diff options
| -rw-r--r-- | ChangeLog.2 | 14 | ||||
| -rw-r--r-- | etc/HISTORY | 2 | ||||
| -rw-r--r-- | lisp/gnus/mm-view.el | 6 | ||||
| -rw-r--r-- | lisp/textmodes/enriched.el | 35 |
4 files changed, 57 insertions, 0 deletions
diff --git a/ChangeLog.2 b/ChangeLog.2 index bf52ac0ef1d..bd1800b3307 100644 --- a/ChangeLog.2 +++ b/ChangeLog.2 @@ -1,3 +1,17 @@ +2017-09-11 Eli Zaretskii <eliz@gnu.org> + + * etc/NEWS: Document the vulnerability and its resolution. + Include a workaround. Suggested by Charles A. Roelli + <charles@aurox.ch>. + + * lisp/gnus/mm-view.el (mm-inline-text): Disable decoding of + "enriched" and "richtext" MIME objects. Suggested by Lars + Ingebrigtsen <larsi@gnus.org>. + + * lisp/textmodes/enriched.el (enriched-decode-display-prop): + Don't produce 'display' properties. (Bug#28350) + + 2017-04-20 Nicolas Petton <nicolas@petton.fr> * Version 25.2 released. diff --git a/etc/HISTORY b/etc/HISTORY index ad38b3262d2..301ba33b97e 100644 --- a/etc/HISTORY +++ b/etc/HISTORY @@ -211,6 +211,8 @@ GNU Emacs 25.1 (2016-09-16) emacs-25.1 GNU Emacs 25.2 (2017-04-20) emacs-25.2 +GNU Emacs 25.3 (2017-09-11) emacs-25.3 + ---------------------------------------------------------------------- This file is part of GNU Emacs. diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el index 3698f4d9cf7..fb80e6bf3cb 100644 --- a/lisp/gnus/mm-view.el +++ b/lisp/gnus/mm-view.el @@ -362,6 +362,12 @@ (goto-char (point-max)))) (save-restriction (narrow-to-region b (point)) + ;; Disabled in Emacs 25.3 to avoid execution of arbitrary Lisp + ;; forms in display properties supported by enriched.el. + ;; (when (member type '("enriched" "richtext")) + ;; (set-text-properties (point-min) (point-max) nil) + ;; (ignore-errors + ;; (enriched-decode (point-min) (point-max)))) (mm-handle-set-undisplayer handle `(lambda () diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el index eba7c4ddd83..5319db7c16e 100644 --- a/lisp/textmodes/enriched.el +++ b/lisp/textmodes/enriched.el @@ -117,7 +117,12 @@ expression, which is evaluated to get the string to insert.") (full "flushboth") (center "center")) (PARAMETER (t "param")) ; Argument of preceding annotation + ;; The following are not part of the standard: + (FUNCTION (enriched-decode-foreground "x-color") + (enriched-decode-background "x-bg-color") + (enriched-decode-display-prop "x-display")) (read-only (t "x-read-only")) + (display (nil enriched-handle-display-prop)) (unknown (nil format-annotate-value)) ; (font-size (2 "bigger") ; unimplemented ; (-2 "smaller")) @@ -472,5 +477,35 @@ Return value is \(begin end name positive-p), or nil if none was found." (message "Warning: no color specified for <x-bg-color>") nil)) +;;; Handling the `display' property. + + +(defun enriched-handle-display-prop (old new) + "Return a list of annotations for a change in the `display' property. +OLD is the old value of the property, NEW is the new value. Value +is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to +close and OPEN a list of annotations to open. Each of these lists +has the form `(ANNOTATION PARAM ...)'." + (let ((annotation "x-display") + (param (prin1-to-string (or old new)))) + (if (null old) + (cons nil (list (list annotation param))) + (cons (list (list annotation param)) nil)))) + +(defun enriched-decode-display-prop (start end &optional param) + "Decode a `display' property for text between START and END. +PARAM is a `<param>' found for the property. +Value is a list `(START END SYMBOL VALUE)' with START and END denoting +the range of text to assign text property SYMBOL with value VALUE." + (let ((prop (when (stringp param) + (condition-case () + (car (read-from-string param)) + (error nil))))) + (unless prop + (message "Warning: invalid <x-display> parameter %s" param)) + ;; Disabled in Emacs 25.3 to avoid execution of arbitrary Lisp + ;; forms in display properties stored within enriched text. + ;; (list start end 'display prop))) + (list start end))) ;;; enriched.el ends here |