diff options
author | Ulrich Müller <ulm@gentoo.org> | 2017-09-11 19:28:54 +0200 |
---|---|---|
committer | Ulrich Müller <ulm@gentoo.org> | 2017-09-11 19:28:54 +0200 |
commit | 9b7d42cbf4ccc1a7099ac24d94306b6c9002d23c (patch) | |
tree | 9b0b03d1c98db67931aba67d7c0a1187bd81c87b | |
parent | Fix compilation with glibc-2.24. (diff) | |
download | emacs-patches-emacs-25.2-patches-1.tar.gz emacs-patches-emacs-25.2-patches-1.tar.bz2 emacs-patches-emacs-25.2-patches-1.zip |
Fix security vulnerability in enriched mode, bug 630680.emacs-25.2-patches-1emacs-24.5-patches-4emacs-23.4-patches-21
-rw-r--r-- | emacs/23.4/29_all_enriched-mode.patch | 79 | ||||
-rw-r--r-- | emacs/24.5/08_all_enriched-mode.patch | 78 | ||||
-rw-r--r-- | emacs/25.2/01_all_enriched-mode.patch | 80 |
3 files changed, 237 insertions, 0 deletions
diff --git a/emacs/23.4/29_all_enriched-mode.patch b/emacs/23.4/29_all_enriched-mode.patch new file mode 100644 index 0000000..b4b682f --- /dev/null +++ b/emacs/23.4/29_all_enriched-mode.patch @@ -0,0 +1,79 @@ +Fix security vulnerability in enriched mode. +https://bugs.gentoo.org/630680 + +Backported from Emacs 25: + +commit 9ad0fcc54442a9a01d41be19880250783426db70 +Author: Lars Ingebrigtsen <larsi@gnus.org> +Date: Fri Sep 8 20:23:31 2017 -0700 + + Remove unsafe enriched mode translations + + * lisp/gnus/mm-view.el (mm-inline-text): + Do not worry about enriched or richtext type. + * lisp/textmodes/enriched.el (enriched-translations): + Remove translations for FUNCTION, display (Bug#28350). + (enriched-handle-display-prop, enriched-decode-display-prop): Remove. + +--- emacs-23.4-orig/lisp/gnus/mm-view.el ++++ emacs-23.4/lisp/gnus/mm-view.el +@@ -454,10 +454,6 @@ + (goto-char (point-max)))) + (save-restriction + (narrow-to-region b (point)) +- (when (member type '("enriched" "richtext")) +- (set-text-properties (point-min) (point-max) nil) +- (ignore-errors +- (enriched-decode (point-min) (point-max)))) + (mm-handle-set-undisplayer + handle + `(lambda () +--- emacs-23.4-orig/lisp/textmodes/enriched.el ++++ emacs-23.4/lisp/textmodes/enriched.el +@@ -118,12 +118,7 @@ + (full "flushboth") + (center "center")) + (PARAMETER (t "param")) ; Argument of preceding annotation +- ;; The following are not part of the standard: +- (FUNCTION (enriched-decode-foreground "x-color") +- (enriched-decode-background "x-bg-color") +- (enriched-decode-display-prop "x-display")) + (read-only (t "x-read-only")) +- (display (nil enriched-handle-display-prop)) + (unknown (nil format-annotate-value)) + ; (font-size (2 "bigger") ; unimplemented + ; (-2 "smaller")) +@@ -474,33 +469,6 @@ + (message "Warning: no color specified for <x-bg-color>") + nil)) + +-;;; Handling the `display' property. +- +- +-(defun enriched-handle-display-prop (old new) +- "Return a list of annotations for a change in the `display' property. +-OLD is the old value of the property, NEW is the new value. Value +-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to +-close and OPEN a list of annotations to open. Each of these lists +-has the form `(ANNOTATION PARAM ...)'." +- (let ((annotation "x-display") +- (param (prin1-to-string (or old new)))) +- (if (null old) +- (cons nil (list (list annotation param))) +- (cons (list (list annotation param)) nil)))) +- +-(defun enriched-decode-display-prop (start end &optional param) +- "Decode a `display' property for text between START and END. +-PARAM is a `<param>' found for the property. +-Value is a list `(START END SYMBOL VALUE)' with START and END denoting +-the range of text to assign text property SYMBOL with value VALUE." +- (let ((prop (when (stringp param) +- (condition-case () +- (car (read-from-string param)) +- (error nil))))) +- (unless prop +- (message "Warning: invalid <x-display> parameter %s" param)) +- (list start end 'display prop))) + + ;; arch-tag: 05cae488-3fea-45cd-ac29-5b02cb64e42b + ;;; enriched.el ends here diff --git a/emacs/24.5/08_all_enriched-mode.patch b/emacs/24.5/08_all_enriched-mode.patch new file mode 100644 index 0000000..4979b5e --- /dev/null +++ b/emacs/24.5/08_all_enriched-mode.patch @@ -0,0 +1,78 @@ +Fix security vulnerability in enriched mode. +https://bugs.gentoo.org/630680 + +Backported from Emacs 25: + +commit 9ad0fcc54442a9a01d41be19880250783426db70 +Author: Lars Ingebrigtsen <larsi@gnus.org> +Date: Fri Sep 8 20:23:31 2017 -0700 + + Remove unsafe enriched mode translations + + * lisp/gnus/mm-view.el (mm-inline-text): + Do not worry about enriched or richtext type. + * lisp/textmodes/enriched.el (enriched-translations): + Remove translations for FUNCTION, display (Bug#28350). + (enriched-handle-display-prop, enriched-decode-display-prop): Remove. + +--- emacs-24.5-orig/lisp/gnus/mm-view.el ++++ emacs-24.5/lisp/gnus/mm-view.el +@@ -472,10 +472,6 @@ + (goto-char (point-max)))) + (save-restriction + (narrow-to-region b (point)) +- (when (member type '("enriched" "richtext")) +- (set-text-properties (point-min) (point-max) nil) +- (ignore-errors +- (enriched-decode (point-min) (point-max)))) + (mm-handle-set-undisplayer + handle + `(lambda () +--- emacs-24.5-orig/lisp/textmodes/enriched.el ++++ emacs-24.5/lisp/textmodes/enriched.el +@@ -117,12 +117,7 @@ + (full "flushboth") + (center "center")) + (PARAMETER (t "param")) ; Argument of preceding annotation +- ;; The following are not part of the standard: +- (FUNCTION (enriched-decode-foreground "x-color") +- (enriched-decode-background "x-bg-color") +- (enriched-decode-display-prop "x-display")) + (read-only (t "x-read-only")) +- (display (nil enriched-handle-display-prop)) + (unknown (nil format-annotate-value)) + ; (font-size (2 "bigger") ; unimplemented + ; (-2 "smaller")) +@@ -476,32 +471,5 @@ + (message "Warning: no color specified for <x-bg-color>") + nil)) + +-;;; Handling the `display' property. +- +- +-(defun enriched-handle-display-prop (old new) +- "Return a list of annotations for a change in the `display' property. +-OLD is the old value of the property, NEW is the new value. Value +-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to +-close and OPEN a list of annotations to open. Each of these lists +-has the form `(ANNOTATION PARAM ...)'." +- (let ((annotation "x-display") +- (param (prin1-to-string (or old new)))) +- (if (null old) +- (cons nil (list (list annotation param))) +- (cons (list (list annotation param)) nil)))) +- +-(defun enriched-decode-display-prop (start end &optional param) +- "Decode a `display' property for text between START and END. +-PARAM is a `<param>' found for the property. +-Value is a list `(START END SYMBOL VALUE)' with START and END denoting +-the range of text to assign text property SYMBOL with value VALUE." +- (let ((prop (when (stringp param) +- (condition-case () +- (car (read-from-string param)) +- (error nil))))) +- (unless prop +- (message "Warning: invalid <x-display> parameter %s" param)) +- (list start end 'display prop))) + + ;;; enriched.el ends here diff --git a/emacs/25.2/01_all_enriched-mode.patch b/emacs/25.2/01_all_enriched-mode.patch new file mode 100644 index 0000000..fe70b34 --- /dev/null +++ b/emacs/25.2/01_all_enriched-mode.patch @@ -0,0 +1,80 @@ +Fix security vulnerability in enriched mode. +https://bugs.gentoo.org/630680 + +commit 9ad0fcc54442a9a01d41be19880250783426db70 +Author: Lars Ingebrigtsen <larsi@gnus.org> +Date: Fri Sep 8 20:23:31 2017 -0700 + + Remove unsafe enriched mode translations + + * lisp/gnus/mm-view.el (mm-inline-text): + Do not worry about enriched or richtext type. + * lisp/textmodes/enriched.el (enriched-translations): + Remove translations for FUNCTION, display (Bug#28350). + (enriched-handle-display-prop, enriched-decode-display-prop): Remove. + +diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el +index e5859d002c..77ad271d1d 100644 +--- a/lisp/gnus/mm-view.el ++++ b/lisp/gnus/mm-view.el +@@ -383,10 +383,6 @@ + (goto-char (point-max)))) + (save-restriction + (narrow-to-region b (point)) +- (when (member type '("enriched" "richtext")) +- (set-text-properties (point-min) (point-max) nil) +- (ignore-errors +- (enriched-decode (point-min) (point-max)))) + (mm-handle-set-undisplayer + handle + `(lambda () +diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el +index beb6c6dda3..a8f0d3891a 100644 +--- a/lisp/textmodes/enriched.el ++++ b/lisp/textmodes/enriched.el +@@ -117,12 +117,7 @@ expression, which is evaluated to get the string to insert.") + (full "flushboth") + (center "center")) + (PARAMETER (t "param")) ; Argument of preceding annotation +- ;; The following are not part of the standard: +- (FUNCTION (enriched-decode-foreground "x-color") +- (enriched-decode-background "x-bg-color") +- (enriched-decode-display-prop "x-display")) + (read-only (t "x-read-only")) +- (display (nil enriched-handle-display-prop)) + (unknown (nil format-annotate-value)) + ; (font-size (2 "bigger") ; unimplemented + ; (-2 "smaller")) +@@ -477,32 +472,5 @@ Return value is \(begin end name positive-p), or nil if none was found." + (message "Warning: no color specified for <x-bg-color>") + nil)) + +-;;; Handling the `display' property. +- +- +-(defun enriched-handle-display-prop (old new) +- "Return a list of annotations for a change in the `display' property. +-OLD is the old value of the property, NEW is the new value. Value +-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to +-close and OPEN a list of annotations to open. Each of these lists +-has the form `(ANNOTATION PARAM ...)'." +- (let ((annotation "x-display") +- (param (prin1-to-string (or old new)))) +- (if (null old) +- (cons nil (list (list annotation param))) +- (cons (list (list annotation param)) nil)))) +- +-(defun enriched-decode-display-prop (start end &optional param) +- "Decode a `display' property for text between START and END. +-PARAM is a `<param>' found for the property. +-Value is a list `(START END SYMBOL VALUE)' with START and END denoting +-the range of text to assign text property SYMBOL with value VALUE." +- (let ((prop (when (stringp param) +- (condition-case () +- (car (read-from-string param)) +- (error nil))))) +- (unless prop +- (message "Warning: invalid <x-display> parameter %s" param)) +- (list start end 'display prop))) + + ;;; enriched.el ends here |