Compare commits

..

No commits in common. "c8s" and "imports/c9-beta/emacs-27.2-9.el9" have entirely different histories.

29 changed files with 9587 additions and 500 deletions

1
.emacs.metadata Normal file
View File

@ -0,0 +1 @@
8d18e2bfb6e28cf060ce7587290954e9c582aa25 SOURCES/emacs-27.2.tar.xz

5
.gitignore vendored
View File

@ -1,4 +1 @@
SOURCES/emacs-26.1.tar.xz SOURCES/emacs-27.2.tar.xz
SOURCES/package-keyring.gpg
/emacs-26.1.tar.xz
/package-keyring.gpg

View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJgXHmkAAoJEJHBJi8B6405d2EIAIPafSj+sV3Hemu9CSPL+F38
KutOo7nUF1AO0tgdijPGZ4BTBsWnsum0dLQ/JLtor7/NQuqrZTMJQbrorLluwCR7
p1aVtwQ+enWn3G0Aq/4uWo0xaMCvJlEPOQuYE8Dtt12PFZzmfAE1r4KZa4cL073h
suugT/tz7awq7QS6GbjI88mkJXVMuEwVYPPS2tzBUTkA2152dikFSyqBhUnIo3Ni
eDN6NvSYBpL1I9HgNYuiBJp9xv8CzGtwm/7Nidntzl9SPVQlZkZIHNj8tRbE67Ge
R0EXBgnDsSKlRUM51R7PejnSG6134VcLCaItMF6dIiVBu6BwQXw1t+zdqnzG6v8=
=L6J6
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,31 @@
From 216c65b135c2b0be7e048cdc6683873b03b99b9a Mon Sep 17 00:00:00 2001
From: Lars Ingebrigtsen <larsi@gnus.org>
Date: Sun, 28 Mar 2021 19:13:00 +0200
Subject: [PATCH] Use a 64KB page size for pdump
* src/pdumper.c (dump_get_page_size): Use a 64KB page size on all
architectures, as this many vary between systems (bug#47125).
---
src/pdumper.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/pdumper.c b/src/pdumper.c
index 337742fda4..fdd9b3bacb 100644
--- a/src/pdumper.c
+++ b/src/pdumper.c
@@ -162,11 +162,7 @@ ptrdiff_t_to_dump_off (ptrdiff_t value)
static int
dump_get_page_size (void)
{
-#if defined (WINDOWSNT) || defined (CYGWIN)
- return 64 * 1024; /* Worst-case allocation granularity. */
-#else
- return getpagesize ();
-#endif
+ return 64 * 1024;
}
#define dump_offsetof(type, member) \
--
2.36.1

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,40 @@
From f97e07ea807cc6d38774a3888a15091b20645ac6 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 9 Mar 2021 11:22:59 -0800
Subject: [PATCH] Port alternate signal stack to upcoming glibc 2.34
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* src/sysdep.c (sigsegv_stack): Increase size to 64 KiB and align
it to max_align_t. This copies from Gnulibs c-stack.c, and works
around a portability bug in draft glibc 2.34, which no longer
defines SIGSTKSZ when _GNU_SOURCE is defined.
---
src/sysdep.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/sysdep.c b/src/sysdep.c
index 941b4e2fa2..24d8832b2f 100644
--- a/src/sysdep.c
+++ b/src/sysdep.c
@@ -1785,7 +1785,15 @@ handle_arith_signal (int sig)
/* Alternate stack used by SIGSEGV handler below. */
-static unsigned char sigsegv_stack[SIGSTKSZ];
+/* Storage for the alternate signal stack.
+ 64 KiB is not too large for Emacs, and is large enough
+ for all known platforms. Smaller sizes may run into trouble.
+ For example, libsigsegv 2.6 through 2.8 have a bug where some
+ architectures use more than the Linux default of an 8 KiB alternate
+ stack when deciding if a fault was caused by stack overflow. */
+static max_align_t sigsegv_stack[(64 * 1024
+ + sizeof (max_align_t) - 1)
+ / sizeof (max_align_t)];
/* Return true if SIGINFO indicates a stack overflow. */
--
2.29.2

View File

@ -0,0 +1,28 @@
From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Fri, 23 Dec 2022 12:52:48 +0800
Subject: [PATCH] Fix ruby-mode.el local command injection vulnerability
(bug#60268)
* lisp/progmodes/ruby-mode.el
(ruby-find-library-file): Fix local command injection vulnerability.
---
lisp/progmodes/ruby-mode.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el
index 1f3e9b6ae7b..a4aa61905e4 100644
--- a/lisp/progmodes/ruby-mode.el
+++ b/lisp/progmodes/ruby-mode.el
@@ -1820,7 +1820,7 @@ ruby-find-library-file
(setq feature-name (read-string "Feature name: " init))))
(let ((out
(substring
- (shell-command-to-string (concat "gem which " feature-name))
+ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
0 -1)))
(if (string-match-p "\\`ERROR" out)
(user-error "%s" out)
--
2.36.1

