diff options
Diffstat (limited to 'emacs/27.2')
-rw-r--r-- | emacs/27.2/08_all_configure-decl.patch | 66 | ||||
-rw-r--r-- | emacs/27.2/09_all_untrusted-content.patch | 84 | ||||
-rw-r--r-- | emacs/27.2/10_all_org-remote-unsafe.patch | 30 | ||||
-rw-r--r-- | emacs/27.2/11_all_autoconf-2.72.patch | 24 | ||||
-rw-r--r-- | emacs/27.2/12_all_make-info-dir.patch | 29 | ||||
-rw-r--r-- | emacs/27.2/13_all_ol-expand-abbrev.patch | 58 |
6 files changed, 291 insertions, 0 deletions
diff --git a/emacs/27.2/08_all_configure-decl.patch b/emacs/27.2/08_all_configure-decl.patch new file mode 100644 index 0000000..0e95515 --- /dev/null +++ b/emacs/27.2/08_all_configure-decl.patch @@ -0,0 +1,66 @@ +Fix implicit function declarations in configure.ac (XOpenDisplay, malloc) +Backported from master branch +https://bugs.gentoo.org/898304 + +commit 6c1413d5ef0d1fea639b0d8c83a0c0065d99359b +Author: Florian Weimer <fweimer@redhat.com> +Date: Fri Dec 23 18:49:25 2022 +0100 + + configure: Remove obsolete check for -b i486-linuxaout + +commit 121a9ff9f6fc69066ce30c2dbe6cbfbfdca6aeaa +Author: Florian Weimer <fweimer@redhat.com> +Date: Fri Dec 23 18:51:08 2022 +0100 + + Fix alternate stack test in configure + +--- emacs-27.2/configure.ac ++++ emacs-27.2/configure.ac +@@ -2505,39 +2505,6 @@ + export LD_RUN_PATH + fi + +- if test "${opsys}" = "gnu-linux"; then +- AC_CACHE_CHECK([whether X on GNU/Linux needs -b to link], [emacs_cv_b_link], +- [AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +- [[XOpenDisplay ("foo");]])], +- [xgnu_linux_first_failure=no], +- [xgnu_linux_first_failure=yes]) +- if test "${xgnu_linux_first_failure}" = "yes"; then +- OLD_CPPFLAGS="$CPPFLAGS" +- OLD_LIBS="$LIBS" +- CPPFLAGS="$CPPFLAGS -b i486-linuxaout" +- LIBS="$LIBS -b i486-linuxaout" +- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +- [[XOpenDisplay ("foo");]])], +- [xgnu_linux_second_failure=no], +- [xgnu_linux_second_failure=yes]) +- if test "${xgnu_linux_second_failure}" = "yes"; then +- # If we get the same failure with -b, there is no use adding -b. +- # So leave it out. This plays safe. +- emacs_cv_b_link=no +- else +- emacs_cv_b_link=yes +- fi +- CPPFLAGS=$OLD_CPPFLAGS +- LIBS=$OLD_LIBS +- else +- emacs_cv_b_link=no +- fi]) +- if test "x$emacs_cv_b_link" = xyes ; then +- LD_SWITCH_X_SITE="$LD_SWITCH_X_SITE -b i486-linuxaout" +- C_SWITCH_X_SITE="$C_SWITCH_X_SITE -b i486-linuxaout" +- fi +- fi +- + # Reportedly, some broken Solaris systems have XKBlib.h but are missing + # header files included from there. + AC_CACHE_CHECK([for Xkb], [emacs_cv_xkb], +@@ -4397,6 +4364,7 @@ + [emacs_cv_alternate_stack], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[#include <signal.h> ++ #include <stdlib.h> + ]], + [[stack_t ss; + struct sigaction sa; diff --git a/emacs/27.2/09_all_untrusted-content.patch b/emacs/27.2/09_all_untrusted-content.patch new file mode 100644 index 0000000..0ff1d36 --- /dev/null +++ b/emacs/27.2/09_all_untrusted-content.patch @@ -0,0 +1,84 @@ +New variable untrusted-content +Backported from emacs-29 branch +https://bugs.gentoo.org/927727 + +commit ccc188fcf98ad9166ee551fac9d94b2603c3a51b +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 12:43:51 2024 +0300 + + * lisp/files.el (untrusted-content): New variable. + +commit 937b9042ad7426acdcca33e3d931d8f495bdd804 +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 12:44:30 2024 +0300 + + * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark contents untrusted. + +commit 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 12:47:24 2024 +0300 + + org-latex-preview: Add protection when `untrusted-content' is non-nil + +--- emacs-27.2/lisp/files.el ++++ emacs-27.2/lisp/files.el +@@ -588,6 +588,14 @@ + Some modes may wish to set this to nil to prevent directory-local + settings being applied, but still respect file-local