Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:06:34 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:07:52 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:07:52 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:09:09 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:09:09 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:10:09 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:10:09 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:06:34 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Kees Cook
Revision Date: 2010-03-23 16:03:59 UTC

* SECURITY UPDATE: arbitrary mailbox read/write via race condition.
  - Add debian/patches/fix-movemail-race.diff: thanks to Dan Rosenberg.
  - CVE-2010-0825

Author: Reinhard Tartler
Revision Date: 2009-11-09 12:03:17 UTC

backport patch from emacs23 to ensure that dynamic menus get updated properly
Closes: #550541, LP: #415101

Author: Steve Langasek
Revision Date: 2009-10-14 17:40:19 UTC

Bump the version number of the 'emacs' package, since the first attempt
to drop this binary from emacs23 didn't take.

Author: Jamie Strandboge
Revision Date: 2008-05-01 10:58:07 UTC

* SECURITY UPDATE: buffer overflow in format function
* debian/patches/fix-format-overflow.diff: fix src/editfns.c to account
  for precision in integer formatting (LP: #174177)
* SECURITY UPDATE: temporary file race condition in vcdiff
* debian/patches/vcdiff-tmp-race.diff: update lib-src/vcdiff to use
  mktemp
* References
  CVE-2007-6109
  CVE-2008-1694

Author: Jamie Strandboge
Revision Date: 2008-09-04 09:27:58 UTC

* SECURITY UPDATE: temporary file race condition in vcdiff (LP: #174177)
* debian/patches/fix-vcdiff-tmp-race.diff: update lib-src/vcdiff to use
  mktemp
* References
  CVE-2008-1694

Author: Jamie Strandboge
Revision Date: 2008-09-04 09:27:58 UTC

* SECURITY UPDATE: temporary file race condition in vcdiff (LP: #174177)
* debian/patches/fix-vcdiff-tmp-race.diff: update lib-src/vcdiff to use
  mktemp
* References
  CVE-2008-1694

Author: Michael Olson
Revision Date: 2008-01-08 18:00:57 UTC

* debian/control: Conflict and Replace emacs22-common-non-dfsg
  (LP: #172389). Thanks to Jamie Raymond for the report.
* debian/emacs.prerm: Remove alternatives in reverse creation order
  (LP: #162932). Thanks to James Troup for the report.
* debian/emacs.menu.in:
  - Use Applications/Editors instead of Apps/Editors as per menu policy.
  - Move menu definition for "emacs -nw" here, and delete
    emacs-common.menu.in. This way, if the user installs emacs22-nox,
    they will not have an unwanted menu item added (LP: #157984).
    Thanks to Ryan for the report.
* debian/patches:
  - feature-spell-warning.diff: New patch that displays a warning when
    spell is used and the spell binary is not installed (LP: #154989).
  - fix-comint-sudo.diff: New patch that causes comint to recognize the
    sudo prompt used by Ubuntu (LP: #162890).
  - Rename CVE-2007-6109.diff to fix-format-overflow.diff so that it
    shows up in README.Debian. Add patch header as well.
  - fix-local-vars-security.diff: Add CVE ID.
* debian/README.in:
  - Place Ubuntu rather than Debian in the header line.
  - Add link to further explanation for why we use a separate package.
  - Clarify what "this package" means.
  - Together this fixes LP: #180164. Thanks to era for the report and
    patch.
* debian/rules: Don't build debian/emacs-common.menu and don't call
  dh_installmenu -i.

Author: Jamie Strandboge
Revision Date: 2008-05-01 10:58:07 UTC

* SECURITY UPDATE: buffer overflow in format function
* debian/patches/fix-format-overflow.diff: fix src/editfns.c to account
  for precision in integer formatting (LP: #174177)
* SECURITY UPDATE: temporary file race condition in vcdiff
* debian/patches/vcdiff-tmp-race.diff: update lib-src/vcdiff to use
  mktemp
* References
  CVE-2007-6109
  CVE-2008-1694

Author: LaMont Jones
Revision Date: 2007-10-04 19:36:25 UTC

Trigger rebuild for hppa

Author: Michael Olson
Revision Date: 2007-11-02 11:00:58 UTC

[ Michael Olson: Fix security issue. ]
* debian/patches/fix-local-vars-security.diff: New patch that fixes a
  bug in local variables handling. This bug permitted very risky, close
  to arbitrary modification of the behavior of Emacs by potentially
  untrusted visited files. Namely, highly unsafe variables like
  `load-path' could be changed without authorization. Fixes Launchpad
  #159525 and Debian #449008.
* Reference:
  CVE-2007-5795

[ Michael Olson: Bring this closer to Debian's packaging. ]
* debian/control: Remove Build-Depends for cdbs, since we really don't
  need it after all.
* debian/patches: Remove executable bits for all patches.
* debian/rules:
  - Include /usr/share/quilt/quilt.make instead of cdbs. Thanks to
    Romain Francoise for discovering this Makefile.
  - Trivial changes that minimize the differences between our package
    and Debian's:
    + Use $(...) rather than ${...}, since the former seems to be
      preferred by debian.
    + Add "set -o pipefail" before several commands involving pipes, so
      that the error code returned is the one for the first command with
      an error in the pipe. Since the version of bash in Debian sarge
      does not support this option, and we want to be able to share
      changes with Romain's emacs-snapshot backport for sarge, send the
      output of set to /dev/null and force the exit status to be 0.
    + (nominal_ver): Split command into multiple lines.
    + Reorganize some sections to make it easier to compare changes.
    + Export DEB_HOST_GNU_TYPE and DEB_BUILD_GNU_TYPE.
    + Rename DEB_TRASH to deb_trash.
    + Rename bin_name to flavor.
    + Update comments.
    + (confflags): Use "--build=" instead of "--build " and "--host="
      instead of "--host ".
    + (deb_orig_tgz): Introduce.
    + (persistent_autogen_build_files)
      (nonpersistent_autogen_build_files)
      (persistent_autogen_install_files)
      (nonpersistent_autogen_install_files, autogen_build_files)
      (autogen_install_files, persistent_autogen_files)
      (nonpersistent_autogen_files): New variables that replace
      PERSISTENT_AUTOGEN_FILES, NONPERSISTENT_AUTOGEN_FILES, and
      DEBPKGFILES.
  - (quilt): New variable that specifies how to call quilt. This
    particular name was chosen because Debian uses it in their emacs22
    packaging.
  - (patch_info): Use $(quilt) rather than $(DEB_QUILT_CMD).