View File

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF+pf4UBCAC6vjkWLSAsQpe8YIGKLQzNOJx/IjGtCdFF8uzmO5jmME+SD8RO
uJN+t5KXVw58uzu75EFD0vHTY9e+udJ2gkpuy0NnzkFcbumdLLo2ERKCoSctZZRh
zKXI5z5cHxCqW0B2ygHRrRLtoNlGID7bAgcgSViT1ptGqTXO7zGVu4Airok7dNzc
PtHgns8GlR5YAFX0TvE6oGd0l2VPghNeVJKJOjrbfhoDxl3ucFpqbqMH8z9HTLDO
Fpz8UaYYUdJMi3xX6vwTZxI2sM2RRVLUpZyllAkSMI4lln1OOgazM/62DJUs/rKI
HKBnF6h3/qsJUjUYXaAHbrXY26mWllAd536lABEBAAG0I0VsaSBaYXJldHNraWkg
KGVsaXopIDxlbGl6QGdudS5vcmc+iQE4BBMBAgAiBQJfqX+FAhsDBgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAAKCRCRwSYvAeuNOYUQB/4/iIKKOG45ijNaRoTvmJJZ
Mvj1S07WQxEm7c5SHEeEQbLOAxB9vESOV7sLueuN3oqEndtzyYt4x1WTSBmHFF7h
5fcCMjBs41siOIp5Sj/xD0Bvaa0IKGCRSZ7PAo8Mq3wgajXpTpn9vxE2PmtzA8Kd
EE0K1+f9pVAfOpUIcCl44rIxLUW352XG0y7iz6c/O6LB1deOKMiKFctKO7pBti1d
JEm1ImewLH3H8uTbwspLOs3EB8xhsESxmTidnze68HX2jt+2EeMgCdkiNU+LWbex
QZPfIS7+ZmE06ll0v6+Jy7ZdTkCCRypKWTnW7pIFsq/p4kybV8O/kHSV6B4vvQBf
uQENBF+pf4UBCACvFrdx/m22lgObypSmSS4TNlNvQnMUorrMmp0U32hv5adt6CKX
eMjk05F+GcIfVMrpxqMBn4sEUIXWhhogQJa9ZbWEP/HbS8XjMMbz0Q0Siaty9+DS
spK/9u2GWKsz3uQzLCexIJtzmXvjAVmvoMCAU/F2t038ggygjYLRgyLRNLgbbart
u2dMkvrfxRjheip60S4S3utOcwUf/qdoa1grNannCFluHr/ftXCeeuGB4H8iO0BX
WNby6NZPizxJttx9gdcH8/OmDOJkXyRMTT/3sSem76CSOjfXcz7saJlg680NQhG5
TmuYERjJD4+U02K5RuqTsEnOuWeFy4p+/mslABEBAAGJAR8EGAECAAkFAl+pf4UC
GwwACgkQkcEmLwHrjTno7Af/a1XoLHxAUkS43nmF8iazn3ZnuwWKWLEAsNrxk56y
UxhUPRzNs0/fsABDQR1o0DyTqbScKOcOMSG2YMCctLiDd7FdfMWwkUsV9GUpPBiR
tD60Ewmn9sbNJKrEoZ5L6sqOUEslJRVABu5taOzVIRfeUPPaMRjvCcr0d+epKjW8
1J9Aqj8SskuNkHwvHchTYFYVT22aemjjZ1MGOUm7QiybWQgYL6aSPV2gR+NQQ7pE
hOBoEi6GLEiBkoYOIXvmxsqQLBrUPbsJq8lItYEaw4HGt8BaPxtK2yZ9mSqC2xhW
Yr1j1YAIHffzubC0jxc5znXERsRANoJOwNUXmiddD7UM9A==
=g4R7
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -4,35 +4,36 @@
Summary: GNU Emacs text editor Summary: GNU Emacs text editor
Name: emacs Name: emacs
Epoch: 1 Epoch: 1
Version: 26.1 Version: 27.2
Release: 12%{?dist} Release: 9%{?dist}
License: GPLv3+ and CC0-1.0 License: GPLv3+ and CC0-1.0
URL: http://www.gnu.org/software/emacs/ URL: http://www.gnu.org/software/emacs/
Group: Applications/Editors
Source0: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz Source0: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz
Source1: emacs.desktop Source1: https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz.sig
Source3: dotemacs.el # generate the keyring via:
Source4: site-start.el # wget https://ftp.gnu.org/gnu/gnu-keyring.gpg
Source5: default.el # gpg2 --keyring ./gnu-keyring.gpg --armor --export E6C9029C363AD41D787A8EBB91C1262F01EB8D39 > gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
Source2: gpgkey-E6C9029C363AD41D787A8EBB91C1262F01EB8D39.gpg
Source3: emacs.desktop
Source4: dotemacs.el
Source5: site-start.el
Source6: default.el
# Emacs Terminal Mode, #551949, #617355 # Emacs Terminal Mode, #551949, #617355
Source6: emacs-terminal.desktop Source7: emacs-terminal.desktop
Source7: emacs-terminal.sh Source8: emacs-terminal.sh
Source8: emacs.service Source9: emacs.service
Source9: %{name}.appdata.xml Source10: %{name}.appdata.xml
# rhbz#1810729
Source10: package-keyring.gpg
# rhbz#713600 # rhbz#713600
Patch1: emacs-spellchecker.patch Patch1: emacs-spellchecker.patch
Patch2: emacs-system-crypto-policies.patch Patch2: emacs-system-crypto-policies.patch
Patch3: emacs-ctags-local-command-execute-vulnerability.patch Patch3: emacs-glibc-2.34.patch
Patch4: emacs-mh-rmail-nonempty-dir.patch Patch4: emacs-ctags-local-command-execute-vulnerability.patch
Patch5: emacs-etags-local-command-injection-vulnerability.patch Patch5: emacs-64KB-page-size-for-pdump.patch
Patch6: emacs-htmlfontify-command-injection-vulnerability.patch Patch6: emacs-etags-local-command-injection-vulnerability.patch
Patch7: emacs-ob-latex-command-injection-vulnerability.patch Patch7: emacs-htmlfontify-command-injection-vulnerability.patch
Patch8: emacs-consider-org-file-contents-unsafe.patch Patch8: emacs-ruby-mode-local-command-injection-vulnerability.patch
Patch9: emacs-org-link-expand-abbrev-unsafe-elisp.patch Patch9: emacs-ob-latex-command-injection-vulnerability.patch
Patch10: emacs-mark-contents-untrusted.patch BuildRequires: gcc
BuildRequires: atk-devel BuildRequires: atk-devel
BuildRequires: cairo-devel BuildRequires: cairo-devel
BuildRequires: freetype-devel BuildRequires: freetype-devel
@ -58,19 +59,25 @@ BuildRequires: librsvg2-devel
BuildRequires: m17n-lib-devel BuildRequires: m17n-lib-devel
BuildRequires: libotf-devel BuildRequires: libotf-devel
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
BuildRequires: GConf2-devel
BuildRequires: alsa-lib-devel BuildRequires: alsa-lib-devel
BuildRequires: gpm-devel BuildRequires: gpm-devel
BuildRequires: liblockfile-devel BuildRequires: liblockfile-devel
BuildRequires: libxml2-devel BuildRequires: libxml2-devel
BuildRequires: autoconf
BuildRequires: bzip2 BuildRequires: bzip2
BuildRequires: cairo BuildRequires: cairo
BuildRequires: texinfo BuildRequires: texinfo
BuildRequires: gzip BuildRequires: gzip
BuildRequires: desktop-file-utils BuildRequires: desktop-file-utils
BuildRequires: libacl-devel BuildRequires: libacl-devel
BuildRequires: harfbuzz-devel
BuildRequires: jansson-devel
BuildRequires: systemd-devel
BuildRequires: gtk3-devel BuildRequires: gtk3-devel
BuildRequires: webkit2gtk3-devel
BuildRequires: gnupg2
# For lucid # For lucid
BuildRequires: Xaw3d-devel BuildRequires: Xaw3d-devel
@ -78,6 +85,8 @@ BuildRequires: Xaw3d-devel
%ifarch %{ix86} %ifarch %{ix86}
BuildRequires: util-linux BuildRequires: util-linux
%endif %endif
BuildRequires: make
# Emacs doesn't run without dejavu-sans-mono-fonts, rhbz#732422 # Emacs doesn't run without dejavu-sans-mono-fonts, rhbz#732422
Requires: desktop-file-utils Requires: desktop-file-utils
@ -103,7 +112,6 @@ This package provides an emacs binary with support for X windows.
%package lucid %package lucid
Summary: GNU Emacs text editor with LUCID toolkit X support Summary: GNU Emacs text editor with LUCID toolkit X support
Group: Applications/Editors
Requires(preun): %{_sbindir}/alternatives Requires(preun): %{_sbindir}/alternatives
