diff options
Diffstat (limited to 'emacs')
38 files changed, 1048 insertions, 708 deletions
diff --git a/emacs/25.3/01_all_gc-align-sparc.patch b/emacs/25.3/01_all_gc-align-sparc.patch deleted file mode 100644 index b76cf99..0000000 --- a/emacs/25.3/01_all_gc-align-sparc.patch +++ /dev/null @@ -1,31 +0,0 @@ -Fix segmentation fault on sparc64 with 32 bit userland. -https://bugs.gentoo.org/647238 - -Backported from upstream git: - -commit db64a866f6971c5d63565253c0c8d8db15d4a4dc -Author: Paul Eggert <eggert@cs.ucla.edu> -Date: Tue Mar 20 09:54:20 2018 -0700 - - Port to 32-bit sparc64 - - Problem reported by Ulrich Mueller; fix suggested by Eli Zaretskii - and Andreas Schwab (Bug#30855). - * src/alloc.c (mark_memory): Call mark_maybe_object only on - pointers that are properly aligned for Lisp_Object. - ---- emacs-25.3-orig/src/alloc.c -+++ emacs-25.3/src/alloc.c -@@ -4892,7 +4892,11 @@ - for (pp = start; (void *) pp < end; pp += GC_POINTER_ALIGNMENT) - { - mark_maybe_pointer (*(void **) pp); -- mark_maybe_object (*(Lisp_Object *) pp); -+ -+ verify (alignof (Lisp_Object) % GC_POINTER_ALIGNMENT == 0); -+ if (alignof (Lisp_Object) == GC_POINTER_ALIGNMENT -+ || (uintptr_t) pp % alignof (Lisp_Object) == 0) -+ mark_maybe_object (*(Lisp_Object *) pp); - } - } - diff --git a/emacs/25.3/02_all_imagemagick-7.patch b/emacs/25.3/02_all_imagemagick-7.patch deleted file mode 100644 index 873fdcd..0000000 --- a/emacs/25.3/02_all_imagemagick-7.patch +++ /dev/null @@ -1,86 +0,0 @@ -Support ImageMagick version 7. -https://bugs.gentoo.org/665058 -https://debbugs.gnu.org/25967 - -This backports and consolidates the following commits from upstream git: - -commit 3cc42bb60099c32f64e57d2ee33c8321adba7942 -Author: Glenn Morris <rgm@gnu.org> -Date: Thu Aug 30 13:56:08 2018 -0400 - - * configure.ac: Fix goofs in my recent ImageMagick change. - -commit 42ed35c68b7c199aa797e655fdc3547c5c3087d2 -Author: Paul Eggert <eggert@cs.ucla.edu> -Date: Thu Aug 30 10:03:43 2018 -0700 - - Pacify -Wdouble-promotion in ImageMagick code - -commit bf1b147b55e1328efca6e40181e79dd9a369895d -Author: Glenn Morris <rgm@gnu.org> -Date: Mon Aug 27 22:03:25 2018 -0400 - - * configure.ac, src/image.c: Tweak previous ImageMagick change. - -commit 5729486951e6a60db55ea17ee3bac9baf8b54f6a -Author: Karl Otness <karl@karlotness.com> -Date: Mon Aug 27 21:57:44 2018 -0400 - - Support ImageMagick version 7 (bug#25967) - ---- emacs-25.3-orig/configure.ac -+++ emacs-25.3/configure.ac -@@ -2405,10 +2405,14 @@ - HAVE_IMAGEMAGICK=no - if test "${HAVE_X11}" = "yes" || test "${HAVE_NS}" = "yes" || test "${HAVE_W32}" = "yes"; then - if test "${with_imagemagick}" != "no"; then -- ## 6.3.5 is the earliest version known to work; see Bug#17339. -- ## 6.8.2 makes Emacs crash; see Bug#13867. -- IMAGEMAGICK_MODULE="Wand >= 6.3.5 Wand != 6.8.2" -- EMACS_CHECK_MODULES([IMAGEMAGICK], [$IMAGEMAGICK_MODULE]) -+ EMACS_CHECK_MODULES([IMAGEMAGICK], [MagickWand >= 7]) -+ if test $HAVE_IMAGEMAGICK = yes; then -+ AC_DEFINE([HAVE_IMAGEMAGICK7], 1, [Define to 1 if using ImageMagick7.]) -+ else -+ ## 6.3.5 is the earliest version known to work; see Bug#17339. -+ ## 6.8.2 makes Emacs crash; see Bug#13867. -+ EMACS_CHECK_MODULES([IMAGEMAGICK], [Wand >= 6.3.5 Wand != 6.8.2]) -+ fi - AC_SUBST(IMAGEMAGICK_CFLAGS) - AC_SUBST(IMAGEMAGICK_LIBS) - ---- emacs-25.3-orig/src/image.c -+++ emacs-25.3/src/image.c -@@ -8240,11 +8240,20 @@ - /* The GIF library also defines DrawRectangle, but its never used in Emacs. - Therefore rename the function so it doesn't collide with ImageMagick. */ - #define DrawRectangle DrawRectangleGif --#include <wand/MagickWand.h> -+ -+#ifdef HAVE_IMAGEMAGICK7 -+# include <MagickWand/MagickWand.h> -+# include <MagickCore/version.h> -+/* ImageMagick 7 compatibility definitions. */ -+# define PixelSetMagickColor PixelSetPixelColor -+typedef PixelInfo MagickPixelPacket; -+#else -+# include <wand/MagickWand.h> -+# include <magick/version.h> -+#endif - - /* ImageMagick 6.5.3 through 6.6.5 hid PixelGetMagickColor for some reason. - Emacs seems to work fine with the hidden version, so unhide it. */ --#include <magick/version.h> - #if 0x653 <= MagickLibVersion && MagickLibVersion <= 0x665 - extern WandExport void PixelGetMagickColor (const PixelWand *, - MagickPixelPacket *); -@@ -8744,7 +8753,8 @@ - #endif /* HAVE_MAGICKEXPORTIMAGEPIXELS */ - { - size_t image_height; -- MagickRealType color_scale = 65535.0 / QuantumRange; -+ double quantum_range = QuantumRange; -+ MagickRealType color_scale = 65535.0 / quantum_range; - - /* Try to create a x pixmap to hold the imagemagick pixmap. */ - if (!image_create_x_image_and_pixmap (f, img, width, height, 0, diff --git a/emacs/25.3/03_all_glibc-2.34.patch b/emacs/25.3/03_all_glibc-2.34.patch deleted file mode 100644 index 1ecad71..0000000 --- a/emacs/25.3/03_all_glibc-2.34.patch +++ /dev/null @@ -1,20 +0,0 @@ -Fix compilation with glibc-2.34 -https://bugs.gentoo.org/803644 - -In glibc-2.34, definition of SIGSTKSZ has changed from a fixed value -to sysconf(_SC_SIGSTKSZ), which cannot be used in the definition of a -static array. In 2.33, the default SIGSTKSZ was 8192, but apparently -some arches (e.g. aarch64 and sparc) used 16384. Hardcode the larger -of these values. - ---- emacs-25.3/src/sysdep.c -+++ emacs-25.3/src/sysdep.c -@@ -1624,7 +1624,7 @@ - - /* Alternate stack used by SIGSEGV handler below. */ - --static unsigned char sigsegv_stack[SIGSTKSZ]; -+static unsigned char sigsegv_stack[16384]; - - - /* Return true if SIGINFO indicates a stack overflow. */ diff --git a/emacs/25.3/04_all_etags.patch b/emacs/25.3/04_all_etags.patch deleted file mode 100644 index a9f857f..0000000 --- a/emacs/25.3/04_all_etags.patch +++ /dev/null @@ -1,255 +0,0 @@ -Fix ctags command execution vulnerability (CVE-2022-45939) -Backported from emacs-29 branch -https://bugs.gentoo.org/883687 - -commit d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 -Author: Xi Lu <lx@shellcodes.org> -Date: Fri Nov 25 14:38:29 2022 +0800 - - Fixed ctags local command execute vulnerability - ---- emacs-25.3/lib-src/etags.c -+++ emacs-25.3/lib-src/etags.c -@@ -374,7 +374,7 @@ - - static language *get_language_from_langname (const char *); - static void readline (linebuffer *, FILE *); --static long readline_internal (linebuffer *, FILE *, char const *); -+static long readline_internal (linebuffer *, FILE *, char const *, const bool); - static bool nocase_tail (const char *); - static void get_tag (char *, char **); - -@@ -396,7 +396,9 @@ - static void pfnote (char *, bool, char *, int, int, long); - static void invalidate_nodes (fdesc *, node **); - static void put_entries (node *); -+static void clean_matched_file_tag (char const * const, char const * const); - -+static void do_move_file (const char *, const char *); - static char *concat (const char *, const char *, const char *); - static char *skip_spaces (char *); - static char *skip_non_spaces (char *); -@@ -1293,7 +1295,7 @@ - if (parsing_stdin) - fatal ("cannot parse standard input " - "AND read file names from it"); -- while (readline_internal (&filename_lb, stdin, "-") > 0) -+ while (readline_internal (&filename_lb, stdin, "-", false) > 0) - process_file_name (filename_lb.buffer, lang); - } - else -@@ -1341,9 +1343,6 @@ - /* From here on, we are in (CTAGS && !cxref_style) */ - if (update) - { -- char *cmd = -- xmalloc (strlen (tagfile) + whatlen_max + -- sizeof "mv..OTAGS;fgrep -v '\t\t' OTAGS >;rm OTAGS"); - for (i = 0; i < current_arg; ++i) - { - switch (argbuffer[i].arg_type) -@@ -1354,17 +1353,8 @@ - default: - continue; /* the for loop */ - } -- char *z = stpcpy (cmd, "mv "); -- z = stpcpy (z, tagfile); -- z = stpcpy (z, " OTAGS;fgrep -v '\t"); -- z = stpcpy (z, argbuffer[i].what); -- z = stpcpy (z, "\t' OTAGS >"); -- z = stpcpy (z, tagfile); -- strcpy (z, ";rm OTAGS"); -- if (system (cmd) != EXIT_SUCCESS) -- fatal ("failed to execute shell command"); -+ clean_matched_file_tag (tagfile, argbuffer[i].what); - } -- free (cmd); - append_to_tagfile = true; - } - -@@ -1393,6 +1383,51 @@ - return EXIT_SUCCESS; - } - -+/* -+ * Equivalent to: mv tags OTAGS;grep -Fv ' filename ' OTAGS >tags;rm OTAGS -+ */ -+static void -+clean_matched_file_tag (const char* tagfile, const char* match_file_name) -+{ -+ FILE *otags_f = fopen ("OTAGS", "wb"); -+ FILE *tag_f = fopen (tagfile, "rb"); -+ -+ if (otags_f == NULL) -+ pfatal ("OTAGS"); -+ -+ if (tag_f == NULL) -+ pfatal (tagfile); -+ -+ int buf_len = strlen (match_file_name) + sizeof ("\t\t ") + 1; -+ char *buf = xmalloc (buf_len); -+ snprintf (buf, buf_len, "\t%s\t", match_file_name); -+ -+ linebuffer line; -+ linebuffer_init (&line); -+ while (readline_internal (&line, tag_f, tagfile, true) > 0) -+ { -+ if (ferror (tag_f)) -+ pfatal (tagfile); -+ -+ if (strstr (line.buffer, buf) == NULL) -+ { -+ fprintf (otags_f, "%s\n", line.buffer); -+ if (ferror (tag_f)) -+ pfatal (tagfile); -+ } -+ } -+ free (buf); -+ free (line.buffer); -+ -+ if (fclose (otags_f) == EOF) -+ pfatal ("OTAGS"); -+ -+ if (fclose (tag_f) == EOF) -+ pfatal (tagfile); -+ -+ do_move_file ("OTAGS", tagfile); -+ return; -+} - - /* - * Return a compressor given the file name. If EXTPTR is non-zero, -@@ -1780,7 +1815,7 @@ - - /* Else look for sharp-bang as the first two characters. */ - if (parser == NULL -- && readline_internal (&lb, inf, infilename) > 0 -+ && readline_internal (&lb, inf, infilename, false) > 0 - && lb.len >= 2 - && lb.buffer[0] == '#' - && lb.buffer[1] == '!') -@@ -6059,7 +6094,7 @@ - if (regexfp == NULL) - pfatal (regexfile); - linebuffer_init (®exbuf); -- while (readline_internal (®exbuf, regexfp, regexfile) > 0) -+ while (readline_internal (®exbuf, regexfp, regexfile, false) > 0) - analyze_regex (regexbuf.buffer); - free (regexbuf.buffer); - if (fclose (regexfp) != 0) -@@ -6391,11 +6426,13 @@ - - /* - * Read a line of text from `stream' into `lbp', excluding the -- * newline or CR-NL, if any. Return the number of characters read from -- * `stream', which is the length of the line including the newline. -+ * newline or CR-NL (if `leave_cr` is false), if any. Return the -+ * number of characters read from `stream', which is the length -+ * of the line including the newline. - * -- * On DOS or Windows we do not count the CR character, if any before the -- * NL, in the returned length; this mirrors the behavior of Emacs on those -+ * On DOS or Windows, if `leave_cr` is false, we do not count the -+ * CR character, if any before the NL, in the returned length; -+ * this mirrors the behavior of Emacs on those - * platforms (for text files, it translates CR-NL to NL as it reads in the - * file). - * -@@ -6403,7 +6440,7 @@ - * appended to `filebuf'. - */ - static long --readline_internal (linebuffer *lbp, FILE *stream, char const *filename) -+readline_internal (linebuffer *lbp, FILE *stream, char const *filename, const bool leave_cr) - { - char *buffer = lbp->buffer; - char *p = lbp->buffer; -@@ -6433,19 +6470,19 @@ - break; - } - if (c == '\n') -- { -- if (p > buffer && p[-1] == '\r') -- { -- p -= 1; -- chars_deleted = 2; -- } -- else -- { -- chars_deleted = 1; -- } -- *p = '\0'; -- break; -- } -+ { -+ if (!leave_cr && p > buffer && p[-1] == '\r') -+ { -+ p -= 1; -+ chars_deleted = 2; -+ } -+ else -+ { -+ chars_deleted = 1; -+ } -+ *p = '\0'; -+ break; -+ } - *p++ = c; - } - lbp->len = p - buffer; -@@ -6479,7 +6516,7 @@ - long result; - - linecharno = charno; /* update global char number of line start */ -- result = readline_internal (lbp, stream, infilename); /* read line */ -+ result = readline_internal (lbp, stream, infilename, false); /* read line */ - lineno += 1; /* increment global line number */ - charno += result; /* increment global char number */ - -@@ -6839,6 +6876,46 @@ - return templt; - } - -+static void -+do_move_file(const char *src_file, const char *dst_file) -+{ -+ if (rename (src_file, dst_file) == 0) -+ return; -+ -+ FILE *src_f = fopen (src_file, "rb"); -+ FILE *dst_f = fopen (dst_file, "wb"); -+ -+ if (src_f == NULL) -+ pfatal (src_file); -+ -+ if (dst_f == NULL) -+ pfatal (dst_file); -+ -+ int c; -+ while ((c = fgetc (src_f)) != EOF) -+ { -+ if (ferror (src_f)) -+ pfatal (src_file); -+ -+ if (ferror (dst_f)) -+ pfatal (dst_file); -+ -+ if (fputc (c, dst_f) == EOF) -+ pfatal ("cannot write"); -+ } -+ -+ if (fclose (src_f) == EOF) -+ pfatal (src_file); -+ -+ if (fclose (dst_f) == EOF) -+ pfatal (dst_file); -+ -+ if (unlink (src_file) == -1) -+ pfatal ("unlink error"); -+ -+ return; -+} -+ - /* Return a newly allocated string containing the file name of FILE - relative to the absolute directory DIR (which should end with a slash). */ - static char * diff --git a/emacs/25.3/05_all_etags-metachar.patch b/emacs/25.3/05_all_etags-metachar.patch deleted file mode 100644 index 31ffc14..0000000 --- a/emacs/25.3/05_all_etags-metachar.patch +++ /dev/null @@ -1,99 +0,0 @@ -Fix etags local command injection vulnerability (CVE-2022-48337) -Backported from emacs-28 branch -https://bugs.gentoo.org/897950 -https://debbugs.gnu.org/59817 - -commit e339926272a598bd9ee7e02989c1662b89e64cf0 -Author: Xi Lu <lx@shellcodes.org> -Date: Tue Dec 6 15:42:40 2022 +0800 - - Fix etags local command injection vulnerability - ---- emacs-25.3/lib-src/etags.c -+++ emacs-25.3/lib-src/etags.c -@@ -398,6 +398,7 @@ - static void put_entries (node *); - static void clean_matched_file_tag (char const * const, char const * const); - -+static char *escape_shell_arg_string (char *); - static void do_move_file (const char *, const char *); - static char *concat (const char *, const char *, const char *); - static char *skip_spaces (char *); -@@ -1658,13 +1659,16 @@ - else - { - #if MSDOS || defined (DOS_NT) -- char *cmd1 = concat (compr->command, " \"", real_name); -- char *cmd = concat (cmd1, "\" > ", tmp_name); -+ int buf_len = strlen (compr->command) + strlen (" \"\" > \"\"") + strlen (real_name) + strlen (tmp_name) + 1; -+ char *cmd = xmalloc (buf_len); -+ snprintf (cmd, buf_len, "%s \"%s\" > \"%s\"", compr->command, real_name, tmp_name); - #else -- char *cmd1 = concat (compr->command, " '", real_name); -- char *cmd = concat (cmd1, "' > ", tmp_name); -+ char *new_real_name = escape_shell_arg_string (real_name); -+ char *new_tmp_name = escape_shell_arg_string (tmp_name); -+ int buf_len = strlen (compr->command) + strlen (" > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1; -+ char *cmd = xmalloc (buf_len); -+ snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name); - #endif -- free (cmd1); - int tmp_errno; - if (system (cmd) == -1) - { -@@ -6876,6 +6880,55 @@ - return templt; - } - -+/* -+ * Adds single quotes around a string, if found single quotes, escaped it. -+ * Return a newly-allocated string. -+ * -+ * For example: -+ * escape_shell_arg_string("test.txt") => 'test.txt' -+ * escape_shell_arg_string("'test.txt") => ''\''test.txt' -+ */ -+static char * -+escape_shell_arg_string (char *str) -+{ -+ char *p = str; -+ int need_space = 2; /* ' at begin and end */ -+ -+ while (*p != '\0') -+ { -+ if (*p == '\'') -+ need_space += 4; /* ' to '\'', length is 4 */ -+ else -+ need_space++; -+ -+ p++; -+ } -+ -+ char *new_str = xnew (need_space + 1, char); -+ new_str[0] = '\''; -+ new_str[need_space-1] = '\''; -+ -+ int i = 1; /* skip first byte */ -+ p = str; -+ while (*p != '\0') -+ { -+ new_str[i] = *p; -+ if (*p == '\'') -+ { -+ new_str[i+1] = '\\'; -+ new_str[i+2] = '\''; -+ new_str[i+3] = '\''; -+ i += 3; -+ } -+ -+ i++; -+ p++; -+ } -+ -+ new_str[need_space] = '\0'; -+ return new_str; -+} -+ - static void - do_move_file(const char *src_file, const char *dst_file) - { diff --git a/emacs/25.3/06_all_htmlfontify.patch b/emacs/25.3/06_all_htmlfontify.patch deleted file mode 100644 index 6870c0b..0000000 --- a/emacs/25.3/06_all_htmlfontify.patch +++ /dev/null @@ -1,22 +0,0 @@ -Fix htmlfontify.el command injection vulnerability (CVE-2022-48339) -Backported from emacs-28 branch -https://bugs.gentoo.org/897950 -https://debbugs.gnu.org/60295 - -commit 807d2d5b3a7cd1d0e3f7dd24de22770f54f5ae16 -Author: Xi Lu <lx@shellcodes.org> -Date: Sat Dec 24 16:28:54 2022 +0800 - - Fix htmlfontify.el command injection vulnerability. - ---- emacs-25.3/lisp/htmlfontify.el -+++ emacs-25.3/lisp/htmlfontify.el -@@ -1898,7 +1898,7 @@ - - (defun hfy-text-p (srcdir file) - "Is SRCDIR/FILE text? Uses `hfy-istext-command' to determine