
- Fix ctags local command execute vulnerability (#2149387)
* Thu Jan 05 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-8
- Fix ctags local command execute vulnerability (#2149386)
* Wed Sep 22 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-6
- Adapt hardening options from _hardened_build macro (#2006856)
* Thu Aug 5 2021 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-7
- provide gating.yaml for CI
* Wed Aug 18 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-5
- Provide gating.yaml for CI (#1975151)
* Mon Jul 19 2021 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-6
- a new GPG key for GNU ELPA packages (#1810729)
* Tue Aug 10 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-4
- Fix FTBFS with glibc 2.34 (#1975151)
* Mon Sep 10 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-5
- review annocheck distro flag failures (#1624109)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:27.2-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Aug 14 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-4
- remove ImageMagick dependency (#1564992)
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:27.2-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Aug 13 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-3
* Sat Mar 27 2021 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.2-1
- emacs-27.2 is available
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:27.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Aug 18 2020 Jan Synáček <jsynacek@redhat.com> - 1:27.1-2
- use make macros (original patch provided by Tom Stellard)
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Tue Aug 11 2020 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.1-1
- emacs-27.1 is available (#1867841)
- Add systemd-devel to support Type=notify in unit file
- Build with Cairo and Jansson support
- Remove ImageMagick dependency as it's no longer used
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Apr 16 2020 Dan Čermák <dan.cermak@cgc-instruments.com> - 1:26.3-3
- Drop dependency on GConf2
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sun Sep 08 2019 Maximiliano Sandoval <msandoval@protonmail.com> - 1:26.3-1
- emacs-26.3 is available (#1747101)
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Apr 17 2019 Jan Synáček <jsynacek@redhat.com> - 1:26.2-1
- emacs-26.2 is available (#1699434)
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Aug 28 2018 Michael Cronenworth <mike@cchtml.com> - 1:26.1-7
- Rebuild for new ImageMagick 6.9.10
* Mon Aug 13 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-6
- remove python dependencies, emacs*.py have not been there for a while
* Mon Jun 18 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-2
- remove build dependency on python2 (#1591707)
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1:26.1-4
- Rebuilt for Python 3.7
* Tue Jun 26 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-3
- Refix: Emacs crashes when loading color fonts (#1519038)
+ emacs SIGABRT after XProtocolError on displaying an email in Gnus (#1591223)
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1:26.1-2
- Rebuilt for Python 3.7
* Wed May 30 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-1
- emacs-26.1 is available (#1583433)

View File

@ -1,238 +0,0 @@
---
emacs-27.2/doc/emacs/misc.texi | 33 +++++++++++++++++
emacs-27.2/lisp/emacs-lisp/macroexp.el | 10 ++++-
emacs-27.2/lisp/files.el | 60 +++++++++++++++++++++++++++++---
emacs-27.2/lisp/ielm.el | 3 +
emacs-27.2/lisp/progmodes/elisp-mode.el | 58 +++++++++++++++++++++++++-----
emacs-27.2/lisp/simple.el | 1
6 files changed, 189 insertions(+), 20 deletions(-)
--- emacs-27.2/doc/emacs/misc.texi
+++ emacs-27.2/doc/emacs/misc.texi 2025-03-03 09:18:41.368169799 +0000
@@ -279,6 +279,39 @@ trusted and the default checking for the
you can set @code{enable-local-variables} to @code{:all}. @xref{Safe
File Variables}.
+@cindex trusted files and directories
+Loading a file of Emacs Lisp code with @code{load-file} or
+@code{load-library} (@pxref{Lisp Libraries}) can execute some of the
+Lisp code in the file being loaded, so you should only load Lisp files
+whose source you trust. However, some Emacs features can in certain
+situations execute Lisp code even without your explicit command or
+request. For example, Flymake, the on-the-fly syntax checker for Emacs
+(@pxref{Top,,, flymake, GNU Flymake}), if it is enabled, can
+automatically execute some of the code in a Lisp file you visit as part
+of its syntax-checking job. Similarly, some completion commands
+(@pxref{Completion}) in buffers visiting Lisp files sometimes need to
+expand Lisp macros for best results. In these cases, just visiting a
+Lisp file and performing some editing in it could trigger execution of
+Lisp code. If the visited file came from an untrusted source, it could
+include dangerous or even malicious code that Emacs would execute in
+those situations.
