Merge Emacs 25.3 fixes

The security patches released for Emacs 25.3 were less drastic than what we had immediately put into master. Adjust master to match 25.3 (Bug#28350). * lisp/textmodes/enriched.el (enriched-translations): Re-enable FUNCTION and display translations that are safe. (enriched-handle-display-prop): Bring back. (enriched-decode-display-prop): Bring back, but disable the unsafe part.
author: Paul Eggert 2017-09-12 09:24:43 -0700
committer: Paul Eggert 2017-09-12 09:26:37 -0700
commit: b3fd6831dc38c1e1fedc4c9fbf344662384fa10a (patch)
tree: c9fe4ed5feae3013dadc0e01976fa607bc28bb37
parent: 35c893ddaf21b93677850a69709b59630bb0feb7 (diff)
download: emacs-b3fd6831dc38c1e1fedc4c9fbf344662384fa10a.tar.gz
emacs-b3fd6831dc38c1e1fedc4c9fbf344662384fa10a.zip
4 files changed, 57 insertions, 0 deletions
diff --git a/ChangeLog.2 b/ChangeLog.2
index bf52ac0ef1d..bd1800b3307 100644
--- a/ChangeLog.2
+++ b/ChangeLog.2
@@ -1,3 +1,17 @@
+2017-09-11  Eli Zaretskii  <eliz@gnu.org>
+        * etc/NEWS: Document the vulnerability and its resolution.
+        Include a workaround.  Suggested by Charles A. Roelli
+        <charles@aurox.ch>.
+        * lisp/gnus/mm-view.el (mm-inline-text): Disable decoding of
+        "enriched" and "richtext" MIME objects.  Suggested by Lars
+        Ingebrigtsen <larsi@gnus.org>.
+        * lisp/textmodes/enriched.el (enriched-decode-display-prop):
+        Don't produce 'display' properties.  (Bug#28350)
 2017-04-20  Nicolas Petton  <nicolas@petton.fr>
        * Version 25.2 released.
diff --git a/etc/HISTORY b/etc/HISTORY
index ad38b3262d2..301ba33b97e 100644
--- a/etc/HISTORY
+++ b/etc/HISTORY
@@ -211,6 +211,8 @@ GNU Emacs 25.1 (2016-09-16) emacs-25.1
 GNU Emacs 25.2 (2017-04-20) emacs-25.2
+GNU Emacs 25.3 (2017-09-11) emacs-25.3
 ----------------------------------------------------------------------
 This file is part of GNU Emacs.
diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
index 3698f4d9cf7..fb80e6bf3cb 100644
--- a/lisp/gnus/mm-view.el
+++ b/lisp/gnus/mm-view.el
@@ -362,6 +362,12 @@
        (goto-char (point-max))))
    (save-restriction
      (narrow-to-region b (point))
+      ;; Disabled in Emacs 25.3 to avoid execution of arbitrary Lisp
+      ;; forms in display properties supported by enriched.el.
+      ;; (when (member type '("enriched" "richtext"))
+      ;;   (set-text-properties (point-min) (point-max) nil)
+      ;;        (ignore-errors
+      ;;          (enriched-decode (point-min) (point-max))))
      (mm-handle-set-undisplayer
       handle
       `(lambda ()
diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el
index eba7c4ddd83..5319db7c16e 100644
--- a/lisp/textmodes/enriched.el
+++ b/lisp/textmodes/enriched.el
@@ -117,7 +117,12 @@ expression, which is evaluated to get the string to insert.")
                   (full        "flushboth")
                   (center      "center"))
    (PARAMETER     (t           "param")) ; Argument of preceding annotation
+    ;; The following are not part of the standard:
+    (FUNCTION      (enriched-decode-foreground "x-color")
+                   (enriched-decode-background "x-bg-color")
+                   (enriched-decode-display-prop "x-display"))
    (read-only     (t           "x-read-only"))
+    (display       (nil         enriched-handle-display-prop))
    (unknown       (nil         format-annotate-value))
 ;   (font-size     (2           "bigger")       ; unimplemented
 ;                  (-2          "smaller"))
@@ -472,5 +477,35 @@ Return value is \(begin end name positive-p), or nil if none was found."
    (message "Warning: no color specified for <x-bg-color>")
    nil))
+;;; Handling the `display' property.
+(defun enriched-handle-display-prop (old new)
+  "Return a list of annotations for a change in the `display' property.
+OLD is the old value of the property, NEW is the new value.  Value
+is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+close and OPEN a list of annotations to open.  Each of these lists
+has the form `(ANNOTATION PARAM ...)'."
+  (let ((annotation "x-display")
+        (param (prin1-to-string (or old new))))
+    (if (null old)
+        (cons nil (list (list annotation param)))
+      (cons (list (list annotation param)) nil))))
+(defun enriched-decode-display-prop (start end &optional param)
+  "Decode a `display' property for text between START and END.
+PARAM is a `<param>' found for the property.
+Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+the range of text to assign text property SYMBOL with value VALUE."
+  (let ((prop (when (stringp param)
+                (condition-case ()
+                    (car (read-from-string param))
+                  (error nil)))))
+    (unless prop
+      (message "Warning: invalid <x-display> parameter %s" param))
+    ;; Disabled in Emacs 25.3 to avoid execution of arbitrary Lisp
+    ;; forms in display properties stored within enriched text.
+    ;; (list start end 'display prop)))
+    (list start end)))
 ;;; enriched.el ends here
author	Paul Eggert	2017-09-12 09:24:43 -0700
committer	Paul Eggert	2017-09-12 09:26:37 -0700
commit	b3fd6831dc38c1e1fedc4c9fbf344662384fa10a (patch)
tree	c9fe4ed5feae3013dadc0e01976fa607bc28bb37
parent	35c893ddaf21b93677850a69709b59630bb0feb7 (diff)
download	emacs-b3fd6831dc38c1e1fedc4c9fbf344662384fa10a.tar.gz emacs-b3fd6831dc38c1e1fedc4c9fbf344662384fa10a.zip

