Don't save bookmark context from encrypted files

* doc/emacs/regs.texi (Bookmarks): Mention this.
* lisp/bookmark.el (bookmark-make-record): Don't include context
in encrypted files (bug#57856).

* lisp/epa-hook.el (epa-file-name-p): New function.

diff --git a/doc/emacs/regs.texi b/doc/emacs/regs.texi
index fb936018798cb4c157400f0dcbc8933d81b9a192..ef9187bb9a640804d165dcd39bf2e67986ec7371 100644 (file)
--- a/doc/emacs/regs.texi
+++ b/doc/emacs/regs.texi
@@ -381,7 +381,8 @@ jump to the bookmark.
 @code{bookmark-jump} can find the proper position even if the file is
 modified slightly.  The variable @code{bookmark-search-size} says how
 many characters of context to record on each side of the bookmark's
-position.
+position.  (In buffers that are visiting encrypted files, no context
+is saved in the bookmarks file no matter the value of this variable.)
 
   Here are some additional commands for working with bookmarks:
 

diff --git a/etc/NEWS b/etc/NEWS
index e5d9b1ca23d3ce11a5f7f7d408c37d6488344c5e..a739d74b65017fd031269490c251c69d249e5e72 100644 (file)
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -180,6 +180,11 @@ of 'user-emacs-directory'.
 \f
 * Incompatible changes in Emacs 29.1
 
++++
+*** bookmarks no longer include context for encrypted files.
+If you're visiting an encrypted file, setting a bookmark no longer
+includes excerpts from that buffer in the bookmarks file.
+
 ---
 *** 'show-paren-mode' is now disabled in 'special-mode' buffers.
 In Emacs versions previous to Emacs 28.1, 'show-paren-mode' defaulted

diff --git a/lisp/bookmark.el b/lisp/bookmark.el
index 8dfc16bf9faa24d26057472a9cb8fb311342e5bb..f150a24bbfb1a5c62b1003fe0255b9a14d51c9eb 100644 (file)
--- a/lisp/bookmark.el
+++ b/lisp/bookmark.el
@@ -594,7 +594,18 @@ equivalently just return ALIST without NAME.")
 
 (defun bookmark-make-record ()
   "Return a new bookmark record (NAME . ALIST) for the current location."
-  (let ((record (funcall bookmark-make-record-function)))
+  (let* ((bookmark-search-size
+          ;; If we're in a buffer that's visiting an encrypted file,
+          ;; don't include any context in the bookmark file, because
+          ;; that would leak (possibly secret) data.
+          (if (and buffer-file-name
+                   (or (and (fboundp 'epa-file-name-p)
+                            (epa-file-name-p buffer-file-name))
+                       (and (fboundp 'tramp-crypt-file-name-p)
+                            (tramp-crypt-file-name-p buffer-file-name))))
+              0
+            bookmark-search-size))
+         (record (funcall bookmark-make-record-function)))
     ;; Set up default name if the function does not provide one.
     (unless (stringp (car record))
       (if (car record) (push nil record))

diff --git a/lisp/epa-hook.el b/lisp/epa-hook.el
index 18e47c682e82eba69b196375435fb6847953c00d..70c303088197017c35c2ceb1e020b7737ec4d224 100644 (file)
--- a/lisp/epa-hook.el
+++ b/lisp/epa-hook.el
@@ -88,6 +88,10 @@ interface, update `file-name-handler-alist'."
           epa-file-inhibit-auto-save)
       (auto-save-mode 0)))
 
+(defun epa-file-name-p (file)
+  "Say whether FILE is handled by `epa-file'."
+  (and auto-encryption-mode (string-match-p epa-file-name-regexp file)))
+
 (define-minor-mode auto-encryption-mode
   "Toggle automatic file encryption/decryption (Auto Encryption mode)."
   :global t :init-value t :group 'epa-file :version "23.1"