CVS commit: pkgsrc/editors/emacs25/patches

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/editors/emacs25/patches
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Mon, 11 Sep 2017 11:33:34 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Sep 11 11:33:33 UTC 2017

Added Files:
        pkgsrc/editors/emacs25/patches: patch-lisp_gnus_mm-view.el
            patch-lisp_textmodes_enriched.el

Log Message:
emacs25: fix security issue

GNU Emacs is an extensible, customizable, free/libre text editor and software
environment.  When Emacs renders MIME text/enriched data (Internet RFC 1896), it
is vulnerable to arbitrary code execution. Since Emacs-based mail clients decode
"Content-Type: text/enriched", this code is exploitable remotely. This bug
affects GNU Emacs versions 19.29 through 25.2.

Although we know no efforts to exploit this in the wild, exploitation is easy.

http://www.openwall.com/lists/oss-security/2017/09/11/1


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/editors/emacs25/patches/patch-lisp_gnus_mm-view.el \
    pkgsrc/editors/emacs25/patches/patch-lisp_textmodes_enriched.el

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: pkgsrc/editors/emacs25/patches/patch-lisp_gnus_mm-view.el
diff -u /dev/null pkgsrc/editors/emacs25/patches/patch-lisp_gnus_mm-view.el:1.1
--- /dev/null   Mon Sep 11 11:33:34 2017
+++ pkgsrc/editors/emacs25/patches/patch-lisp_gnus_mm-view.el   Mon Sep 11 11:33:33 2017
@@ -0,0 +1,29 @@
+$NetBSD: patch-lisp_gnus_mm-view.el,v 1.1 2017/09/11 11:33:33 wiz Exp $
+
+GNU Emacs is an extensible, customizable, free/libre text editor and software
+environment.  When Emacs renders MIME text/enriched data (Internet RFC 1896),
+it is vulnerable to arbitrary code execution. Since Emacs-based mail clients
+decode "Content-Type: text/enriched", this code is exploitable remotely. This
+bug affects GNU Emacs versions 19.29 through 25.2.
+
+== Details ==
+
+https://bugs.gnu.org/28350
+
+== Patch ==
+
+https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
+
+--- lisp/gnus/mm-view.el.orig  2017-02-03 10:25:44.000000000 +0000
++++ lisp/gnus/mm-view.el
+@@ -383,10 +383,6 @@
+       (goto-char (point-max))))
+     (save-restriction
+       (narrow-to-region b (point))
+-      (when (member type '("enriched" "richtext"))
+-        (set-text-properties (point-min) (point-max) nil)
+-      (ignore-errors
+-        (enriched-decode (point-min) (point-max))))
+       (mm-handle-set-undisplayer
+        handle
+        `(lambda ()
Index: pkgsrc/editors/emacs25/patches/patch-lisp_textmodes_enriched.el
diff -u /dev/null pkgsrc/editors/emacs25/patches/patch-lisp_textmodes_enriched.el:1.1
--- /dev/null   Mon Sep 11 11:33:34 2017
+++ pkgsrc/editors/emacs25/patches/patch-lisp_textmodes_enriched.el     Mon Sep 11 11:33:33 2017
@@ -0,0 +1,64 @@
+$NetBSD: patch-lisp_textmodes_enriched.el,v 1.1 2017/09/11 11:33:33 wiz Exp $
+
+GNU Emacs is an extensible, customizable, free/libre text editor and software
+environment.  When Emacs renders MIME text/enriched data (Internet RFC 1896),
+it is vulnerable to arbitrary code execution. Since Emacs-based mail clients
+decode "Content-Type: text/enriched", this code is exploitable remotely. This
+bug affects GNU Emacs versions 19.29 through 25.2.
+
+== Details ==
+
+https://bugs.gnu.org/28350
+
+== Patch ==
+
+https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
+
+--- lisp/textmodes/enriched.el.orig    2017-02-03 10:25:44.000000000 +0000
++++ lisp/textmodes/enriched.el
+@@ -117,12 +117,7 @@ expression, which is evaluated to get th
+                  (full        "flushboth")
+                  (center      "center"))
+     (PARAMETER     (t           "param")) ; Argument of preceding annotation
+-    ;; The following are not part of the standard:
+-    (FUNCTION      (enriched-decode-foreground "x-color")
+-                 (enriched-decode-background "x-bg-color")
+-                 (enriched-decode-display-prop "x-display"))
+     (read-only     (t           "x-read-only"))
+-    (display     (nil         enriched-handle-display-prop))
+     (unknown       (nil         format-annotate-value))
+ ;   (font-size     (2           "bigger")       ; unimplemented
+ ;                (-2          "smaller"))
+@@ -477,32 +472,5 @@ Return value is \(begin end name positiv
+     (message "Warning: no color specified for <x-bg-color>")
+     nil))
+ 
+-;;; Handling the `display' property.
+-
+-
+-(defun enriched-handle-display-prop (old new)
+-  "Return a list of annotations for a change in the `display' property.
+-OLD is the old value of the property, NEW is the new value.  Value
+-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+-close and OPEN a list of annotations to open.  Each of these lists
+-has the form `(ANNOTATION PARAM ...)'."
+-  (let ((annotation "x-display")
+-      (param (prin1-to-string (or old new))))
+-    (if (null old)
+-        (cons nil (list (list annotation param)))
+-      (cons (list (list annotation param)) nil))))
+-
+-(defun enriched-decode-display-prop (start end &optional param)
+-  "Decode a `display' property for text between START and END.
+-PARAM is a `<param>' found for the property.
+-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+-the range of text to assign text property SYMBOL with value VALUE."
+-  (let ((prop (when (stringp param)
+-              (condition-case ()
+-                  (car (read-from-string param))
+-                (error nil)))))
+-    (unless prop
+-      (message "Warning: invalid <x-display> parameter %s" param))
+-    (list start end 'display prop)))
+ 
+ ;;; enriched.el ends here

Prev by Date: CVS commit: pkgsrc/editors/emacs25
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/editors/emacs25
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index