Requires(posttrans): %{_sbindir}/alternatives Requires(posttrans): %{_sbindir}/alternatives
Requires: emacs-common = %{epoch}:%{version}-%{release} Requires: emacs-common = %{epoch}:%{version}-%{release}
@ -120,7 +128,6 @@ using LUCID toolkit.
%package nox %package nox
Summary: GNU Emacs text editor without X support Summary: GNU Emacs text editor without X support
Group: Applications/Editors
Requires(preun): %{_sbindir}/alternatives Requires(preun): %{_sbindir}/alternatives
Requires(posttrans): %{_sbindir}/alternatives Requires(posttrans): %{_sbindir}/alternatives
Requires: emacs-common = %{epoch}:%{version}-%{release} Requires: emacs-common = %{epoch}:%{version}-%{release}
@ -140,11 +147,8 @@ Summary: Emacs common files
# The entire source code is GPLv3+ except lib-src/etags.c which is # The entire source code is GPLv3+ except lib-src/etags.c which is
# also BSD. Manual (info) is GFDL. # also BSD. Manual (info) is GFDL.
License: GPLv3+ and GFDL and BSD License: GPLv3+ and GFDL and BSD
Group: Applications/Editors
Requires(preun): /sbin/install-info
Requires(preun): %{_sbindir}/alternatives Requires(preun): %{_sbindir}/alternatives
Requires(posttrans): %{_sbindir}/alternatives Requires(posttrans): %{_sbindir}/alternatives
Requires(post): /sbin/install-info
Requires: %{name}-filesystem = %{epoch}:%{version}-%{release} Requires: %{name}-filesystem = %{epoch}:%{version}-%{release}
Provides: %{name}-el = %{epoch}:%{version}-%{release} Provides: %{name}-el = %{epoch}:%{version}-%{release}
Obsoletes: emacs-el < 1:24.3-29 Obsoletes: emacs-el < 1:24.3-29
@ -160,7 +164,6 @@ or emacs-nox.
%package terminal %package terminal
Summary: A desktop menu item for GNU Emacs terminal. Summary: A desktop menu item for GNU Emacs terminal.
Group: Applications/Editors
Requires: emacs = %{epoch}:%{version}-%{release} Requires: emacs = %{epoch}:%{version}-%{release}
BuildArch: noarch BuildArch: noarch
@ -173,33 +176,35 @@ removed when another terminal becomes capable of handling Malayalam.
%package filesystem %package filesystem
Summary: Emacs filesystem layout Summary: Emacs filesystem layout
Group: Applications/Editors
BuildArch: noarch BuildArch: noarch
%description filesystem %description filesystem
This package provides some directories which are required by other This package provides some directories which are required by other
packages that add functionality to Emacs. packages that add functionality to Emacs.
%package devel
Summary: Development header files for Emacs
%description devel
Development header files for Emacs.
%prep %prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%setup -q %setup -q
%patch1 -p1 -b .spellchecker %patch1 -p1 -b .spellchecker
%patch2 -p1 -b .system-crypto-policies %patch2 -p1 -b .system-crypto-policies
%patch3 -p1 -b .ctags-local-command-execute-vulnerability %patch3 -p1 -b .glibc2.34
%patch4 -p1 -b .mh-rmail-nonempty-dir.patch %patch4 -p1 -b .ctags-local-command-execute-vulnerability
%patch5 -p1 -b .etags-local-command-injection-vulnerability %patch5 -p1 -b .64KB-page-size-for-pdump
%patch6 -p1 -b .htmlfontify-command-injection-vulnerability %patch6 -p1 -b .etags-local-command-injection-vulnerability
%patch7 -p1 -b .ob-latex-command-injection-vulnerability %patch7 -p1 -b .htmlfontify-command-injection-vulnerability
%patch8 -p1 -b .consider-org-file-contents-unsafe %patch8 -p1 -b .ruby-mode-local-command-injection-vulnerability
%patch9 -p1 -b .org-link-expand-abbrev-unsafe-elisp %patch9 -p1 -b .ob-latex-command-injection-vulnerability
%patch10 -p1 -b .mark-contents-untrusted
autoconf autoconf
# We prefer our emacs.desktop file # We prefer our emacs.desktop file
cp %SOURCE1 etc/emacs.desktop cp %SOURCE3 etc/emacs.desktop
# GPG key for GNU ELPA packages backported from Emacs 26.3 (#1810729)
cp %SOURCE10 etc/package-keyring.gpg
grep -v "tetris.elc" lisp/Makefile.in > lisp/Makefile.in.new \ grep -v "tetris.elc" lisp/Makefile.in > lisp/Makefile.in.new \
&& mv lisp/Makefile.in.new lisp/Makefile.in && mv lisp/Makefile.in.new lisp/Makefile.in
@ -239,8 +244,8 @@ ln -s ../../%{name}/%{version}/etc/NEWS doc
%build %build
export CFLAGS="-DMAIL_USE_LOCKF $RPM_OPT_FLAGS" export CFLAGS="-DMAIL_USE_LOCKF %{build_cflags}"
export LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now -fpie" %set_build_flags
# Build GTK+ binary # Build GTK+ binary
mkdir build-gtk && cd build-gtk mkdir build-gtk && cd build-gtk
@ -248,9 +253,9 @@ ln -s ../configure .
%configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \ %configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \
--with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3 --with-gpm=no \ --with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3 --with-gpm=no \
--with-modules --with-xwidgets --with-modules --with-harfbuzz --with-cairo --with-json
make bootstrap make bootstrap
%{setarch} make %{?_smp_mflags} %{setarch} %make_build
cd .. cd ..
# Build Lucid binary # Build Lucid binary
@ -259,16 +264,16 @@ ln -s ../configure .
%configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \ %configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \
--with-tiff --with-xft --with-xpm --with-x-toolkit=lucid --with-gpm=no \ --with-tiff --with-xft --with-xpm --with-x-toolkit=lucid --with-gpm=no \
--with-modules --with-modules --with-harfbuzz --with-cairo --with-json
make bootstrap make bootstrap
%{setarch} make %{?_smp_mflags} %{setarch} %make_build
cd .. cd ..
# Build binary without X support # Build binary without X support
mkdir build-nox && cd build-nox mkdir build-nox && cd build-nox
ln -s ../configure . ln -s ../configure .
%configure --with-x=no --with-modules %configure --with-x=no --with-modules --with-json
%{setarch} make %{?_smp_mflags} %{setarch} %make_build
cd .. cd ..
# Remove versioned file so that we end up with .1 suffix and only one DOC file # Remove versioned file so that we end up with .1 suffix and only one DOC file
@ -296,29 +301,37 @@ EOF
%install %install
cd build-gtk cd build-gtk
make install INSTALL="%{__install} -p" DESTDIR=%{buildroot} %make_install
cd .. cd ..
# Let alternatives manage the symlink # Let alternatives manage the symlink
rm %{buildroot}%{_bindir}/emacs rm %{buildroot}%{_bindir}/emacs
