This file details the Debian specific changes to Emacs.
The following tags may be used in the sections below: Patch, Status,
Author, Added-by, Provided-by, and Date. When known, Author is used
to indicate the person believed to have written the relevant code.
Provided-by may be used to indicate the person who submitted the code
to Debian, and Added-by indicates the person who actually added the
code to the Debian package.
* The Debian copy of the upstream source contains no .elc files.
The .elc files have been removed because we always regenerate them
and because Emacs modifies them in the source tree during the build
process, even when using a VPATH build. This means that a "make
clean" can't easily return the tree to the upstream state, resulting
in a giant Debian binary diff. There are other solutions if this
turns out to be a problem. If nothing else, we can keep the current
infrastructure and just add the .elc files to protected_files in
debian/rules. Removing the .elc files doesn't affect whether or not
our source archive would match the upstream md5sum because we have
to repackage it anyway to add leim support.
* Those who prefer the old-style scrollbars can edit debian/rules
If you prefer the old-style, non-toolkit scrollbars, just edit
debian/rules to add --without-toolkit-scrollbars where indicated and
rebuild.
* Emacs prefers /usr/share/info/emacs to /usr/share/info.
The value of Info-default-directory-list has been augmented via
lisp/info.el to include /usr/share/info/emacs before /usr/share/info.
Patch: 0001-Prefer-usr-share-info-emacs.patch
* Emacs runs debian-startup and sets debian-emacs-flavor.
* Emacs runs debian-startup during the startup process unless
site-run-file is false.
* The global variable debian-emacs-flavor is bound to 'emacs.
Author: Rob Browning <rlb@defaultvalue.org>
Patch: 0002-Run-debian-startup-and-set-debian-emacs-flavor.patch
* Files that appear to be incompatible with the DFSG have been removed.
A number of files have been removed from this package because their
licenses are not compatible with the Debian Free Software Guidelines
(DFSG), or because it wasn't completely clear that their licenses are
compatible.
In particular, all of the files which are covered under the GFDL and
have invariant sections have been removed in accordance with this
General Resolution: http://www.debian.org/vote/2006/vote_001.
The files that have been removed, but still appear to be
distributable, have been moved to packages in Debian's non-free
section.
Author: Rob Browning <rlb@defaultvalue.org>
Added-by: Rob Browning <rlb@defaultvalue.org>
Status: new
Patch: 0003-Remove-files-that-appear-to-be-incompatible-with-the.patch
* Various documentation references have been adjusted for Debian.
References to /usr/local/... have been changed to /usr/... as
appropriate, etc.
Patch: 0004-Adjust-documentation-references-for-Debian.patch
* The output of (version) has been modified to indicate Debian modifications.
Author: Rob Browning <rlb@defaultvalue.org>
Added-by: Rob Browning <rlb@defaultvalue.org>
Patch: 0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch
* These are OS X specific, and were removed for now, due to uncertainty
over the licensing.
Patch: 0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch
* package-test.el should no longer fail during clean up.
* Previously a delete-directories call raced with the gpg agent's own
cleanup process (presumably triggered by the first deletion of one of
the agent's sockets). As a result, it looks like the agent might
delete one of its sockets after delete-directories had decided to
delete the socket, but before it made the attempt, causing an
exception.
* To fix the problem, explicitly ask gpg-connect-agent to kill the agent
before attempting to delete the gnupg home directory, and then delete
via "rm -rf" to ignore any vanishing files.
Patch: 0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch
* Currently the test fails like this:
Running 3 tests (2018-12-17 12:17:43-0600)
passed 1/3 vc-bzr-test-bug9726
Mark set
Press C-c C-c when you are done editing.