+
+To protect against this, Emacs disables execution of Lisp code by
+Flymake, completion, and some other features, unless the visited file is
+@dfn{trusted}. It is up to you to specify which files on your system
+should be trusted, by customizing the user option
+@code{trusted-content}.
+
+@defopt trusted-content
+The value of this option is @code{nil} by default, which means no file
+is trusted. You can customize the variable to be a list of one or more
+names of trusted files and directories. A file name that ends in a
+slash @file{/} is interpreted as a directory, which means all its files
+and subdirectories are also trusted. A special value @code{:all} means
+@emph{all} the files and directories on your system should be trusted;
+@strong{this is not recommended}, as it opens a gaping security hole.
+@end defopt
+
@xref{Security Considerations,,, elisp, The Emacs Lisp Reference
Manual}, for more information about security considerations when using
Emacs as part of a larger application.
--- emacs-27.2/lisp/emacs-lisp/macroexp.el
+++ emacs-27.2/lisp/emacs-lisp/macroexp.el 2025-03-03 09:18:41.368169799 +0000
@@ -94,12 +94,20 @@ each clause."
(macroexp--all-forms clause skip)
clause)))
+(defvar macroexp-inhibit-compiler-macros nil
+ "Inhibit application of compiler macros if non-nil.")
+
(defun macroexp--compiler-macro (handler form)
+ "Apply compiler macro HANDLER to FORM and return the result.
+Unless `macroexp-inhibit-compiler-macros' is non-nil, in which
+case return FORM unchanged."
+ (if macroexp-inhibit-compiler-macros
+ form
(condition-case err
(apply handler form (cdr form))
(error
(message "Compiler-macro error for %S: %S" (car form) err)
- form)))
+ form))))
(defun macroexp--funcall-if-compiled (_form)
"Pseudo function used internally by macroexp to delay warnings.
--- emacs-27.2/lisp/files.el
+++ emacs-27.2/lisp/files.el 2025-03-03 09:20:04.078645249 +0000
@@ -591,6 +596,57 @@ buffer contents as untrusted.
Some modes may wish to set this to nil to prevent directory-local
settings being applied, but still respect file-local ones.")
+(defcustom trusted-content nil
+ "List of files and directories whose content we trust.
+Be extra careful here since trusting means that Emacs might execute the
+code contained within those files and directories without an explicit
+request by the user.
+One important case when this might happen is when `flymake-mode' is
+enabled (for example, when it is added to a mode hook).
+Each element of the list should be a string:
+- If it ends in \"/\", it is considered as a directory name and means that
+ Emacs should trust all the files whose name has this directory as a prefix.
+- Otherwise, it is considered a file name.
+Use abbreviated file names. For example, an entry \"~/mycode/\" means
+that Emacs will trust all the files in your directory \"mycode\".
+This variable can also be set to `:all', in which case Emacs will trust
+all files, which opens a gaping security hole. Emacs Lisp authors
+should note that this value must never be set by a major or minor mode."
+ :type '(choice (repeat :tag "List" file)
+ (const :tag "Trust everything (DANGEROUS!)" :all))
+ :version "27.2")
+(put 'trusted-content 'risky-local-variable t)
+
+(defun trusted-content-p ()
+ "Return non-nil if we trust the contents of the current buffer.
+Here, \"trust\" means that we are willing to run code found inside of it.
+See also `trusted-content'."
+ ;; We compare with `buffer-file-truename' i.s.o `buffer-file-name'
+ ;; to try and avoid marking as trusted a file that's merely accessed
+ ;; via a symlink that happens to be inside a trusted dir.
+ (and (not untrusted-content)
+ (or
+ (eq trusted-content :all)
+ (and
+ buffer-file-truename
+ (with-demoted-errors "trusted-content-p: %S"
+ (let ((exists (file-exists-p buffer-file-truename)))
+ (or
+ ;; We can't avoid trusting the user's init file.
