Debian Patches
Status for emacs/1:28.2+1-15+deb12u4
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update | 
|---|---|---|---|---|---|---|
| 0012-Fix-eln-files-not-being-generated-when-native-comp-a.patch | Fix eln files not being generated when native-comp-async runs This upstream patch has been incorporated to fix the problem: * Fix async native compilation (bug#58637) * lisp/emacs-lisp/comp.el (comp--native-compile): Fix gate condition. (comp-run-async-workers): Add assetion. | Andrea Corallo <akrl@sdf.org> | not-needed | debian | upstream, commit: 56c63ca21b3e5e2d0bb05d3897ea287a754c5b29 | 2022-10-19 | 
| 0013-Fix-large-core-dumps-from-background-processes.patch | Fix large core dumps from background processes This upstream patch has been incorporated to fix the problem: Avoid dumping core upon SIGHUP in non-interactive sessions * src/emacs.c (terminate_due_to_signal): Don't special-case SIGINT. Patch by Paul Eggert <eggert@cs.ucla.edu>. (Bug#58956) | Eli Zaretskii <eliz@gnu.org> | not-needed | debian upstream | upstream, commit: 25b4cec31d580353995d87fe19ae4dab6e6e37de | 2022-11-10 | 
| 0001-Prefer-usr-share-info-emacs.patch | Prefer /usr/share/info/emacs/ Emacs prefers /usr/share/info/emacs to /usr/share/info. The value of Info-default-directory-list has been augmented via lisp/info.el to include /usr/share/info/emacs before /usr/share/info. | Rob Browning <rlb@defaultvalue.org> | no | 2013-04-07 | ||
| 0002-Run-debian-startup-and-set-debian-emacs-flavor.patch | Run debian-startup and set debian-emacs-flavor Emacs runs debian-startup and sets debian-emacs-flavor. * Emacs runs debian-startup during the startup process unless site-run-file is false. * The global variable debian-emacs-flavor is bound to 'emacs. | Rob Browning <rlb@defaultvalue.org> | no | 2011-04-04 | ||
| 0003-Remove-files-that-appear-to-be-incompatible-with-the.patch | Remove files that appear to be incompatible with the DFSG Files that appear to be incompatible with the DFSG have been removed. A number of files have been removed from this package because their licenses are not compatible with the Debian Free Software Guidelines (DFSG), or because it wasn't completely clear that their licenses are compatible. In particular, all of the files which are covered under the GFDL and have invariant sections have been removed in accordance with this General Resolution: http://www.debian.org/vote/2006/vote_001. The files that have been removed, but still appear to be distributable, have been moved to packages in Debian's non-free section. | Rob Browning <rlb@defaultvalue.org> | no | 2011-04-04 | ||
| 0004-Adjust-documentation-references-for-Debian.patch | Adjust documentation references for Debian Various documentation references have been adjusted for Debian. References to /usr/local/... have been changed to /usr/... as appropriate, etc. | Rob Browning <rlb@defaultvalue.org> | no | 2011-04-04 | ||
| 0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch | Modify the output of (version) to indicate Debian modifications The output of (version) has been modified to indicate Debian modifications. | Rob Browning <rlb@defaultvalue.org> | no | 2011-04-04 | ||
| 0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch | Don't try to build src/macuvs.h (via IVD_Sequences.txt) These are OS X specific, and were removed for now, due to uncertainty over the licensing. | Rob Browning <rlb@defaultvalue.org> | no | 2014-10-21 | ||