Enter a change comment. Type C-c C-c when done
passed 2/3 vc-bzr-test-bug9781
Falling back on "slow" status detection ((file-missing "Opening input file" "No such file or directory" "/tmp/vc-bzr-testVlgmsb/bzr/.bzr/checkout/dirstate"))
Error: (error "Running bzr status --no-classify loaddefs.el...FAILED (status 3)")
Warnings in `bzr' output: bzr: ERROR: invalid header line: ''
Error: (error "Running bzr status --no-classify loaddefs.el...FAILED (status 3)")
Warnings in `bzr' output: bzr: ERROR: invalid header line: ''
Test vc-bzr-test-faulty-bzr-autoloads backtrace:
logand(nil 128)
vc-mode-line("/tmp/vc-bzr-testVlgmsb/bzr/loaddefs.el" Bzr)
vc-refresh-state()
run-hooks(find-file-hook)
after-find-file(t t)
find-file-noselect-1(#<buffer loaddefs.el> "/tmp/vc-bzr-testVlgmsb/b
find-file-noselect("/tmp/vc-bzr-testVlgmsb/bzr/loaddefs.el")
autoload-find-generated-file()
update-directory-autoloads("/tmp/vc-bzr-testVlgmsb/bzr/")
(progn (update-directory-autoloads default-directory) t)
(setq value-35 (progn (update-directory-autoloads default-directory)
(unwind-protect (setq value-35 (progn (update-directory-autoloads de
(if (unwind-protect (setq value-35 (progn (update-directory-autoload
(let (form-description-36) (if (unwind-protect (setq value-35 (progn
(let ((value-35 (gensym "ert-form-evaluation-aborted-"))) (let (form
(progn (call-process vc-bzr-program nil nil nil "init") (let ((temp-
(unwind-protect (progn (call-process vc-bzr-program nil nil nil "ini
(let* ((homedir (make-temp-file "vc-bzr-test" t)) (bzrdir (expand-fi
(lambda nil (let* ((fn-30 (function executable-find)) (args-31 (cond
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name vc-bzr-test-faulty-bzr-autoloads :doc
ert-run-or-rerun-test(#s(ert--stats :selector (not (or (tag :expensi
ert-run-tests((not (or (tag :expensive-test) (tag :unstable))) #f(co
ert-run-tests-batch((not (or (tag :expensive-test) (tag :unstable)))
ert-run-tests-batch-and-exit((not (or (tag :expensive-test) (tag :un
eval((ert-run-tests-batch-and-exit '(not (or (tag :expensive-test) (
command-line-1(("-L" ":/home/locke/tmp/main-26.1/debian/build-src/te
command-line()
normal-top-level()
Test vc-bzr-test-faulty-bzr-autoloads condition:
(wrong-type-argument number-or-marker-p nil)
FAILED 3/3 vc-bzr-test-faulty-bzr-autoloads
Ran 3 tests, 2 results as expected, 1 unexpected (2018-12-17 12:17:46-0600)
1 unexpected results:
FAILED vc-bzr-test-faulty-bzr-autoloads
Patch: 0008-Mark-vc-bzr-test-fauilt-bzr-autoloads-as-unstable-fo.patch
* Before the change builds would fail like this:
(...)
Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/vc/vc-hooks.el (source)...
Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/vc/ediff-hook.el (source)...
Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/uniquify.el (source)...
Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/electric.el (source)...
Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/emacs-lisp/eldoc.el (source)...
Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/cus-start.el (source)...
Loading /<<BUILDDIR>>/emacs-27.1+1/debian/build-src/lisp/tooltip.el (source)...
Finding pointers to doc strings...
Finding pointers to doc strings...done
Dumping under the name bootstrap-emacs.pdmp
dumping fingerprint: 7b5c59c589dc151eb1e4269bd83fbe809616b5cb9bb5c80014d5b560b391dfb6
dump relocation out of range
[rlb@defaultvalue.org: create commit message]
Origin: debian
Bug: https://bugs.gnu.org/44531
Bug-Debian: http://bugs.debian.org/1019130
Forwarded: not-needed
Patch: 0009-pdumper-set-DUMP_RELOC_ALIGNMENT_BITS-1-for-m68k.patch
* This upstream patch has been incorporated to fix the problem:
Prevent potential native compilation infinite recursions
* lisp/emacs-lisp/comp.el (comp-no-spawn): New var.
(comp-subr-trampoline-install, comp-final, comp-run-async-workers)
(comp--native-compile): Update.
Origin: upstream, commit: 1a8015b83761f27d299b1ffa45fc045bb76daf8a
Bug-Debian: https://bugs.debian.org/1017817
Bug-Debian: https://bugs.debian.org/1017845
Forwarded: not-needed
Patch: 0010-Avoid-fork-bomb-caused-by-native-compilation.patch
* This upstream patch has been incorporated to fix the problem:
Set `comp-no-spawn' earlier using -no-comp-spawn
* src/emacs.c (standard_args): Add '-no-comp-spawn' cmd line option.
* lisp/startup.el (command-line): Parse '-no-comp-spawn' cmd line
option.
* lisp/emacs-lisp/comp.el (comp-run-async-workers, comp-final):
Use '-no-comp-spawn'.
