Package: emacs / 1:28.2+1-15+deb12u4
Metadata
| Package | Version | Patches format |
|---|---|---|
| emacs | 1:28.2+1-15+deb12u4 | 3.0 (quilt) |
Patch series
view the series file| Patch | File delta | Description |
|---|---|---|
| 0001 Prefer usr share info emacs.patch | (download) |
lisp/info.el |
3 2 + 1 - 0 ! |
prefer /usr/share/info/emacs/ Emacs prefers /usr/share/info/emacs to /usr/share/info. The value of Info-default-directory-list has been augmented via lisp/info.el to include /usr/share/info/emacs before /usr/share/info. |
| 0002 Run debian startup and set debian emacs flavor.patch | (download) |
lisp/startup.el |
13 12 + 1 - 0 ! |
run debian-startup and set debian-emacs-flavor Emacs runs debian-startup and sets debian-emacs-flavor. * Emacs runs debian-startup during the startup process unless site-run-file is false. * The global variable debian-emacs-flavor is bound to 'emacs. |
| 0003 Remove files that appear to be incompatible with the.patch | (download) |
Makefile.in |
44 17 + 27 - 0 ! |
remove files that appear to be incompatible with the dfsg Files that appear to be incompatible with the DFSG have been removed. A number of files have been removed from this package because their licenses are not compatible with the Debian Free Software Guidelines (DFSG), or because it wasn't completely clear that their licenses are compatible. In particular, all of the files which are covered under the GFDL and have invariant sections have been removed in accordance with this General Resolution: http://www.debian.org/vote/2006/vote_001. The files that have been removed, but still appear to be distributable, have been moved to packages in Debian's non-free section. |
| 0004 Adjust documentation references for Debian.patch | (download) |
etc/NEWS |
5 5 + 0 - 0 ! |
adjust documentation references for debian Various documentation references have been adjusted for Debian. References to /usr/local/... have been changed to /usr/... as appropriate, etc. |
| 0005 Modify the output of version to indicate Debian modi.patch | (download) |
lisp/version.el |
2 1 + 1 - 0 ! |
modify the output of (version) to indicate debian modifications The output of (version) has been modified to indicate Debian modifications. |
| 0006 Don t try to build src macuvs.h via IVD_Sequences.tx.patch | (download) |
admin/unidata/Makefile.in |
2 1 + 1 - 0 ! |
don't try to build src/macuvs.h (via ivd_sequences.txt) These are OS X specific, and were removed for now, due to uncertainty over the licensing. |
| 0007 Kill gpg agent in package test.el to avoid a race.patch | (download) |
test/lisp/emacs-lisp/package-tests.el |
9 8 + 1 - 0 ! |
kill gpg agent in package-test.el to avoid a race package-test.el should no longer fail during clean up. * Previously a delete-directories call raced with the gpg agent's own cleanup process (presumably triggered by the first deletion of one of the agent's sockets). As a result, it looks like the agent might delete one of its sockets after delete-directories had decided to delete the socket, but before it made the attempt, causing an exception. * To fix the problem, explicitly ask gpg-connect-agent to kill the agent before attempting to delete the gnupg home directory, and then delete via "rm -rf" to ignore any vanishing files. |
| 0008 Mark vc bzr test fauilt bzr autoloads as unstable fo.patch | (download) |
test/lisp/vc/vc-bzr-tests.el |
1 1 + 0 - 0 ! |
mark vc-bzr-test-fauilt-bzr-autoloads as unstable for now
Currently the test fails like this:
Running 3 tests (2018-12-17 12:17:43-0600)
passed 1/3 vc-bzr-test-bug9726
Mark set
Press C-c C-c when you are done editing.