| 0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch | Kill gpg agent in package-test.el to avoid a race package-test.el should no longer fail during clean up. * Previously a delete-directories call raced with the gpg agent's own cleanup process (presumably triggered by the first deletion of one of the agent's sockets). As a result, it looks like the agent might delete one of its sockets after delete-directories had decided to delete the socket, but before it made the attempt, causing an exception. * To fix the problem, explicitly ask gpg-connect-agent to kill the agent before attempting to delete the gnupg home directory, and then delete via "rm -rf" to ignore any vanishing files. | Rob Browning <rlb@defaultvalue.org> | no | 2016-10-10 | ||
| 0008-Mark-vc-bzr-test-fauilt-bzr-autoloads-as-unstable-fo.patch | Mark vc-bzr-test-fauilt-bzr-autoloads as unstable for now Currently the test fails like this: Running 3 tests (2018-12-17 12:17:43-0600) passed 1/3 vc-bzr-test-bug9726 Mark set Press C-c C-c when you are done editing. Enter a change comment. Type C-c C-c when done passed 2/3 vc-bzr-test-bug9781 Falling back on "slow" status detection ((file-missing "Opening input file" "No such file or directory" "/tmp/vc-bzr-testVlgmsb/bzr/.bzr/checkout/dirstate")) Error: (error "Running bzr status --no-classify loaddefs.el...FAILED (status 3)") Warnings in `bzr' output: bzr: ERROR: invalid header line: '' Error: (error "Running bzr status --no-classify loaddefs.el...FAILED (status 3)") Warnings in `bzr' output: bzr: ERROR: invalid header line: '' Test vc-bzr-test-faulty-bzr-autoloads backtrace: logand(nil 128) vc-mode-line("/tmp/vc-bzr-testVlgmsb/bzr/loaddefs.el" Bzr) vc-refresh-state() run-hooks(find-file-hook) after-find-file(t t) find-file-noselect-1(#<buffer loaddefs.el> "/tmp/vc-bzr-testVlgmsb/b find-file-noselect("/tmp/vc-bzr-testVlgmsb/bzr/loaddefs.el") autoload-find-generated-file() update-directory-autoloads("/tmp/vc-bzr-testVlgmsb/bzr/") (progn (update-directory-autoloads default-directory) t) (setq value-35 (progn (update-directory-autoloads default-directory) (unwind-protect (setq value-35 (progn (update-directory-autoloads de (if (unwind-protect (setq value-35 (progn (update-directory-autoload (let (form-description-36) (if (unwind-protect (setq value-35 (progn (let ((value-35 (gensym "ert-form-evaluation-aborted-"))) (let (form (progn (call-process vc-bzr-program nil nil nil "init") (let ((temp- (unwind-protect (progn (call-process vc-bzr-program nil nil nil "ini (let* ((homedir (make-temp-file "vc-bzr-test" t)) (bzrdir (expand-fi (lambda nil (let* ((fn-30 (function executable-find)) (args-31 (cond ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test ert-run-test(#s(ert-test :name vc-bzr-test-faulty-bzr-autoloads :doc ert-run-or-rerun-test(#s(ert--stats :selector (not (or (tag :expensi ert-run-tests((not (or (tag :expensive-test) (tag :unstable))) #f(co ert-run-tests-batch((not (or (tag :expensive-test) (tag :unstable))) ert-run-tests-batch-and-exit((not (or (tag :expensive-test) (tag :un eval((ert-run-tests-batch-and-exit '(not (or (tag :expensive-test) ( command-line-1(("-L" ":/home/locke/tmp/main-26.1/debian/build-src/te command-line() normal-top-level() Test vc-bzr-test-faulty-bzr-autoloads condition: (wrong-type-argument number-or-marker-p nil) FAILED 3/3 vc-bzr-test-faulty-bzr-autoloads Ran 3 tests, 2 results as expected, 1 unexpected (2018-12-17 12:17:46-0600) 1 unexpected results: FAILED vc-bzr-test-faulty-bzr-autoloads | Rob Browning <rlb@defaultvalue.org> | no | 2018-12-16 | ||