+ (if (and exists user-init-file)
+ (file-equal-p buffer-file-truename user-init-file)
+ (equal buffer-file-truename user-init-file))
+ (let ((file (abbreviate-file-name buffer-file-truename))
+ (trusted nil))
+ (dolist (tf trusted-content)
+ (when (or (if exists (file-equal-p tf file) (equal tf file))
+ ;; We don't use `file-in-directory-p' here, because
+ ;; we want to err on the conservative side: "guilty
+ ;; until proven innocent".
+ (and (string-suffix-p "/" tf)
+ (string-prefix-p tf file)))
+ (setq trusted t)))
+ trusted))))))))
;; This is an odd variable IMO.
;; You might wonder why it is needed, when we could just do:
;; (set (make-local-variable 'enable-local-variables) nil)
--- emacs-27.2/lisp/ielm.el
+++ emacs-27.2/lisp/ielm.el 2025-03-03 09:18:41.372169725 +0000
@@ -616,7 +616,8 @@ See `inferior-emacs-lisp-mode' for detai
(unless (comint-check-proc "*ielm*")
(with-current-buffer (get-buffer-create "*ielm*")
(unless (zerop (buffer-size)) (setq old-point (point)))
- (inferior-emacs-lisp-mode)))
+ (inferior-emacs-lisp-mode)
+ (setq-local trusted-content :all)))
(pop-to-buffer-same-window "*ielm*")
(when old-point (push-mark old-point))))
--- emacs-27.2/lisp/progmodes/elisp-mode.el
+++ emacs-27.2/lisp/progmodes/elisp-mode.el 2025-03-03 09:18:41.372169725 +0000
@@ -333,6 +333,43 @@ Blank lines separate paragraphs. Semico
(defvar warning-minimum-log-level)
+(defvar elisp--local-macroenv
+ `((cl-eval-when . ,(lambda (&rest args) `(progn . ,(cdr args))))
+ (eval-when-compile . ,(lambda (&rest args) `(progn . ,args)))
+ (eval-and-compile . ,(lambda (&rest args) `(progn . ,args))))
+ "Environment to use while tentatively expanding macros.
+This is used to try and avoid the most egregious problems linked to the
+use of `macroexpand-all' as a way to find the \"underlying raw code\".")
+
+(defvar elisp--macroexpand-untrusted-warning t)
+
+(defun elisp--safe-macroexpand-all (sexp)
+ (if (not (trusted-content-p))
+ ;; FIXME: We should try and do better here, either using a notion
+ ;; of "safe" macros, or with `bwrap', or ...
+ (progn
+ (when elisp--macroexpand-untrusted-warning
+ (setq-local elisp--macroexpand-untrusted-warning nil) ;Don't spam!
+ (let ((inhibit-message t)) ;Only log.
+ (message "Completion of local vars is disabled in %s (untrusted content)"
+ (buffer-name))))
+ sexp)
+ (let ((macroexpand-advice
+ (lambda (expander form &rest args)
+ (condition-case err
+ (apply expander form args)
+ (error
+ (message "Ignoring macroexpansion error: %S" err) form)))))
+ (unwind-protect
+ ;; Silence any macro expansion errors when
+ ;; attempting completion at point (bug#58148).
+ (let ((inhibit-message t)
+ (macroexp-inhibit-compiler-macros t)
+ (warning-minimum-log-level :emergency))
+ (advice-add 'macroexpand-1 :around macroexpand-advice)
+ (macroexpand-all sexp elisp--local-macroenv))
+ (advice-remove 'macroexpand-1 macroexpand-advice)))))
+
(defun elisp--local-variables ()
"Return a list of locally let-bound variables at point."
