aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2017-09-11 14:46:13 +0200
committerLudovic Courtès <ludo@gnu.org>2017-09-11 14:52:29 +0200
commit66ae958c5bee27266bce2a573812db7fec7c3111 (patch)
tree0e621308890580d182d0a13d46c9aaddadb9d984 /gnu
parent238ee64802e73b797a51646014b22bbeaf90d0d5 (diff)
downloadpatches-66ae958c5bee27266bce2a573812db7fec7c3111.tar
patches-66ae958c5bee27266bce2a573812db7fec7c3111.tar.gz
gnu: emacs: Patch message-mode enriched text translation [security fix].
* gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch: New file. * gnu/packages/emacs.scm (emacs)[source](patches): Add it. * gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/emacs.scm3
-rw-r--r--gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch85
3 files changed, 88 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index c92b93dbd2..e98ee6d7fe 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -589,6 +589,7 @@ dist_patch_DATA = \
%D%/packages/patches/emacs-fix-scheme-indent-function.patch \
%D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch \
%D%/packages/patches/emacs-source-date-epoch.patch \
+ %D%/packages/patches/emacs-unsafe-enriched-mode-translations.patch \
%D%/packages/patches/erlang-man-path.patch \
%D%/packages/patches/eudev-rules-directory.patch \
%D%/packages/patches/evilwm-lost-focus-bug.patch \
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 2277edcece..c6d5766cbd 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -113,7 +113,8 @@
"1ykkq0xl28ljdg61bm6gzy04ww86ajms98gix72qg6cpr6a53dar"))
(patches (search-patches "emacs-exec-path.patch"
"emacs-fix-scheme-indent-function.patch"
- "emacs-source-date-epoch.patch"))
+ "emacs-source-date-epoch.patch"
+ "emacs-unsafe-enriched-mode-translations.patch"))
(modules '((guix build utils)))
(snippet
;; Delete the bundled byte-compiled elisp files and
diff --git a/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch
new file mode 100644
index 0000000000..7e45d30129
--- /dev/null
+++ b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch
@@ -0,0 +1,85 @@
+This patch fixes a remote code execution vulnerability reported here:
+
+ https://bugs.gnu.org/28350
+ http://www.openwall.com/lists/oss-security/2017/09/11/1
+
+From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001
+From: Lars Ingebrigtsen <larsi@gnus.org>
+Date: Fri, 8 Sep 2017 20:23:31 -0700
+Subject: Remove unsafe enriched mode translations
+
+* lisp/gnus/mm-view.el (mm-inline-text):
+Do not worry about enriched or richtext type.
+* lisp/textmodes/enriched.el (enriched-translations):
+Remove translations for FUNCTION, display (Bug#28350).
+(enriched-handle-display-prop, enriched-decode-display-prop): Remove.
+---
+ lisp/gnus/mm-view.el | 4 ----
+ lisp/textmodes/enriched.el | 32 --------------------------------
+ 2 files changed, 36 deletions(-)
+
+diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
+index e5859d0..77ad271 100644
+--- a/lisp/gnus/mm-view.el
++++ b/lisp/gnus/mm-view.el
+@@ -383,10 +383,6 @@
+ (goto-char (point-max))))
+ (save-restriction
+ (narrow-to-region b (point))
+- (when (member type '("enriched" "richtext"))
+- (set-text-properties (point-min) (point-max) nil)
+- (ignore-errors
+- (enriched-decode (point-min) (point-max))))
+ (mm-handle-set-undisplayer
+ handle
+ `(lambda ()
+diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el
+index beb6c6d..a8f0d38 100644
+--- a/lisp/textmodes/enriched.el
++++ b/lisp/textmodes/enriched.el
+@@ -117,12 +117,7 @@ expression, which is evaluated to get the string to insert.")
+ (full "flushboth")
+ (center "center"))
+ (PARAMETER (t "param")) ; Argument of preceding annotation
+- ;; The following are not part of the standard:
+- (FUNCTION (enriched-decode-foreground "x-color")
+- (enriched-decode-background "x-bg-color")
+- (enriched-decode-display-prop "x-display"))
+ (read-only (t "x-read-only"))
+- (display (nil enriched-handle-display-prop))
+ (unknown (nil format-annotate-value))
+ ; (font-size (2 "bigger") ; unimplemented
+ ; (-2 "smaller"))
+@@ -477,32 +472,5 @@ Return value is \(begin end name positive-p), or nil if none was found."
+ (message "Warning: no color specified for <x-bg-color>")
+ nil))
+
+-;;; Handling the `display' property.
+-
+-
+-(defun enriched-handle-display-prop (old new)
+- "Return a list of annotations for a change in the `display' property.
+-OLD is the old value of the property, NEW is the new value. Value
+-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+-close and OPEN a list of annotations to open. Each of these lists
+-has the form `(ANNOTATION PARAM ...)'."
+- (let ((annotation "x-display")
+- (param (prin1-to-string (or old new))))
+- (if (null old)
+- (cons nil (list (list annotation param)))
+- (cons (list (list annotation param)) nil))))
+-
+-(defun enriched-decode-display-prop (start end &optional param)
+- "Decode a `display' property for text between START and END.
+-PARAM is a `<param>' found for the property.
+-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+-the range of text to assign text property SYMBOL with value VALUE."
+- (let ((prop (when (stringp param)
+- (condition-case ()
+- (car (read-from-string param))
+- (error nil)))))
+- (unless prop
+- (message "Warning: invalid <x-display> parameter %s" param))
+- (list start end 'display prop)))
+
+ ;;; enriched.el ends here