this." -- (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir))) -+ (let* ((cmd (format hfy-istext-command (shell-quote-argument (expand-file-name file srcdir)))) - (rsp (shell-command-to-string cmd))) - (string-match "text" rsp))) - diff --git a/emacs/26.3/07_all_configure-decl.patch b/emacs/26.3/07_all_configure-decl.patch new file mode 100644 index 0000000..ac55b9f --- /dev/null +++ b/emacs/26.3/07_all_configure-decl.patch @@ -0,0 +1,66 @@ +Fix implicit function declarations in configure.ac (XOpenDisplay, malloc) +Backported from master branch +https://bugs.gentoo.org/898304 + +commit 6c1413d5ef0d1fea639b0d8c83a0c0065d99359b +Author: Florian Weimer <fweimer@redhat.com> +Date: Fri Dec 23 18:49:25 2022 +0100 + + configure: Remove obsolete check for -b i486-linuxaout + +commit 121a9ff9f6fc69066ce30c2dbe6cbfbfdca6aeaa +Author: Florian Weimer <fweimer@redhat.com> +Date: Fri Dec 23 18:51:08 2022 +0100 + + Fix alternate stack test in configure + +--- emacs-26.3/configure.ac ++++ emacs-26.3/configure.ac +@@ -2421,39 +2421,6 @@ + export LD_RUN_PATH + fi + +- if test "${opsys}" = "gnu-linux"; then +- AC_CACHE_CHECK([whether X on GNU/Linux needs -b to link], [emacs_cv_b_link], +- [AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +- [[XOpenDisplay ("foo");]])], +- [xgnu_linux_first_failure=no], +- [xgnu_linux_first_failure=yes]) +- if test "${xgnu_linux_first_failure}" = "yes"; then +- OLD_CPPFLAGS="$CPPFLAGS" +- OLD_LIBS="$LIBS" +- CPPFLAGS="$CPPFLAGS -b i486-linuxaout" +- LIBS="$LIBS -b i486-linuxaout" +- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +- [[XOpenDisplay ("foo");]])], +- [xgnu_linux_second_failure=no], +- [xgnu_linux_second_failure=yes]) +- if test "${xgnu_linux_second_failure}" = "yes"; then +- # If we get the same failure with -b, there is no use adding -b. +- # So leave it out. This plays safe. +- emacs_cv_b_link=no +- else +- emacs_cv_b_link=yes +- fi +- CPPFLAGS=$OLD_CPPFLAGS +- LIBS=$OLD_LIBS +- else +- emacs_cv_b_link=no +- fi]) +- if test "x$emacs_cv_b_link" = xyes ; then +- LD_SWITCH_X_SITE="$LD_SWITCH_X_SITE -b i486-linuxaout" +- C_SWITCH_X_SITE="$C_SWITCH_X_SITE -b i486-linuxaout" +- fi +- fi +- + # Reportedly, some broken Solaris systems have XKBlib.h but are missing + # header files included from there. + AC_CACHE_CHECK([for Xkb], [emacs_cv_xkb], +@@ -4170,6 +4137,7 @@ + [emacs_cv_alternate_stack], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[#include <signal.h> ++ #include <stdlib.h> + ]], + [[stack_t ss; + struct sigaction sa; diff --git a/emacs/26.3/08_all_org-remote-unsafe.patch b/emacs/26.3/08_all_org-remote-unsafe.patch new file mode 100644 index 0000000..9124db5 --- /dev/null +++ b/emacs/26.3/08_all_org-remote-unsafe.patch @@ -0,0 +1,30 @@ +org-mode should consider remote files unsafe +Backported from emacs-29 branch +https://bugs.gentoo.org/927727 + +commit 2bc865ace050ff118db43f01457f95f95112b877 +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 14:59:20 2024 +0300 + + org-file-contents: Consider all remote files unsafe + +--- emacs-26.3/lisp/org/org.el ++++ emacs-26.3/lisp/org/org.el +@@ -5297,12 +5297,16 @@ org-file-contents + If NOCACHE is non-nil, do a fresh fetch of FILE even if cached version + is available. This option applies only if FILE is a URL." + (let* ((is-url (org-file-url-p file)) ++ (is-remote (condition-case nil ++ (file-remote-p file) ++ ;; In case of error, be safe. ++ (t t))) + (cache (and is-url + (not nocache) + (gethash file org--file-cache)))) + (cond + (cache) +- (is-url ++ ((or is-url is-remote) + (with-current-buffer (url-retrieve-synchronously file) + (goto-char (point-min)) + ;; Move point to after the url-retrieve header. diff --git a/emacs/26.3/09_all_autoconf-2.72.patch b/emacs/26.3/09_all_autoconf-2.72.patch new file mode 100644 index 0000000..bce8495 --- /dev/null +++ b/emacs/26.3/09_all_autoconf-2.72.patch @@ -0,0 +1,24 @@ +Compatibility fix for autoconf-2.72 +Patch backported from master branch +https://bugs.gentoo.org/930502 + +commit e34ebc0ccc6c27e7e1217baad9ca74dd7bea4c37 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Wed Feb 7 13:17:57 2024 -0800 + + Port better to Autoconf 2.72 + + * configure.ac: Set ac_cv_type_gid_t=yes to pacify Autoconf 2.72 + AC_TYPE_GETGROUPS. Problem reported by Nick Bowler in: + https://lists.gnu.org/r/autoconf-patches/2024-02/msg00001.html + +--- emacs-26.3/configure.ac ++++ emacs-26.3/configure.ac +@@ -1538,6 +1538,7 @@ + AC_DEFUN([AC_TYPE_SIZE_T]) + # Likewise for obsolescent test for uid_t, gid_t; Emacs assumes them. + AC_DEFUN([AC_TYPE_UID_T]) ++ac_cv_type_gid_t=yes # AC_TYPE_GETGROUPS needs this in Autoconf 2.72. + + # sqrt and other floating-point functions such as fmod and frexp + # are found in -lm on many systems. diff --git a/emacs/26.3/10_all_make-info-dir.patch b/emacs/26.3/10_all_make-info-dir.patch new file mode 100644 index 0000000..b7b911a --- /dev/null +++ b/emacs/26.3/10_all_make-info-dir.patch @@ -0,0 +1,29 @@ +Make it build with mksh +Patch from emacs-29 branch +https://bugs.gentoo.org/930086 +https://debbugs.gnu.org/70484 + +commit 42766f95e5c0e7eb9e21db964ed93c7e093cc0b9 +Author: Ulrich Müller <ulm@gentoo.org> +Date: Tue Apr 23 07:37:17 2024 +0200 + + * build-aux/make-info-dir: Avoid bashism (bug#70484). + +--- emacs-26.3/build-aux/make-info-dir ++++ emacs-26.3/build-aux/make-info-dir +@@ -33,7 +33,8 @@ + + ## Header contains non-printing characters, so this is more + ## reliable than using awk. +-cat <"${1?}" || exit ++test $# -ge 2 || exit 1 ++cat <"$1" + shift + + exec "${AWK-awk}" ' +@@ -71,4 +72,4 @@ + if (data[dircat]) + printf "\n%s\n%s", topic[dircat], data[dircat] + } +-' "${@?}" ++' "$@" diff --git a/emacs/26.3/11_all_ol-expand-abbrev.patch b/emacs/26.3/11_all_ol-expand-abbrev.patch new file mode 100644 index 0000000..9c5d2ce --- /dev/null +++ b/emacs/26.3/11_all_ol-expand-abbrev.patch @@ -0,0 +1,57 @@ +org-mode should not expand link abbrevs that specify an unsafe function +Backported from emacs-29 branch + +commit c645e1d8205f0f0663ec4a2d27575b238c646c7c +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Fri Jun 21 15:45:25 2024 +0200 + + org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code + +--- emacs-26.3/lisp/org/org.el ++++ emacs-26.3/lisp/org/org.el +@@ -9589,16 +9589,35 @@ + (if (not as) + link + (setq rpl (cdr as)) +- (cond +- ((symbolp rpl) (funcall rpl tag)) +- ((string-match "%(\\([^)]+\\))" rpl) +- (replace-match +- (save-match-data +- (funcall (intern-soft (match-string 1 rpl)) tag)) t t rpl)) +- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) +- ((string-match "%h" rpl) +- (replace-match (url-hexify-string (or tag "")) t t rpl)) +- (t (concat rpl tag))))) ++ ;; Drop any potentially dangerous text properties like ++ ;; `modification-hooks' that may be used as an attack vector. ++ (substring-no-properties ++ (cond ++ ((symbolp rpl) (funcall rpl tag)) ++ ((string-match "%(\\([^)]+\\))" rpl) ++ (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl)))) ++ ;; Using `unsafep-function' is not quite enough because ++ ;; Emacs considers functions like `genenv' safe, while ++ ;; they can potentially be used to expose private system ++ ;; data to attacker if abbreviated link is clicked. ++ (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe)) ++ (eq t (get rpl-fun-symbol 'pure))) ++ (replace-match ++ (save-match-data ++ (funcall (intern-soft (match-string 1 rpl)) tag)) ++ t t rpl) ++ (org-display-warning ++ (format "Disabling unsafe link abbrev: %s ++You may mark function safe via (put '%s 'org-link-abbrev-safe t)" ++ rpl (match-string 1 rpl))) ++ (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local) ++ org-link-abbrev-alist (delete as org-link-abbrev-alist)) ++ link ++ ))) ++ ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) ++ ((string-match "%h" rpl) ++ (replace-match (url-hexify-string (or tag "")) t t rpl)) ++ (t (concat rpl tag)))))) + link)) + + ;;; Storing and inserting links diff --git a/emacs/27.2/08_all_configure-decl.patch b/emacs/27.2/08_all_configure-decl.patch new file mode 100644 index 0000000..0e95515 --- /dev/null +++ b/emacs/27.2/08_all_configure-decl.patch @@ -0,0 +1,66 @@ +Fix implicit