(save-excursion
@@ -348,17 +385,8 @@ Blank lines separate paragraphs. Semico
(car (read-from-string
(concat txt "elisp--witness--lisp" closer)))
((invalid-read-syntax end-of-file) nil)))
- (macroexpand-advice (lambda (expander form &rest args)
- (condition-case nil
- (apply expander form args)
- (error form))))
- (sexp
- (unwind-protect
- (let ((warning-minimum-log-level :emergency))
- (advice-add 'macroexpand :around macroexpand-advice)
- (macroexpand-all sexp))
- (advice-remove 'macroexpand macroexpand-advice)))
- (vars (elisp--local-variables-1 nil sexp)))
+ (vars (elisp--local-variables-1
+ nil (elisp--safe-macroexpand-all sexp))))
(delq nil
(mapcar (lambda (var)
(and (symbolp var)
@@ -1721,6 +1749,14 @@ directory of the buffer being compiled,
"A Flymake backend for elisp byte compilation.
Spawn an Emacs process that byte-compiles a file representing the
current buffer state and calls REPORT-FN when done."
+ (unless (trusted-content-p)
+ ;; FIXME: Use `bwrap' and friends to compile untrusted content.
+ ;; FIXME: We emit a message *and* signal an error, because by default
+ ;; Flymake doesn't display the warning it puts into "*flmake log*".
+ (message "Disabling elisp-flymake-byte-compile in %s (untrusted content)"
+ (buffer-name))
+ (error "Disabling elisp-flymake-byte-compile in %s (untrusted content)"
+ (buffer-name)))
(when elisp-flymake--byte-compile-process
(when (process-live-p elisp-flymake--byte-compile-process)
(kill-process elisp-flymake--byte-compile-process)))
--- emacs-27.2/lisp/simple.el
+++ emacs-27.2/lisp/simple.el 2025-03-03 09:18:41.372169725 +0000
@@ -1621,6 +1621,7 @@ display the result of expression evaluat
(eldoc-mode 1)
(add-hook 'completion-at-point-functions
#'elisp-completion-at-point nil t)
+ (setq-local trusted-content :all)
(run-hooks 'eval-expression-minibuffer-setup-hook))
(read-from-minibuffer prompt initial-contents
read-expression-map t

View File

@ -1,223 +0,0 @@
diff --git a/lib-src/etags.c b/lib-src/etags.c
index 588921bc70..a156444281 100644
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@@ -371,7 +371,7 @@ static void just_read_file (FILE *);
static language *get_language_from_langname (const char *);
static void readline (linebuffer *, FILE *);
-static long readline_internal (linebuffer *, FILE *, char const *);
+static long readline_internal (linebuffer *, FILE *, char const *, const bool);
static bool nocase_tail (const char *);
static void get_tag (char *, char **);
static void get_lispy_tag (char *);
@@ -394,7 +394,9 @@ static void free_fdesc (fdesc *);
static void pfnote (char *, bool, char *, int, int, long);
static void invalidate_nodes (fdesc *, node **);
static void put_entries (node *);
+static void clean_matched_file_tag (char const * const, char const * const);
+static void do_move_file (const char *, const char *);
static char *concat (const char *, const char *, const char *);
static char *skip_spaces (char *);
static char *skip_non_spaces (char *);
@@ -1307,7 +1309,7 @@ main (int argc, char **argv)
if (parsing_stdin)
fatal ("cannot parse standard input "
"AND read file names from it");
- while (readline_internal (&filename_lb, stdin, "-") > 0)
+ while (readline_internal (&filename_lb, stdin, "-", false) > 0)
process_file_name (filename_lb.buffer, lang);
}
else
@@ -1355,9 +1357,6 @@ main (int argc, char **argv)
/* From here on, we are in (CTAGS && !cxref_style) */
