+emacs22 (22.3+1-1) unstable; urgency=low
+
+ * New upstream release. (closes: #512134)
+
+ -- Rob Browning <rlb@defaultvalue.org> Sat, 28 Mar 2009 19:18:43 -0700
+
emacs22 (22.2+2-5) unstable; urgency=low
* Add a build dependency on libasound2-dev which emacs22 is already
This is the original source archive:
- prep.ai.mit.edu:/pub/gnu/emacs/emacs-22.2.tar.gz
+ prep.ai.mit.edu:/pub/gnu/emacs/emacs-22.3.tar.gz
Please see /usr/share/doc/emacs22-common/README.Debian.gz for a
description of the Debian specific differences from the upstream
# run the script. The resulting two orig.tar.gz files will be placed
# into a new ./split-tmp directory.
-emacs_archive_name="emacs-22.2.tar.gz"
-emacs_dir="emacs-22.2"
-emacs_version="22.2"
+emacs_archive_name="emacs-22.3.tar.gz"
+emacs_dir="emacs-22.3"
+emacs_version="22.3"
emacs_major="22"
-deb_src_rev="2"
+deb_src_rev="1"
non_main_dir="${emacs_dir}-non-dfsg"
+++ /dev/null
-* A problem with vc mode's handling of temporary buffers has been fixed.
- Patch: do-not-show-vc-internal-tmp-buffers.diff
- Provided-by: Sven Joachim <svenjoac@gmx.de>
- Originally-reported-by: Michael Berg <michaeljberg@gmail.com>
- Date: Mon, 14 Apr 2008 14:36:05 UTC
- Added-by: Rob Browning <rlb@defaultvalue.org>
- Status: incorporated upstream
- Bug: 476108
-
- Emacs should no longer fail when trying to open files under monotone
- version control.
-
- From the upstream ChangeLog:
-
- 2008-03-29 Stefan Monnier <monnier@iro.umontreal.ca>
-
- * vc.el (vc-do-command): Don't show internal temp buffers.
-
-Index: sid/lisp/vc.el
-===================================================================
---- sid.orig/lisp/vc.el
-+++ sid/lisp/vc.el
-@@ -1047,9 +1047,14 @@
- (when (and (not (eq t okstatus))
- (or (not (integerp status))
- (and okstatus (< okstatus status))))
-- (pop-to-buffer (current-buffer))
-- (goto-char (point-min))
-- (shrink-window-if-larger-than-buffer)
-+ ;; Don't show internal temp buffers. Especially since, together
-+ ;; with with-temp-buffer and pop-up-frames, this can result in
-+ ;; bugs where with-temp-buffer ends up not preserving
-+ ;; current-buffer (because kill-buffer doesn't preserve it).
-+ (unless (eq ?\s (aref (buffer-name (current-buffer)) 0))
-+ (pop-to-buffer (current-buffer))
-+ (goto-char (point-min))
-+ (shrink-window-if-larger-than-buffer))
- (error "Running %s...FAILED (%s)" command
- (if (integerp status) (format "status %d" status) status))))
- (if vc-command-messages
+++ /dev/null
-* Python mode will not inappropriately load modules in the current directory.
- Patch: fix-python-module-handling-cve-2008-3949.diff
- Provided-by: Chong Yidong <cyd@stupidchicken.com>
- Originally-reported-by: Sven Joachim <svenjoac@gmx.de>
- Date: Fri, 19 Sep 2008 23:06:33 +0200
- Added-by: Rob Browning <rlb@defaultvalue.org>
- Status: incorporated upstream
-
- Chong Yidong <cyd@stupidchicken.com> describes the problem as
- follows:
-
- The Emacs command `run-python' launches an interactive Python
- interpreter. After the Python process starts up, Emacs
- automatically sends it the line
-
- import emacs
-
- which normally imports a script named emacs.py which is
- distributed with Emacs. This script, which is typically located
- in a write-protected installation directory with other Emacs
- program files, defines various functions to help the Python
- process communicate with Emacs.
-
- The vulnerability arises because Python, by default, prepends ''
- to the module search path, so modules are looked for in the
- current directory. If the current directory is world-writable, an
- attacker may insert malicious code by adding a fake Python module
- named emacs.py into that directory.