function declarations in configure.ac (XOpenDisplay, malloc) +Backported from master branch +https://bugs.gentoo.org/898304 + +commit 6c1413d5ef0d1fea639b0d8c83a0c0065d99359b +Author: Florian Weimer <fweimer@redhat.com> +Date: Fri Dec 23 18:49:25 2022 +0100 + + configure: Remove obsolete check for -b i486-linuxaout + +commit 121a9ff9f6fc69066ce30c2dbe6cbfbfdca6aeaa +Author: Florian Weimer <fweimer@redhat.com> +Date: Fri Dec 23 18:51:08 2022 +0100 + + Fix alternate stack test in configure + +--- emacs-27.2/configure.ac ++++ emacs-27.2/configure.ac +@@ -2505,39 +2505,6 @@ + export LD_RUN_PATH + fi + +- if test "${opsys}" = "gnu-linux"; then +- AC_CACHE_CHECK([whether X on GNU/Linux needs -b to link], [emacs_cv_b_link], +- [AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +- [[XOpenDisplay ("foo");]])], +- [xgnu_linux_first_failure=no], +- [xgnu_linux_first_failure=yes]) +- if test "${xgnu_linux_first_failure}" = "yes"; then +- OLD_CPPFLAGS="$CPPFLAGS" +- OLD_LIBS="$LIBS" +- CPPFLAGS="$CPPFLAGS -b i486-linuxaout" +- LIBS="$LIBS -b i486-linuxaout" +- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +- [[XOpenDisplay ("foo");]])], +- [xgnu_linux_second_failure=no], +- [xgnu_linux_second_failure=yes]) +- if test "${xgnu_linux_second_failure}" = "yes"; then +- # If we get the same failure with -b, there is no use adding -b. +- # So leave it out. This plays safe. +- emacs_cv_b_link=no +- else +- emacs_cv_b_link=yes +- fi +- CPPFLAGS=$OLD_CPPFLAGS +- LIBS=$OLD_LIBS +- else +- emacs_cv_b_link=no +- fi]) +- if test "x$emacs_cv_b_link" = xyes ; then +- LD_SWITCH_X_SITE="$LD_SWITCH_X_SITE -b i486-linuxaout" +- C_SWITCH_X_SITE="$C_SWITCH_X_SITE -b i486-linuxaout" +- fi +- fi +- + # Reportedly, some broken Solaris systems have XKBlib.h but are missing + # header files included from there. + AC_CACHE_CHECK([for Xkb], [emacs_cv_xkb], +@@ -4397,6 +4364,7 @@ + [emacs_cv_alternate_stack], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[#include <signal.h> ++ #include <stdlib.h> + ]], + [[stack_t ss; + struct sigaction sa; diff --git a/emacs/27.2/09_all_untrusted-content.patch b/emacs/27.2/09_all_untrusted-content.patch new file mode 100644 index 0000000..0ff1d36 --- /dev/null +++ b/emacs/27.2/09_all_untrusted-content.patch @@ -0,0 +1,84 @@ +New variable untrusted-content +Backported from emacs-29 branch +https://bugs.gentoo.org/927727 + +commit ccc188fcf98ad9166ee551fac9d94b2603c3a51b +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 12:43:51 2024 +0300 + + * lisp/files.el (untrusted-content): New variable. + +commit 937b9042ad7426acdcca33e3d931d8f495bdd804 +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 12:44:30 2024 +0300 + + * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark contents untrusted. + +commit 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 12:47:24 2024 +0300 + + org-latex-preview: Add protection when `untrusted-content' is non-nil + +--- emacs-27.2/lisp/files.el ++++ emacs-27.2/lisp/files.el +@@ -588,6 +588,14 @@ + Some modes may wish to set this to nil to prevent directory-local + settings being applied, but still respect file-local ones.") + ++(defvar-local untrusted-content nil ++ "Non-nil means that current buffer originated from an untrusted source. ++Email clients and some other modes may set this non-nil to mark the ++buffer contents as untrusted. ++ ++This variable might be subject to change without notice.") ++(put 'untrusted-content 'permanent-local t) ++ + ;; This is an odd variable IMO. + ;; You might wonder why it is needed, when we could just do: + ;; (set (make-local-variable 'enable-local-variables) nil) +--- emacs-27.2/lisp/gnus/mm-view.el ++++ emacs-27.2/lisp/gnus/mm-view.el +@@ -466,6 +466,7 @@ mm-display-inline-fontify + (setq coding-system (mm-find-buffer-file-coding-system))) + (setq text (buffer-string)))) + (with-temp-buffer ++ (setq untrusted-content t) + (buffer-disable-undo) + (mm-enable-multibyte) + (insert (cond ((eq charset 'gnus-decoded) +--- emacs-27.2/lisp/org/org.el ++++ emacs-27.2/lisp/org/org.el +@@ -1077,6 +1077,24 @@ + :package-version '(Org . "8.0") + :type 'boolean) + ++(defvar untrusted-content) ; defined in files.el ++(defvar org--latex-preview-when-risky nil ++ "If non-nil, enable LaTeX preview in Org buffers from unsafe source. ++ ++Some specially designed LaTeX code may generate huge pdf or log files ++that may exhaust disk space. ++ ++This variable controls how to handle LaTeX preview when rendering LaTeX ++fragments that originate from incoming email messages. It has no effect ++when Org mode is unable to determine the origin of the Org buffer. ++ ++An Org buffer is considered to be from unsafe source when the ++variable `untrusted-content' has a non-nil value in the buffer. ++ ++If this variable is non-nil, LaTeX previews are rendered unconditionally. ++ ++This variable may be renamed or changed in the future.") ++ + (defcustom org-insert-mode-line-in-empty-file nil + "Non-nil means insert the first line setting Org mode in empty files. + When the function `org-mode' is called interactively in an empty file, this +@@ -15827,6 +15845,7 @@ org-latex-preview + (interactive "P") + (cond + ((not (display-graphic-p)) nil) ++ ((and untrusted-content (not org--latex-preview-when-risky)) nil) + ;; Clear whole buffer. + ((equal arg '(64)) + (org-clear-latex-preview (point-min) (point-max)) diff --git a/emacs/27.2/10_all_org-remote-unsafe.patch b/emacs/27.2/10_all_org-remote-unsafe.patch new file mode 100644 index 0000000..65f6a34 --- /dev/null +++ b/emacs/27.2/10_all_org-remote-unsafe.patch @@ -0,0 +1,30 @@ +org-mode should consider remote files unsafe +Backported from emacs-29 branch +https://bugs.gentoo.org/927727 + +commit 2bc865ace050ff118db43f01457f95f95112b877 +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 14:59:20 2024 +0300 + + org-file-contents: Consider all remote files unsafe + +--- emacs-27.2/lisp/org/org.el ++++ emacs-27.2/lisp/org/org.el +@@ -4665,12 +4665,16 @@ org-file-contents + If NOCACHE is non-nil, do a fresh fetch of FILE even if cached version + is available. This option applies only if FILE is a URL." + (let* ((is-url (org-file-url-p file)) ++ (is-remote (condition-case nil ++ (file-remote-p file) ++ ;; In case of error, be safe. ++ (t t))) + (cache (and is-url + (not nocache) + (gethash file org--file-cache)))) + (cond + (cache) +- (is-url ++ ((or is-url is-remote) + (with-current-buffer (url-retrieve-synchronously file) + (goto-char (point-min)) + ;; Move point to after the url-retrieve header. diff --git a/emacs/27.2/11_all_autoconf-2.72.patch b/emacs/27.2/11_all_autoconf-2.72.patch new file mode 100644 index 0000000..2343066 --- /dev/null +++ b/emacs/27.2/11_all_autoconf-2.72.patch @@ -0,0 +1,24 @@ +Compatibility fix for autoconf-2.72 +Patch backported from master branch +https://bugs.gentoo.org/930502 + +commit e34ebc0ccc6c27e7e1217baad9ca74dd7bea4c37 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Wed Feb 7 13:17:57 2024 -0800 + + Port better to Autoconf 2.72 + + * configure.ac: Set ac_cv_type_gid_t=yes to pacify Autoconf 2.72 + AC_TYPE_GETGROUPS. Problem reported by Nick Bowler in: + https://lists.gnu.org/r/autoconf-patches/2024-02/msg00001.html + +--- emacs-27.2/configure.ac ++++ emacs-27.2/configure.ac +@@ -1633,6 +1633,7 @@ + AC_DEFUN([AC_TYPE_SIZE_T]) + # Likewise for obsolescent test for uid_t, gid_t; Emacs assumes them. + AC_DEFUN([AC_TYPE_UID_T]) ++ac_cv_type_gid_t=yes # AC_TYPE_GETGROUPS needs this in Autoconf 2.72. + + # sqrt and other floating-point functions such as fmod and frexp + # are found in -lm on many systems. diff --git a/emacs/27.2/12_all_make-info-dir.patch b/emacs/27.2/12_all_make-info-dir.patch new file mode 100644 index 0000000..7b11313 --- /dev/null +++ b/emacs/27.2/12_all_make-info-dir.patch @@ -0,0 +1,29 @@ +Make it build with mksh +Patch from emacs-29 branch +https://bugs.gentoo.org/930086 +https://debbugs.gnu.org/70484 + +commit 42766f95e5c0e7eb9e21db964ed93c7e093cc0b9 +Author: Ulrich Müller <ulm@gentoo.org> +Date: Tue Apr 23 07:37:17 2024 +0200 + + * build-aux/make-info-dir: Avoid bashism (bug#70484). + +--- emacs-27.2/build-aux/make-info-dir ++++ emacs-27.2/build-aux/make-info-dir +@@ -33,7 +33,8 @@ + + ## Header contains non-printing characters, so this is more + ## reliable than using awk. +-cat <"${1?