Patch emacs for CVE-2026-6861

Author: azurelinux-security

SPECS/emacs/CVE-2026-6861.patch

@@ -0,0 +1,28 @@
+From bf29cc85ce8cc77c0392887020f55d73bb0e0d18 Mon Sep 17 00:00:00 2001
+From: Eli Zaretskii <eliz@gnu.org>
+Date: Sat, 18 Apr 2026 10:35:05 +0300
+Subject: [PATCH] * src/image.c (svg_load_image): Fix off-by-one mistake
+ (bug#80851).
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://cgit.git.savannah.gnu.org/cgit/emacs.git/patch/?id=8f535370b9efbc91673b20c6987a5cae4f6dc562
+---
+ src/image.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/image.c b/src/image.c
+index 911dfc4..15e68d7 100644
+--- a/src/image.c
++++ b/src/image.c
+@@ -11247,7 +11247,7 @@ svg_load_image (struct frame *f, struct image *img, char *contents,
+     {
+       css = xmalloc (SBYTES (lcss) + 1);
+       strncpy (css, SSDATA (lcss), SBYTES (lcss));
+-      *(css + SBYTES (lcss) + 1) = 0;
++      *(css + SBYTES (lcss)) = 0;
+     }
+ #endif
+ 
+-- 
+2.45.4
+

SPECS/emacs/emacs.spec

@@ -1,7 +1,7 @@
 Summary:        GNU Emacs text editor
 Name:           emacs
 Version:        29.4
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv3+ AND CC0-1.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -12,6 +12,7 @@ Source1:        site-start.el
 Source2:        default.el
 Patch0:         CVE-2025-1244.patch
 Patch1:         CVE-2024-53920.patch
+Patch2:         CVE-2026-6861.patch
 BuildRequires:  gcc
 BuildRequires:  glibc-devel
 BuildRequires:  gnutls-devel
@@ -130,6 +131,9 @@ rm -f *-filelist {common,el}-*-files
 %dir %{_datadir}/emacs/site-lisp/site-start.d
 
 %changelog
+* Wed Apr 29 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 29.4-4
+- Patch for CVE-2026-6861
+
 * Mon Mar 17 2025 Henry Li <lihl@microsoft.com> - 29.4-3
 - Add patch to resolve CVE-2024-53920