Changelog:
This is an emergency release to fix a security vulnerability in Emacs.
Enriched Text mode has its support for decoding 'x-display' disabled.
This feature allows saving 'display' properties as part of text.
Emacs 'display' properties support evaluation of arbitrary Lisp forms
as part of instantiating the property, so decoding 'x-display' is
vulnerable to executing arbitrary malicious Lisp code included in the
text (e.g., sent as part of an email message).
This vulnerability was introduced in Emacs 19.29.
GNU Emacs is an extensible, customizable, free/libre text editor and software
environment. When Emacs renders MIME text/enriched data (Internet RFC 1896), it
is vulnerable to arbitrary code execution. Since Emacs-based mail clients decode
"Content-Type: text/enriched", this code is exploitable remotely. This bug
affects GNU Emacs versions 19.29 through 25.2.
Although we know no efforts to exploit this in the wild, exploitation is easy.
http://www.openwall.com/lists/oss-security/2017/09/11/1
2017.08.27 - GNU nano 2.8.7 "Fragrance" fixes a lockup when tabs are
wider than the screen, makes indenting + unindenting
more predictable by retaining relative indentations,
allows pasting (^U) at a prompt, allows triple quotes
in Python to not be followed by a character, does not
scroll three pages on a roll of the mouse wheel, binds
Alt+Up and Alt+Down to findprevious and findnext, and
fixes some hard-to-describe issues with softwrapping
and boundary-crossing tabs. Enjoy.
Upstream changes:
2017 July 21
GNU nano 2.8.6 "Kekulé" offers a new feature: the ability
to do softwrapping between words -- at whitespace --
instead of always at the edge of the screen. This can
be activated with -a or --atblanks or 'set atblanks'
together with the softwrap option. This release further
fixes a handful of rare display glitches, fixes a build
failure on AIX, harmonizes the quoting rules in the rc
files, and renames the option 'cut' to 'cutfromcursor'
(please update your nanorc files before 2020).
declarations conflict with system headers. After patching this file,
the build then hangs at
./xemacs -nd -batch -l /var/obj/pkgsrc/editors/xemacs/work/xemacs-21.4.24/src/../lisp/update-elc.el
with the xemacs process spinning at 100% cpu.
Upstream states that the XEmacs malloc has not been updated in a long
time, and that it is safe to use the system malloc, so that's what
we'll do.
Upstream changes:
17435 8.0.0647 syntax highlighting can cause a freeze
1629 8.0.0648 possible use of NULL pointer
3822 8.0.0649 when opening a help file the filetype is set several times
2039 8.0.0650 for extra help files the filetype is set more than once
1534 8.0.0651 build failure without the auto command feature
10036 8.0.0652 unicode information is outdated
2013 8.0.0653 the default highlight for QuickFixLine is not good
5188 8.0.0654 no warning for text after :endfunction
2677 8.0.0655 not easy to make sure a function does not exist
2329 8.0.0656 cannot use ! after some user commands
13104 8.0.0657 cannot get and set quickfix list items
47863 8.0.0658 spell test is old style
5884 8.0.0659 no test for conceal mode
1676 8.0.0660 silent install on MS-Windows shows dialog
10750 8.0.0661 recognizing urxvt mouse codes does not work well
1828 8.0.0662 stray FIXME for fixed problem
5971 8.0.0663 unexpected error message only when 'verbose' is set
2373 8.0.0664 mouse does not work in tmux
1517 8.0.0665 warning for uninitialized variable
4110 8.0.0666 dead for loop
5896 8.0.0667 memory access error when command follows :endfunc
1689 8.0.0668 nsis installer script does not work
2927 8.0.0669 CTRL-N at start of the buffer does not work correctly
3607 8.0.0670 can't use input() in a timer callback
1600 8.0.0671 hang when typing CTRL-C in confirm() in timer
6001 8.0.0672 third item of synconcealed() changes too often
1260 8.0.0673 build failure without conceal feature
1751 8.0.0674 cannot build with eval but without timers
2638 8.0.0675 'colorcolumn' has a higher priority than 'hlsearch'
8830 8.0.0676 crash when closing quickfix window in autocmd
4177 8.0.0677 setting 'filetype' may switch buffers
3772 8.0.0678 closing a window does not trigger resizing
2223 8.0.0679 using freed memory
10068 8.0.0680 plugins in start packages are sourced twice
2323 8.0.0681 unnamed register only contains the last deleted text
2786 8.0.0682 no test for synIDtrans()
4871 8.0.0683 visual bell flashes too quickly
13990 8.0.0684 old style tests are not nice
28918 8.0.0685 when conversion fails written file may be truncated
1479 8.0.0686 extra redraw when using CTRL-L in second window
6644 8.0.0687 minor issues related to quickfix
4317 8.0.0688 cannot resize the window in a FileType autocommand
2402 8.0.0689 ~ character not escaped when extending search pattern
2150 8.0.0690 compiler warning on non-Unix system
1267 8.0.0691 compiler warning without the linebreak feature
2964 8.0.0692 CTRL-G with 'incsearch' and ? goes in the wrong direction
361923 8.0.0693 no terminal emulator support
2396 8.0.0694 building in shadow directory does not work
5003 8.0.0695 missing dependencies breaks parallel make
1309 8.0.0696 .inc files missing in git
9396 8.0.0697 recorded key sequences may become invalid
4219 8.0.0698 crash on exit when using Python function in timer.
1742 8.0.0699 checksum tests are not actually run
2709 8.0.0700 segfault with QuitPre autocommand closes the window
2900 8.0.0701 system test failing when using X11 forwarding
5191 8.0.0702 an error in a timer can make Vim unusable
3118 8.0.0703 illegal memory access with empty :doau command
2145 8.0.0704 problems with autocommands when opening help
2017.06.25 - GNU nano 2.8.5 "Farouche" avoids a crash when waking from
a suspension that was induced from the outside, allows
negative line and column numbers on the command line,
avoids some flickering when resizing the screen while
in the file browser, opens files in the order they were
mentioned on the command line, and does not pretend to
have woken from suspension when receiving a SIGCONT.