| 0009-pdumper-set-DUMP_RELOC_ALIGNMENT_BITS-1-for-m68k.patch | pdumper: set DUMP_RELOC_ALIGNMENT_BITS=1 for m68k Before the change builds would fail like this: (...) Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/vc/vc-hooks.el (source)... Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/vc/ediff-hook.el (source)... Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/uniquify.el (source)... Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/electric.el (source)... Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/emacs-lisp/eldoc.el (source)... Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/cus-start.el (source)... Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/tooltip.el (source)... Finding pointers to doc strings... Finding pointers to doc strings...done Dumping under the name bootstrap-emacs.pdmp dumping fingerprint: 7b5c59c589dc151eb1e4269bd83fbe809616b5cb9bb5c80014d5b560b391dfb6 dump relocation out of range [rlb@defaultvalue.org: create commit message] | John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> | not-needed | debian upstream | debian | 2022-09-24 | 
| 0010-Avoid-fork-bomb-caused-by-native-compilation.patch | Avoid fork bomb caused by native compilation This upstream patch has been incorporated to fix the problem: Prevent potential native compilation infinite recursions * lisp/emacs-lisp/comp.el (comp-no-spawn): New var. (comp-subr-trampoline-install, comp-final, comp-run-async-workers) (comp--native-compile): Update. | Andrea Corallo <akrl@sdf.org> | not-needed | debian | upstream, commit: 1a8015b83761f27d299b1ffa45fc045bb76daf8a | 2022-10-15 | 
| 0011-Avoid-fork-bomb-caused-by-native-compilation-trampol.patch | Avoid fork bomb caused by native compilation trampolines This upstream patch has been incorporated to fix the problem: Set `comp-no-spawn' earlier using -no-comp-spawn * src/emacs.c (standard_args): Add '-no-comp-spawn' cmd line option. * lisp/startup.el (command-line): Parse '-no-comp-spawn' cmd line option. * lisp/emacs-lisp/comp.el (comp-run-async-workers, comp-final): Use '-no-comp-spawn'. | Andrea Corallo <andrea.corallo@arm.com> | not-needed | debian | upstream, commit: 5ad5b797f78dacb9c901d3c63bee05b1762fa94f | 2022-10-18 | 
| 0045-trusted-content-Adjust-the-last-patch-based-on-preli.patch | trusted-content: Adjust the last patch based on preliminary feedback * lisp/files.el (trusted-content): Rename from `trusted-files`. Update all references. * lisp/progmodes/elisp-mode.el (lisp-interaction-mode): * lisp/ielm.el (inferior-emacs-lisp-mode): * lisp/simple.el (read--expression): Set `trusted-content` since these buffers contain code that the user presumably intends to run anyway. (elisp--safe-macroexpand-all): Make the warning more discreet. (cherry picked from commit 8b6c6cffd1f772301e89353de5e057835af18a30) | Stefan Monnier <monnier@iro.umontreal.ca> | no | 2024-12-15 | ||
| 0046-lisp-files.el-trusted-content-p-Make-all-work-in-non.patch | * lisp/files.el (trusted-content-p): Make `:all` work in non-file buffers (cherry picked from commit b9dc337ea7416ee7ee4d873a91f6d6d9f109c04c) | Stefan Monnier <monnier@iro.umontreal.ca> | no | 2024-12-16 | ||
| 0047-Do-not-set-trusted-content-in-major-modes.patch | Do not set `trusted-content` in major modes * lisp/progmodes/elisp-mode.el (lisp-interaction-mode): * lisp/ielm.el (inferior-emacs-lisp-mode): Do not set `trusted-content. * lisp/ielm.el (ielm): * lisp/simple.el (get-scratch-buffer-create): Set `trusted-content` here instead. * lisp/files.el (trusted-content): Doc fix; warn against setting this option to :all in a major or mode mode. Problem reported by Max Nikulin <manikulin@gmail.com>. (cherry picked from commit 5485ea6aef91c65a0ce300347db3c0ac138ad550) | Stefan Kangas <stefankangas@gmail.com> | no | 2025-01-26 | ||
| 0048-Fix-man.el-shell-injection-vulnerability.patch | Fix man.el shell injection vulnerability * lisp/man.el (Man-translate-references): Fix shell injection vulnerability. (Bug#66390) * test/lisp/man-tests.el (man-tests-Man-translate-references): New test. (cherry picked from commit 820f0793f0b46448928905552726c1f1b999062f) | Xi Lu <lx@shellcodes.org> | no | 2023-10-10 | ||