if (update)
{
- char *cmd =
- xmalloc (strlen (tagfile) + whatlen_max +
- sizeof "mv..OTAGS;grep -Fv '\t\t' OTAGS >;rm OTAGS");
for (i = 0; i < current_arg; ++i)
{
switch (argbuffer[i].arg_type)
@@ -1368,17 +1367,8 @@ main (int argc, char **argv)
default:
continue; /* the for loop */
}
- char *z = stpcpy (cmd, "mv ");
- z = stpcpy (z, tagfile);
- z = stpcpy (z, " OTAGS;grep -Fv '\t");
- z = stpcpy (z, argbuffer[i].what);
- z = stpcpy (z, "\t' OTAGS >");
- z = stpcpy (z, tagfile);
- strcpy (z, ";rm OTAGS");
- if (system (cmd) != EXIT_SUCCESS)
- fatal ("failed to execute shell command");
+ clean_matched_file_tag (tagfile, argbuffer[i].what);
}
- free (cmd);
append_to_tagfile = true;
}
@@ -1407,6 +1397,51 @@ main (int argc, char **argv)
return EXIT_SUCCESS;
}
+/*
+ * Equivalent to: mv tags OTAGS;grep -Fv ' filename ' OTAGS >tags;rm OTAGS
+ */
+static void
+clean_matched_file_tag (const char* tagfile, const char* match_file_name)
+{
+ FILE *otags_f = fopen ("OTAGS", "wb");
+ FILE *tag_f = fopen (tagfile, "rb");
+
+ if (otags_f == NULL)
+ pfatal ("OTAGS");
+
+ if (tag_f == NULL)
+ pfatal (tagfile);
+
+ int buf_len = strlen (match_file_name) + sizeof ("\t\t ") + 1;
+ char *buf = xmalloc (buf_len);
+ snprintf (buf, buf_len, "\t%s\t", match_file_name);
+
+ linebuffer line;
+ linebuffer_init (&line);
+ while (readline_internal (&line, tag_f, tagfile, true) > 0)
+ {
+ if (ferror (tag_f))
+ pfatal (tagfile);
+
+ if (strstr (line.buffer, buf) == NULL)
+ {
+ fprintf (otags_f, "%s\n", line.buffer);
+ if (ferror (tag_f))
+ pfatal (tagfile);
+ }
+ }
+ free (buf);
+ free (line.buffer);
+
+ if (fclose (otags_f) == EOF)
+ pfatal ("OTAGS");
+
+ if (fclose (tag_f) == EOF)
+ pfatal (tagfile);
+
+ do_move_file ("OTAGS", tagfile);
+ return;
+}
/*
* Return a compressor given the file name. If EXTPTR is non-zero,
@@ -1794,7 +1829,7 @@ find_entries (FILE *inf)
/* Else look for sharp-bang as the first two characters. */
if (parser == NULL
- && readline_internal (&lb, inf, infilename) > 0
+ && readline_internal (&lb, inf, infilename, false) > 0
&& lb.len >= 2
&& lb.buffer[0] == '#'
&& lb.buffer[1] == '!')
@@ -6293,7 +6328,7 @@ analyze_regex (char *regex_arg)
if (regexfp == NULL)
pfatal (regexfile);
linebuffer_init (&regexbuf);
- while (readline_internal (&regexbuf, regexfp, regexfile) > 0)
+ while (readline_internal (&regexbuf, regexfp, regexfile, false) > 0)
analyze_regex (regexbuf.buffer);
free (regexbuf.buffer);
if (fclose (regexfp) != 0)
@@ -6648,11 +6683,13 @@ get_lispy_tag (register char *bp)
/*
* Read a line of text from `stream' into `lbp', excluding the
- * newline or CR-NL, if any. Return the number of characters read from
- * `stream', which is the length of the line including the newline.
+ * newline or CR-NL (if `leave_cr` is false), if any. Return the
+ * number of characters read from `stream', which is the length
+ * of the line including the newline.
*
- * On DOS or Windows we do not count the CR character, if any before the
- * NL, in the returned length; this mirrors the behavior of Emacs on those
+ * On DOS or Windows, if `leave_cr` is false, we do not count the
+ * CR character, if any before the NL, in the returned length;
+ * this mirrors the behavior of Emacs on those
* platforms (for text files, it translates CR-NL to NL as it reads in the
* file).
*
@@ -6660,7 +6697,7 @@ get_lispy_tag (register char *bp)
* appended to `filebuf'.