touch %{buildroot}%{_bindir}/emacs touch %{buildroot}%{_bindir}/emacs
# Remove emacs.pdmp from common
rm %{buildroot}%{emacs_libexecdir}/emacs.pdmp
# Do not compress the files which implement compression itself (#484830) # Do not compress the files which implement compression itself (#484830)
gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-compr.el.gz gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-compr.el.gz
gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-cmpr-hook.el.gz gunzip %{buildroot}%{_datadir}/emacs/%{version}/lisp/jka-cmpr-hook.el.gz
# Install emacs.pdmp of the emacs with GTK+
install -p -m 0644 build-gtk/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}.pdmp
# Install the emacs with LUCID toolkit # Install the emacs with LUCID toolkit
install -p -m 0755 build-lucid/src/emacs %{buildroot}%{_bindir}/emacs-%{version}-lucid install -p -m 0755 build-lucid/src/emacs %{buildroot}%{_bindir}/emacs-%{version}-lucid
install -p -m 0644 build-lucid/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}-lucid.pdmp
# Install the emacs without X # Install the emacs without X
install -p -m 0755 build-nox/src/emacs %{buildroot}%{_bindir}/emacs-%{version}-nox install -p -m 0755 build-nox/src/emacs %{buildroot}%{_bindir}/emacs-%{version}-nox
install -p -m 0644 build-nox/src/emacs.pdmp %{buildroot}%{_bindir}/emacs-%{version}-nox.pdmp
# Make sure movemail isn't setgid # Make sure movemail isn't setgid
chmod 755 %{buildroot}%{emacs_libexecdir}/movemail chmod 755 %{buildroot}%{emacs_libexecdir}/movemail
mkdir -p %{buildroot}%{site_lisp} mkdir -p %{buildroot}%{site_lisp}
install -p -m 0644 %SOURCE4 %{buildroot}%{site_lisp}/site-start.el install -p -m 0644 %SOURCE5 %{buildroot}%{site_lisp}/site-start.el
install -p -m 0644 %SOURCE5 %{buildroot}%{site_lisp} install -p -m 0644 %SOURCE6 %{buildroot}%{site_lisp}
# This solves bz#474958, "update-directory-autoloads" now finally # This solves bz#474958, "update-directory-autoloads" now finally
# works the path is different each version, so we'll generate it here # works the path is different each version, so we'll generate it here
@ -336,7 +349,7 @@ mkdir -p %{buildroot}%{site_lisp}/site-start.d
# Default initialization file # Default initialization file
mkdir -p %{buildroot}%{_sysconfdir}/skel mkdir -p %{buildroot}%{_sysconfdir}/skel
install -p -m 0644 %SOURCE3 %{buildroot}%{_sysconfdir}/skel/.emacs install -p -m 0644 %SOURCE4 %{buildroot}%{_sysconfdir}/skel/.emacs
# Install pkgconfig file # Install pkgconfig file
mkdir -p %{buildroot}/%{pkgconfig} mkdir -p %{buildroot}/%{pkgconfig}
@ -344,30 +357,32 @@ install -p -m 0644 emacs.pc %{buildroot}/%{pkgconfig}
# Install app data # Install app data
mkdir -p %{buildroot}/%{_datadir}/appdata mkdir -p %{buildroot}/%{_datadir}/appdata
cp -a %SOURCE9 %{buildroot}/%{_datadir}/appdata cp -a %SOURCE10 %{buildroot}/%{_datadir}/appdata
# Upstream ships its own appdata file, but it's quite terse.
rm %{buildroot}/%{_datadir}/metainfo/emacs.appdata.xml
# Install rpm macro definition file # Install rpm macro definition file
mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d
install -p -m 0644 macros.emacs %{buildroot}%{_rpmconfigdir}/macros.d/ install -p -m 0644 macros.emacs %{buildroot}%{_rpmconfigdir}/macros.d/
# Installing emacs-terminal binary # Installing emacs-terminal binary
install -p -m 755 %SOURCE7 %{buildroot}%{_bindir}/emacs-terminal install -p -m 755 %SOURCE8 %{buildroot}%{_bindir}/emacs-terminal
# After everything is installed, remove info dir # After everything is installed, remove info dir
rm -f %{buildroot}%{_infodir}/dir rm -f %{buildroot}%{_infodir}/dir
# Installing service file # Installing service file
mkdir -p %{buildroot}%{_userunitdir} mkdir -p %{buildroot}%{_userunitdir}
install -p -m 0644 %SOURCE8 %{buildroot}%{_userunitdir}/emacs.service install -p -m 0644 %SOURCE9 %{buildroot}%{_userunitdir}/emacs.service
# Emacs 26.1 installs the upstream unit file to /usr/lib64 on 64bit archs, we don't want that # Emacs 26.1 installs the upstream unit file to /usr/lib64 on 64bit archs, we don't want that
rm -f %{buildroot}/usr/lib64/systemd/user/emacs.service rm -f %{buildroot}/usr/lib64/systemd/user/emacs.service
# Install desktop files # Install desktop files
mkdir -p %{buildroot}%{_datadir}/applications mkdir -p %{buildroot}%{_datadir}/applications
desktop-file-install --dir=%{buildroot}%{_datadir}/applications \ desktop-file-install --dir=%{buildroot}%{_datadir}/applications \
%SOURCE1 %SOURCE3
desktop-file-install --dir=%{buildroot}%{_datadir}/applications \ desktop-file-install --dir=%{buildroot}%{_datadir}/applications \
%SOURCE6 %SOURCE7
# #
# Create file lists # Create file lists
@ -413,18 +428,8 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg
%{_sbindir}/alternatives --install %{_bindir}/emacs emacs %{_bindir}/emacs-%{version}-nox 70 %{_sbindir}/alternatives --install %{_bindir}/emacs emacs %{_bindir}/emacs-%{version}-nox 70
%{_sbindir}/alternatives --install %{_bindir}/emacs-nox emacs-nox %{_bindir}/emacs-%{version}-nox 60 %{_sbindir}/alternatives --install %{_bindir}/emacs-nox emacs-nox %{_bindir}/emacs-%{version}-nox 60
%post common
for f in %{info_files}; do
/sbin/install-info %{_infodir}/$f.info.gz %{_infodir}/dir 2> /dev/null || :
done
%preun common %preun common
%{_sbindir}/alternatives --remove emacs.etags %{_bindir}/etags.emacs %{_sbindir}/alternatives --remove emacs.etags %{_bindir}/etags.emacs
if [ "$1" = 0 ]; then
for f in %{info_files}; do
/sbin/install-info --delete %{_infodir}/$f.info.gz %{_infodir}/dir 2> /dev/null || :
done
fi
%posttrans common %posttrans common
%{_sbindir}/alternatives --install %{_bindir}/etags emacs.etags %{_bindir}/etags.emacs 80 \ %{_sbindir}/alternatives --install %{_bindir}/etags emacs.etags %{_bindir}/etags.emacs 80 \
@ -432,20 +437,24 @@ fi
%files %files
%{_bindir}/emacs-%{version} %{_bindir}/emacs-%{version}
%{_bindir}/emacs-%{version}.pdmp
%attr(0755,-,-) %ghost %{_bindir}/emacs %attr(0755,-,-) %ghost %{_bindir}/emacs
%{_datadir}/applications/emacs.desktop %{_datadir}/applications/emacs.desktop
