[gentoo-commits] proj/emacs-tools:patchsets commit in: emacs/23.4/, emacs/24.5/, emacs/25.2/

[gentoo-commits] proj/emacs-tools:patchsets commit in: emacs/23.4/, emacs/24.5/, emacs/25.2/

[Ulrich Müller]

commit:     9b7d42cbf4ccc1a7099ac24d94306b6c9002d23c
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 11 17:28:54 2017 +0000
Commit:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Mon Sep 11 17:28:54 2017 +0000
URL:        https://gitweb.gentoo.org/proj/emacs-tools.git/commit/?id=9b7d42cb

Fix security vulnerability in enriched mode, bug 630680.

 emacs/23.4/29_all_enriched-mode.patch | 79 ++++++++++++++++++++++++++++++++++
 emacs/24.5/08_all_enriched-mode.patch | 78 ++++++++++++++++++++++++++++++++++
 emacs/25.2/01_all_enriched-mode.patch | 80 +++++++++++++++++++++++++++++++++++
 3 files changed, 237 insertions(+)

diff --git a/emacs/23.4/29_all_enriched-mode.patch b/emacs/23.4/29_all_enriched-mode.patch
new file mode 100644
index 0000000..b4b682f
--- /dev/null
+++ b/emacs/23.4/29_all_enriched-mode.patch
@@ -0,0 +1,79 @@
+Fix security vulnerability in enriched mode.
+https://bugs.gentoo.org/630680
+
+Backported from Emacs 25:
+
+commit 9ad0fcc54442a9a01d41be19880250783426db70
+Author: Lars Ingebrigtsen <larsi@gnus.org>
+Date:   Fri Sep 8 20:23:31 2017 -0700
+
+    Remove unsafe enriched mode translations
+    
+    * lisp/gnus/mm-view.el (mm-inline-text):
+    Do not worry about enriched or richtext type.
+    * lisp/textmodes/enriched.el (enriched-translations):
+    Remove translations for FUNCTION, display (Bug#28350).
+    (enriched-handle-display-prop, enriched-decode-display-prop): Remove.
+
+--- emacs-23.4-orig/lisp/gnus/mm-view.el
++++ emacs-23.4/lisp/gnus/mm-view.el
+@@ -454,10 +454,6 @@
+ 	(goto-char (point-max))))
+     (save-restriction
+       (narrow-to-region b (point))
+-      (when (member type '("enriched" "richtext"))
+-        (set-text-properties (point-min) (point-max) nil)
+-	(ignore-errors
+-	  (enriched-decode (point-min) (point-max))))
+       (mm-handle-set-undisplayer
+        handle
+        `(lambda ()
+--- emacs-23.4-orig/lisp/textmodes/enriched.el
++++ emacs-23.4/lisp/textmodes/enriched.el
+@@ -118,12 +118,7 @@
+ 		   (full        "flushboth")
+ 		   (center      "center"))
+     (PARAMETER     (t           "param")) ; Argument of preceding annotation
+-    ;; The following are not part of the standard:
+-    (FUNCTION      (enriched-decode-foreground "x-color")
+-		   (enriched-decode-background "x-bg-color")
+-		   (enriched-decode-display-prop "x-display"))
+     (read-only     (t           "x-read-only"))
+-    (display	   (nil		enriched-handle-display-prop))
+     (unknown       (nil         format-annotate-value))
+ ;   (font-size     (2           "bigger")       ; unimplemented
+ ;		   (-2          "smaller"))
+@@ -474,33 +469,6 @@
+     (message "Warning: no color specified for <x-bg-color>")
+     nil))
+ \f
+-;;; Handling the `display' property.
+-
+-
+-(defun enriched-handle-display-prop (old new)
+-  "Return a list of annotations for a change in the `display' property.
+-OLD is the old value of the property, NEW is the new value.  Value
+-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+-close and OPEN a list of annotations to open.  Each of these lists
+-has the form `(ANNOTATION PARAM ...)'."
+-  (let ((annotation "x-display")
+-	(param (prin1-to-string (or old new))))
+-    (if (null old)
+-        (cons nil (list (list annotation param)))
+-      (cons (list (list annotation param)) nil))))
+-
+-(defun enriched-decode-display-prop (start end &optional param)
+-  "Decode a `display' property for text between START and END.
+-PARAM is a `<param>' found for the property.
+-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+-the range of text to assign text property SYMBOL with value VALUE."
+-  (let ((prop (when (stringp param)
+-		(condition-case ()
+-		    (car (read-from-string param))
+-		  (error nil)))))
+-    (unless prop
+-      (message "Warning: invalid <x-display> parameter %s" param))
+-    (list start end 'display prop)))
+ 
+ ;; arch-tag: 05cae488-3fea-45cd-ac29-5b02cb64e42b
+ ;;; enriched.el ends here