*/
static long
-readline_internal (linebuffer *lbp, FILE *stream, char const *filename)
+readline_internal (linebuffer *lbp, FILE *stream, char const *filename, const bool leave_cr)
{
char *buffer = lbp->buffer;
char *p = lbp->buffer;
@@ -6691,7 +6728,7 @@ readline_internal (linebuffer *lbp, FILE *stream, char const *filename)
}
if (c == '\n')
{
- if (p > buffer && p[-1] == '\r')
+ if (!leave_cr && p > buffer && p[-1] == '\r')
{
p -= 1;
chars_deleted = 2;
@@ -6736,7 +6773,7 @@ readline (linebuffer *lbp, FILE *stream)
long result;
linecharno = charno; /* update global char number of line start */
- result = readline_internal (lbp, stream, infilename); /* read line */
+ result = readline_internal (lbp, stream, infilename, false); /* read line */
lineno += 1; /* increment global line number */
charno += result; /* increment global char number */
@@ -7104,6 +7141,46 @@ etags_mktmp (void)
return templt;
}
+static void
+do_move_file(const char *src_file, const char *dst_file)
+{
+ if (rename (src_file, dst_file) == 0)
+ return;
+
+ FILE *src_f = fopen (src_file, "rb");
+ FILE *dst_f = fopen (dst_file, "wb");
+
+ if (src_f == NULL)
+ pfatal (src_file);
+
+ if (dst_f == NULL)
+ pfatal (dst_file);
+
+ int c;
+ while ((c = fgetc (src_f)) != EOF)
+ {
+ if (ferror (src_f))
+ pfatal (src_file);
+
+ if (ferror (dst_f))
+ pfatal (dst_file);
+
+ if (fputc (c, dst_f) == EOF)
+ pfatal ("cannot write");
+ }
+
+ if (fclose (src_f) == EOF)
+ pfatal (src_file);
+
+ if (fclose (dst_f) == EOF)
+ pfatal (dst_file);
+
+ if (unlink (src_file) == -1)
+ pfatal ("unlink error");
+
+ return;
+}
+
/* Return a newly allocated string containing the file name of FILE
relative to the absolute directory DIR (which should end with a slash). */
static char *

View File

@ -1,31 +0,0 @@
From b73cde5e2815c531df7f5fd13e214a7d92f78239 Mon Sep 17 00:00:00 2001
From: Mike Kupfer <mkupfer@alum.berkeley.edu>
Date: Wed, 4 Jul 2018 15:43:04 -0700
Subject: [PATCH] Fix MH-E mail composition with GNU Mailutils (SF#485)
* lisp/mh-e/mh-comp.el (mh-bare-components): Recursively delete
the temporary folder.
---
lisp/mh-e/mh-comp.el | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lisp/mh-e/mh-comp.el b/lisp/mh-e/mh-comp.el
index a9f809cfa1..aa22df8b18 100644
--- a/lisp/mh-e/mh-comp.el
+++ b/lisp/mh-e/mh-comp.el
@@ -925,8 +925,10 @@ mh-bare-components
(list "-form" mh-comp-formfile)))
(setq new (make-temp-file "comp."))
(rename-file (concat temp-folder "/" "1") new t)
- (delete-file (concat temp-folder "/" ".mh_sequences"))
- (delete-directory temp-folder)
+ ;; The temp folder could contain various metadata files. Rather
+ ;; than trying to enumerate all the known files, just do a
+ ;; recursive delete on the directory.
+ (delete-directory temp-folder t)
new))
(defun mh-read-draft (use initial-contents delete-contents-file)
--
2.36.1

View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

View File

@ -1,2 +0,0 @@
SHA512 (emacs-26.1.tar.xz) = 537c2cfdd281151b360002419dde6280c313e07a937ed96405c67f754b3401ec5541091a3c0aa6690929bc33dd79e8e0d8844e7a6b014b7798c63cb15de210c2
SHA512 (package-keyring.gpg) = ca0dfa2edda9a6de5837dd6d754d574b13e007561e8dcc99c178d24f6a5dbb6880edc95db9d6afbea8bdf0b409671657fe22a778003ea0ccf351dce5e4fd429f