GNU bug report logs - #78542
[Security] hash locking needed for tree-sitter downloads

Previous Next

Package: emacs;

Reported by: Daniel Colascione <dancol <at> dancol.org>

Date: Wed, 21 May 2025 19:13:04 UTC

Severity: normal

Fixed in version 31.0.50

Done: Juri Linkov <juri <at> linkov.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Juri Linkov <juri <at> linkov.net>
Cc: 78542 <at> debbugs.gnu.org, casouri <at> gmail.com, dancol <at> dancol.org
Subject: bug#78542: [Security] hash locking needed for tree-sitter downloads
Date: Sat, 21 Jun 2025 09:27:38 +0300

> From: Juri Linkov <juri <at> linkov.net>
> Cc: dancol <at> dancol.org,  casouri <at> gmail.com,  78542 <at> debbugs.gnu.org
> Date: Fri, 20 Jun 2025 19:48:09 +0300
> 
> >>  The value should be an alist where each element has the form
> >>  
> >> -    (LANG . (URL REVISION SOURCE-DIR CC C++ COMMIT [KEYWORD VALUE]...))
> >> +    (LANG . (URL REVISION SOURCE-DIR CC C++ COMMIT))
> >>  
> >>  Only LANG and URL are mandatory.  LANG is the language symbol.
> >>  URL is the URL of the grammar's Git repository or a directory
> >> @@ -5015,8 +5015,17 @@ treesit-language-source-alist
> >>  CC and C++ are C and C++ compilers, defaulting to \"cc\" and
> >>  \"c++\", respectively.
> >>  
> >> +Another way to specify optional data is to use keywords:
> >> +
> >> +    (LANG . (URL [KEYWORD VALUE]...))
> >> +
> >>  The currently supported keywords:
> >>  
> >> +`:revision' is the same as REVISION above.
> >> +`:source-dir' is the same as SOURCE-DIR above.
> >> +`:cc' is the same as CC above.
> >> +`:c++' is the same as C++ above.
> >> +`:commit' is the same as COMMIT above.
> >>  `:copy-queries' when non-nil specifies whether to copy the files
> >>  in the \"queries\" directory from the source directory to the
> >>  installation directory.")
> >
> > This is okay, but I guess the keywords are not entirely independent?
> > That is, to have a valid spec one needs several keywords to be
> > specified together?  In that case, I think this should be stated in
> > the doc string.
> 
> Actually, the keywords are independent.

You mean, it's okay to have just the :source-dir, say, and nothing
else, and that would produce a complete specification that could be
used to install or upgrade the grammar library?
This bug report was last modified 23 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.