| 0014-Mark-test-undo-region-as-unstable.patch | Mark test-undo-region as unstable It is repeatedly failing on Debian's arch:all autobuilders, though seemingly nowhere else: passed 40/44 simple-transpose-subr (0.000396 sec) Test test-undo-region backtrace: signal(ert-test-failed (((should (= (length (delq nil (undo-make-sel ert-fail(((should (= (length (delq nil (undo-make-selective-list 1 9 #f(compiled-function () #<bytecode 0x52f126616d2cdbd>)() ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test ert-run-test(#s(ert-test :name test-undo-region :documentation nil : ert-run-or-rerun-test(#s(ert--stats :selector ... :tests ... :test-m ert-run-tests((not (or (tag :expensive-test) (tag :unstable))) #f(co ert-run-tests-batch((not (or (tag :expensive-test) (tag :unstable))) ert-run-tests-batch-and-exit((not (or (tag :expensive-test) (tag :un command-line-1(("-L" ":/<<PKGBUILDDIR>>/debian/build command-line() normal-top-level() Test test-undo-region condition: (ert-test-failed ((should (= (length ...) 2)) :form (= 3 2) :value nil)) FAILED 41/44 test-undo-region (0.000185 sec) | Sean Whitton <spwhitton@spwhitton.name> | no | 2022-11-15 | ||
| 0015-Mark-flaky-test-process-tests-multiple-threads-waiti.patch | Mark flaky test process-tests/multiple-threads-waiting as unstable It times out: passed 22/28 process-tests/fd-setsize-no-crash/make-serial-process (0.021449 sec) make[5]: *** [Makefile:182: src/process-tests.log] Error 134 GEN src/regex-emacs-tests.log GEN src/search-tests.log GEN src/syntax-tests.log GEN src/textprop-tests.log GEN src/thread-tests.log GEN src/timefns-tests.log GEN src/undo-tests.log GEN src/xdisp-tests.log GEN src/xfaces-tests.log GEN src/xml-tests.log make[5]: Leaving directory '/<<PKGBUILDDIR>>/debian/build-gtk/test' make[4]: [Makefile:335: check-doit] Error 2 (ignored) SUMMARY OF TEST RESULTS ----------------------- Files examined: 375 Ran 5408 tests, 28 failed to run, 5273 results as expected, 0 unexpected, 135 skipped 1 files did not finish: src/process-tests.log make[4]: *** [Makefile:336: check-doit] Error 2 | Sean Whitton <spwhitton@spwhitton.name> | no | 2022-11-15 | ||
| 0016-Fix-ctags-local-command-execution-vulnerability-CVE-.patch | Fix ctags local command execution vulnerability (CVE-2022-45939) This upstream patch has been incorporated to fix the problem: Fixed ctags local command execute vulnerability * lib-src/etags.c: (clean_matched_file_tag): New function (do_move_file): New function (readline_internal): Add `leave_cr` parameter, if true, include the \r character * test/manual/etags/CTAGS.good_crlf: New file * test/manual/etags/CTAGS.good_update: New file * test/manual/etags/crlf: New file * test/manual/etags/Makefile: Add `ctags -u` test cases | lu4nx <lx@shellcodes.org> | not-needed | debian upstream | upstream, commit: d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 | 2022-11-25 | 
| 0017-Add-inhibit-native-compilation.patch | Add 'inhibit-native-compilation' The following upstream patch has been backported: Add new variable 'inhibit-native-compilation' * lisp/startup.el (normal-top-level): Set inhibit-native-compilation from environment variable. * lisp/emacs-lisp/comp.el (comp-trampoline-compile): Don't write trampolines to disk. * lisp/progmodes/elisp-mode.el (emacs-lisp-native-compile-and-load): Adjust. * src/comp.c (syms_of_comp): New variable inhibit-native-compilation. (maybe_defer_native_compilation): Use it. | Lars Ingebrigtsen <larsi@gnus.org> | not-needed | upstream, commit: 5fec9182dbeffa88cef6651d8c798ef9665d6681 | 2022-10-03 | |