Enter a change comment. Type C-c C-c when done
passed 2/3 vc-bzr-test-bug9781
Falling back on "slow" status detection ((file-missing "Opening input file" "No such file or directory" "/tmp/vc-bzr-testVlgmsb/bzr/.bzr/checkout/dirstate"))
Error: (error "Running bzr status --no-classify loaddefs.el...FAILED (status 3)")
Warnings in `bzr' output: bzr: ERROR: invalid header line: ''
Error: (error "Running bzr status --no-classify loaddefs.el...FAILED (status 3)")
Warnings in `bzr' output: bzr: ERROR: invalid header line: ''
Test vc-bzr-test-faulty-bzr-autoloads backtrace:
logand(nil 128)
vc-mode-line("/tmp/vc-bzr-testVlgmsb/bzr/loaddefs.el" Bzr)
vc-refresh-state()
run-hooks(find-file-hook)
after-find-file(t t)
find-file-noselect-1(#<buffer loaddefs.el> "/tmp/vc-bzr-testVlgmsb/b
find-file-noselect("/tmp/vc-bzr-testVlgmsb/bzr/loaddefs.el")
autoload-find-generated-file()
update-directory-autoloads("/tmp/vc-bzr-testVlgmsb/bzr/")
(progn (update-directory-autoloads default-directory) t)
(setq value-35 (progn (update-directory-autoloads default-directory)
(unwind-protect (setq value-35 (progn (update-directory-autoloads de
(if (unwind-protect (setq value-35 (progn (update-directory-autoload
(let (form-description-36) (if (unwind-protect (setq value-35 (progn
(let ((value-35 (gensym "ert-form-evaluation-aborted-"))) (let (form
(progn (call-process vc-bzr-program nil nil nil "init") (let ((temp-
(unwind-protect (progn (call-process vc-bzr-program nil nil nil "ini
(let* ((homedir (make-temp-file "vc-bzr-test" t)) (bzrdir (expand-fi
(lambda nil (let* ((fn-30 (function executable-find)) (args-31 (cond
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name vc-bzr-test-faulty-bzr-autoloads :doc
ert-run-or-rerun-test(#s(ert--stats :selector (not (or (tag :expensi
ert-run-tests((not (or (tag :expensive-test) (tag :unstable))) #f(co
ert-run-tests-batch((not (or (tag :expensive-test) (tag :unstable)))
ert-run-tests-batch-and-exit((not (or (tag :expensive-test) (tag :un
eval((ert-run-tests-batch-and-exit '(not (or (tag :expensive-test) (
command-line-1(("-L" ":/home/locke/tmp/main-26.1/debian/build-src/te
command-line()
normal-top-level()
Test vc-bzr-test-faulty-bzr-autoloads condition:
(wrong-type-argument number-or-marker-p nil)
FAILED 3/3 vc-bzr-test-faulty-bzr-autoloads
Ran 3 tests, 2 results as expected, 1 unexpected (2018-12-17 12:17:46-0600)
1 unexpected results:
FAILED vc-bzr-test-faulty-bzr-autoloads
|
| 0009 pdumper set DUMP_RELOC_ALIGNMENT_BITS 1 for m68k.patch | (download) |
src/pdumper.c |
4 4 + 0 - 0 ! |
pdumper: set dump_reloc_alignment_bits=1 for m68k Before the change builds would fail like this: (...) Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/vc/vc-hooks.el (source)... |
| 0010 Avoid fork bomb caused by native compilation.patch | (download) |
lisp/emacs-lisp/comp.el |
134 68 + 66 - 0 ! |
avoid fork bomb caused by native compilation This upstream patch has been incorporated to fix the problem: Prevent potential native compilation infinite recursions * lisp/emacs-lisp/comp.el (comp-no-spawn): New var. (comp-subr-trampoline-install, comp-final, comp-run-async-workers) (comp--native-compile): Update. |
| 0011 Avoid fork bomb caused by native compilation trampol.patch | (download) |
lisp/emacs-lisp/comp.el |
10 5 + 5 - 0 ! |
avoid fork bomb caused by native compilation trampolines This upstream patch has been incorporated to fix the problem: Set `comp-no-spawn' earlier using -no-comp-spawn * src/emacs.c (standard_args): Add '-no-comp-spawn' cmd line option. * lisp/startup.el (command-line): Parse '-no-comp-spawn' cmd line option. * lisp/emacs-lisp/comp.el (comp-run-async-workers, comp-final): Use '-no-comp-spawn'. |
| 0012 Fix eln files not being generated when native comp a.patch | (download) |
lisp/emacs-lisp/comp.el |
3 2 + 1 - 0 ! |