-
- Furthermore, emacs.py imports other non-built-in Python modules,
- such as `inspect'. The same vulnerability exists for these import
- statements.
-
- By default, merely visiting and editing a *.py source file does
- not launch a Python subprocess; you either have to call `M-x
- run-python', or enable Emacs code that calls `run-python'
- automatically, such as `eldoc-mode'.
-
- The Python developers, in a private communication, have stated
- that they do not regard this module-importing behavior as a
- security problem for Python per se, because running a python
- script in a world-writable directory is itself a security hazard.
- In the Emacs context, however, it's much less obvious that it's
- unsafe to call `run-python' while the current directory is
- world-writable; therefore, the problem discussed here can be
- regarded as a security risk.
-
- The fix adds arguments to the invocation of Python which remove ''
- from sys.path. Since sys is a built-in module, it cannot be
- overriden via the current directory before this code executes.
-
-Index: sid/lisp/progmodes/python.el
-===================================================================
---- sid.orig/lisp/progmodes/python.el
-+++ sid/lisp/progmodes/python.el
-@@ -1355,7 +1355,9 @@
- ;; invoked. Would support multiple processes better.
- (when (or new (not (comint-check-proc python-buffer)))
- (with-current-buffer
-- (let* ((cmdlist (append (python-args-to-list cmd) '("-i")))
-+ (let* ((cmdlist
-+ (append (python-args-to-list cmd)
-+ '("-i" "-c" "import sys; sys.path.remove('')")))
- (path (getenv "PYTHONPATH"))
- (process-environment ; to import emacs.py
- (cons (concat "PYTHONPATH=" data-directory
+++ /dev/null
-* A problem with insecure temporary file handling in vcdiff has been fixed.
- Patch: fix-vcdiff-tmp-file-handling-cve-2008-1694.diff
- Provided-by: Moritz Muehlenhoff <jmm@debian.org>
- Originally-reported-by: Steve Grubb
- Date: Fri, 18 Apr 2008 00:00:45 +0200
- Added-by: Rob Browning <rlb@defaultvalue.org>
- Status: incorporated upstream
-
- The vcdiff script should use temporary files more securely. Without
- this fix a local attacker might have been able to use a symlink
- attack to force vcdiff to overwrite an arbitrary file.
-
-Index: sid/lib-src/vcdiff
-===================================================================
---- sid.orig/lib-src/vcdiff
-+++ sid/lib-src/vcdiff
-@@ -84,14 +84,14 @@
- case $f in
- s.* | */s.*)
- if
-- rev1=/tmp/geta$$
-+ rev1=`mktemp /tmp/geta.XXXXXXXX`
- get -s -p -k $sid1 "$f" > $rev1 &&
- case $sid2 in
- '')
- workfile=`expr " /$f" : '.*/s.\(.*\)'`
- ;;
- *)
-- rev2=/tmp/getb$$
-+ rev2=`mktemp /tmp/getb.XXXXXXXX`
- get -s -p -k $sid2 "$f" > $rev2
- workfile=$rev2
- esac
+++ /dev/null
-* WoMan should now handle various manpages without raising an error.
- Patch: fix-woman2-th.diff
- Provided-by: Sven Joachim <svenjoac@gmx.de>
- Date: Tue, 15 Apr 2008 09:42:31 +0200
- Added-by: Rob Browning <rlb@defaultvalue.org>
- Status: incorporated upstream
-
- WoMan should now correctly handle a number of manpages which
- previously caused it to raise an error.
-
-Index: sid/lisp/woman.el
-===================================================================
---- sid.orig/lisp/woman.el
-+++ sid/lisp/woman.el
-@@ -3810,10 +3810,9 @@
- (insert " -- ")
- (woman-forward-arg 'unquote 'concat)
- ;; Delete repeated arguments:
-- (if (string-match (buffer-substring here (point))
-+ (if (string-equal (buffer-substring here (point))
- (buffer-substring start here))
-- (delete-region here (point)))
-- ))
-+ (delete-region here (point)))))
- ;; Embolden heading (point is at end of heading):
- (woman-set-face
- (save-excursion (beginning-of-line) (point)) (point) 'woman-bold)
+++ /dev/null
-* A security problem relating to fast-lock-cache-directories has been fixed.