| 0018-Rename-to-inhibit-automatic-native-compilation.patch | Rename to 'inhibit-automatic-native-compilation' The following upstream patch has been backported: Rename to inhibit-automatic-native-compilation * src/comp.c (maybe_defer_native_compilation): (syms_of_comp): * lisp/startup.el (inhibit-native-compilation): (normal-top-level): * lisp/progmodes/elisp-mode.el (emacs-lisp-native-compile-and-load): * lisp/emacs-lisp/comp.el (comp-trampoline-compile): Rename inhibit-native-compilation to inhibit-automatic-native-compilation. | Lars Ingebrigtsen <larsi@gnus.org> | not-needed | upstream, commit f97993ee667f9be7589825f3a4fbc095d6944ec6 | 2022-10-03 | |
| 0019-Fix-copyright-tests-for-2023-onwards.patch | Fix copyright tests for 2023 onwards This upstream patch has been incorporated to fix the problem: ; * test/lisp/emacs-lisp/copyright-tests.el: Fix and future-safe. | =?UTF-8?q?=3D=3FUTF-8=3Fq=3FMattias=3D20Engdeg=3DC3=3DA5rd=3F=3D?= | not-needed | debian | upstream, commit: da77d70deeb2798693ec4f28a291befeb8e43989 | 2023-01-01 | 
| 0020-Fix-htmlfontify.el-command-injection-vulnerability-C.patch | Fix htmlfontify.el command injection vulnerability (CVE-2022-48339) This upstream patch has been incorporated to fix the problem: Fix htmlfontify.el command injection vulnerability. * lisp/htmlfontify.el (hfy-text-p): Fix command injection vulnerability. (Bug#60295) | Xi Lu <lx@shellcodes.org> | not-needed | debian upstream | upstream, commit 807d2d5b3a7cd1d0e3f7dd24de22770f54f5ae16 | 2022-12-24 | 
| 0021-Fix-ruby-mode.el-command-injection-vulnerability-CVE.patch | Fix ruby-mode.el command injection vulnerability (CVE-2022-48338) This upstream patch has been incorporated to fix the problem: Fix ruby-mode.el local command injection vulnerability (bug#60268) * lisp/progmodes/ruby-mode.el (ruby-find-library-file): Fix local command injection vulnerability. | Xi Lu <lx@shellcodes.org> | not-needed | debian upstream | upstream, commit 22fb5ff5126dc8bb01edaa0252829d853afb284f | 2022-12-23 | 
| 0022-Fix-etags-local-command-injection-vulnerability-CVE-.patch | Fix etags local command injection vulnerability (CVE-2022-48337) This upstream patch has been incorporated to fix the problem: Fix etags local command injection vulnerability * lib-src/etags.c: (escape_shell_arg_string): New function. (process_file_name): Use it to quote file names passed to the shell. (Bug#59817) | lu4nx <lx@shellcodes.org> | not-needed | debian upstream | upstream, commit e339926272a598bd9ee7e02989c1662b89e64cf0 | 2022-12-06 | 
| 0023-Fix-memory-leak-in-etags.c.patch | Fix memory leak in etags.c This upstream patch has been incorporated to fix the problem: * lib-src/etags.c (process_file_name): Free malloc'ed vars (bug#61819). | Eli Zaretskii <eliz@gnu.org> | not-needed | debian upstream | upstream, commit 0fde314f6f6e6664cddab1b2f0fe20629cd39d14 | 2023-02-26 | 
| 0024-Fix-quoted-argument-in-emacsclient-mail.desktop-CVE-.patch | Fix quoted argument in emacsclient-mail.desktop (CVE-2023-27985) This upstream patch has been incorporated to fix the problem: Fix quoted argument in emacsclient-mail.desktop Exec key Apparently the emacsclient-mail.desktop file doesn't conform to the Desktop Entry Specification at https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables which says about the Exec key: | Field codes must not be used inside a quoted argument, the result of | field code expansion inside a quoted argument is undefined. However, the %u field code is used inside a quoted argument of the Exec key in both the [Desktop Entry] and [Desktop Action new-window] sections. * etc/emacsclient-mail.desktop (Exec): The Desktop Entry Specification does not allow field codes like %u inside a quoted argument. Work around it by passing %u as first parameter ($1) to the shell wrapper. * etc/emacsclient.desktop (Exec): Use `sh` rather than `placeholder` as the command name of the shell wrapper. (Bug#60204) | =?UTF-8?q?=3D=3FUTF-8=3Fq=3FUlrich=3D20M=3DC3=3DBCller=3F=3D?= | not-needed | debian upstream | upstream, commit d32091199ae5de590a83f1542a01d75fba000467 | 2022-12-19 | 
