Merge Emacs 25.3 fixes

The security patches released for Emacs 25.3 were less drastic
than what we had immediately put into master.  Adjust master to
match 25.3 (Bug#28350).
* lisp/textmodes/enriched.el (enriched-translations):
Re-enable FUNCTION and display translations that are safe.
(enriched-handle-display-prop): Bring back.
(enriched-decode-display-prop): Bring back, but disable
the unsafe part.

diff --git a/ChangeLog.2 b/ChangeLog.2
index bf52ac0ef1d0c15ea8e165dcf520e0d4ba955fc1..bd1800b3307c17a6ae1e019fb981e4cce591df1e 100644 (file)
--- a/ChangeLog.2
+++ b/ChangeLog.2
@@ -1,3 +1,17 @@
+2017-09-11  Eli Zaretskii  <eliz@gnu.org>
+
+       * etc/NEWS: Document the vulnerability and its resolution.
+       Include a workaround.  Suggested by Charles A. Roelli
+       <charles@aurox.ch>.
+
+       * lisp/gnus/mm-view.el (mm-inline-text): Disable decoding of
+       "enriched" and "richtext" MIME objects.  Suggested by Lars
+       Ingebrigtsen <larsi@gnus.org>.
+
+       * lisp/textmodes/enriched.el (enriched-decode-display-prop):
+       Don't produce 'display' properties.  (Bug#28350)
+
+
 2017-04-20  Nicolas Petton  <nicolas@petton.fr>
 
        * Version 25.2 released.

diff --git a/etc/HISTORY b/etc/HISTORY
index ad38b3262d25d55a1a680a700eea666d2920cfea..301ba33b97eb86d357451d3f805f8ce9fbd7843a 100644 (file)
--- a/etc/HISTORY
+++ b/etc/HISTORY
@@ -211,6 +211,8 @@ GNU Emacs 25.1 (2016-09-16) emacs-25.1
 
 GNU Emacs 25.2 (2017-04-20) emacs-25.2
 
+GNU Emacs 25.3 (2017-09-11) emacs-25.3
+
 \f
 ----------------------------------------------------------------------
 This file is part of GNU Emacs.

diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
index 3698f4d9cf7070de6cb18662b9714e214f8296bb..fb80e6bf3cb1b0788e8fdf0a390dcc1dde369a0a 100644 (file)
--- a/lisp/gnus/mm-view.el
+++ b/lisp/gnus/mm-view.el
@@ -362,6 +362,12 @@
        (goto-char (point-max))))
     (save-restriction
       (narrow-to-region b (point))
+      ;; Disabled in Emacs 25.3 to avoid execution of arbitrary Lisp
+      ;; forms in display properties supported by enriched.el.
+      ;; (when (member type '("enriched" "richtext"))
+      ;;   (set-text-properties (point-min) (point-max) nil)
+      ;;       (ignore-errors
+      ;;         (enriched-decode (point-min) (point-max))))
       (mm-handle-set-undisplayer
        handle
        `(lambda ()

diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el
index eba7c4ddd83f0bc12e921434af77ad7c7b03372f..5319db7c16e8a361dd2a1f9af43efb704f004887 100644 (file)
--- a/lisp/textmodes/enriched.el
+++ b/lisp/textmodes/enriched.el
@@ -117,7 +117,12 @@ expression, which is evaluated to get the string to insert.")
                   (full        "flushboth")
                   (center      "center"))
     (PARAMETER     (t           "param")) ; Argument of preceding annotation
+    ;; The following are not part of the standard:
+    (FUNCTION      (enriched-decode-foreground "x-color")
+                  (enriched-decode-background "x-bg-color")
+                  (enriched-decode-display-prop "x-display"))
     (read-only     (t           "x-read-only"))
+    (display      (nil         enriched-handle-display-prop))
     (unknown       (nil         format-annotate-value))
 ;   (font-size     (2           "bigger")       ; unimplemented
 ;                 (-2          "smaller"))
@@ -472,5 +477,35 @@ Return value is \(begin end name positive-p), or nil if none was found."
     (message "Warning: no color specified for <x-bg-color>")
     nil))
 \f
+;;; Handling the `display' property.
+
+
+(defun enriched-handle-display-prop (old new)
+  "Return a list of annotations for a change in the `display' property.
+OLD is the old value of the property, NEW is the new value.  Value
+is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+close and OPEN a list of annotations to open.  Each of these lists
+has the form `(ANNOTATION PARAM ...)'."
+  (let ((annotation "x-display")
+       (param (prin1-to-string (or old new))))
+    (if (null old)
+        (cons nil (list (list annotation param)))
+      (cons (list (list annotation param)) nil))))
+
+(defun enriched-decode-display-prop (start end &optional param)
+  "Decode a `display' property for text between START and END.
+PARAM is a `<param>' found for the property.
+Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+the range of text to assign text property SYMBOL with value VALUE."
+  (let ((prop (when (stringp param)
+               (condition-case ()
+                   (car (read-from-string param))
+                 (error nil)))))
+    (unless prop
+      (message "Warning: invalid <x-display> parameter %s" param))
+    ;; Disabled in Emacs 25.3 to avoid execution of arbitrary Lisp
+    ;; forms in display properties stored within enriched text.
+    ;; (list start end 'display prop)))
+    (list start end)))
 
 ;;; enriched.el ends here