GNU bug report logs -
#71729
Emacs 29.4 emergency bugfix release
Previous Next
Reported by: Adam Porter <adam <at> alphapapa.net>
Date: Sun, 23 Jun 2024 00:55:01 UTC
Severity: normal
Done: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #16 received at 71729 <at> debbugs.gnu.org (full text, mbox):
Hi Liliana,
On 6/23/24 03:39, Liliana Marie Prikler wrote:
> Am Samstag, dem 22.06.2024 um 19:52 -0500 schrieb Adam Porter:
>> Hello,
>>
>> Today an emergency bugfix release was made of Emacs v29.4. It fixes
>> an important security vulnerability.
> Note: Security bugs should go to guix-security instead. But thanks for
> pointing out the new Emacs release, I've pushed an update. (Thus
> marking this done)
Thanks.
If I may ask here, as it seems relevant and might help other users in
the future:
A few minutes ago I ran "guix pull", but after it finished, "guix show
emacs" still shows:
name: emacs
version: 29.3
Am I missing something? e.g. the equivalents in Debian, like "apt show
emacs" or "apt policy emacs", show both installed and available versions.
So as a user, how am I to know whether I'm using the latest version of a
package? I also tried "guix upgrade -n" (which updates substitute lists
from the network, which can significantly delay its finishing for a
simple check like this), and it shows:
The following packages would be upgraded:
emacs (dependencies or package changed)
But maybe that's affected by the workaround I'm using (see below).
>> FWIW, I had hoped that I could install it by running:
>>
>> guix install --with-version=emacs=29.4 emacs
>>
>> But that fails the validate-comp-integrity phase, showing that all of
>> its tests fail, with every function being loaded in byte-compiled
>> form instead of native-compiled.
> Ah, yes, that is not something you can do with --with-version, as it
> disregards our patches and everything.
Ah, I wish I had known that. FWIW, looking at
<https://guix.gnu.org/manual/en/html_node/Package-Transformation-Options.html>,
I can't even find "--with-version" documented at all. But besides that,
none of them seem to explain that such options may discard parts of the
package definition, such as patches (if any of those other options
do--is it only "--with-version" that does?). Does a documentation bug
need to be filed about this?
> As for how to work around this, you can do a more elaborate package
> definition:
>
> (package
> (inherit emacs)
> (version NEW_VERSION)
> (source (origin (inherit (package-source emacs))
> (uri NEW_URI))))
>
> This should automatically apply our patches. Or, you can locally run
> `guix refresh -u emacs'.
Thanks for the pointer. I defined a package called "emacs-jit" (and a
corresponding "emacs-minimal-jit") that comments out the JIT-disabling
patches, so that I can still JIT-compile packages installed through
Emacs, and it seems to be working fine.
Would you be willing to accept some kind of package definition like that
being added to Guix, as an alternative to the main "emacs" package? (I
won't quibble over the name.) I think that there are a significant
number of users who would like to use Guix to keep Emacs up-to-date
without sacrificing the ability to native-compile packages installed
from within Emacs. It would be nice to have this in Guix so that I
wouldn't have to manually update the package definition according to
upstream changes.
Thanks,
Adam
This bug report was last modified 1 year and 56 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.