}" || exit ++test $# -ge 2 || exit 1 ++cat <"$1" + shift + + exec "${AWK-awk}" ' +@@ -71,4 +72,4 @@ + if (data[dircat]) + printf "\n%s\n%s", topic[dircat], data[dircat] + } +-' "${@?}" ++' "$@" diff --git a/emacs/27.2/13_all_ol-expand-abbrev.patch b/emacs/27.2/13_all_ol-expand-abbrev.patch new file mode 100644 index 0000000..6b8761f --- /dev/null +++ b/emacs/27.2/13_all_ol-expand-abbrev.patch @@ -0,0 +1,58 @@ +org-mode should not expand link abbrevs that specify an unsafe function +Backported from emacs-29 branch + +commit c645e1d8205f0f0663ec4a2d27575b238c646c7c +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Fri Jun 21 15:45:25 2024 +0200 + + org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code + +--- emacs-27.2/lisp/org/ol.el ++++ emacs-27.2/lisp/org/ol.el +@@ -1007,17 +1007,35 @@ + (if (not as) + link + (setq rpl (cdr as)) +- (cond +- ((symbolp rpl) (funcall rpl tag)) +- ((string-match "%(\\([^)]+\\))" rpl) +- (replace-match +- (save-match-data +- (funcall (intern-soft (match-string 1 rpl)) tag)) +- t t rpl)) +- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) +- ((string-match "%h" rpl) +- (replace-match (url-hexify-string (or tag "")) t t rpl)) +- (t (concat rpl tag))))))) ++ ;; Drop any potentially dangerous text properties like ++ ;; `modification-hooks' that may be used as an attack vector. ++ (substring-no-properties ++ (cond ++ ((symbolp rpl) (funcall rpl tag)) ++ ((string-match "%(\\([^)]+\\))" rpl) ++ (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl)))) ++ ;; Using `unsafep-function' is not quite enough because ++ ;; Emacs considers functions like `genenv' safe, while ++ ;; they can potentially be used to expose private system ++ ;; data to attacker if abbreviated link is clicked. ++ (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe)) ++ (eq t (get rpl-fun-symbol 'pure))) ++ (replace-match ++ (save-match-data ++ (funcall (intern-soft (match-string 1 rpl)) tag)) ++ t t rpl) ++ (org-display-warning ++ (format "Disabling unsafe link abbrev: %s ++You may mark function safe via (put '%s 'org-link-abbrev-safe t)" ++ rpl (match-string 1 rpl))) ++ (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local) ++ org-link-abbrev-alist (delete as org-link-abbrev-alist)) ++ link ++ ))) ++ ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) ++ ((string-match "%h" rpl) ++ (replace-match (url-hexify-string (or tag "")) t t rpl)) ++ (t (concat rpl tag)))))))) + + (defun org-link-open (link &optional arg) + "Open a link object LINK. diff --git a/emacs/28.2/09_all_configure-decl.patch b/emacs/28.2/09_all_configure-decl.patch new file mode 100644 index 0000000..1e86f54 --- /dev/null +++ b/emacs/28.2/09_all_configure-decl.patch @@ -0,0 +1,66 @@ +Fix implicit function declarations in configure.ac (XOpenDisplay, malloc) +Backported from master branch +https://bugs.gentoo.org/898304 + +commit 6c1413d5ef0d1fea639b0d8c83a0c0065d99359b +Author: Florian Weimer <fweimer@redhat.com> +Date: Fri Dec 23 18:49:25 2022 +0100 + + configure: Remove obsolete check for -b i486-linuxaout + +commit 121a9ff9f6fc69066ce30c2dbe6cbfbfdca6aeaa +Author: Florian Weimer <fweimer@redhat.com> +Date: Fri Dec 23 18:51:08 2022 +0100 + + Fix alternate stack test in configure + +--- emacs-28.2/configure.ac ++++ emacs-28.2/configure.ac +@@ -2491,39 +2491,6 @@ + export LD_RUN_PATH + fi + +- if test "${opsys}" = "gnu-linux"; then +- AC_CACHE_CHECK([whether X on GNU/Linux needs -b to link], [emacs_cv_b_link], +- [AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +- [[XOpenDisplay ("foo");]])], +- [xgnu_linux_first_failure=no], +- [xgnu_linux_first_failure=yes]) +- if test "${xgnu_linux_first_failure}" = "yes"; then +- OLD_CPPFLAGS="$CPPFLAGS" +- OLD_LIBS="$LIBS" +- CPPFLAGS="$CPPFLAGS -b i486-linuxaout" +- LIBS="$LIBS -b i486-linuxaout" +- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], +- [[XOpenDisplay ("foo");]])], +- [xgnu_linux_second_failure=no], +- [xgnu_linux_second_failure=yes]) +- if test "${xgnu_linux_second_failure}" = "yes"; then +- # If we get the same failure with -b, there is no use adding -b. +- # So leave it out. This plays safe. +- emacs_cv_b_link=no +- else +- emacs_cv_b_link=yes +- fi +- CPPFLAGS=$OLD_CPPFLAGS +- LIBS=$OLD_LIBS +- else +- emacs_cv_b_link=no +- fi]) +- if test "x$emacs_cv_b_link" = xyes ; then +- LD_SWITCH_X_SITE="$LD_SWITCH_X_SITE -b i486-linuxaout" +- C_SWITCH_X_SITE="$C_SWITCH_X_SITE -b i486-linuxaout" +- fi +- fi +- + # Reportedly, some broken Solaris systems have XKBlib.h but are missing + # header files included from there. + AC_CACHE_CHECK([for Xkb], [emacs_cv_xkb], +@@ -4629,6 +4596,7 @@ + [emacs_cv_alternate_stack], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[#include <signal.h> ++ #include <stdlib.h> + ]], + [[stack_t ss; + struct sigaction sa; diff --git a/emacs/28.2/10_all_org-macro-eval.patch b/emacs/28.2/10_all_org-macro-eval.patch new file mode 100644 index 0000000..d3c8bb7 --- /dev/null +++ b/emacs/28.2/10_all_org-macro-eval.patch @@ -0,0 +1,35 @@ +Prevent code evaluation in org-macro--set-templates +Backported from emacs-29 branch +https://bugs.gentoo.org/927727 + +commit befa9fcaae29a6c9a283ba371c3c5234c7f644eb +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 12:19:46 2024 +0300 + + org-macro--set-templates: Prevent code evaluation + +--- emacs-28.2/lisp/org/org-macro.el ++++ emacs-28.2/lisp/org/org-macro.el +@@ -103,6 +103,13 @@ org-macro--set-templates + (let ((new-templates nil)) + (pcase-dolist (`(,name . ,value) templates) + (let ((old-definition (assoc name new-templates))) ++ ;; This code can be evaluated unconditionally, as a part of ++ ;; loading Org mode. We *must not* evaluate any code present ++ ;; inside the Org buffer while loading. Org buffers may come ++ ;; from various sources, like received email messages from ++ ;; potentially malicious senders. Org mode might be used to ++ ;; preview such messages and no code evaluation from inside the ++ ;; received Org text should ever happen without user consent. + (when (and (stringp value) (string-match-p "\\`(eval\\>" value)) + ;; Pre-process the evaluation form for faster macro expansion. + (let* ((args (org-macro--makeargs value)) +@@ -115,7 +122,7 @@ org-macro--set-templates + (cadr (read value)) + (error + (user-error "Invalid definition for macro %S" name))))) +- (setq value (eval (macroexpand-all `(lambda ,args ,body)) t)))) ++ (setq value `(lambda ,args ,body)))) + (cond ((and value old-definition) (setcdr old-definition value)) + (old-definition) + (t (push (cons name (or value "")) new-templates))))) diff --git a/emacs/28.2/11_all_untrusted-content.patch b/emacs/28.2/11_all_untrusted-content.patch new file mode 100644 index 0000000..4cd20c0 --- /dev/null +++ b/emacs/28.2/11_all_untrusted-content.patch @@ -0,0 +1,84 @@ +New variable untrusted-content +Backported from emacs-29 branch +https://bugs.gentoo.org/927727 + +commit ccc188fcf98ad9166ee551fac9d94b2603c3a51b +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 12:43:51 2024 +0300 + + * lisp/files.el (untrusted-content): New variable. + +commit 937b9042ad7426acdcca33e3d931d8f495bdd804 +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 12:44:30 2024 +0300 + + * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark contents untrusted. + +commit 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 12:47:24 2024 +0300 + + org-latex-preview: Add protection when `untrusted-content' is non-nil + +--- emacs-28.2/lisp/files.el ++++ emacs-28.2/lisp/files.el +@@ -623,6 +623,14 @@ + Some modes may wish to set this to nil to prevent directory-local + settings being applied, but still respect file-local ones.") + ++(defvar-local untrusted-content nil ++ "Non-nil means that current buffer originated from an untrusted source. ++Email clients and some other modes may set this non-nil to mark the ++buffer contents as untrusted. ++ ++This variable might be subject to change without notice.") ++(put 'untrusted-content 'permanent-local t) ++ + ;; This is an odd variable