[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: emacs: Patch message-mode enriched text translation [securit
|
From: |
Ludovic Courtès |
|
Subject: |
01/01: gnu: emacs: Patch message-mode enriched text translation [security fix]. |
|
Date: |
Mon, 11 Sep 2017 08:52:35 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 66ae958c5bee27266bce2a573812db7fec7c3111
Author: Ludovic Courtès <address@hidden>
Date: Mon Sep 11 14:46:13 2017 +0200
gnu: emacs: Patch message-mode enriched text translation [security fix].
* gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch:
New file.
* gnu/packages/emacs.scm (emacs)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
---
gnu/local.mk | 1 +
gnu/packages/emacs.scm | 3 +-
.../emacs-unsafe-enriched-mode-translations.patch | 85 ++++++++++++++++++++++
3 files changed, 88 insertions(+), 1 deletion(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index c92b93d..e98ee6d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -589,6 +589,7 @@ dist_patch_DATA =
\
%D%/packages/patches/emacs-fix-scheme-indent-function.patch \
%D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch \
%D%/packages/patches/emacs-source-date-epoch.patch \
+ %D%/packages/patches/emacs-unsafe-enriched-mode-translations.patch \
%D%/packages/patches/erlang-man-path.patch \
%D%/packages/patches/eudev-rules-directory.patch \
%D%/packages/patches/evilwm-lost-focus-bug.patch \
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 2277edc..c6d5766 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -113,7 +113,8 @@
"1ykkq0xl28ljdg61bm6gzy04ww86ajms98gix72qg6cpr6a53dar"))
(patches (search-patches "emacs-exec-path.patch"
"emacs-fix-scheme-indent-function.patch"
- "emacs-source-date-epoch.patch"))
+ "emacs-source-date-epoch.patch"
+
"emacs-unsafe-enriched-mode-translations.patch"))
(modules '((guix build utils)))
(snippet
;; Delete the bundled byte-compiled elisp files and
diff --git a/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch
b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch
new file mode 100644
index 0000000..7e45d30
--- /dev/null
+++ b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch
@@ -0,0 +1,85 @@
+This patch fixes a remote code execution vulnerability reported here:
+
+ https://bugs.gnu.org/28350
+ http://www.openwall.com/lists/oss-security/2017/09/11/1
+
+From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001
+From: Lars Ingebrigtsen <address@hidden>
+Date: Fri, 8 Sep 2017 20:23:31 -0700
+Subject: Remove unsafe enriched mode translations
+
+* lisp/gnus/mm-view.el (mm-inline-text):
+Do not worry about enriched or richtext type.
+* lisp/textmodes/enriched.el (enriched-translations):
+Remove translations for FUNCTION, display (Bug#28350).
+(enriched-handle-display-prop, enriched-decode-display-prop): Remove.
+---
+ lisp/gnus/mm-view.el | 4 ----
+ lisp/textmodes/enriched.el | 32 --------------------------------
+ 2 files changed, 36 deletions(-)
+
+diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
+index e5859d0..77ad271 100644
+--- a/lisp/gnus/mm-view.el
++++ b/lisp/gnus/mm-view.el
+@@ -383,10 +383,6 @@
+ (goto-char (point-max))))
+ (save-restriction
+ (narrow-to-region b (point))
+- (when (member type '("enriched" "richtext"))
+- (set-text-properties (point-min) (point-max) nil)
+- (ignore-errors
+- (enriched-decode (point-min) (point-max))))
+ (mm-handle-set-undisplayer
+ handle
+ `(lambda ()
+diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el
+index beb6c6d..a8f0d38 100644
+--- a/lisp/textmodes/enriched.el
++++ b/lisp/textmodes/enriched.el
+@@ -117,12 +117,7 @@ expression, which is evaluated to get the string to
insert.")
+ (full "flushboth")
+ (center "center"))
+ (PARAMETER (t "param")) ; Argument of preceding annotation
+- ;; The following are not part of the standard:
+- (FUNCTION (enriched-decode-foreground "x-color")
+- (enriched-decode-background "x-bg-color")
+- (enriched-decode-display-prop "x-display"))
+ (read-only (t "x-read-only"))
+- (display (nil enriched-handle-display-prop))
+ (unknown (nil format-annotate-value))
+ ; (font-size (2 "bigger") ; unimplemented
+ ; (-2 "smaller"))
+@@ -477,32 +472,5 @@ Return value is \(begin end name positive-p), or nil if
none was found."
+ (message "Warning: no color specified for <x-bg-color>")
+ nil))
+ �
+-;;; Handling the `display' property.
+-
+-
+-(defun enriched-handle-display-prop (old new)
+- "Return a list of annotations for a change in the `display' property.
+-OLD is the old value of the property, NEW is the new value. Value
+-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+-close and OPEN a list of annotations to open. Each of these lists
+-has the form `(ANNOTATION PARAM ...)'."
+- (let ((annotation "x-display")
+- (param (prin1-to-string (or old new))))
+- (if (null old)
+- (cons nil (list (list annotation param)))
+- (cons (list (list annotation param)) nil))))
+-
+-(defun enriched-decode-display-prop (start end &optional param)
+- "Decode a `display' property for text between START and END.
+-PARAM is a `<param>' found for the property.
+-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+-the range of text to assign text property SYMBOL with value VALUE."
+- (let ((prop (when (stringp param)
+- (condition-case ()
+- (car (read-from-string param))
+- (error nil)))))
+- (unless prop
+- (message "Warning: invalid <x-display> parameter %s" param))
+- (list start end 'display prop)))
+
+ ;;; enriched.el ends here