Origin: upstream, commit: 5ad5b797f78dacb9c901d3c63bee05b1762fa94f
Bug-Debian: https://bugs.debian.org/1017817
Bug-Debian: https://bugs.debian.org/1017845
Forwarded: not-needed
Patch: 0011-Avoid-fork-bomb-caused-by-native-compilation-trampol.patch
* This upstream patch has been incorporated to fix the problem:
* Fix async native compilation (bug#58637)
* lisp/emacs-lisp/comp.el (comp--native-compile): Fix gate condition.
(comp-run-async-workers): Add assetion.
Origin: upstream, commit: 56c63ca21b3e5e2d0bb05d3897ea287a754c5b29
Bug-Debian: https://bugs.debian.org/1023440
Forwarded: not-needed
Patch: 0012-Fix-eln-files-not-being-generated-when-native-comp-a.patch
* This upstream patch has been incorporated to fix the problem:
Avoid dumping core upon SIGHUP in non-interactive sessions
* src/emacs.c (terminate_due_to_signal): Don't special-case
SIGINT. Patch by Paul Eggert <eggert@cs.ucla.edu>. (Bug#58956)
Origin: upstream, commit: 25b4cec31d580353995d87fe19ae4dab6e6e37de
Bug: https://debbugs.gnu.org/58956
Bug-Debian: https://bugs.debian.org/1017711
Forwarded: not-needed
Patch: 0013-Fix-large-core-dumps-from-background-processes.patch
* It is repeatedly failing on Debian's arch:all autobuilders, though
seemingly nowhere else:
passed 40/44 simple-transpose-subr (0.000396 sec)
Test test-undo-region backtrace:
signal(ert-test-failed (((should (= (length (delq nil (undo-make-sel
ert-fail(((should (= (length (delq nil (undo-make-selective-list 1 9
#f(compiled-function () #<bytecode 0x52f126616d2cdbd>)()
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name test-undo-region :documentation nil :
ert-run-or-rerun-test(#s(ert--stats :selector ... :tests ... :test-m
ert-run-tests((not (or (tag :expensive-test) (tag :unstable))) #f(co
ert-run-tests-batch((not (or (tag :expensive-test) (tag :unstable)))
ert-run-tests-batch-and-exit((not (or (tag :expensive-test) (tag :un
command-line-1(("-L" ":/<<PKGBUILDDIR>>/debian/build
command-line()
normal-top-level()
Test test-undo-region condition:
(ert-test-failed
((should
(=
(length ...)
2))
:form
(= 3 2)
:value nil))
FAILED 41/44 test-undo-region (0.000185 sec)
Patch: 0014-Mark-test-undo-region-as-unstable.patch
* It times out:
passed 22/28 process-tests/fd-setsize-no-crash/make-serial-process (0.021449 sec)
make[5]: *** [Makefile:182: src/process-tests.log] Error 134
GEN src/regex-emacs-tests.log
GEN src/search-tests.log
GEN src/syntax-tests.log
GEN src/textprop-tests.log
GEN src/thread-tests.log
GEN src/timefns-tests.log
GEN src/undo-tests.log
GEN src/xdisp-tests.log
GEN src/xfaces-tests.log
GEN src/xml-tests.log
make[5]: Leaving directory '/<<PKGBUILDDIR>>/debian/build-gtk/test'
make[4]: [Makefile:335: check-doit] Error 2 (ignored)
SUMMARY OF TEST RESULTS
-----------------------
Files examined: 375
Ran 5408 tests, 28 failed to run, 5273 results as expected, 0 unexpected, 135 skipped
1 files did not finish:
src/process-tests.log
make[4]: *** [Makefile:336: check-doit] Error 2
Patch: 0015-Mark-flaky-test-process-tests-multiple-threads-waiti.patch
* This upstream patch has been incorporated to fix the problem:
Fixed ctags local command execute vulnerability
* lib-src/etags.c:
(clean_matched_file_tag): New function
(do_move_file): New function
(readline_internal):
Add `leave_cr` parameter, if true, include the \r character
* test/manual/etags/CTAGS.good_crlf: New file
* test/manual/etags/CTAGS.good_update: New file
* test/manual/etags/crlf: New file
* test/manual/etags/Makefile: Add `ctags -u` test cases
Origin: upstream, commit: d48bb4874bc6cd3e69c7a15fc3c91cc141025c51
Bug: https://debbugs.gnu.org/59544
Bug-Debian: https://bugs.debian.org/1025009
Forwarded: not-needed
Patch: 0016-Fix-ctags-local-command-execution-vulnerability-CVE-.patch
* The following upstream patch has been backported:
Add new variable 'inhibit-native-compilation'
* lisp/startup.el (normal-top-level): Set
inhibit-native-compilation from environment variable.
