diff --git a/1000-anolis-emacs-support-loongarch64.patch b/1000-anolis-emacs-support-loongarch64.patch
deleted file mode 100644
index f3923c788096edd0de40fb33639e755301227d8f..0000000000000000000000000000000000000000
--- a/1000-anolis-emacs-support-loongarch64.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-diff -Nur emacs-26.1/build-aux/config.guess emacs-26.1.new/build-aux/config.guess
---- emacs-26.1/build-aux/config.guess	2018-04-23 22:17:34.000000000 +0800
-+++ emacs-26.1.new/build-aux/config.guess	2021-12-06 13:19:16.684000000 +0800
-@@ -893,6 +893,9 @@
-     aarch64:Linux:*:*)
- 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
- 	exit ;;
-+    loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
-+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-+	exit ;;
-     aarch64_be:Linux:*:*)
- 	UNAME_MACHINE=aarch64_be
- 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-diff -Nur emacs-26.1/build-aux/config.sub emacs-26.1.new/build-aux/config.sub
---- emacs-26.1/build-aux/config.sub	2018-04-23 22:17:34.000000000 +0800
-+++ emacs-26.1.new/build-aux/config.sub	2021-12-06 13:19:48.160000000 +0800
-@@ -245,6 +245,7 @@
- 	1750a | 580 \
- 	| a29k \
- 	| aarch64 | aarch64_be \
-+	| loongarch32 | loongarch64 | loongarchx32 \
- 	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
- 	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
- 	| am33_2.0 \
-@@ -369,6 +370,7 @@
- 	580-* \
- 	| a29k-* \
- 	| aarch64-* | aarch64_be-* \
-+	| loongarch32-* | loongarch64-* | loongarchx32-* \
- 	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
- 	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
- 	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
diff --git a/dist b/dist
new file mode 100644
index 0000000000000000000000000000000000000000..535c6900412d365bb0ff6de8d1f27110833b3ae3
--- /dev/null
+++ b/dist
@@ -0,0 +1 @@
+an8_7
diff --git a/download b/download
new file mode 100644
index 0000000000000000000000000000000000000000..f35adc62a75e33afb0487550678c8e9767c5652c
--- /dev/null
+++ b/download
@@ -0,0 +1 @@
+649ec46965a8b842bdb2cbf7764c2a9a  emacs-26.1.tar.xz
diff --git a/emacs-26.1.tar.xz b/emacs-26.1.tar.xz
deleted file mode 100644
index dbc8aa515a44768c9ae10e4020b161703d785768..0000000000000000000000000000000000000000
Binary files a/emacs-26.1.tar.xz and /dev/null differ
diff --git a/emacs-ob-latex-command-injection-vulnerability.patch b/emacs-ob-latex-command-injection-vulnerability.patch
new file mode 100644
index 0000000000000000000000000000000000000000..275ada9519bd4447c33d9b84d715da8747e61c43
--- /dev/null
+++ b/emacs-ob-latex-command-injection-vulnerability.patch
@@ -0,0 +1,43 @@
+From a8006ea580ed74f27f974d60b598143b04ad1741 Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Sat, 11 Mar 2023 18:53:37 +0800
+Subject: * lisp/org/ob-latex.el: Fix command injection vulnerability
+
+(org-babel-execute:latex):
+Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'.
+
+TINYCHANGE
+---
+ lisp/org/ob-latex.el | 13 +++++--------
+ 1 file changed, 5 insertions(+), 8 deletions(-)
+
+diff --git a/lisp/org/ob-latex.el b/lisp/org/ob-latex.el
+index a2c24b3..ce39628 100644
+--- a/lisp/org/ob-latex.el
++++ b/lisp/org/ob-latex.el
+@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'."
+ 	    (if (string-suffix-p ".svg" out-file)
+ 		(progn
+ 		  (shell-command "pwd")
+-		  (shell-command (format "mv %s %s"
+-					 (concat (file-name-sans-extension tex-file) "-1.svg")
+-					 out-file)))
++                  (rename-file (concat (file-name-sans-extension tex-file) "-1.svg")
++                               out-file t))
+ 	      (error "SVG file produced but HTML file requested")))
+ 	   ((file-exists-p (concat (file-name-sans-extension tex-file) ".html"))
+ 	    (if (string-suffix-p ".html" out-file)
+-		(shell-command "mv %s %s"
+-			       (concat (file-name-sans-extension tex-file)
+-				       ".html")
+-			       out-file)
+-	      (error "HTML file produced but SVG file requested")))))
++                (rename-file (concat (file-name-sans-extension tex-file) ".html")
++                             out-file t)
++              (error "HTML file produced but SVG file requested")))))
+ 	 ((or (string= "pdf" extension) imagemagick)
+ 	  (with-temp-file tex-file
+ 	    (require 'ox-latex)
+-- 
+cgit v1.1
+
diff --git a/emacs.spec b/emacs.spec
index 51bb26698ca68a946f6fa0689136d11b0685d3d8..b8177cf44cf51f79f7d4c08cb48860e7c56eaf08 100644
--- a/emacs.spec
+++ b/emacs.spec
@@ -1,4 +1,3 @@
-%define anolis_release .0.2
 %global _hardened_build 1
 