IMO. + ;; You might wonder why it is needed, when we could just do: + ;; (setq-local enable-local-variables nil) +--- emacs-28.2/lisp/gnus/mm-view.el ++++ emacs-28.2/lisp/gnus/mm-view.el +@@ -504,6 +504,7 @@ mm-display-inline-fontify + (setq coding-system (mm-find-buffer-file-coding-system))) + (setq text (buffer-string)))) + (with-temp-buffer ++ (setq untrusted-content t) + (buffer-disable-undo) + (mm-enable-multibyte) + (insert (cond ((eq charset 'gnus-decoded) +--- emacs-28.2/lisp/org/org.el ++++ emacs-28.2/lisp/org/org.el +@@ -1092,6 +1092,24 @@ + :package-version '(Org . "8.0") + :type 'boolean) + ++(defvar untrusted-content) ; defined in files.el ++(defvar org--latex-preview-when-risky nil ++ "If non-nil, enable LaTeX preview in Org buffers from unsafe source. ++ ++Some specially designed LaTeX code may generate huge pdf or log files ++that may exhaust disk space. ++ ++This variable controls how to handle LaTeX preview when rendering LaTeX ++fragments that originate from incoming email messages. It has no effect ++when Org mode is unable to determine the origin of the Org buffer. ++ ++An Org buffer is considered to be from unsafe source when the ++variable `untrusted-content' has a non-nil value in the buffer. ++ ++If this variable is non-nil, LaTeX previews are rendered unconditionally. ++ ++This variable may be renamed or changed in the future.") ++ + (defcustom org-insert-mode-line-in-empty-file nil + "Non-nil means insert the first line setting Org mode in empty files. + When the function `org-mode' is called interactively in an empty file, this +@@ -16000,6 +16018,7 @@ org-latex-preview + (interactive "P") + (cond + ((not (display-graphic-p)) nil) ++ ((and untrusted-content (not org--latex-preview-when-risky)) nil) + ;; Clear whole buffer. + ((equal arg '(64)) + (org-clear-latex-preview (point-min) (point-max)) diff --git a/emacs/28.2/12_all_org-remote-unsafe.patch b/emacs/28.2/12_all_org-remote-unsafe.patch new file mode 100644 index 0000000..7236589 --- /dev/null +++ b/emacs/28.2/12_all_org-remote-unsafe.patch @@ -0,0 +1,30 @@ +org-mode should consider remote files unsafe +Backported from emacs-29 branch +https://bugs.gentoo.org/927727 + +commit 2bc865ace050ff118db43f01457f95f95112b877 +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Tue Feb 20 14:59:20 2024 +0300 + + org-file-contents: Consider all remote files unsafe + +--- emacs-28.2/lisp/org/org.el ++++ emacs-28.2/lisp/org/org.el +@@ -4705,12 +4705,16 @@ org-file-contents + If NOCACHE is non-nil, do a fresh fetch of FILE even if cached version + is available. This option applies only if FILE is a URL." + (let* ((is-url (org-url-p file)) ++ (is-remote (condition-case nil ++ (file-remote-p file) ++ ;; In case of error, be safe. ++ (t t))) + (cache (and is-url + (not nocache) + (gethash file org--file-cache)))) + (cond + (cache) +- (is-url ++ ((or is-url is-remote) + (with-current-buffer (url-retrieve-synchronously file) + (goto-char (point-min)) + ;; Move point to after the url-retrieve header. diff --git a/emacs/28.2/13_all_autoconf-2.72.patch b/emacs/28.2/13_all_autoconf-2.72.patch new file mode 100644 index 0000000..110b647 --- /dev/null +++ b/emacs/28.2/13_all_autoconf-2.72.patch @@ -0,0 +1,24 @@ +Compatibility fix for autoconf-2.72 +Patch backported from master branch +https://bugs.gentoo.org/930502 + +commit e34ebc0ccc6c27e7e1217baad9ca74dd7bea4c37 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Wed Feb 7 13:17:57 2024 -0800 + + Port better to Autoconf 2.72 + + * configure.ac: Set ac_cv_type_gid_t=yes to pacify Autoconf 2.72 + AC_TYPE_GETGROUPS. Problem reported by Nick Bowler in: + https://lists.gnu.org/r/autoconf-patches/2024-02/msg00001.html + +--- emacs-28.2/configure.ac ++++ emacs-28.2/configure.ac +@@ -1590,6 +1590,7 @@ + AC_DEFUN([AC_TYPE_SIZE_T]) + # Likewise for obsolescent test for uid_t, gid_t; Emacs assumes them. + AC_DEFUN([AC_TYPE_UID_T]) ++ac_cv_type_gid_t=yes # AC_TYPE_GETGROUPS needs this in Autoconf 2.72. + + # sqrt and other floating-point functions such as fmod and frexp + # are found in -lm on many systems. diff --git a/emacs/28.2/15_all_ol-expand-abbrev.patch b/emacs/28.2/15_all_ol-expand-abbrev.patch new file mode 100644 index 0000000..df04355 --- /dev/null +++ b/emacs/28.2/15_all_ol-expand-abbrev.patch @@ -0,0 +1,58 @@ +org-mode should not expand link abbrevs that specify an unsafe function +Backported from emacs-29 branch + +commit c645e1d8205f0f0663ec4a2d27575b238c646c7c +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Fri Jun 21 15:45:25 2024 +0200 + + org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code + +--- emacs-28.2/lisp/org/ol.el ++++ emacs-28.2/lisp/org/ol.el +@@ -1020,17 +1020,35 @@ + (if (not as) + link + (setq rpl (cdr as)) +- (cond +- ((symbolp rpl) (funcall rpl tag)) +- ((string-match "%(\\([^)]+\\))" rpl) +- (replace-match +- (save-match-data +- (funcall (intern-soft (match-string 1 rpl)) tag)) +- t t rpl)) +- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) +- ((string-match "%h" rpl) +- (replace-match (url-hexify-string (or tag "")) t t rpl)) +- (t (concat rpl tag))))))) ++ ;; Drop any potentially dangerous text properties like ++ ;; `modification-hooks' that may be used as an attack vector. ++ (substring-no-properties ++ (cond ++ ((symbolp rpl) (funcall rpl tag)) ++ ((string-match "%(\\([^)]+\\))" rpl) ++ (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl)))) ++ ;; Using `unsafep-function' is not quite enough because ++ ;; Emacs considers functions like `genenv' safe, while ++ ;; they can potentially be used to expose private system ++ ;; data to attacker if abbreviated link is clicked. ++ (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe)) ++ (eq t (get rpl-fun-symbol 'pure))) ++ (replace-match ++ (save-match-data ++ (funcall (intern-soft (match-string 1 rpl)) tag)) ++ t t rpl) ++ (org-display-warning ++ (format "Disabling unsafe link abbrev: %s ++You may mark function safe via (put '%s 'org-link-abbrev-safe t)" ++ rpl (match-string 1 rpl))) ++ (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local) ++ org-link-abbrev-alist (delete as org-link-abbrev-alist)) ++ link ++ ))) ++ ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) ++ ((string-match "%h" rpl) ++ (replace-match (url-hexify-string (or tag "")) t t rpl)) ++ (t (concat rpl tag)))))))) + + (defun org-link-open (link &optional arg) + "Open a link object LINK. diff --git a/emacs/29.1/01_all_xdisp-segfault.patch b/emacs/29.1/01_all_xdisp-segfault.patch deleted file mode 100644 index 835185b..0000000 --- a/emacs/29.1/01_all_xdisp-segfault.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fix segmentation fault due to invalid mode-line-format -Patch backported from master branch -https://debbugs.gnu.org/64893 - -commit 7ea3f39deec3d54914077455e70605a14eb7d200 -Author: Eli Zaretskii <eliz@gnu.org> -Date: Thu Jul 27 15:34:38 2023 +0300 - - Avoid crashes due to invalid 'mode-line-format' - - * src/xdisp.c (display_mode_element, redisplay_window_error): - Don't take XCAR of what can be Qnil. (Bug#64893) - ---- emacs-29.1/src/xdisp.c -+++ emacs-29.1/src/xdisp.c -@@ -17601,6 +17601,7 @@ redisplay_window_error (Lisp_Object erro - if (max_redisplay_ticks > 0 - && CONSP (error_data) - && EQ (XCAR (error_data), Qerror) -+ && CONSP (XCDR (error_data)) - && STRINGP (XCAR (XCDR (error_data)))) - Vdelayed_warnings_list = Fcons (list2 (XCAR (error_data), - XCAR (XCDR (error_data))), -@@ -27091,7 +27092,7 @@ display_mode_element (struct it *it, int - - oprops = Fcopy_sequence (oprops); - tem = props; -- while (CONSP (tem)) -+ while (CONSP (tem) && CONSP (XCDR (tem))) - { - oprops = plist_put (oprops, XCAR (tem), - XCAR (XCDR (tem))); diff --git a/emacs/29.1/02_all_modeline.patch b/emacs/29.1/02_all_modeline.patch deleted file mode 100644 index d51a79e..0000000 --- a/emacs/29.1/02_all_modeline.patch +++ /dev/null @@ -1,28 +0,0 @@ -Avoid spurious whitespace in the modeline -Patch backported from master branch -https://debbugs.gnu.org/58183 - -commit 8c3338f6ba354218aee12c223d778be4180f892b -Author: Ulrich Müller <ulm@gentoo.org> -Date: Fri Jul 28 12:21:42 2023 +0200 - - Avoid spurious whitespace in