- Patch: make-fast-lock-cache-directories-risky-cve-2008-2142.diff
- Provided-by: Sven Joachim <svenjoac@gmx.de>
- Originally-reported-by: "Morten Welinder" <mwelinder@gmail.com>
- Date: Mon, 12 May 2008 19:39:35 +0200
- Added-by: Rob Browning <rlb@defaultvalue.org>
- Status: incorporated upstream
-
- The fast-lock-cache-directories variable no longer includes the
- current directory, ".", and is now marked as risky. This has been
- done to limit the possibility of executing arbitrary code via random
- .flc files.
-
- From the upstream ChangeLog:
-
- 2008-05-12 Simon Marshall <simon@gnu.org>
-
- * fast-lock.el (fast-lock-cache-directories): Remove "." from its
- default value and give it the risky-local-variable property.
-
-
---8<---------------cut here---------------start------------->8---
-Index: fast-lock.el
-===================================================================
-RCS file: /sources/emacs/emacs/lisp/obsolete/fast-lock.el,v
-retrieving revision 1.11.2.3
-retrieving revision 1.11.2.4
-diff -u -r1.11.2.3 -r1.11.2.4
---- old/lisp/obsolete/fast-lock.el 7 Jan 2008 01:58:14 -0000 1.11.2.3
-+++ new/lisp/obsolete/fast-lock.el 12 May 2008 17:30:29 -0000 1.11.2.4
-@@ -286,7 +286,7 @@
- (integer :tag "size")))))
- :group 'fast-lock)
-
--(defcustom fast-lock-cache-directories '("." "~/.emacs-flc")
-+(defcustom fast-lock-cache-directories '("~/.emacs-flc")
- ; - `internal', keep each file's Font Lock cache file in the same file.
- ; - `external', keep each file's Font Lock cache file in the same directory.
- "*Directories in which Font Lock cache files are saved and read.
-@@ -304,12 +304,15 @@
- ((\"^/your/true/home/directory/\" . \".\") \"~/.emacs-flc\")
-
- would cause a file's current directory to be used if the file is under your
--home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'."
-+home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'.
-+For security reasons, it is not advisable to use the file's current directory
-+to avoid the possibility of using the cache of another user."
- :type '(repeat (radio (directory :tag "directory")
- (cons :tag "Matching"
- (regexp :tag "regexp")
- (directory :tag "directory"))))
- :group 'fast-lock)
-+(put 'fast-lock-cache-directories 'risky-local-variable t)
-
- (defcustom fast-lock-save-events '(kill-buffer kill-emacs)
- "*Events under which caches will be saved.
require-movemail-use-liblockfile.diff
avoid-fakemail-mail-loss.diff
version-mention-debian.diff
-fix-vcdiff-tmp-file-handling-cve-2008-1694.diff
-make-fast-lock-cache-directories-risky-cve-2008-2142.diff
fix-mule-select-safe-coding.diff
look-for-news-to-find-etc.diff
-fix-woman2-th.diff
-fix-python-module-handling-cve-2008-3949.diff
fix-flymake-xmlstarlet-invocation.diff
-do-not-show-vc-internal-tmp-buffers.diff
autofiles.diff
# removed from the file.
# Copyright 1994,1995 Ian Jackson
-# Copyright 1998-2005 Rob Browning <rlb@defaultvalue.org>
# Copyright 2004-2005 Jérôme Marant <jerome@debian.org>
+# Copyright 1998-2009 Rob Browning <rlb@defaultvalue.org>
# Originally copied from the GNU Hello Debian rules file (1.3).
# Modified for emacs by Mark Eichin <eichin@kitten.gen.ma.us>.
then \
touch debian/patches/autofiles.diff; \
fi;
- $(patch)
- test "$$($(quilt) top)" = autofiles.diff
+ $(quilt) push $$($(quilt) series | tail -n 2 | head -n 1)
+ test "$$($(quilt) next)" = autofiles.diff
$(quilt) pop
mkdir -p debian/tmp-autofiles/old
$(pf); tar cpSf - --exclude ./debian --exclude ./.pc . \
projects / emacs.git / commitdiff