* lisp/emacs-lisp/comp.el (comp-trampoline-compile): Don't write
trampolines to disk.
* lisp/progmodes/elisp-mode.el
(emacs-lisp-native-compile-and-load): Adjust.
* src/comp.c (syms_of_comp): New variable
inhibit-native-compilation.
(maybe_defer_native_compilation): Use it.
Origin: upstream, commit: 5fec9182dbeffa88cef6651d8c798ef9665d6681
Forwarded: not-needed
Patch: 0017-Add-inhibit-native-compilation.patch
* The following upstream patch has been backported:
Rename to inhibit-automatic-native-compilation
* src/comp.c (maybe_defer_native_compilation):
(syms_of_comp):
* lisp/startup.el (inhibit-native-compilation):
(normal-top-level):
* lisp/progmodes/elisp-mode.el (emacs-lisp-native-compile-and-load):
* lisp/emacs-lisp/comp.el (comp-trampoline-compile): Rename
inhibit-native-compilation to inhibit-automatic-native-compilation.
Origin: upstream, commit f97993ee667f9be7589825f3a4fbc095d6944ec6
Forwarded: not-needed
Patch: 0018-Rename-to-inhibit-automatic-native-compilation.patch
* This upstream patch has been incorporated to fix the problem:
; * test/lisp/emacs-lisp/copyright-tests.el: Fix and future-safe.
Origin: upstream, commit: da77d70deeb2798693ec4f28a291befeb8e43989
Bug-Debian: https://bugs.debian.org/1028607
Forwarded: not-needed
Patch: 0019-Fix-copyright-tests-for-2023-onwards.patch
* This upstream patch has been incorporated to fix the problem:
Fix htmlfontify.el command injection vulnerability.
* lisp/htmlfontify.el (hfy-text-p): Fix command injection
vulnerability. (Bug#60295)
Origin: upstream, commit 807d2d5b3a7cd1d0e3f7dd24de22770f54f5ae16
Bug: https://debbugs.gnu.org/60295
Bug-Debian: https://bugs.debian.org/1031730
Forwarded: not-needed
Patch: 0020-Fix-htmlfontify.el-command-injection-vulnerability-C.patch
* This upstream patch has been incorporated to fix the problem:
Fix ruby-mode.el local command injection vulnerability (bug#60268)
* lisp/progmodes/ruby-mode.el
(ruby-find-library-file): Fix local command injection vulnerability.
Origin: upstream, commit 22fb5ff5126dc8bb01edaa0252829d853afb284f
Bug: https://debbugs.gnu.org/60268
Bug-Debian: https://bugs.debian.org/1031730
Forwarded: not-needed
Patch: 0021-Fix-ruby-mode.el-command-injection-vulnerability-CVE.patch
* This upstream patch has been incorporated to fix the problem:
Fix etags local command injection vulnerability
* lib-src/etags.c: (escape_shell_arg_string): New function.
(process_file_name): Use it to quote file names passed to the
shell. (Bug#59817)
Origin: upstream, commit e339926272a598bd9ee7e02989c1662b89e64cf0
Bug: https://debbugs.gnu.org/59817
Bug-Debian: https://bugs.debian.org/1031730
Forwarded: not-needed
Patch: 0022-Fix-etags-local-command-injection-vulnerability-CVE-.patch
* This upstream patch has been incorporated to fix the problem:
* lib-src/etags.c (process_file_name): Free malloc'ed vars (bug#61819).
Origin: upstream, commit 0fde314f6f6e6664cddab1b2f0fe20629cd39d14
Bug: https://debbugs.gnu.org/61819
Bug-Debian: https://bugs.debian.org/1031888
Forwarded: not-needed
Patch: 0023-Fix-memory-leak-in-etags.c.patch
* This upstream patch has been incorporated to fix the problem:
Fix quoted argument in emacsclient-mail.desktop Exec key
Apparently the emacsclient-mail.desktop file doesn't conform to the
Desktop Entry Specification at
https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables
which says about the Exec key:
| Field codes must not be used inside a quoted argument, the result of
| field code expansion inside a quoted argument is undefined.
However, the %u field code is used inside a quoted argument of the
Exec key in both the [Desktop Entry] and [Desktop Action new-window]
sections.