fix eln files not being generated when native-comp-async runs This upstream patch has been incorporated to fix the problem: * Fix async native compilation (bug#58637) * lisp/emacs-lisp/comp.el (comp--native-compile): Fix gate condition. (comp-run-async-workers): Add assetion. |
| 0013 Fix large core dumps from background processes.patch | (download) |
src/emacs.c |
6 3 + 3 - 0 ! |
fix large core dumps from background processes This upstream patch has been incorporated to fix the problem: Avoid dumping core upon SIGHUP in non-interactive sessions * src/emacs.c (terminate_due_to_signal): Don't special-case SIGINT. Patch by Paul Eggert <eggert@cs.ucla.edu>. (Bug#58956) |
| 0014 Mark test undo region as unstable.patch | (download) |
test/lisp/simple-tests.el |
1 1 + 0 - 0 ! |
mark test-undo-region as unstable
It is repeatedly failing on Debian's arch:all autobuilders, though
seemingly nowhere else:
passed 40/44 simple-transpose-subr (0.000396 sec)
Test test-undo-region backtrace:
signal(ert-test-failed (((should (= (length (delq nil (undo-make-sel
ert-fail(((should (= (length (delq nil (undo-make-selective-list 1 9
#f(compiled-function () #<bytecode 0x52f126616d2cdbd>)()
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name test-undo-region :documentation nil :
ert-run-or-rerun-test(#s(ert--stats :selector ... :tests ... :test-m
ert-run-tests((not (or (tag :expensive-test) (tag :unstable))) #f(co
ert-run-tests-batch((not (or (tag :expensive-test) (tag :unstable)))
ert-run-tests-batch-and-exit((not (or (tag :expensive-test) (tag :un
command-line-1(("-L" ":/<<PKGBUILDDIR>>/debian/build
command-line()
normal-top-level()
Test test-undo-region condition:
(ert-test-failed
((should
(=
(length ...)
2))
:form
(= 3 2)
:value nil))
FAILED 41/44 test-undo-region (0.000185 sec)
|
| 0015 Mark flaky test process tests multiple threads waiti.patch | (download) |
test/src/process-tests.el |
1 1 + 0 - 0 ! |
mark flaky test process-tests/multiple-threads-waiting as unstable
It times out:
passed 22/28 process-tests/fd-setsize-no-crash/make-serial-process (0.021449 sec)
make[5]: *** [Makefile:182: src/process-tests.log] Error 134
GEN src/regex-emacs-tests.log
GEN src/search-tests.log
GEN src/syntax-tests.log
GEN src/textprop-tests.log
GEN src/thread-tests.log
GEN src/timefns-tests.log
GEN src/undo-tests.log
GEN src/xdisp-tests.log
GEN src/xfaces-tests.log
GEN src/xml-tests.log
make[5]: Leaving directory '/<<PKGBUILDDIR>>/debian/build-gtk/test'
make[4]: [Makefile:335: check-doit] Error 2 (ignored)
SUMMARY OF TEST RESULTS
|
| 0016 Fix ctags local command execution vulnerability CVE .patch | (download) |
lib-src/etags.c |
149 113 + 36 - 0 ! |
fix ctags local command execution vulnerability (cve-2022-45939) This upstream patch has been incorporated to fix the problem: Fixed ctags local command execute vulnerability * lib-src/etags.c: (clean_matched_file_tag): New function (do_move_file): New function (readline_internal): Add `leave_cr` parameter, if true, include the \r character * test/manual/etags/CTAGS.good_crlf: New file * test/manual/etags/CTAGS.good_update: New file * test/manual/etags/crlf: New file * test/manual/etags/Makefile: Add `ctags -u` test cases |
| 0017 Add inhibit native compilation.patch | (download) |
lisp/emacs-lisp/comp.el |
35 19 + 16 - 0 ! |
add 'inhibit-native-compilation' The following upstream patch has been backported: Add new variable 'inhibit-native-compilation' * lisp/startup.el (normal-top-level): Set inhibit-native-compilation from environment variable. * lisp/emacs-lisp/comp.el (comp-trampoline-compile): Don't write trampolines to disk. * lisp/progmodes/elisp-mode.el (emacs-lisp-native-compile-and-load): Adjust. * src/comp.c (syms_of_comp): New variable inhibit-native-compilation. (maybe_defer_native_compilation): Use it. |
| 0018 Rename to inhibit automatic native compilation.patch | (download) |
lisp/emacs-lisp/comp.el |
2 1 + 1 - 0 ! |