the modeline of emacsclient frames - - * lisp/bindings.el (mode-line-client): Compute 'help-echo text - property in advance. (Bug#58183) - ---- emacs-29/lisp/bindings.el -+++ emacs-29/lisp/bindings.el -@@ -226,9 +226,9 @@ mode-line-mule-info - (put 'mode-line-mule-info 'risky-local-variable t) - - (defvar mode-line-client -- `("" -- (:propertize ("" (:eval (if (frame-parameter nil 'client) "@" ""))) -- help-echo ,(purecopy "emacsclient frame"))) -+ `(:eval -+ (if (frame-parameter nil 'client) -+ ,(propertize "@" 'help-echo (purecopy "emacsclient frame")))) - "Mode line construct for identifying emacsclient frames.") - ;; Autoload if this file no longer dumped. - ;;;###autoload diff --git a/emacs/29.1/03_all_zlib-inflate.patch b/emacs/29.1/03_all_zlib-inflate.patch deleted file mode 100644 index b31847a..0000000 --- a/emacs/29.1/03_all_zlib-inflate.patch +++ /dev/null @@ -1,22 +0,0 @@ -Support decompressing pigz-compressed files -Patch from master branch -https://bugs.gentoo.org/911539 -https://debbugs.gnu.org/64893 - -commit 46b6d175054e8f6bf7cb45e112048c0cf02bfee9 -Author: Amritpal Singh <sysgrammer@protonmail.com> -Date: Fri Jun 2 10:51:21 2023 +0530 - - Support files compressed by 'pigz' - ---- a/src/decompress.c -+++ b/src/decompress.c -@@ -151,7 +151,7 @@ - return -1; - - accumulate_and_process_md5 (out, MD5_BLOCKSIZE - stream.avail_out, &ctx); -- } while (!stream.avail_out); -+ } while (stream.avail_in && !stream.avail_out); - - } while (res != Z_STREAM_END); - diff --git a/emacs/29.1/04_all_tree-sitter.patch b/emacs/29.1/04_all_tree-sitter.patch deleted file mode 100644 index b49c542..0000000 --- a/emacs/29.1/04_all_tree-sitter.patch +++ /dev/null @@ -1,21 +0,0 @@ -Fix build failure with tree-sitter -Patch from emacs-29 branch -https://bugs.gentoo.org/911826 -https://debbugs.gnu.org/65123 - -commit e1874c4e8bff165abc5c2e842b4381b65da67ebb -Author: Eli Zaretskii <eliz@gnu.org> -Date: Mon Aug 7 16:20:17 2023 +0300 - - * configure.ac (HAVE_TREE_SITTER): Set NEED_DYNLIB=yes (bug#65123). - ---- a/configure.ac -+++ b/configure.ac -@@ -3254,6 +3254,7 @@ AC_DEFUN - [HAVE_TREE_SITTER=yes], [HAVE_TREE_SITTER=no]) - if test "${HAVE_TREE_SITTER}" = yes; then - AC_DEFINE(HAVE_TREE_SITTER, 1, [Define if using tree-sitter.]) -+ NEED_DYNLIB=yes - else - EMACS_CHECK_MODULES([TREE_SITTER], [tree-sitter >= 0.6.3], - [HAVE_TREE_SITTER=yes], [HAVE_TREE_SITTER=no]) diff --git a/emacs/29.1/05_all_small-ja-dic.patch b/emacs/29.1/05_all_small-ja-dic.patch deleted file mode 100644 index 117edbd..0000000 --- a/emacs/29.1/05_all_small-ja-dic.patch +++ /dev/null @@ -1,92 +0,0 @@ -Regenerate Japanese dictionary with --with-small-ja-dic option -Patch from emacs-29 branch -https://debbugs.gnu.org/66125 - -Also update the following generated files: -* leim/small-ja-dic-option -* lisp/leim/ja-dic/ja-dic.{el,elc} - -commit 7d5fee0feaa5740f3fbbfc6d5f13855bf58b9c25 -Author: Eli Zaretskii <eliz@gnu.org> -Date: Sun Sep 24 15:30:01 2023 +0300 - - Support regeneration of ja-dic.el under '--with-small-ja-dic' - ---- a/.gitignore -+++ b/.gitignore -@@ -95,6 +95,7 @@ lisp/cedet/semantic/grammar-wy.el - lisp/eshell/esh-groups.el - lisp/finder-inf.el - lisp/leim/ja-dic/ -+leim/small-ja-dic-option - lisp/leim/leim-list.el - lisp/leim/quail/4Corner.el - lisp/leim/quail/ARRAY30.el ---- a/leim/Makefile.in -+++ b/leim/Makefile.in -@@ -26,6 +26,7 @@ SHELL = - # Here are the things that we expect ../configure to edit. - srcdir=@srcdir@ - top_builddir = @top_builddir@ -+top_srcdir = @top_srcdir@ - - # Where the generated files go. - leimdir = ${srcdir}/../lisp/leim -@@ -134,9 +135,15 @@ ${leimdir}/leim-list.el: - - ${leimdir}/ja-dic/ja-dic.el: | $(leimdir)/ja-dic - -+# This is used to support regeneration of ja-dic when the SMALL_JA_DIC -+# option is flipped by the configure-time option. -+small-ja-dic-option: ../config.status -+ $(AM_V_GEN)echo "Small ja-dic option: $(SMALL_JA_DIC)" > $@.$$$$ && \ -+ ${top_srcdir}/build-aux/move-if-change $@.$$$$ $@ -+ - .PHONY: generate-ja-dic - generate-ja-dic: ${leimdir}/ja-dic/ja-dic.el --${leimdir}/ja-dic/ja-dic.el: $(srcdir)/SKK-DIC/SKK-JISYO.L -+${leimdir}/ja-dic/ja-dic.el: $(srcdir)/SKK-DIC/SKK-JISYO.L small-ja-dic-option - $(AM_V_GEN)$(RUN_EMACS) -batch -l ja-dic-cnv \ - -f batch-skkdic-convert -dir "$(leimdir)/ja-dic" $(JA_DIC_NO_REDUCTION_OPTION) "$<" - ---- a/lisp/international/ja-dic-cnv.el -+++ b/lisp/international/ja-dic-cnv.el -@@ -346,6 +346,8 @@ skkdic-convert - (erase-buffer) - (buffer-disable-undo) - (generate-lisp-file-heading ja-dic-filename 'skkdic-convert :code nil) -+ (insert (format ";; Generated with small ja-dic option: %s\n\n" -+ (if no-reduction "no" "yes"))) - (insert ";; Original SKK dictionary file: " - (file-relative-name (expand-file-name filename) dirname) - "\n\n" ---- a/make-dist -+++ b/make-dist -@@ -357,6 +357,7 @@ possibly_non_vc_files= - MANIFEST aclocal.m4 configure - admin/charsets/jisx2131-filter - src/config.in -+ leim/small-ja-dic-option - "$( - find admin doc etc lisp \ - \( -name '*.el' -o -name '*.elc' -o -name '*.map' -o -name '*.stamp' \ ---- /dev/null -+++ b/leim/small-ja-dic-option -@@ -0,0 +1 @@ -+Small ja-dic option: no ---- a/lisp/leim/ja-dic/ja-dic.el -+++ b/lisp/leim/ja-dic/ja-dic.el -@@ -3,6 +3,8 @@ - - ;; This file is part of GNU Emacs. - -+;; Generated with small ja-dic option: no -+ - ;; Original SKK dictionary file: ../../../leim/SKK-DIC/SKK-JISYO.L - - ;;; Start of the header of the original SKK dictionary. ---- a/lisp/leim/ja-dic/ja-dic.elc -+++ b/lisp/leim/ja-dic/ja-dic.elc -@@ -5,1 +5,1 @@ -- -+ diff --git a/emacs/29.1/06_all_sanity-check.patch b/emacs/29.3/01_all_sanity-check.patch index 6509cf7..6509cf7 100644 --- a/emacs/29.1/06_all_sanity-check.patch +++ b/emacs/29.3/01_all_sanity-check.patch diff --git a/emacs/29.3/02_all_epg-gpmsm.patch b/emacs/29.3/02_all_epg-gpmsm.patch new file mode 100644 index 0000000..646798c --- /dev/null +++ b/emacs/29.3/02_all_epg-gpmsm.patch @@ -0,0 +1,38 @@ +Don't enable pinentry loopback mode for gpgsm +Patch from master branch +https://debbugs.gnu.org/67012 + +commit e736a1b5a2aa2dd8dbaba32a408db70822fe434f +Author: Ulrich Müller <ulm@gentoo.org> +Date: Fri Nov 17 12:16:54 2023 +0100 + + Don't enable pinentry loopback mode for gpgsm + +--- a/doc/misc/epa.texi ++++ b/doc/misc/epa.texi +@@ -640,6 +640,9 @@ GnuPG Pinentry + Emacs. + @end enumerate + ++Note that loopback Pinentry does not work with @command{gpgsm}, ++therefore EasyPG will ignore this setting for it. ++ + There are other options available to use Emacs as Pinentry, you might + come across a Pinentry called @command{pinentry-emacs} or + @command{gpg-agent} option @code{allow-emacs-pinentry}. However, +--- a/lisp/epg.el ++++ b/lisp/epg.el +@@ -595,7 +595,12 @@ epg--start + (if (epg-context-textmode context) '("--textmode")) + (if (epg-context-output-file context) + (list "--output" (epg-context-output-file context))) +- (if (epg-context-pinentry-mode context) ++ (if (and (epg-context-pinentry-mode context) ++ (not ++ ;; loopback doesn't work with gpgsm ++ (and (eq (epg-context-protocol context) 'CMS) ++ (eq (epg-context-pinentry-mode context) ++ 'loopback)))) + (list "--pinentry-mode" + (symbol-name (epg-context-pinentry-mode + context)))) diff --git a/emacs/29.3/03_all_autoconf-2.72.patch b/emacs/29.3/03_all_autoconf-2.72.patch new file mode 100644 index 0000000..45ad85c --- /dev/null +++ b/emacs/29.3/03_all_autoconf-2.72.patch @@ -0,0 +1,24 @@ +Compatibility fix for autoconf-2.72 +Patch backported from master branch +https://bugs.gentoo.org/930502 + +commit e34ebc0ccc6c27e7e1217baad9ca74dd7bea4c37 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Wed Feb 7 13:17:57 2024 -0800 + + Port better to Autoconf 2.72 + + * configure.ac: Set ac_cv_type_gid_t=yes to pacify Autoconf 2.72 + AC_TYPE_GETGROUPS. Problem reported by Nick Bowler in: + https://lists.gnu.org/r/autoconf-patches/2024-02/msg00001.html + +--- emacs-29.3/configure.ac ++++ emacs-29.3/configure.ac +@@ -1661,6 +1661,7 @@ + AC_DEFUN([AC_TYPE_SIZE_T]) + # Likewise for obsolescent test for uid_t, gid_t; Emacs assumes them. + AC_DEFUN([AC_TYPE_UID_T]) ++ac_cv_type_gid_t=yes # AC_TYPE_GETGROUPS needs this in Autoconf 2.72. + + # Check for all math.h functions that Emacs uses; on some platforms, + # -lm is needed for some of these functions. diff --git a/emacs/29.3/04_all_make-info-dir.patch b/emacs/29.3/04_all_make-info-dir.patch new file mode 100644 index 0000000..9ae52c8 --- /dev/null +++ b/emacs/29.3/04_all_make-info-dir.patch @@ -0,0 +1,29 @@ +Make it build with mksh +Patch from emacs-29 branch +https://bugs.gentoo.org/930086 +https://debbugs.gnu.org/70484 + +commit 42766f95e5c0e7eb9e21db964ed93c7e093cc0b9 +Author: Ulrich Müller <ulm@gentoo.org> +Date: Tue Apr 23 07:37:17 2024 +0200 + + * build-aux/make-info-dir: Avoid bashism (bug#70484). + +--- emacs-29.3/build-aux/make-info-dir ++++ emacs-29.3/build-aux/make-info-dir +@@ -33,7 +33,8 @@ + + ## Header contains non-printing characters, so this is more + ## reliable than using awk. +-cat <"${1?