emacs: disable display of text/enriched in gnus.

Fixes an RCE, http://seclists.org/oss-sec/2017/q3/422
This commit is contained in:
Leah Neukirchen 2017-09-11 18:05:00 +02:00
parent 7acadd9de0
commit 7a6e7575ff
2 changed files with 87 additions and 1 deletions

View File

@ -0,0 +1,85 @@
http://seclists.org/oss-sec/2017/q3/422
From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001
From: Lars Ingebrigtsen <larsi@gnus.org>
Date: Fri, 8 Sep 2017 20:23:31 -0700
Subject: Remove unsafe enriched mode translations
* lisp/gnus/mm-view.el (mm-inline-text):
Do not worry about enriched or richtext type.
* lisp/textmodes/enriched.el (enriched-translations):
Remove translations for FUNCTION, display (Bug#28350).
(enriched-handle-display-prop, enriched-decode-display-prop): Remove.
---
lisp/gnus/mm-view.el | 4 ----
lisp/textmodes/enriched.el | 32 --------------------------------
2 files changed, 36 deletions(-)
diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
index e5859d0..77ad271 100644
--- a/lisp/gnus/mm-view.el
+++ b/lisp/gnus/mm-view.el
@@ -383,10 +383,6 @@
(goto-char (point-max))))
(save-restriction
(narrow-to-region b (point))
- (when (member type '("enriched" "richtext"))
- (set-text-properties (point-min) (point-max) nil)
- (ignore-errors
- (enriched-decode (point-min) (point-max))))
(mm-handle-set-undisplayer
handle
`(lambda ()
diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el
index beb6c6d..a8f0d38 100644
--- a/lisp/textmodes/enriched.el
+++ b/lisp/textmodes/enriched.el
@@ -117,12 +117,7 @@ expression, which is evaluated to get the string to insert.")
(full "flushboth")
(center "center"))
(PARAMETER (t "param")) ; Argument of preceding annotation
- ;; The following are not part of the standard:
- (FUNCTION (enriched-decode-foreground "x-color")
- (enriched-decode-background "x-bg-color")
- (enriched-decode-display-prop "x-display"))
(read-only (t "x-read-only"))
- (display (nil enriched-handle-display-prop))
(unknown (nil format-annotate-value))
; (font-size (2 "bigger") ; unimplemented
; (-2 "smaller"))
@@ -477,32 +472,5 @@ Return value is \(begin end name positive-p), or nil if none was found."
(message "Warning: no color specified for <x-bg-color>")
nil))
-;;; Handling the `display' property.
-
-
-(defun enriched-handle-display-prop (old new)
- "Return a list of annotations for a change in the `display' property.
-OLD is the old value of the property, NEW is the new value. Value
-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
-close and OPEN a list of annotations to open. Each of these lists
-has the form `(ANNOTATION PARAM ...)'."
- (let ((annotation "x-display")
- (param (prin1-to-string (or old new))))
- (if (null old)
- (cons nil (list (list annotation param)))
- (cons (list (list annotation param)) nil))))
-
-(defun enriched-decode-display-prop (start end &optional param)
- "Decode a `display' property for text between START and END.
-PARAM is a `<param>' found for the property.
-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
-the range of text to assign text property SYMBOL with value VALUE."
- (let ((prop (when (stringp param)
- (condition-case ()
- (car (read-from-string param))
- (error nil)))))
- (unless prop
- (message "Warning: invalid <x-display> parameter %s" param))
- (list start end 'display prop)))
;;; enriched.el ends here
--
cgit v1.0-41-gc330

View File

@ -1,9 +1,10 @@
# Template file for 'emacs' # Template file for 'emacs'
pkgname=emacs pkgname=emacs
version=25.2 version=25.2
revision=2 revision=3
nocross=yes nocross=yes
nopie=yes nopie=yes
patch_args="-Np1"
hostmakedepends="pkg-config" hostmakedepends="pkg-config"
makedepends="ncurses-devel libXaw-devel gtk+-devel gtk+3-devel webkitgtk-devel makedepends="ncurses-devel libXaw-devel gtk+-devel gtk+3-devel webkitgtk-devel
dbus-devel acl-devel dbus-devel acl-devel