rename to 'inhibit-automatic-native-compilation' The following upstream patch has been backported: Rename to inhibit-automatic-native-compilation * src/comp.c (maybe_defer_native_compilation): (syms_of_comp): * lisp/startup.el (inhibit-native-compilation): (normal-top-level): * lisp/progmodes/elisp-mode.el (emacs-lisp-native-compile-and-load): * lisp/emacs-lisp/comp.el (comp-trampoline-compile): Rename inhibit-native-compilation to inhibit-automatic-native-compilation. |
| 0019 Fix copyright tests for 2023 onwards.patch | (download) |
test/lisp/emacs-lisp/copyright-tests.el |
6 4 + 2 - 0 ! |
fix copyright tests for 2023 onwards This upstream patch has been incorporated to fix the problem: ; * test/lisp/emacs-lisp/copyright-tests.el: Fix and future-safe. |
| 0020 Fix htmlfontify.el command injection vulnerability C.patch | (download) |
lisp/htmlfontify.el |
2 1 + 1 - 0 ! |
fix htmlfontify.el command injection vulnerability (cve-2022-48339) This upstream patch has been incorporated to fix the problem: Fix htmlfontify.el command injection vulnerability. * lisp/htmlfontify.el (hfy-text-p): Fix command injection vulnerability. (Bug#60295) |
| 0021 Fix ruby mode.el command injection vulnerability CVE.patch | (download) |
lisp/progmodes/ruby-mode.el |
2 1 + 1 - 0 ! |
fix ruby-mode.el command injection vulnerability (cve-2022-48338) This upstream patch has been incorporated to fix the problem: Fix ruby-mode.el local command injection vulnerability (bug#60268) * lisp/progmodes/ruby-mode.el (ruby-find-library-file): Fix local command injection vulnerability. |
| 0022 Fix etags local command injection vulnerability CVE .patch | (download) |
lib-src/etags.c |
63 58 + 5 - 0 ! |
fix etags local command injection vulnerability (cve-2022-48337) This upstream patch has been incorporated to fix the problem: Fix etags local command injection vulnerability * lib-src/etags.c: (escape_shell_arg_string): New function. (process_file_name): Use it to quote file names passed to the shell. (Bug#59817) |
| 0023 Fix memory leak in etags.c.patch | (download) |
lib-src/etags.c |
2 2 + 0 - 0 ! |
fix memory leak in etags.c This upstream patch has been incorporated to fix the problem: * lib-src/etags.c (process_file_name): Free malloc'ed vars (bug#61819). |
| 0024 Fix quoted argument in emacsclient mail.desktop CVE .patch | (download) |
etc/emacsclient-mail.desktop |
4 2 + 2 - 0 ! |
fix quoted argument in emacsclient-mail.desktop (cve-2023-27985) This upstream patch has been incorporated to fix the problem: Fix quoted argument in emacsclient-mail.desktop Exec key Apparently the emacsclient-mail.desktop file doesn't conform to the Desktop Entry Specification at https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables which says about the Exec key: | Field codes must not be used inside a quoted argument, the result of | field code expansion inside a quoted argument is undefined. However, the %u field code is used inside a quoted argument of the Exec key in both the [Desktop Entry] and [Desktop Action new-window] sections. * etc/emacsclient-mail.desktop (Exec): The Desktop Entry Specification does not allow field codes like %u inside a quoted argument. Work around it by passing %u as first parameter ($1) to the shell wrapper. * etc/emacsclient.desktop (Exec): Use `sh` rather than `placeholder` as the command name of the shell wrapper. (Bug#60204) |
| 0025 Fix code injection vulnerability CVE 2023 27986.patch | (download) |
etc/emacsclient-mail.desktop |
7 5 + 2 - 0 ! |
fix code injection vulnerability (cve-2023-27986)
This upstream patch has been incorporated to fix the problem:
Fix Elisp code injection vulnerability in emacsclient-mail.desktop
A crafted mailto URI could contain unescaped double-quote
characters, allowing injection of Elisp code. Therefore, any
'\' and '"' characters are replaced by '\\' and '\"', using Bash
pattern substitution (which is not available in the POSIX shell).