* etc/emacsclient-mail.desktop (Exec): The Desktop Entry
Specification does not allow field codes like %u inside a quoted
argument. Work around it by passing %u as first parameter ($1)
to the shell wrapper.
* etc/emacsclient.desktop (Exec): Use `sh` rather than `placeholder`
as the command name of the shell wrapper. (Bug#60204)
Origin: upstream, commit d32091199ae5de590a83f1542a01d75fba000467
Bug: https://debbugs.gnu.org/60204
Bug-Debian: https://bugs.debian.org/1032538
Forwarded: not-needed
Patch: 0024-Fix-quoted-argument-in-emacsclient-mail.desktop-CVE-.patch
* This upstream patch has been incorporated to fix the problem:
Fix Elisp code injection vulnerability in emacsclient-mail.desktop
A crafted mailto URI could contain unescaped double-quote
characters, allowing injection of Elisp code. Therefore, any
'\' and '"' characters are replaced by '\\' and '\"', using Bash
pattern substitution (which is not available in the POSIX shell).
We want to pass literal 'u=${1//\\/\\\\}; u=${u//\"/\\\"};' in the
bash -c command, but in the desktop entry '"', '$', and '\' must
be escaped as '\\"', '\\$', and '\\\\', respectively (backslashes
are expanded twice, see the Desktop Entry Specification).
Reported by Gabriel Corona <gabriel.corona@free.fr>.
* etc/emacsclient-mail.desktop (Exec): Escape backslash and
double-quote characters.
Origin: upstream, commit 3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc
Bug-Debian: https://bugs.debian.org/1032538
Forwarded: not-needed
Patch: 0025-Fix-code-injection-vulnerability-CVE-2023-27986.patch
* This upstream patch has been incorporated to fix the problem:
Fix storing email into nnmail by Gnus
* lisp/gnus/nnml.el (nnml--encode-headers): Wrap
'rfc2047-encode-string' calls with 'ignore-errors', to avoid
disrupting email workflows due to possibly-invalid headers.
Reported by Florian Weimer <fweimer@redhat.com>.
Origin: upstream, commit: 23f7c9c2a92e4619b7c4d2286d4249f812cd695d
Bug-Debian: https://bugs.debian.org/1033397
Forwarded: not-needed
Patch: 0026-Gnus-nnml-should-avoid-crashing-on-some-invalid-head.patch
* https://security-tracker.debian.org/tracker/CVE-2023-28617
This upstream patch (1/2) has been incorporated to fix the problem:
* lisp/ob-latex.el: Fix command injection vulnerability
(org-babel-execute:latex):
Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'.
TINYCHANGE
Origin: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741
Bug-Debian: https://bugs.debian.org/1033342
Patch: 0027-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-1-2.patch
* https://security-tracker.debian.org/tracker/CVE-2023-28617
This upstream patch (2/2) has been incorporated to fix the problem:
Org Mode command injection vulnerability has been fixed (CVE-2023-28617)
* lisp/ob-latex.el (org-babel-execute:latex): Fix command injection vulnerability
Link: https://orgmode.org/list/tencent_5C4D5D0DEFDDBBFC66F855703927E60C7706@qq.com
TINYCHANGE
Origin: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485
Bug-Debian: https://bugs.debian.org/1033342
Patch: 0028-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-2-2.patch
* * lisp/org/org-macro.el (org-macro--set-templates): Get rid of any
risk to evaluate code when `org-macro--set-templates' is called as a
part of major mode initialization. This way, no code evaluation is
ever triggered when user merely opens the file or when
`mm-display-org-inline' invokes Org major mode to fontify mime part
preview in email messages.
(cherry picked from commit befa9fcaae29a6c9a283ba371c3c5234c7f644eb)
Patch: 0029-org-macro-set-templates-Prevent-code-evaluation.patch
* The new variable is to be used when buffer contents comes from untrusted
source.
(cherry picked from commit ccc188fcf98ad9166ee551fac9d94b2603c3a51b)
Patch: 0030-lisp-files.el-untrusted-content-New-variable.patch
* (cherry picked from commit 937b9042ad7426acdcca33e3d931d8f495bdd804)
Patch: 0031-lisp-gnus-mm-view.el-mm-display-inline-fontify-Mark-.patch
* * lisp/org/org.el (org--latex-preview-when-risky): New variable
controlling how to handle LaTeX previews in Org files from untrusted
origin.
(org-latex-preview): Consult `org--latex-preview-when-risky' before
generating previews.