ones.") + ++(defvar-local untrusted-content nil ++ "Non-nil means that current buffer originated from an untrusted source. ++Email clients and some other modes may set this non-nil to mark the ++buffer contents as untrusted. ++ ++This variable might be subject to change without notice.") ++(put 'untrusted-content 'permanent-local t) ++ + ;; This is an odd variable IMO. + ;; You might wonder why it is needed, when we could just do: + ;; (set (make-local-variable 'enable-local-variables) nil) +--- emacs-27.2/lisp/gnus/mm-view.el ++++ emacs-27.2/lisp/gnus/mm-view.el +@@ -466,6 +466,7 @@ mm-display-inline-fontify + (setq coding-system (mm-find-buffer-file-coding-system))) + (setq text (buffer-string)))) + (with-temp-buffer ++ (setq untrusted-content t) + (buffer-disable-undo) + (mm-enable-multibyte) + (insert (cond ((eq charset 'gnus-decoded) +--- emacs-27.2/lisp/org/org.el ++++ emacs-27.2/lisp/org/org.el +@@ -1077,6 +1077,24 @@ + :package-version '(Org . "8.0") + :type 'boolean) + ++(defvar untrusted-content) ; defined in files.el ++(defvar org--latex-preview-when-risky nil ++ "If non-nil, enable LaTeX preview in Org buffers from unsafe source. ++ ++Some specially designed LaTeX code may generate huge pdf or log files ++that may exhaust disk space. ++ ++This variable controls how to handle LaTeX preview when rendering LaTeX ++fragments that originate from incoming email messages. It has no effect ++when Org mode is unable to determine the origin of the Org buffer. ++ ++An Org buffer is considered to be from unsafe source when the ++variable `untrusted-content' has a non-nil value in the buffer. ++ ++If this variable is non-nil, LaTeX previews are rendered unconditionally. ++ ++This variable may be renamed or changed in the future.") ++ + (defcustom org-insert-mode-line-in-empty-file nil + "Non-nil means insert the first line setting Org mode in empty files. + When the function `org-mode' is called interactively in an empty file, this +@@ -15827,6 +15845,7 @@ org-latex-preview + (interactive "P") + (cond + ((not (display-graphic-p)) nil) ++ ((and untrusted-content (not org--latex-preview-when-risky)) nil) + ;; Clear whole buffer. + ((equal arg '(64)) + (org-clear-latex-preview (point-min) (point-max)) diff --git a/emacs/27.2/10_all_org-remote-unsafe.patch b/emacs/27.2/10_all_org-remote-unsafe.patch new file mode 100644 index 0000000..65f6a34 --- /dev/null +++ b/emacs/27.2/10_all_org-remote-unsafe.patch @@ -0,0 +1,30 @@ +org-mode should consider remote files unsafe +Backported from emacs-29 branch +https://bugs.gentoo.org/927727 + +commit 2bc865ace050ff118db43f01457f95f95112b877 +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 14:59:20 2024 +0300 + + org-file-contents: Consider all remote files unsafe + +--- emacs-27.2/lisp/org/org.el ++++ emacs-27.2/lisp/org/org.el +@@ -4665,12 +4665,16 @@ org-file-contents + If NOCACHE is non-nil, do a fresh fetch of FILE even if cached version + is available. This option applies only if FILE is a URL." + (let* ((is-url (org-file-url-p file)) ++ (is-remote (condition-case nil ++ (file-remote-p file) ++ ;; In case of error, be safe. ++ (t t))) + (cache (and is-url + (not nocache) + (gethash file org--file-cache)))) + (cond + (cache) +- (is-url ++ ((or is-url is-remote) + (with-current-buffer (url-retrieve-synchronously file) + (goto-char (point-min)) + ;; Move point to after the url-retrieve header. diff --git a/emacs/27.2/11_all_autoconf-2.72.patch b/emacs/27.2/11_all_autoconf-2.72.patch new file mode 100644 index 0000000..2343066 --- /dev/null +++ b/emacs/27.2/11_all_autoconf-2.72.patch @@ -0,0 +1,24 @@ +Compatibility fix for autoconf-2.72 +Patch backported from master branch +https://bugs.gentoo.org/930502 + +commit e34ebc0ccc6c27e7e1217baad9ca74dd7bea4c37 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Wed Feb 7 13:17:57 2024 -0800 + + Port better to Autoconf 2.72 + + * configure.ac: Set ac_cv_type_gid_t=yes to pacify Autoconf 2.72 + AC_TYPE_GETGROUPS. Problem reported by Nick Bowler in: + https://lists.gnu.org/r/autoconf-patches/2024-02/msg00001.html + +--- emacs-27.2/configure.ac ++++ emacs-27.2/configure.ac +@@ -1633,6 +1633,7 @@ + AC_DEFUN([AC_TYPE_SIZE_T]) + # Likewise for obsolescent test for uid_t, gid_t; Emacs assumes them. + AC_DEFUN([AC_TYPE_UID_T]) ++ac_cv_type_gid_t=yes # AC_TYPE_GETGROUPS needs this in Autoconf 2.72. + + # sqrt and other floating-point functions such as fmod and frexp + # are found in -lm on many systems. diff --git a/emacs/27.2/12_all_make-info-dir.patch b/emacs/27.2/12_all_make-info-dir.patch new file mode 100644 index 0000000..7b11313 --- /dev/null +++ b/emacs/27.2/12_all_make-info-dir.patch @@ -0,0 +1,29 @@ +Make it build with mksh +Patch from emacs-29 branch +https://bugs.gentoo.org/930086 +https://debbugs.gnu.org/70484 + +commit 42766f95e5c0e7eb9e21db964ed93c7e093cc0b9 +Author: Ulrich Müller <ulm@gentoo.org> +Date: Tue Apr 23 07:37:17 2024 +0200 + + * build-aux/make-info-dir: Avoid bashism (bug#70484). + +--- emacs-27.2/build-aux/make-info-dir ++++ emacs-27.2/build-aux/make-info-dir +@@ -33,7 +33,8 @@ + + ## Header contains non-printing characters, so this is more + ## reliable than using awk. +-cat <"${1?}" || exit ++test $# -ge 2 || exit 1 ++cat <"$1" + shift + + exec "${AWK-awk}" ' +@@ -71,4 +72,4 @@ + if (data[dircat]) + printf "\n%s\n%s", topic[dircat], data[dircat] + } +-' "${@?}" ++' "$@" diff --git a/emacs/27.2/13_all_ol-expand-abbrev.patch b/emacs/27.2/13_all_ol-expand-abbrev.patch new file mode 100644 index 0000000..6b8761f --- /dev/null +++ b/emacs/27.2/13_all_ol-expand-abbrev.patch @@ -0,0 +1,58 @@ +org-mode should not expand link abbrevs that specify an unsafe function +Backported from emacs-29 branch + +commit c645e1d8205f0f0663ec4a2d27575b238c646c7c +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Fri Jun 21 15:45:25 2024 +0200 + + org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code + +--- emacs-27.2/lisp/org/ol.el ++++ emacs-27.2/lisp/org/ol.el +@@ -1007,17 +1007,35 @@ + (if (not as) + link + (setq rpl (cdr as)) +- (cond +- ((symbolp rpl) (funcall rpl tag)) +- ((string-match "%(\\([^)]+\\))" rpl) +- (replace-match +- (save-match-data +- (funcall (intern-soft (match-string 1 rpl)) tag)) +- t t rpl)) +- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) +- ((string-match "%h" rpl) +- (replace-match (url-hexify-string (or tag "")) t t rpl)) +- (t (concat rpl tag))))))) ++ ;; Drop any potentially dangerous text properties like ++ ;; `modification-hooks' that may be used as an attack vector. ++ (substring-no-properties ++ (cond ++ ((symbolp rpl) (funcall rpl tag)) ++ ((string-match "%(\\([^)]+\\))" rpl) ++ (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl)))) ++ ;; Using `unsafep-function' is not quite enough because ++ ;; Emacs considers functions like `genenv' safe, while ++ ;; they can potentially be used to expose private system ++ ;; data to attacker if abbreviated link is clicked. ++ (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe)) ++ (eq t (get rpl-fun-symbol 'pure))) ++ (replace-match ++ (save-match-data ++ (funcall (intern-soft (match-string 1 rpl)) tag)) ++ t t rpl) ++ (org-display-warning ++ (format "Disabling unsafe link abbrev: %s ++You may mark function safe via (put '%s 'org-link-abbrev-safe t)" ++ rpl (match-string 1 rpl))) ++ (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local) ++ org-link-abbrev-alist (delete as org-link-abbrev-alist)) ++ link ++ ))) ++ ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) ++ ((string-match "%h" rpl) ++ (replace-match (url-hexify-string (or tag "")) t t rpl)) ++ (t (concat rpl tag)))))))) + + (defun org-link-open (link &optional arg) + "Open a link object LINK. |