We want to pass literal 'u=${1//\\/\\\\}; u=${u//\"/\\\"};' in the
bash -c command, but in the desktop entry '"', '$', and '\' must
be escaped as '\\"', '\\$', and '\\\\', respectively (backslashes
are expanded twice, see the Desktop Entry Specification).
Reported by Gabriel Corona <gabriel.corona@free.fr>.
* etc/emacsclient-mail.desktop (Exec): Escape backslash and
double-quote characters.
|
| 0026 Gnus nnml should avoid crashing on some invalid head.patch | (download) |
lisp/gnus/nnml.el |
13 9 + 4 - 0 ! |
gnus nnml should avoid crashing on some invalid headers This upstream patch has been incorporated to fix the problem: Fix storing email into nnmail by Gnus * lisp/gnus/nnml.el (nnml--encode-headers): Wrap 'rfc2047-encode-string' calls with 'ignore-errors', to avoid disrupting email workflows due to possibly-invalid headers. Reported by Florian Weimer <fweimer@redhat.com>. |
| 0027 Org Mode vulnerability CVE 2023 28617 is fixed 1 2.patch | (download) |
lisp/org/ob-latex.el |
13 5 + 8 - 0 ! |
org mode vulnerability cve-2023-28617 is fixed (1/2) https://security-tracker.debian.org/tracker/CVE-2023-28617 This upstream patch (1/2) has been incorporated to fix the problem: * lisp/ob-latex.el: Fix command injection vulnerability (org-babel-execute:latex): Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'. TINYCHANGE |
| 0028 Org Mode vulnerability CVE 2023 28617 is fixed 2 2.patch | (download) |
lisp/org/ob-latex.el |
2 1 + 1 - 0 ! |
org mode vulnerability cve-2023-28617 is fixed (2/2) https://security-tracker.debian.org/tracker/CVE-2023-28617 This upstream patch (2/2) has been incorporated to fix the problem: Org Mode command injection vulnerability has been fixed (CVE-2023-28617) * lisp/ob-latex.el (org-babel-execute:latex): Fix command injection vulnerability Link: https://orgmode.org/list/tencent_5C4D5D0DEFDDBBFC66F855703927E60C7706@qq.com TINYCHANGE |
| 0029 org macro set templates Prevent code evaluation.patch | (download) |
lisp/org/org-macro.el |
9 8 + 1 - 0 ! |
org-macro--set-templates: prevent code evaluation * lisp/org/org-macro.el (org-macro--set-templates): Get rid of any risk to evaluate code when `org-macro--set-templates' is called as a part of major mode initialization. This way, no code evaluation is ever triggered when user merely opens the file or when `mm-display-org-inline' invokes Org major mode to fontify mime part preview in email messages. (cherry picked from commit befa9fcaae29a6c9a283ba371c3c5234c7f644eb) |
| 0030 lisp files.el untrusted content New variable.patch | (download) |
lisp/files.el |
8 8 + 0 - 0 ! |
* lisp/files.el (untrusted-content): new variable. The new variable is to be used when buffer contents comes from untrusted source. (cherry picked from commit ccc188fcf98ad9166ee551fac9d94b2603c3a51b) |
| 0031 lisp gnus mm view.el mm display inline fontify Mark .patch | (download) |
lisp/gnus/mm-view.el |
1 1 + 0 - 0 ! |
* lisp/gnus/mm-view.el (mm-display-inline-fontify): mark contents untrusted. (cherry picked from commit 937b9042ad7426acdcca33e3d931d8f495bdd804) |
| 0032 org latex preview Add protection when untrusted cont.patch | (download) |
lisp/org/org.el |
19 19 + 0 - 0 ! |
org-latex-preview: add protection when `untrusted-content' is non-nil * lisp/org/org.el (org--latex-preview-when-risky): New variable controlling how to handle LaTeX previews in Org files from untrusted origin. (org-latex-preview): Consult `org--latex-preview-when-risky' before generating previews. This patch adds a layer of protection when LaTeX preview is requested for an email attachment, where `untrusted-content' is set to non-nil. (cherry picked from commit 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c) |