 # This file is encoded in UTF-8.  -*- coding: utf-8 -*-
@@ -6,7 +5,7 @@ Summary:       GNU Emacs text editor
 Name:          emacs
 Epoch:         1
 Version:       26.1
-Release:       7%{anolis_release}%{?dist}
+Release:       7%{?dist}.1
 License:       GPLv3+ and CC0-1.0
 URL:           http://www.gnu.org/software/emacs/
 Group:         Applications/Editors
@@ -25,10 +24,7 @@ Source10:      package-keyring.gpg
 # rhbz#713600
 Patch1:        emacs-spellchecker.patch
 Patch2:        emacs-system-crypto-policies.patch
-
-# Add by Anolis
-Patch1000:     1000-anolis-emacs-support-loongarch64.patch
-# End of Anolis
+Patch3:        emacs-ob-latex-command-injection-vulnerability.patch
 
 BuildRequires: atk-devel
 BuildRequires: cairo-devel
@@ -85,9 +81,6 @@ Requires(posttrans): %{_sbindir}/alternatives
 Requires:      emacs-common = %{epoch}:%{version}-%{release}
 Provides:      emacs(bin) = %{epoch}:%{version}-%{release}
 
-Requires:     glibc
-Provides:     /usr/bin/emacs
-
 %define site_lisp %{_datadir}/emacs/site-lisp
 %define site_start_d %{site_lisp}/site-start.d
 %define bytecompargs -batch --no-init-file --no-site-file -f batch-byte-compile
@@ -102,15 +95,6 @@ without leaving the editor.
 
 This package provides an emacs binary with support for X windows.
 
-%package doc
-Summary: Documents for %{name}
-BuildArch: noarch
-Requires: %{name} = %{epoch}:%{version}-%{release}
-
-
-%description  doc
-Doc pages for %{name}.
-
 %package lucid
 Summary:       GNU Emacs text editor with LUCID toolkit X support
 Group:         Applications/Editors
@@ -195,7 +179,7 @@ packages that add functionality to Emacs.
 
 %patch1 -p1 -b .spellchecker
 %patch2 -p1 -b .system-crypto-policies
-%patch1000 -p1
+%patch3 -p1 -b .ob-latex-command-injection-vulnerability
 autoconf
 
 # We prefer our emacs.desktop file
@@ -456,6 +440,7 @@ fi
 %config(noreplace) %{_sysconfdir}/skel/.emacs
 %{_rpmconfigdir}/macros.d/macros.emacs
 %license etc/COPYING
+%doc doc/NEWS BUGS README
 %{_bindir}/ebrowse
 %{_bindir}/emacsclient
 %{_bindir}/etags.emacs
@@ -480,15 +465,9 @@ fi
 %dir %{_datadir}/emacs/site-lisp
 %dir %{_datadir}/emacs/site-lisp/site-start.d
 
-%files doc
-%doc doc/NEWS BUGS README
-
 %changelog
-* Sat Jul 16 2022 mgb01105731 <mgb01105731@alibaba-inc.com> - 1:26.1-7.0.2
-- Add doc sub package
-
-* Mon Dec  6 2021 Liwei Ge <geliwei@openanolis.org> - 1:26.1-7.0.1
-- Support loongarch64 platform
+* Thu Apr 6 2023 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-7.1
+- Fix ob-latex.el command injection vulnerability (#2180585)
 
 * Thu Aug 5 2021 Jacek Migacz <jmigacz@redhat.com> - 1:26.1-7
 - provide gating.yaml for CI