%{_datadir}/appdata/%{name}.appdata.xml %{_datadir}/appdata/%{name}.appdata.xml
%{_datadir}/icons/hicolor/*/apps/emacs.png %{_datadir}/icons/hicolor/*/apps/emacs.png
%{_datadir}/icons/hicolor/scalable/apps/emacs.svg %{_datadir}/icons/hicolor/scalable/apps/emacs.svg
%{_datadir}/icons/hicolor/scalable/apps/emacs.ico
%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document.svg %{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document.svg
%files lucid %files lucid
%{_bindir}/emacs-%{version}-lucid %{_bindir}/emacs-%{version}-lucid
%{_bindir}/emacs-%{version}-lucid.pdmp
%attr(0755,-,-) %ghost %{_bindir}/emacs %attr(0755,-,-) %ghost %{_bindir}/emacs
%attr(0755,-,-) %ghost %{_bindir}/emacs-lucid %attr(0755,-,-) %ghost %{_bindir}/emacs-lucid
%files nox %files nox
%{_bindir}/emacs-%{version}-nox %{_bindir}/emacs-%{version}-nox
%{_bindir}/emacs-%{version}-nox.pdmp
%attr(0755,-,-) %ghost %{_bindir}/emacs %attr(0755,-,-) %ghost %{_bindir}/emacs
%attr(0755,-,-) %ghost %{_bindir}/emacs-nox %attr(0755,-,-) %ghost %{_bindir}/emacs-nox
@ -478,44 +487,93 @@ fi
%dir %{_datadir}/emacs/site-lisp %dir %{_datadir}/emacs/site-lisp
%dir %{_datadir}/emacs/site-lisp/site-start.d %dir %{_datadir}/emacs/site-lisp/site-start.d
%files devel
%{_includedir}/emacs-module.h
%changelog %changelog
* Fri Aug 23 2024 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-12 * Sun Apr 2 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-9
- org-file-contents: Consider all remote files unsafe (CVE-2024-30205) - Fix etags local command injection vulnerability (#2175190)
- org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331) - Fix htmlfontify.el command injection vulnerability (#2175179)
- Make Gnus treats inline MIME contents as untrusted (CVE-2024-30203) - Fix ruby-mode.el local command injection vulnerability (#2175142)
- Disable xwidgets (RHEL-14549) - Fix ob-latex.el command injection vulnerability (#2180590)
* Wed Apr 12 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-11 * Tue Jan 10 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-8
- Bump version - Use a 64KB page size for pdump (#1979804)
* Fri Apr 7 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-10 * Wed Jan 04 2023 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-7
- Fix etags local command injection vulnerability (#2175189) - Fix ctags local command execute vulnerability (#2149387)
- Fix htmlfontify.el command injection vulnerability (#2175178)
- Fix ob-latex.el command injection vulnerability (#2180587)
* Tue Jan 10 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-9 * Wed Sep 22 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-6
- Fix MH-E mail composition with GNU Mailutils (#1991156) - Adapt hardening options from _hardened_build macro (#2006856)
* Thu Jan 05 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-8 * Wed Aug 18 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-5
- Fix ctags local command execute vulnerability (#2149386) - Provide gating.yaml for CI (#1975151)
* Thu Aug 5 2021 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-7 * Tue Aug 10 2021 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-4
- provide gating.yaml for CI - Fix FTBFS with glibc 2.34 (#1975151)
* Mon Jul 19 2021 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-6 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:27.2-3
- a new GPG key for GNU ELPA packages (#1810729) - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Sep 10 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-5 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:27.2-2
- review annocheck distro flag failures (#1624109) - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Aug 14 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-4 * Sat Mar 27 2021 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.2-1
- remove ImageMagick dependency (#1564992) - emacs-27.2 is available
* Mon Aug 13 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-3 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:27.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Aug 18 2020 Jan Synáček <jsynacek@redhat.com> - 1:27.1-2
- use make macros (original patch provided by Tom Stellard)
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Tue Aug 11 2020 Bhavin Gandhi <bhavin7392@gmail.com> - 1:27.1-1
- emacs-27.1 is available (#1867841)
- Add systemd-devel to support Type=notify in unit file
- Build with Cairo and Jansson support
- Remove ImageMagick dependency as it's no longer used
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Apr 16 2020 Dan Čermák <dan.cermak@cgc-instruments.com> - 1:26.3-3
- Drop dependency on GConf2
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sun Sep 08 2019 Maximiliano Sandoval <msandoval@protonmail.com> - 1:26.3-1
- emacs-26.3 is available (#1747101)
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Apr 17 2019 Jan Synáček <jsynacek@redhat.com> - 1:26.2-1
- emacs-26.2 is available (#1699434)
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Aug 28 2018 Michael Cronenworth <mike@cchtml.com> - 1:26.1-7
- Rebuild for new ImageMagick 6.9.10
* Mon Aug 13 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-6
- remove python dependencies, emacs*.py have not been there for a while - remove python dependencies, emacs*.py have not been there for a while
* Mon Jun 18 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-2 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:26.1-5
- remove build dependency on python2 (#1591707) - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1:26.1-4
- Rebuilt for Python 3.7
* Tue Jun 26 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-3
- Refix: Emacs crashes when loading color fonts (#1519038)
+ emacs SIGABRT after XProtocolError on displaying an email in Gnus (#1591223)
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1:26.1-2
- Rebuilt for Python 3.7
* Wed May 30 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-1 * Wed May 30 2018 Jan Synáček <jsynacek@redhat.com> - 1:26.1-1
- emacs-26.1 is available (#1583433) - emacs-26.1 is available (#1583433)