| 0033 org Add setting for remote file download policy.patch | (download) |
lisp/org/org-attach.el |
10 8 + 2 - 0 ! |
org: add setting for remote file download policy * lisp/org/org.el (org-resource-download-policy, org-safe-remote-resources): Two new customisations to configure the policy for downloading remote resources. (org--should-fetch-remote-resource-p, org--safe-remote-resource-p, org--confirm-resource-safe): Introduce the new function `org--should-fetch-remote-resource-p' for internal use determining whether a remote resource should be downloaded according to the download policy. This function makes use of two helper functions, `org--safe-remote-resource-p' and `org--confirm-resource-safe'. (org-file-contents): Apply `org--safe-remote-resource-p' to file downloading. * lisp/org/org-attach.el (org-attach-attach, org-attach-url): Apply `org--safe-remote-resource-p' to url downloading. (cherry picked from Org-mode commit 0583a0c5eaa955d4370558b980b3772bb91dd057) |
| 0034 org Refactor rx to concat regexp opt.patch | (download) |
lisp/org/org.el |
10 5 + 5 - 0 ! |
org: refactor rx to concat + regexp-opt * lisp/org.el (org--confirm-resource-safe): Since Emacs 26 doesn't support rx's (literal S) construct, use (concat (regexp-opt ...) ...) instead. (cherry picked from Org-mode commit 6de5431acc8b77548e89c61a6ae0ebc1b57540bb) |
| 0035 org Correct regexp escaping to use regexp quote.patch | (download) |
lisp/org/org.el |
2 1 + 1 - 0 ! |
org: correct regexp escaping to use regexp-quote * lisp/org.el (org--confirm-resource-safe): `regexp-opt' was accidentally used instead of `regexp-quote'. (cherry picked from Org-mode commit 6ad53fa22eab5830f85a401960dc1e7d00154a27) |
| 0036 org Fix resource prompt in non file buffers.patch | (download) |
lisp/org/org.el |
14 9 + 5 - 0 ! |
org: fix resource prompt in non-file buffers * lisp/org.el (org--confirm-resource-safe): When `buffer-file-name' is nil, skip over file-specific behaviour. (cherry picked from Org-mode commit 4702a73031c77ba03b480b0848c137d5d8773e07) |
| 0037 org Add mark domain as safe convenience action.patch | (download) |
lisp/org/org.el |
32 23 + 9 - 0 ! |
org: add "mark domain as safe" convenience action * lisp/org.el (org--confirm-resource-safe): Pick out domains from URLs, and provide an option of marking that domain as safe. (cherry picked from Org-mode commit 1ae801e9c86d5b150fd085230722e4dac550df30) |
| 0038 org Tweak styling of url in resource prompt.patch | (download) |
lisp/org/org.el |
6 4 + 2 - 0 ! |
org: tweak styling of url in resource prompt * lisp/org.el (org--confirm-resource-safe): Style domain with a link, and url with an underline. (cherry picked from Org-mode commit 1061db94acf785f4b8f1140649e3857d52693115) |
| 0039 org Use buffer base buffer in safe resource fns.patch | (download) |
lisp/org/org.el |
7 4 + 3 - 0 ! |
org: use buffer-base-buffer in safe resource fns * lisp/org.el (org--confirm-resource-safe, org--safe-remote-resource-p): Replace instances of buffer-file-name with (buffer-file-name (buffer-base-buffer)) so these functions work in indirect buffers. (cherry picked from Org-mode commit 88329143c86b34195af68a8e5d5fd3d00a5dcae6) |
| 0040 org file contents Consider all remote files unsafe.patch | (download) |
lisp/org/org.el |
6 5 + 1 - 0 ! |
org-file-contents: consider all remote files unsafe * lisp/org/org.el (org-file-contents): When loading files, consider all remote files (like TRAMP-fetched files) unsafe, in addition to URLs. (cherry picked from commit 2bc865ace050ff118db43f01457f95f95112b877) |
| 0041 org confirm resource safe Fix prompt when prompting .patch | (download) |
lisp/org/org.el |
2 1 + 1 - 0 ! |
