src/text.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch 1/4] linter: use a format string, to deflect format-string
 attacks

This fixes the first part of https://savannah.gnu.org/bugs/?63964.

Reported-by: Vince Vince

src/nano.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 2/4] startup: use a format string, to deflect format-string
 attacks

This fixes the second part of https://savannah.gnu.org/bugs/?63964.

Reported-by: Vince Vince

src/text.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 3/4] justify: set `x = 0` for the undo item, for when using
 --cutfromcursor

When --cutfromcursor is active, 'current_x' needs to be set to zero when
doing a justification, so that the correct starting position gets stored
in the undo item.  (Without --cutfromcursor, the value of 'current_x'
does not matter.)

This fixes https://savannah.gnu.org/bugs/?65317.
The issue was indirectly reported by `correctmost`.

Bug existed in this form since version 5.0, commit ae5a4ece.

Between versions 4.0 and 5.0, nano would not eat a line but would
instead crash when undoing a justification that was done with the
cursor away from the left edge.

src/definitions.h | 2 1 + 1 - 0 !
src/files.c | 13 12 + 1 - 0 !
src/nano.c | 12 1 + 11 - 0 !
3 files changed, 14 insertions(+), 13 deletions(-)

 [patch 4/4] files: run `chmod` and `chown` on the descriptor, not on
 the filename

This closes a window of opportunity where the emergency file could be
replaced by a malicious symlink.

The issue was reported by `MartinJM` and `InvisibleMeerkat`.

Problem existed since version 2.2.0, commit 123110c5, when chmodding
and chowning of the emergency .save file was added.