| 0025-Fix-code-injection-vulnerability-CVE-2023-27986.patch | Fix code injection vulnerability (CVE-2023-27986) This upstream patch has been incorporated to fix the problem: Fix Elisp code injection vulnerability in emacsclient-mail.desktop A crafted mailto URI could contain unescaped double-quote characters, allowing injection of Elisp code. Therefore, any '\' and '"' characters are replaced by '\\' and '\"', using Bash pattern substitution (which is not available in the POSIX shell). We want to pass literal 'u=${1//\\/\\\\}; u=${u//\"/\\\"};' in the bash -c command, but in the desktop entry '"', '$', and '\' must be escaped as '\\"', '\\$', and '\\\\', respectively (backslashes are expanded twice, see the Desktop Entry Specification). Reported by Gabriel Corona <gabriel.corona@free.fr>. * etc/emacsclient-mail.desktop (Exec): Escape backslash and double-quote characters. | =?UTF-8?q?=3D=3FUTF-8=3Fq=3FUlrich=3D20M=3DC3=3DBCller=3F=3D?= | not-needed | debian | upstream, commit 3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc | 2023-03-07 | 
| 0026-Gnus-nnml-should-avoid-crashing-on-some-invalid-head.patch | Gnus nnml should avoid crashing on some invalid headers This upstream patch has been incorporated to fix the problem: Fix storing email into nnmail by Gnus * lisp/gnus/nnml.el (nnml--encode-headers): Wrap 'rfc2047-encode-string' calls with 'ignore-errors', to avoid disrupting email workflows due to possibly-invalid headers. Reported by Florian Weimer <fweimer@redhat.com>. | Eli Zaretskii <eliz@gnu.org> | not-needed | debian | upstream, commit: 23f7c9c2a92e4619b7c4d2286d4249f812cd695d | 2022-12-19 | 
| 0027-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-1-2.patch | Org Mode vulnerability CVE-2023-28617 is fixed (1/2) https://security-tracker.debian.org/tracker/CVE-2023-28617 This upstream patch (1/2) has been incorporated to fix the problem: * lisp/ob-latex.el: Fix command injection vulnerability (org-babel-execute:latex): Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'. TINYCHANGE | Xi Lu <lx@shellcodes.org> | no | debian | https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741 | 2023-03-11 | 
| 0028-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-2-2.patch | Org Mode vulnerability CVE-2023-28617 is fixed (2/2) https://security-tracker.debian.org/tracker/CVE-2023-28617 This upstream patch (2/2) has been incorporated to fix the problem: Org Mode command injection vulnerability has been fixed (CVE-2023-28617) * lisp/ob-latex.el (org-babel-execute:latex): Fix command injection vulnerability Link: https://orgmode.org/list/tencent_5C4D5D0DEFDDBBFC66F855703927E60C7706@qq.com TINYCHANGE | Xi Lu <lx@shellcodes.org> | no | debian | https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 | 2023-02-18 | 
| 0029-org-macro-set-templates-Prevent-code-evaluation.patch | org-macro--set-templates: Prevent code evaluation * lisp/org/org-macro.el (org-macro--set-templates): Get rid of any risk to evaluate code when `org-macro--set-templates' is called as a part of major mode initialization. This way, no code evaluation is ever triggered when user merely opens the file or when `mm-display-org-inline' invokes Org major mode to fontify mime part preview in email messages. (cherry picked from commit befa9fcaae29a6c9a283ba371c3c5234c7f644eb) | Ihor Radchenko <yantar92@posteo.net> | no | 2024-02-20 | ||