}" || exit ++test $# -ge 2 || exit 1 ++cat <"$1" + shift + + exec "${AWK-awk}" ' +@@ -101,4 +102,4 @@ + if (data[dircat]) + printf "\n%s\n%s", topic[dircat], data[dircat] + } +-' "${@?}" ++' "$@" diff --git a/emacs/29.3/05_all_ol-expand-abbrev.patch b/emacs/29.3/05_all_ol-expand-abbrev.patch new file mode 100644 index 0000000..2aef76d --- /dev/null +++ b/emacs/29.3/05_all_ol-expand-abbrev.patch @@ -0,0 +1,58 @@ +org-mode should not expand link abbrevs that specify an unsafe function +Backported from emacs-29 branch + +commit c645e1d8205f0f0663ec4a2d27575b238c646c7c +Author: Ihor Radchenko <yantar92@posteo.net> +Date: Fri Jun 21 15:45:25 2024 +0200 + + org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code + +--- emacs-29.3/lisp/org/ol.el ++++ emacs-29.3/lisp/org/ol.el +@@ -1063,17 +1063,35 @@ + (if (not as) + link + (setq rpl (cdr as)) +- (cond +- ((symbolp rpl) (funcall rpl tag)) +- ((string-match "%(\\([^)]+\\))" rpl) +- (replace-match +- (save-match-data +- (funcall (intern-soft (match-string 1 rpl)) tag)) +- t t rpl)) +- ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) +- ((string-match "%h" rpl) +- (replace-match (url-hexify-string (or tag "")) t t rpl)) +- (t (concat rpl tag))))))) ++ ;; Drop any potentially dangerous text properties like ++ ;; `modification-hooks' that may be used as an attack vector. ++ (substring-no-properties ++ (cond ++ ((symbolp rpl) (funcall rpl tag)) ++ ((string-match "%(\\([^)]+\\))" rpl) ++ (let ((rpl-fun-symbol (intern-soft (match-string 1 rpl)))) ++ ;; Using `unsafep-function' is not quite enough because ++ ;; Emacs considers functions like `genenv' safe, while ++ ;; they can potentially be used to expose private system ++ ;; data to attacker if abbreviated link is clicked. ++ (if (or (eq t (get rpl-fun-symbol 'org-link-abbrev-safe)) ++ (eq t (get rpl-fun-symbol 'pure))) ++ (replace-match ++ (save-match-data ++ (funcall (intern-soft (match-string 1 rpl)) tag)) ++ t t rpl) ++ (org-display-warning ++ (format "Disabling unsafe link abbrev: %s ++You may mark function safe via (put '%s 'org-link-abbrev-safe t)" ++ rpl (match-string 1 rpl))) ++ (setq org-link-abbrev-alist-local (delete as org-link-abbrev-alist-local) ++ org-link-abbrev-alist (delete as org-link-abbrev-alist)) ++ link ++ ))) ++ ((string-match "%s" rpl) (replace-match (or tag "") t t rpl)) ++ ((string-match "%h" rpl) ++ (replace-match (url-hexify-string (or tag "")) t t rpl)) ++ (t (concat rpl tag)))))))) + + (defun org-link-open (link &optional arg) + "Open a link object LINK. diff --git a/emacs/29.3/06_all_flymake-gcc-14.patch b/emacs/29.3/06_all_flymake-gcc-14.patch new file mode 100644 index 0000000..5167d21 --- /dev/null +++ b/emacs/29.3/06_all_flymake-gcc-14.patch @@ -0,0 +1,15 @@ +Fix flymake tests with GCC 14 +https://debbugs.gnu.org/71749 + +--- emacs-29.3/test/lisp/progmodes/flymake-tests.el ++++ emacs-29.3/test/lisp/progmodes/flymake-tests.el +@@ -174,7 +174,8 @@ + (flymake-tests--with-flymake + ("some-problems.h") + (flymake-goto-next-error) +- (should (eq 'flymake-warning (face-at-point))) ++ ;; implicit-int was promoted from warning to error in GCC 14 ++ (should (memq (face-at-point) '(flymake-warning flymake-error))) + (flymake-goto-next-error) + (should (eq 'flymake-error (face-at-point))) + (should-error (flymake-goto-next-error nil nil t))) diff --git a/emacs/29.4/01_all_sanity-check.patch b/emacs/29.4/01_all_sanity-check.patch new file mode 100644 index 0000000..6509cf7 --- /dev/null +++ b/emacs/29.4/01_all_sanity-check.patch @@ -0,0 +1,13 @@ +https://bugs.gentoo.org/916180 + +--- emacs-29.1/Makefile.in ++++ emacs-29.1/Makefile.in +@@ -417,7 +417,7 @@ + + sanity-check: + @[ -f .no-advice-on-failure ] && exit 0; true +- @v=$$(src/emacs${EXEEXT} --batch --eval \ ++ @v=$$(src/emacs${EXEEXT} --batch --quick --eval \ + '(progn (defun f (n) (if (= 0 n) 1 (* n (f (- n 1))))) (princ (f 10)))' \ + 2> /dev/null); \ + [ "X$$v" = "X3628800" ] && exit 0; \ diff --git a/emacs/29.4/02_all_epg-gpmsm.patch b/emacs/29.4/02_all_epg-gpmsm.patch new file mode 100644 index 0000000..646798c --- /dev/null +++ b/emacs/29.4/02_all_epg-gpmsm.patch @@ -0,0 +1,38 @@ +Don't enable pinentry loopback mode for gpgsm +Patch from master branch +https://debbugs.gnu.org/67012 + +commit e736a1b5a2aa2dd8dbaba32a408db70822fe434f +Author: Ulrich Müller <ulm@gentoo.org> +Date: Fri Nov 17 12:16:54 2023 +0100 + + Don't enable pinentry loopback mode for gpgsm + +--- a/doc/misc/epa.texi ++++ b/doc/misc/epa.texi +@@ -640,6 +640,9 @@ GnuPG Pinentry + Emacs. + @end enumerate + ++Note that loopback Pinentry does not work with @command{gpgsm}, ++therefore EasyPG will ignore this setting for it. ++ + There are other options available to use Emacs as Pinentry, you might + come across a Pinentry called @command{pinentry-emacs} or + @command{gpg-agent} option @code{allow-emacs-pinentry}. However, +--- a/lisp/epg.el ++++ b/lisp/epg.el +@@ -595,7 +595,12 @@ epg--start + (if (epg-context-textmode context) '("--textmode")) + (if (epg-context-output-file context) + (list "--output" (epg-context-output-file context))) +- (if (epg-context-pinentry-mode context) ++ (if (and (epg-context-pinentry-mode context) ++ (not ++ ;; loopback doesn't work with gpgsm ++ (and (eq (epg-context-protocol context) 'CMS) ++ (eq (epg-context-pinentry-mode context) ++ 'loopback)))) + (list "--pinentry-mode" + (symbol-name (epg-context-pinentry-mode + context)))) diff --git a/emacs/29.4/03_all_autoconf-2.72.patch b/emacs/29.4/03_all_autoconf-2.72.patch new file mode 100644 index 0000000..45ad85c --- /dev/null +++ b/emacs/29.4/03_all_autoconf-2.72.patch @@ -0,0 +1,24 @@ +Compatibility fix for autoconf-2.72 +Patch backported from master branch +https://bugs.gentoo.org/930502 + +commit e34ebc0ccc6c27e7e1217baad9ca74dd7bea4c37 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Wed Feb 7 13:17:57 2024 -0800 + + Port better to Autoconf 2.72 + + * configure.ac: Set ac_cv_type_gid_t=yes to pacify Autoconf 2.72 + AC_TYPE_GETGROUPS. Problem reported by Nick Bowler in: + https://lists.gnu.org/r/autoconf-patches/2024-02/msg00001.html + +--- emacs-29.3/configure.ac ++++ emacs-29.3/configure.ac +@@ -1661,6 +1661,7 @@ + AC_DEFUN([AC_TYPE_SIZE_T]) + # Likewise for obsolescent test for uid_t, gid_t; Emacs assumes them. + AC_DEFUN([AC_TYPE_UID_T]) ++ac_cv_type_gid_t=yes # AC_TYPE_GETGROUPS needs this in Autoconf 2.72. + + # Check for all math.h functions that Emacs uses; on some platforms, + # -lm is needed for some of these functions. diff --git a/emacs/29.4/04_all_flymake-gcc-14.patch b/emacs/29.4/04_all_flymake-gcc-14.patch new file mode 100644 index 0000000..5167d21 --- /dev/null +++ b/emacs/29.4/04_all_flymake-gcc-14.patch @@ -0,0 +1,15 @@ +Fix flymake tests with GCC 14 +https://debbugs.gnu.org/71749 + +--- emacs-29.3/test/lisp/progmodes/flymake-tests.el ++++ emacs-29.3/test/lisp/progmodes/flymake-tests.el +@@ -174,7 +174,8 @@ + (flymake-tests--with-flymake + ("some-problems.h") + (flymake-goto-next-error) +- (should (eq 'flymake-warning (face-at-point))) ++ ;; implicit-int was promoted from warning to error in GCC 14 ++ (should (memq (face-at-point) '(flymake-warning flymake-error))) + (flymake-goto-next-error) + (should (eq 'flymake-error (face-at-point))) + (should-error (flymake-goto-next-error nil nil t))) |