View File

@ -1,36 +0,0 @@
From 2bc865ace050ff118db43f01457f95f95112b877 Mon Sep 17 00:00:00 2001
From: Ihor Radchenko <yantar92@posteo.net>
Date: Tue, 20 Feb 2024 14:59:20 +0300
Subject: org-file-contents: Consider all remote files unsafe
* lisp/org/org.el (org-file-contents): When loading files, consider all
remote files (like TRAMP-fetched files) unsafe, in addition to URLs.
---
lisp/org/org.el | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lisp/org/org.el b/lisp/org/org.el
index 0f5d17d..76559c9 100644
--- a/lisp/org/org.el
+++ b/lisp/org/org.el
@@ -4576,12 +4576,16 @@ from file or URL, and return nil.
If NOCACHE is non-nil, do a fresh fetch of FILE even if cached version
is available. This option applies only if FILE is a URL."
(let* ((is-url (org-file-url-p file))
+ (is-remote (condition-case nil
+ (file-remote-p file)
+ ;; In case of error, be safe.
+ (t t)))
(cache (and is-url
(not nocache)
(gethash file org--file-cache))))
(cond
(cache)
- (is-url
+ ((or is-url is-remote)
(with-current-buffer (url-retrieve-synchronously file)
(goto-char (point-min))
;; Move point to after the url-retrieve header.
--
cgit v1.1