org--confirm-resource-safe: fix prompt when prompting in non-file org buffers * lisp/org/org.el (org--confirm-resource-safe): When called from non-file buffer, do not put stray "f" in the prompt. (cherry picked from commit 7a5d7be52c5f0690ee47f30bfad973827261abf2) |
| 0042 org Fix security prompt for downloading remote resou.patch | (download) |
lisp/org/org.el |
2 1 + 1 - 0 ! |
org: fix security prompt for downloading remote resource * lisp/org.el (org--confirm-resource-safe): Do not assume that resource is safe when user replies "n" (do not download). Reported-by: Max Nikulin <manikulin@gmail.com> Link: https://orgmode.org/list/upj6uk$b7o$1@ciao.gmane.io (cherry picked from commit e56f0ef51bfdd0e03e817670754bc813fb3702a2) |
| 0043 org link expand abbrev Do not evaluate arbitrary uns.patch | (download) |
lisp/org/ol.el |
40 29 + 11 - 0 ! |
org-link-expand-abbrev: do not evaluate arbitrary unsafe elisp code |
| 0044 elisp mode.el Disable Flymake byte compile backend i.patch | (download) |
lisp/files.el |
49 49 + 0 - 0 ! |
elisp-mode.el: disable flymake byte-compile backend in untrusted files To address serious security issues (CVE-2024-53920), disable `elisp-flymake-byte-compile` except in those files explicitly specified as "trusted". For that introduce a new custom var `trusted-files` and new function `trusted-content-p`. While at it, similarly skip the implicit macroexpansion done during completion if the current file is not trusted. * lisp/files.el (trusted-files): New variable. (trusted-content-p): New function. * lisp/progmodes/elisp-mode.el (elisp--safe-macroexpand-all): New function, extracted from `elisp--local-variables`. Use `trusted-content-p`. (elisp--local-variables): Use it. (elisp-flymake-byte-compile): Disable according to `trusted-content-p`. (cherry picked from commit b5158bd191422e46273c4d9412f2bf097e2da2e0) |
| 0045 trusted content Adjust the last patch based on preli.patch | (download) |
lisp/files.el |
10 5 + 5 - 0 ! |
trusted-content: adjust the last patch based on preliminary feedback * lisp/files.el (trusted-content): Rename from `trusted-files`. Update all references. * lisp/progmodes/elisp-mode.el (lisp-interaction-mode): * lisp/ielm.el (inferior-emacs-lisp-mode): * lisp/simple.el (read--expression): Set `trusted-content` since these buffers contain code that the user presumably intends to run anyway. (elisp--safe-macroexpand-all): Make the warning more discreet. (cherry picked from commit 8b6c6cffd1f772301e89353de5e057835af18a30) |
| 0046 lisp files.el trusted content p Make all work in non.patch | (download) |
lisp/files.el |
42 22 + 20 - 0 ! |
* lisp/files.el (trusted-content-p): make `:all` work in non-file buffers (cherry picked from commit b9dc337ea7416ee7ee4d873a91f6d6d9f109c04c) |
| 0047 Do not set trusted content in major modes.patch | (download) |
lisp/files.el |
7 4 + 3 - 0 ! |
do not set `trusted-content` in major modes * lisp/progmodes/elisp-mode.el (lisp-interaction-mode): * lisp/ielm.el (inferior-emacs-lisp-mode): Do not set `trusted-content. * lisp/ielm.el (ielm): * lisp/simple.el (get-scratch-buffer-create): Set `trusted-content` here instead. * lisp/files.el (trusted-content): Doc fix; warn against setting this option to :all in a major or mode mode. Problem reported by Max Nikulin <manikulin@gmail.com>. (cherry picked from commit 5485ea6aef91c65a0ce300347db3c0ac138ad550) |
| 0048 Fix man.el shell injection vulnerability.patch | (download) |
lisp/man.el |
6 5 + 1 - 0 ! |
fix man.el shell injection vulnerability * lisp/man.el (Man-translate-references): Fix shell injection vulnerability. (Bug#66390) * test/lisp/man-tests.el (man-tests-Man-translate-references): New test. (cherry picked from commit 820f0793f0b46448928905552726c1f1b999062f) |