This patch adds a layer of protection when LaTeX preview is requested
for an email attachment, where `untrusted-content' is set to non-nil.
(cherry picked from commit 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c)
Patch: 0032-org-latex-preview-Add-protection-when-untrusted-cont.patch
* * lisp/org/org.el (org-resource-download-policy, org-safe-remote-resources):
Two new customisations to configure the policy for downloading remote
resources.
(org--should-fetch-remote-resource-p, org--safe-remote-resource-p,
org--confirm-resource-safe): Introduce the new function
`org--should-fetch-remote-resource-p' for internal use determining
whether a remote resource should be downloaded according to the download
policy. This function makes use of two helper functions,
`org--safe-remote-resource-p' and `org--confirm-resource-safe'.
(org-file-contents): Apply `org--safe-remote-resource-p' to file
downloading.
* lisp/org/org-attach.el (org-attach-attach, org-attach-url): Apply
`org--safe-remote-resource-p' to url downloading.
(cherry picked from Org-mode commit 0583a0c5eaa955d4370558b980b3772bb91dd057)
Patch: 0033-org-Add-setting-for-remote-file-download-policy.patch
* * lisp/org.el (org--confirm-resource-safe): Since Emacs 26 doesn't
support rx's (literal S) construct, use (concat (regexp-opt ...) ...)
instead.
(cherry picked from Org-mode commit 6de5431acc8b77548e89c61a6ae0ebc1b57540bb)
Patch: 0034-org-Refactor-rx-to-concat-regexp-opt.patch
* * lisp/org.el (org--confirm-resource-safe): `regexp-opt' was
accidentally used instead of `regexp-quote'.
(cherry picked from Org-mode commit 6ad53fa22eab5830f85a401960dc1e7d00154a27)
Patch: 0035-org-Correct-regexp-escaping-to-use-regexp-quote.patch
* * lisp/org.el (org--confirm-resource-safe): When `buffer-file-name' is
nil, skip over file-specific behaviour.
(cherry picked from Org-mode commit 4702a73031c77ba03b480b0848c137d5d8773e07)
Patch: 0036-org-Fix-resource-prompt-in-non-file-buffers.patch
* * lisp/org.el (org--confirm-resource-safe): Pick out domains from URLs,
and provide an option of marking that domain as safe.
(cherry picked from Org-mode commit 1ae801e9c86d5b150fd085230722e4dac550df30)
Patch: 0037-org-Add-mark-domain-as-safe-convenience-action.patch
* * lisp/org.el (org--confirm-resource-safe): Style domain with a link,
and url with an underline.
(cherry picked from Org-mode commit 1061db94acf785f4b8f1140649e3857d52693115)
Patch: 0038-org-Tweak-styling-of-url-in-resource-prompt.patch
* * lisp/org.el (org--confirm-resource-safe, org--safe-remote-resource-p):
Replace instances of buffer-file-name
with (buffer-file-name (buffer-base-buffer)) so these functions work in
indirect buffers.
(cherry picked from Org-mode commit 88329143c86b34195af68a8e5d5fd3d00a5dcae6)
Patch: 0039-org-Use-buffer-base-buffer-in-safe-resource-fns.patch
* * lisp/org/org.el (org-file-contents): When loading files, consider all
remote files (like TRAMP-fetched files) unsafe, in addition to URLs.
(cherry picked from commit 2bc865ace050ff118db43f01457f95f95112b877)
Patch: 0040-org-file-contents-Consider-all-remote-files-unsafe.patch
* * lisp/org/org.el (org--confirm-resource-safe): When called from
non-file buffer, do not put stray "f" in the prompt.
(cherry picked from commit 7a5d7be52c5f0690ee47f30bfad973827261abf2)
Patch: 0041-org-confirm-resource-safe-Fix-prompt-when-prompting-.patch
* * lisp/org.el (org--confirm-resource-safe): Do not assume that
resource is safe when user replies "n" (do not download).
Reported-by: Max Nikulin <manikulin@gmail.com>
Link: https://orgmode.org/list/upj6uk$b7o$1@ciao.gmane.io
(cherry picked from commit e56f0ef51bfdd0e03e817670754bc813fb3702a2)
Patch: 0042-org-Fix-security-prompt-for-downloading-remote-resou.patch
Local Variables:
mode: outline
outline-regexp: " *\\*+"
End:
Generated by dwww version 1.15 on Wed Jun 26 05:59:31 CEST 2024.