diff --git a/ChangeLog.2 b/ChangeLog.2 index bf52ac0ef1d..bd1800b3307 100644 --- a/ChangeLog.2 +++ b/ChangeLog.2
@@ -1,3 +1,17 @@
		1	2017-09-11 Eli Zaretskii <eliz@gnu.org>
		2
		3	* etc/NEWS: Document the vulnerability and its resolution.
		4	Include a workaround. Suggested by Charles A. Roelli
		5	<charles@aurox.ch>.
		6
		7	* lisp/gnus/mm-view.el (mm-inline-text): Disable decoding of
		8	"enriched" and "richtext" MIME objects. Suggested by Lars
		9	Ingebrigtsen <larsi@gnus.org>.
		10
		11	* lisp/textmodes/enriched.el (enriched-decode-display-prop):
		12	Don't produce 'display' properties. (Bug#28350)
		13
		14
1	2017-04-20 Nicolas Petton <nicolas@petton.fr>	15	2017-04-20 Nicolas Petton <nicolas@petton.fr>
2		16
3	* Version 25.2 released.	17	* Version 25.2 released.


diff --git a/etc/HISTORY b/etc/HISTORY index ad38b3262d2..301ba33b97e 100644 --- a/etc/HISTORY +++ b/etc/HISTORY
@@ -211,6 +211,8 @@ GNU Emacs 25.1 (2016-09-16) emacs-25.1
211		211
212	GNU Emacs 25.2 (2017-04-20) emacs-25.2	212	GNU Emacs 25.2 (2017-04-20) emacs-25.2
213		213
		214	GNU Emacs 25.3 (2017-09-11) emacs-25.3
		215
214		216
215	----------------------------------------------------------------------	217	----------------------------------------------------------------------
216	This file is part of GNU Emacs.	218	This file is part of GNU Emacs.


diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el index 3698f4d9cf7..fb80e6bf3cb 100644 --- a/lisp/gnus/mm-view.el +++ b/lisp/gnus/mm-view.el
@@ -362,6 +362,12 @@
362	(goto-char (point-max))))	362	(goto-char (point-max))))
363	(save-restriction	363	(save-restriction
364	(narrow-to-region b (point))	364	(narrow-to-region b (point))
		365	;; Disabled in Emacs 25.3 to avoid execution of arbitrary Lisp
		366	;; forms in display properties supported by enriched.el.
		367	;; (when (member type '("enriched" "richtext"))
		368	;; (set-text-properties (point-min) (point-max) nil)
		369	;; (ignore-errors
		370	;; (enriched-decode (point-min) (point-max))))
365	(mm-handle-set-undisplayer	371	(mm-handle-set-undisplayer
366	handle	372	handle
367	`(lambda ()	373	`(lambda ()


diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el index eba7c4ddd83..5319db7c16e 100644 --- a/lisp/textmodes/enriched.el +++ b/lisp/textmodes/enriched.el
@@ -117,7 +117,12 @@ expression, which is evaluated to get the string to insert.")
117	(full "flushboth")	117	(full "flushboth")
118	(center "center"))	118	(center "center"))
119	(PARAMETER (t "param")) ; Argument of preceding annotation	119	(PARAMETER (t "param")) ; Argument of preceding annotation
		120	;; The following are not part of the standard:
		121	(FUNCTION (enriched-decode-foreground "x-color")
		122	(enriched-decode-background "x-bg-color")
		123	(enriched-decode-display-prop "x-display"))
120	(read-only (t "x-read-only"))	124	(read-only (t "x-read-only"))
		125	(display (nil enriched-handle-display-prop))
121	(unknown (nil format-annotate-value))	126	(unknown (nil format-annotate-value))
122	; (font-size (2 "bigger") ; unimplemented	127	; (font-size (2 "bigger") ; unimplemented
123	; (-2 "smaller"))	128	; (-2 "smaller"))
@@ -472,5 +477,35 @@ Return value is \(begin end name positive-p), or nil if none was found."
472	(message "Warning: no color specified for <x-bg-color>")	477	(message "Warning: no color specified for <x-bg-color>")
473	nil))	478	nil))
474		479
		480	;;; Handling the `display' property.
		481
		482
		483	(defun enriched-handle-display-prop (old new)
		484	"Return a list of annotations for a change in the `display' property.
		485	OLD is the old value of the property, NEW is the new value. Value
		486	is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
		487	close and OPEN a list of annotations to open. Each of these lists
		488	has the form `(ANNOTATION PARAM ...)'."
		489	(let ((annotation "x-display")
		490	(param (prin1-to-string (or old new))))
		491	(if (null old)
		492	(cons nil (list (list annotation param)))
		493	(cons (list (list annotation param)) nil))))
		494
		495	(defun enriched-decode-display-prop (start end &optional param)
		496	"Decode a `display' property for text between START and END.
		497	PARAM is a `<param>' found for the property.
		498	Value is a list `(START END SYMBOL VALUE)' with START and END denoting
		499	the range of text to assign text property SYMBOL with value VALUE."
		500	(let ((prop (when (stringp param)
		501	(condition-case ()
		502	(car (read-from-string param))
		503	(error nil)))))
		504	(unless prop
		505	(message "Warning: invalid <x-display> parameter %s" param))
		506	;; Disabled in Emacs 25.3 to avoid execution of arbitrary Lisp
		507	;; forms in display properties stored within enriched text.
		508	;; (list start end 'display prop)))
		509	(list start end)))
475		510
476	;;; enriched.el ends here	511	;;; enriched.el ends here