View File

@ -1,223 +0,0 @@
diff --git a/lib-src/etags.c b/lib-src/etags.c
index 588921bc70..a156444281 100644
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@@ -371,7 +371,7 @@ static void just_read_file (FILE *);
static language *get_language_from_langname (const char *);
static void readline (linebuffer *, FILE *);
-static long readline_internal (linebuffer *, FILE *, char const *);
+static long readline_internal (linebuffer *, FILE *, char const *, const bool);
static bool nocase_tail (const char *);
static void get_tag (char *, char **);
static void get_lispy_tag (char *);
@@ -394,7 +394,9 @@ static void free_fdesc (fdesc *);
static void pfnote (char *, bool, char *, int, int, long);
static void invalidate_nodes (fdesc *, node **);
static void put_entries (node *);
+static void clean_matched_file_tag (char const * const, char const * const);
+static void do_move_file (const char *, const char *);
static char *concat (const char *, const char *, const char *);
static char *skip_spaces (char *);
static char *skip_non_spaces (char *);
@@ -1307,7 +1309,7 @@ main (int argc, char **argv)
if (parsing_stdin)
fatal ("cannot parse standard input "
"AND read file names from it");
- while (readline_internal (&filename_lb, stdin, "-") > 0)
+ while (readline_internal (&filename_lb, stdin, "-", false) > 0)
process_file_name (filename_lb.buffer, lang);
}
else
@@ -1355,9 +1357,6 @@ main (int argc, char **argv)
/* From here on, we are in (CTAGS && !cxref_style) */
if (update)
{
- char *cmd =
- xmalloc (strlen (tagfile) + whatlen_max +
- sizeof "mv..OTAGS;grep -Fv '\t\t' OTAGS >;rm OTAGS");
for (i = 0; i < current_arg; ++i)
{
switch (argbuffer[i].arg_type)
@@ -1368,17 +1367,8 @@ main (int argc, char **argv)
default:
continue; /* the for loop */
}
- char *z = stpcpy (cmd, "mv ");
- z = stpcpy (z, tagfile);
- z = stpcpy (z, " OTAGS;grep -Fv '\t");
- z = stpcpy (z, argbuffer[i].what);
- z = stpcpy (z, "\t' OTAGS >");
- z = stpcpy (z, tagfile);
- strcpy (z, ";rm OTAGS");
- if (system (cmd) != EXIT_SUCCESS)
- fatal ("failed to execute shell command");
+ clean_matched_file_tag (tagfile, argbuffer[i].what);
}
- free (cmd);
append_to_tagfile = true;
}
@@ -1407,6 +1397,51 @@ main (int argc, char **argv)
return EXIT_SUCCESS;
}
+/*
+ * Equivalent to: mv tags OTAGS;grep -Fv ' filename ' OTAGS >tags;rm OTAGS
+ */
+static void
+clean_matched_file_tag (const char* tagfile, const char* match_file_name)
+{
+ FILE *otags_f = fopen ("OTAGS", "wb");
+ FILE *tag_f = fopen (tagfile, "rb");
+
+ if (otags_f == NULL)
+ pfatal ("OTAGS");
+
+ if (tag_f == NULL)
+ pfatal (tagfile);
+
+ int buf_len = strlen (match_file_name) + sizeof ("\t\t ") + 1;
+ char *buf = xmalloc (buf_len);
+ snprintf (buf, buf_len, "\t%s\t", match_file_name);
+
+ linebuffer line;
+ linebuffer_init (&line);
+ while (readline_internal (&line, tag_f, tagfile, true) > 0)
+ {
+ if (ferror (tag_f))
+ pfatal (tagfile);
+
+ if (strstr (line.buffer, buf) == NULL)
+ {
+ fprintf (otags_f, "%s\n", line.buffer);
+ if (ferror (tag_f))
+ pfatal (tagfile);
+ }
+ }
+ free (buf);
+ free (line.buffer);
+
+ if (fclose (otags_f) == EOF)
+ pfatal ("OTAGS");
+
+ if (fclose (tag_f) == EOF)
+ pfatal (tagfile);
+
+ do_move_file ("OTAGS", tagfile);
+ return;
+}
/*
* Return a compressor given the file name. If EXTPTR is non-zero,
@@ -1794,7 +1829,7 @@ find_entries (FILE *inf)
/* Else look for sharp-bang as the first two characters. */
if (parser == NULL
- && readline_internal (&lb, inf, infilename) > 0
+ && readline_internal (&lb, inf, infilename, false) > 0
&& lb.len >= 2
&& lb.buffer[0] == '#'
&& lb.buffer[1] == '!')
@@ -6293,7 +6328,7 @@ analyze_regex (char *regex_arg)
if (regexfp == NULL)
pfatal (regexfile);
linebuffer_init (&regexbuf);
- while (readline_internal (&regexbuf, regexfp, regexfile) > 0)
+ while (readline_internal (&regexbuf, regexfp, regexfile, false) > 0)
analyze_regex (regexbuf.buffer);
free (regexbuf.buffer);
if (fclose (regexfp) != 0)
@@ -6648,11 +6683,13 @@ get_lispy_tag (register char *bp)
/*
* Read a line of text from `stream' into `lbp', excluding the
- * newline or CR-NL, if any. Return the number of characters read from
- * `stream', which is the length of the line including the newline.
+ * newline or CR-NL (if `leave_cr` is false), if any. Return the
+ * number of characters read from `stream', which is the length
+ * of the line including the newline.
*
- * On DOS or Windows we do not count the CR character, if any before the
- * NL, in the returned length; this mirrors the behavior of Emacs on those
+ * On DOS or Windows, if `leave_cr` is false, we do not count the
+ * CR character, if any before the NL, in the returned length;
+ * this mirrors the behavior of Emacs on those
* platforms (for text files, it translates CR-NL to NL as it reads in the
* file).
*
@@ -6660,7 +6697,7 @@ get_lispy_tag (register char *bp)
* appended to `filebuf'.
*/
static long
-readline_internal (linebuffer *lbp, FILE *stream, char const *filename)
+readline_internal (linebuffer *lbp, FILE *stream, char const *filename, const bool leave_cr)
{
char *buffer = lbp->buffer;
char *p = lbp->buffer;
@@ -6691,7 +6728,7 @@ readline_internal (linebuffer *lbp, FILE *stream, char const *filename)
}
if (c == '\n')
{
- if (p > buffer && p[-1] == '\r')
+ if (!leave_cr && p > buffer && p[-1] == '\r')
{
p -= 1;
chars_deleted = 2;
@@ -6736,7 +6773,7 @@ readline (linebuffer *lbp, FILE *stream)
long result;
linecharno = charno; /* update global char number of line start */
- result = readline_internal (lbp, stream, infilename); /* read line */
+ result = readline_internal (lbp, stream, infilename, false); /* read line */
lineno += 1; /* increment global line number */
charno += result; /* increment global char number */
@@ -7104,6 +7141,46 @@ etags_mktmp (void)
return templt;
}
+static void
+do_move_file(const char *src_file, const char *dst_file)
+{
+ if (rename (src_file, dst_file) == 0)
+ return;
+
+ FILE *src_f = fopen (src_file, "rb");
+ FILE *dst_f = fopen (dst_file, "wb");
+
+ if (src_f == NULL)
+ pfatal (src_file);
+
+ if (dst_f == NULL)
+ pfatal (dst_file);
+
+ int c;
+ while ((c = fgetc (src_f)) != EOF)
+ {
+ if (ferror (src_f))
+ pfatal (src_file);
+
+ if (ferror (dst_f))
+ pfatal (dst_file);
+
+ if (fputc (c, dst_f) == EOF)
+ pfatal ("cannot write");
+ }
+
+ if (fclose (src_f) == EOF)
+ pfatal (src_file);
+
+ if (fclose (dst_f) == EOF)
+ pfatal (dst_file);
+
+ if (unlink (src_file) == -1)
+ pfatal ("unlink error");
+
+ return;
+}
+
/* Return a newly allocated string containing the file name of FILE
relative to the absolute directory DIR (which should end with a slash). */
static char *