| 0030-lisp-files.el-untrusted-content-New-variable.patch | * lisp/files.el (untrusted-content): New variable. The new variable is to be used when buffer contents comes from untrusted source. (cherry picked from commit ccc188fcf98ad9166ee551fac9d94b2603c3a51b) | Ihor Radchenko <yantar92@posteo.net> | no | 2024-02-20 | ||
| 0031-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch | * lisp/gnus/mm-view.el (mm-display-inline-fontify): Mark contents untrusted. (cherry picked from commit 937b9042ad7426acdcca33e3d931d8f495bdd804) | Ihor Radchenko <yantar92@posteo.net> | no | 2024-02-20 | ||
| 0032-org-latex-preview-Add-protection-when-untrusted-cont.patch | org-latex-preview: Add protection when `untrusted-content' is non-nil * lisp/org/org.el (org--latex-preview-when-risky): New variable controlling how to handle LaTeX previews in Org files from untrusted origin. (org-latex-preview): Consult `org--latex-preview-when-risky' before generating previews. This patch adds a layer of protection when LaTeX preview is requested for an email attachment, where `untrusted-content' is set to non-nil. (cherry picked from commit 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c) | Ihor Radchenko <yantar92@posteo.net> | no | 2024-02-20 | ||
| 0033-org-Add-setting-for-remote-file-download-policy.patch | org: Add setting for remote file download policy * lisp/org/org.el (org-resource-download-policy, org-safe-remote-resources): Two new customisations to configure the policy for downloading remote resources. (org--should-fetch-remote-resource-p, org--safe-remote-resource-p, org--confirm-resource-safe): Introduce the new function `org--should-fetch-remote-resource-p' for internal use determining whether a remote resource should be downloaded according to the download policy. This function makes use of two helper functions, `org--safe-remote-resource-p' and `org--confirm-resource-safe'. (org-file-contents): Apply `org--safe-remote-resource-p' to file downloading. * lisp/org/org-attach.el (org-attach-attach, org-attach-url): Apply `org--safe-remote-resource-p' to url downloading. (cherry picked from Org-mode commit 0583a0c5eaa955d4370558b980b3772bb91dd057) | TEC <tec@tecosaur.com> | no | 2022-06-12 | ||
| 0034-org-Refactor-rx-to-concat-regexp-opt.patch | org: Refactor rx to concat + regexp-opt * lisp/org.el (org--confirm-resource-safe): Since Emacs 26 doesn't support rx's (literal S) construct, use (concat (regexp-opt ...) ...) instead. (cherry picked from Org-mode commit 6de5431acc8b77548e89c61a6ae0ebc1b57540bb) | TEC <tec@tecosaur.com> | no | 2022-07-24 | ||
| 0035-org-Correct-regexp-escaping-to-use-regexp-quote.patch | org: Correct regexp escaping to use regexp-quote * lisp/org.el (org--confirm-resource-safe): `regexp-opt' was accidentally used instead of `regexp-quote'. (cherry picked from Org-mode commit 6ad53fa22eab5830f85a401960dc1e7d00154a27) | TEC <tec@tecosaur.com> | no | 2022-07-26 | ||
| 0036-org-Fix-resource-prompt-in-non-file-buffers.patch | org: Fix resource prompt in non-file buffers * lisp/org.el (org--confirm-resource-safe): When `buffer-file-name' is nil, skip over file-specific behaviour. (cherry picked from Org-mode commit 4702a73031c77ba03b480b0848c137d5d8773e07) | TEC <git@tecosaur.net> | no | 2022-08-03 | ||
| 0037-org-Add-mark-domain-as-safe-convenience-action.patch | org: Add "mark domain as safe" convenience action * lisp/org.el (org--confirm-resource-safe): Pick out domains from URLs, and provide an option of marking that domain as safe. (cherry picked from Org-mode commit 1ae801e9c86d5b150fd085230722e4dac550df30) | TEC <git@tecosaur.net> | no | 2022-08-07 | ||
