+2017-09-11 Eli Zaretskii <eliz@gnu.org>
+
+ * etc/NEWS: Document the vulnerability and its resolution.
+ Include a workaround. Suggested by Charles A. Roelli
+ <charles@aurox.ch>.
+
+ * lisp/gnus/mm-view.el (mm-inline-text): Disable decoding of
+ "enriched" and "richtext" MIME objects. Suggested by Lars
+ Ingebrigtsen <larsi@gnus.org>.
+
+ * lisp/textmodes/enriched.el (enriched-decode-display-prop):
+ Don't produce 'display' properties. (Bug#28350)
+
+
2017-04-20 Nicolas Petton <nicolas@petton.fr>
* Version 25.2 released.
See the end of the file for license conditions.
-This directory tree holds version 25.2.50 of GNU Emacs, the extensible,
+This directory tree holds version 25.3 of GNU Emacs, the extensible,
customizable, self-documenting real-time display editor.
The file INSTALL in this directory says how to build and install GNU
AC_PREREQ(2.65)
dnl Note this is parsed by (at least) make-dist and lisp/cedet/ede/emacs.el.
-AC_INIT(GNU Emacs, 25.2.50, bug-gnu-emacs@gnu.org)
+AC_INIT(GNU Emacs, 25.3, bug-gnu-emacs@gnu.org)
dnl Set emacs_config_options to the options of 'configure', quoted for the shell,
dnl and then quoted again for a C string. Separate options with spaces.
GNU Emacs 25.2 (2017-04-20) emacs-25.2
+GNU Emacs 25.3 (2017-09-11) emacs-25.3
+
\f
----------------------------------------------------------------------
This file is part of GNU Emacs.
\f
* Changes in Emacs 25.3
-This is mainly a release to fix security-relevant bugs.
+This is an emergency release to fix a security vulnerability in Emacs.
-** Enriched text mode no longer supports the 'FUNCTION' and 'display'
-translations, and Gnus no longer processes enriched text when
-inlining. This fixes bugs introduced in Emacs 19.29. To work around
-these bugs in Emacs versions 19.29 through 25.2, append the following
-to your ~/.emacs file:
+** Security vulnerability related to Enriched Text mode is removed.
- (provide 'enriched)
- (defun enriched-mode (&optional arg))
- (defun enriched-decode (from to))
+*** Enriched Text mode has its support for decoding 'x-display' disabled.
+This feature allows saving 'display' properties as part of text.
+Emacs 'display' properties support evaluation of arbitrary Lisp forms
+as part of instantiating the property, so decoding 'x-display' is
+vulnerable to executing arbitrary malicious Lisp code included in the
+text (e.g., sent as part of an email message).
-Thanks to Charles A. Roelli for reporting this bug; see:
-https://bugs.gnu.org/28350
+This vulnerability was introduced in Emacs 19.29. To work around that
+in Emacs versions before 25.3, append the following to your ~/.emacs
+init file:
-** TLS/SSL connections no longer fall back on the openssl s_client
-command to set up SSL connections in some hopefully-unlikely cases.
-This fixes a bug introduced in Emacs 22.1. To work around this bug in
-Emacs versions 22.1 through 25.2, append the following to your
-~/.emacs file:
+ (eval-after-load "enriched"
+ '(defun enriched-decode-display-prop (start end &optional param)
+ (list start end)))
- (setq tls-program '("gnutls-cli --x509cafile %t -p %p %h"))
-
-You may need to omit the "--x509cafile %t" on older installations.
-
-Thanks to Kurt Roeckx for reporting this bug to Debian; see:
-https://bugs.debian.org/766397
+*** Gnus no longer supports "richtext" and "enriched" inline MIME objects.
+This support was disabled to avoid evaluation of arbitrary Lisp code
+contained in email messages and news articles.
\f
* Changes in Emacs 25.2
(goto-char (point-max))))
(save-restriction
(narrow-to-region b (point))
+ ;; Disabled in Emacs 25.3 to avoid execution of arbitrary Lisp
+ ;; forms in display properties supported by enriched.el.
+ ;; (when (member type '("enriched" "richtext"))
+ ;; (set-text-properties (point-min) (point-max) nil)
+ ;; (ignore-errors
+ ;; (enriched-decode (point-min) (point-max))))
(mm-handle-set-undisplayer
handle
`(lambda ()
(full "flushboth")
(center "center"))
(PARAMETER (t "param")) ; Argument of preceding annotation
+ ;; The following are not part of the standard:
+ (FUNCTION (enriched-decode-foreground "x-color")
+ (enriched-decode-background "x-bg-color")
+ (enriched-decode-display-prop "x-display"))
(read-only (t "x-read-only"))
+ (display (nil enriched-handle-display-prop))
(unknown (nil format-annotate-value))
; (font-size (2 "bigger") ; unimplemented
; (-2 "smaller"))
(message "Warning: no color specified for <x-bg-color>")
nil))
\f
+;;; Handling the `display' property.
+
+
+(defun enriched-handle-display-prop (old new)
+ "Return a list of annotations for a change in the `display' property.
+OLD is the old value of the property, NEW is the new value. Value
+is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+close and OPEN a list of annotations to open. Each of these lists
+has the form `(ANNOTATION PARAM ...)'."
+ (let ((annotation "x-display")
+ (param (prin1-to-string (or old new))))
+ (if (null old)
+ (cons nil (list (list annotation param)))
+ (cons (list (list annotation param)) nil))))
+
+(defun enriched-decode-display-prop (start end &optional param)
+ "Decode a `display' property for text between START and END.
+PARAM is a `<param>' found for the property.
+Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+the range of text to assign text property SYMBOL with value VALUE."
+ (let ((prop (when (stringp param)
+ (condition-case ()
+ (car (read-from-string param))
+ (error nil)))))
+ (unless prop
+ (message "Warning: invalid <x-display> parameter %s" param))
+ ;; Disabled in Emacs 25.3 to avoid execution of arbitrary Lisp
+ ;; forms in display properties stored within enriched text.
+ ;; (list start end 'display prop)))
+ (list start end)))
;;; enriched.el ends here
/^#undef PACKAGE_TARNAME/s/^.*$/#define PACKAGE_TARNAME ""/
/^#undef PACKAGE_VERSION/s/^.*$/#define PACKAGE_VERSION VERSION/
/^#undef PENDING_OUTPUT_COUNT/s/^.*$/#define PENDING_OUTPUT_COUNT(FILE) ((FILE)->_ptr - (FILE)->_base)/
-/^#undef VERSION/s/^.*$/#define VERSION "25.2.50"/
+/^#undef VERSION/s/^.*$/#define VERSION "25.3"/
/^#undef SYSTEM_TYPE/s/^.*$/#define SYSTEM_TYPE "ms-dos"/
/^#undef HAVE_DECL_GETENV/s/^.*$/#define HAVE_DECL_GETENV 1/
/^#undef SYS_SIGLIST_DECLARED/s/^.*$/#define SYS_SIGLIST_DECLARED 1/
Copyright (C) 2001-2017 Free Software Foundation, Inc.
See the end of the file for license conditions.
- Emacs version 25.2.50 for MS-Windows
+ Emacs version 25.3 for MS-Windows
This README file describes how to set up and run a precompiled
distribution of the latest version of GNU Emacs for MS-Windows. You
projects / emacs.git / commitdiff