View File

@ -1,25 +0,0 @@
From 937b9042ad7426acdcca33e3d931d8f495bdd804 Mon Sep 17 00:00:00 2001
From: Ihor Radchenko <yantar92@posteo.net>
Date: Tue, 20 Feb 2024 12:44:30 +0300
Subject: * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark contents
untrusted.
---
lisp/gnus/mm-view.el | 1 +
1 file changed, 1 insertion(+)
diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
index 2e1261c..5f234e5 100644
--- a/lisp/gnus/mm-view.el
+++ b/lisp/gnus/mm-view.el
@@ -504,6 +504,7 @@ If MODE is not set, try to find mode automatically."
(setq coding-system (mm-find-buffer-file-coding-system)))
(setq text (buffer-string))))
(with-temp-buffer
+ (setq untrusted-content t)
(buffer-disable-undo)
(mm-enable-multibyte)
(insert (cond ((eq charset 'gnus-decoded)
--
cgit v1.1

View File

@ -1,31 +0,0 @@
From b73cde5e2815c531df7f5fd13e214a7d92f78239 Mon Sep 17 00:00:00 2001
From: Mike Kupfer <mkupfer@alum.berkeley.edu>
Date: Wed, 4 Jul 2018 15:43:04 -0700
Subject: [PATCH] Fix MH-E mail composition with GNU Mailutils (SF#485)
* lisp/mh-e/mh-comp.el (mh-bare-components): Recursively delete
the temporary folder.
---
lisp/mh-e/mh-comp.el | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lisp/mh-e/mh-comp.el b/lisp/mh-e/mh-comp.el
index a9f809cfa1..aa22df8b18 100644
--- a/lisp/mh-e/mh-comp.el
+++ b/lisp/mh-e/mh-comp.el
@@ -925,8 +925,10 @@ mh-bare-components
(list "-form" mh-comp-formfile)))
(setq new (make-temp-file "comp."))
(rename-file (concat temp-folder "/" "1") new t)
- (delete-file (concat temp-folder "/" ".mh_sequences"))
- (delete-directory temp-folder)
+ ;; The temp folder could contain various metadata files. Rather
+ ;; than trying to enumerate all the known files, just do a
+ ;; recursive delete on the directory.
+ (delete-directory temp-folder t)
new))
(defun mh-read-draft (use initial-contents delete-contents-file)
--
2.36.1

View File

@ -1,78 +0,0 @@
From f4cc61636947b5c2f0afc67174dd369fe3277aa8 Mon Sep 17 00:00:00 2001
From: Ihor Radchenko <yantar92@posteo.net>
Date: Tue, 18 Jun 2024 13:06:44 +0200
Subject: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
* lisp/org/org.el (org-link-expand-abbrev): Refuse expanding %(...) link
abbrevs that specify unsafe function. Instead, display a warning, and
do not expand the abbrev. Clear all the text properties from the
returned link, to avoid any potential vulnerabilities caused by
properties that may contain arbitrary Elisp.
---
lisp/org/org.el | 40 +++++++++++++++++++++++++++++-----------
1 file changed, 29 insertions(+), 11 deletions(-)
diff --git a/lisp/org/org.el b/lisp/org/org.el
index 7a7f4f5..8a556c7 100644
--- a/lisp/org/org.el
+++ b/lisp/org/org.el
@@ -1152,26 +1152,44 @@ Abbreviations are defined in `org-link-abbrev-alist'."
(defun org-link-expand-abbrev (link)
"Apply replacements as defined in `org-link-abbrev-alist'."
- (if (string-match "^\\([^:]*\\)\\(::?\\(.*\\)\\)?$" link)
+ (if (not (string-match "^\\([^:]*\\)\\(::?\\(.*\\)\\)?$" link)) link
(let* ((key (match-string 1 link))
(as (or (assoc key org-link-abbrev-alist-local)
(assoc key org-link-abbrev-alist)))
(tag (and (match-end 2) (match-string 3 link)))
rpl)
(if (not as)
link
(setq rpl (cdr as))
- (cond
- ((symbolp rpl) (funcall rpl tag))
- ((string-match "%(\\([^)]+\\))" rpl)
- (replace-match
- (save-match-data
- (funcall (intern-soft (match-string 1 rpl)) tag)) t t rpl))
- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
- ((string-match "%h" rpl)
- (replace-match (url-hexify-string (or tag "")) t t rpl))
- (t (concat rpl tag)))))
- link))
+ ;; Drop any potentially dangerous text properties like
+ ;; `modification-hooks' that may be used as an attack vector.
+ (substring-no-properties
+ (cond
+ ((symbolp rpl) (funcall rpl tag))
+ ((string-match "%(\\([^)]+\\))" rpl)
+ (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl))))
+ ;; Using `unsafep-function' is not quite enough because
+ ;; Emacs considers functions like `genenv' safe, while
+ ;; they can potentially be used to expose private system
+ ;; data to attacker if abbreviated link is clicked.
+ (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe))
+ (eq t (get rpl-fun-symbol 'pure)))
+ (replace-match
+ (save-match-data
+ (funcall (intern-soft (match-string 1 rpl)) tag))
+ t t rpl)
+ (org-display-warning
+ (format "Disabling unsafe link abbrev: %s
+You may mark function safe via (put '%s 'org-link-abbrev-safe t)"
+ rpl (match-string 1 rpl)))
+ (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local)
+ org-link-abbrev-alist (delete as org-link-abbrev-alist))
+ link
+ )))
+ ((string-match "%s" rpl) (replace-match (or tag "") t t rpl))
+ ((string-match "%h" rpl)
+ (replace-match (url-hexify-string (or tag "")) t t rpl))
+ (t (concat rpl tag))))))))
;;; Storing and inserting links
--
cgit v1.1

View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

View File

@ -1,2 +0,0 @@
SHA512 (emacs-26.1.tar.xz) = 537c2cfdd281151b360002419dde6280c313e07a937ed96405c67f754b3401ec5541091a3c0aa6690929bc33dd79e8e0d8844e7a6b014b7798c63cb15de210c2
SHA512 (package-keyring.gpg) = ca0dfa2edda9a6de5837dd6d754d574b13e007561e8dcc99c178d24f6a5dbb6880edc95db9d6afbea8bdf0b409671657fe22a778003ea0ccf351dce5e4fd429f