| 0038-org-Tweak-styling-of-url-in-resource-prompt.patch | org: Tweak styling of url in resource prompt * lisp/org.el (org--confirm-resource-safe): Style domain with a link, and url with an underline. (cherry picked from Org-mode commit 1061db94acf785f4b8f1140649e3857d52693115) | TEC <git@tecosaur.net> | no | 2022-08-30 | ||
| 0039-org-Use-buffer-base-buffer-in-safe-resource-fns.patch | org: Use buffer-base-buffer in safe resource fns * lisp/org.el (org--confirm-resource-safe, org--safe-remote-resource-p): Replace instances of buffer-file-name with (buffer-file-name (buffer-base-buffer)) so these functions work in indirect buffers. (cherry picked from Org-mode commit 88329143c86b34195af68a8e5d5fd3d00a5dcae6) | TEC <git@tecosaur.net> | no | 2022-12-10 | ||
| 0040-org-file-contents-Consider-all-remote-files-unsafe.patch | org-file-contents: Consider all remote files unsafe * lisp/org/org.el (org-file-contents): When loading files, consider all remote files (like TRAMP-fetched files) unsafe, in addition to URLs. (cherry picked from commit 2bc865ace050ff118db43f01457f95f95112b877) | Ihor Radchenko <yantar92@posteo.net> | no | 2024-02-20 | ||
| 0041-org-confirm-resource-safe-Fix-prompt-when-prompting-.patch | org--confirm-resource-safe: Fix prompt when prompting in non-file Org buffers * lisp/org/org.el (org--confirm-resource-safe): When called from non-file buffer, do not put stray "f" in the prompt. (cherry picked from commit 7a5d7be52c5f0690ee47f30bfad973827261abf2) | Ihor Radchenko <yantar92@posteo.net> | no | 2024-02-23 | ||
| 0042-org-Fix-security-prompt-for-downloading-remote-resou.patch | org: Fix security prompt for downloading remote resource * lisp/org.el (org--confirm-resource-safe): Do not assume that resource is safe when user replies "n" (do not download). (cherry picked from commit e56f0ef51bfdd0e03e817670754bc813fb3702a2) | Ihor Radchenko <yantar92@posteo.net> | no | 2024-02-02 | ||
| 0043-org-link-expand-abbrev-Do-not-evaluate-arbitrary-uns.patch | org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code * lisp/org/ol.el (org-link-expand-abbrev): Refuse expanding %(...) link abbrevs that specify unsafe function. Instead, display a warning, and do not expand the abbrev. Clear all the text properties from the returned link, to avoid any potential vulnerabilities caused by properties that may contain arbitrary Elisp. | Ihor Radchenko <yantar92@posteo.net> | no | debian | https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29.4&id=c645e1d8205f0f0663ec4a2d27575b238c646c7c | 2024-06-21 | 
| 0044-elisp-mode.el-Disable-Flymake-byte-compile-backend-i.patch | elisp-mode.el: Disable Flymake byte-compile backend in untrusted files To address serious security issues (CVE-2024-53920), disable `elisp-flymake-byte-compile` except in those files explicitly specified as "trusted". For that introduce a new custom var `trusted-files` and new function `trusted-content-p`. While at it, similarly skip the implicit macroexpansion done during completion if the current file is not trusted. * lisp/files.el (trusted-files): New variable. (trusted-content-p): New function. * lisp/progmodes/elisp-mode.el (elisp--safe-macroexpand-all): New function, extracted from `elisp--local-variables`. Use `trusted-content-p`. (elisp--local-variables): Use it. (elisp-flymake-byte-compile): Disable according to `trusted-content-p`. (cherry picked from commit b5158bd191422e46273c4d9412f2bf097e2da2e0) | Stefan Monnier <monnier@iro.umontreal.ca> | no | 2024-12-10 | 
All known versions for source package 'emacs'
- 1:30.1+1-9 (forky, sid)
- 1:30.1+1-6 (trixie)
- 1:30.1+1-6~bpo12+1 (bookworm-backports)
- 1:28.2+1-15+deb12u4 (bookworm, bookworm-security)
