Minor updates

diff --git a/LICENSE b/LICENSE
index f8b1aeb21894743d5cec44603df6ba7d4ee5303f..4f6a9dd23f66bb2097fe28d929d3a767384cca43 100644 (file)
--- a/LICENSE
+++ b/LICENSE
@@ -1,4 +1,4 @@
-Copyright 2022-2024 Eshel Yaron
+Copyright 2022-2025 Eshel Yaron
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

diff --git a/esy-publish.el b/esy-publish.el
index 7efa6cf8f1e3684a6b3e022bc7e6858ed27e52a1..7359654f3cb1fe578da250a06aaf7817460bdce4 100644 (file)
--- a/esy-publish.el
+++ b/esy-publish.el
@@ -1,6 +1,6 @@
 ;;; esy-publish.el --- Simple Static Site Generator -*- lexical-binding:t -*-
 
-;; Copyright (C) 2023-2024 Eshel Yaron
+;; Copyright (C) 2023-2025 Eshel Yaron
 
 ;; Author: Eshel Yaron <me@eshelyaron.com>
 ;; Maintainer: Eshel Yaron <me@eshelyaron.com>
@@ -503,7 +503,7 @@
                                                   (class . "footer"))
                                                  (hr nil)
                                                  "© "
-                                                 (time ((class . "copyright-year")) "2024")
+                                                 (time ((class . "copyright-year")) "2025")
                                                  " Eshel Yaron"))))
                      "--output")))
     (apply #'call-process "texi2any" nil nil nil
@@ -666,7 +666,7 @@
                                    (class . "footer"))
                                   (hr nil)
                                   "© "
-                                  (time ((class . "copyright-year")) "2024")
+                                  (time ((class . "copyright-year")) "2025")
                                   " %a"))))))))
     (org-publish "all" force)
     (dolist (buffer (seq-uniq

diff --git a/source/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.org b/source/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.org
index a974c985ec933c4129c5a65ba814702ae885292d..0462e5cbc68b52ee62f2ec17b2f204d29ec8c03c 100644 (file)
--- a/source/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.org
+++ b/source/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.org
@@ -122,7 +122,8 @@ the Lisp byte-compiler in =bytecomp.el= uses to preprocess Lisp forms.
 In addition, Emacs ships with several built-in macros that actually do
 execute arbitrary code by /evaluating/ some of their arguments, no
 questions asked.  These macros are ~static-if~, ~rx~, ~cl-eval-when~,
-~eval-when-compile~, ~eval-and-compile~, and perhaps others.
+~eval-when-compile~, ~eval-and-compile~, ~cl-macrolet~, and perhaps
+others.
 
 Therefore, if we can nudge Emacs to expand one of these macros, we get
 arbitrary code execution.  That's the crux of this vulnerability.
@@ -216,7 +217,7 @@ variants of this issue have been surfaced in the past, but the issue,
 sadly, still stands.  AFAICT the earliest public discussion about the
 security implications of Emacs Lisp macros started in August 2018,
 when [[https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg@mail.gmail.com/][Wilfred Hughes noted]] that code completion can lead to arbitrary
-code execution via macro-expansion.  In October 2019, [[https://yhetil.org/emacs/CAJw81da4=R1jMJ0enx6SbO7G1rzaL61K2kqbY+jxhe=AM-3vtQ@mail.gmail.com/][Adam Plaice
+code execution via macro-expansion.  In October 2019, [[https://debbugs.gnu.org/cgi/bugreport.cgi?bug=37656][Adam Plaice
 reported]] that Flymake specifically can be used in a similar exploit.
 Some solutions have been floated in the discussions following these
 reports, but unfortunately, Emacs remains vulnerable to this very day.