diff --git a/emacs/24.5/08_all_enriched-mode.patch b/emacs/24.5/08_all_enriched-mode.patch
new file mode 100644
index 0000000..4979b5e
--- /dev/null
+++ b/emacs/24.5/08_all_enriched-mode.patch
@@ -0,0 +1,78 @@
+Fix security vulnerability in enriched mode.
+https://bugs.gentoo.org/630680
+
+Backported from Emacs 25:
+
+commit 9ad0fcc54442a9a01d41be19880250783426db70
+Author: Lars Ingebrigtsen <larsi@gnus.org>
+Date:   Fri Sep 8 20:23:31 2017 -0700
+
+    Remove unsafe enriched mode translations
+    
+    * lisp/gnus/mm-view.el (mm-inline-text):
+    Do not worry about enriched or richtext type.
+    * lisp/textmodes/enriched.el (enriched-translations):
+    Remove translations for FUNCTION, display (Bug#28350).
+    (enriched-handle-display-prop, enriched-decode-display-prop): Remove.
+
+--- emacs-24.5-orig/lisp/gnus/mm-view.el
++++ emacs-24.5/lisp/gnus/mm-view.el
+@@ -472,10 +472,6 @@
+ 	(goto-char (point-max))))
+     (save-restriction
+       (narrow-to-region b (point))
+-      (when (member type '("enriched" "richtext"))
+-        (set-text-properties (point-min) (point-max) nil)
+-	(ignore-errors
+-	  (enriched-decode (point-min) (point-max))))
+       (mm-handle-set-undisplayer
+        handle
+        `(lambda ()
+--- emacs-24.5-orig/lisp/textmodes/enriched.el
++++ emacs-24.5/lisp/textmodes/enriched.el
+@@ -117,12 +117,7 @@
+ 		   (full        "flushboth")
+ 		   (center      "center"))
+     (PARAMETER     (t           "param")) ; Argument of preceding annotation
+-    ;; The following are not part of the standard:
+-    (FUNCTION      (enriched-decode-foreground "x-color")
+-		   (enriched-decode-background "x-bg-color")
+-		   (enriched-decode-display-prop "x-display"))
+     (read-only     (t           "x-read-only"))
+-    (display	   (nil		enriched-handle-display-prop))
+     (unknown       (nil         format-annotate-value))
+ ;   (font-size     (2           "bigger")       ; unimplemented
+ ;		   (-2          "smaller"))
+@@ -476,32 +471,5 @@
+     (message "Warning: no color specified for <x-bg-color>")
+     nil))
+ \f
+-;;; Handling the `display' property.
+-
+-
+-(defun enriched-handle-display-prop (old new)
+-  "Return a list of annotations for a change in the `display' property.
+-OLD is the old value of the property, NEW is the new value.  Value
+-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+-close and OPEN a list of annotations to open.  Each of these lists
+-has the form `(ANNOTATION PARAM ...)'."
+-  (let ((annotation "x-display")
+-	(param (prin1-to-string (or old new))))
+-    (if (null old)
+-        (cons nil (list (list annotation param)))
+-      (cons (list (list annotation param)) nil))))
+-
+-(defun enriched-decode-display-prop (start end &optional param)
+-  "Decode a `display' property for text between START and END.
+-PARAM is a `<param>' found for the property.
+-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+-the range of text to assign text property SYMBOL with value VALUE."
+-  (let ((prop (when (stringp param)
+-		(condition-case ()
+-		    (car (read-from-string param))
+-		  (error nil)))))
+-    (unless prop
+-      (message "Warning: invalid <x-display> parameter %s" param))
+-    (list start end 'display prop)))
+ 
+ ;;; enriched.el ends here

diff --git a/emacs/25.2/01_all_enriched-mode.patch b/emacs/25.2/01_all_enriched-mode.patch
new file mode 100644
index 0000000..fe70b34
--- /dev/null
+++ b/emacs/25.2/01_all_enriched-mode.patch
@@ -0,0 +1,80 @@
+Fix security vulnerability in enriched mode.
+https://bugs.gentoo.org/630680
+
+commit 9ad0fcc54442a9a01d41be19880250783426db70
+Author: Lars Ingebrigtsen <larsi@gnus.org>
+Date:   Fri Sep 8 20:23:31 2017 -0700
+
+    Remove unsafe enriched mode translations
+    
+    * lisp/gnus/mm-view.el (mm-inline-text):
+    Do not worry about enriched or richtext type.
+    * lisp/textmodes/enriched.el (enriched-translations):
+    Remove translations for FUNCTION, display (Bug#28350).
+    (enriched-handle-display-prop, enriched-decode-display-prop): Remove.
+
+diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
+index e5859d002c..77ad271d1d 100644
+--- a/lisp/gnus/mm-view.el
++++ b/lisp/gnus/mm-view.el
+@@ -383,10 +383,6 @@
+ 	(goto-char (point-max))))
+     (save-restriction
+       (narrow-to-region b (point))
+-      (when (member type '("enriched" "richtext"))
+-        (set-text-properties (point-min) (point-max) nil)
+-	(ignore-errors
+-	  (enriched-decode (point-min) (point-max))))
+       (mm-handle-set-undisplayer
+        handle
+        `(lambda ()
+diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el
+index beb6c6dda3..a8f0d3891a 100644
+--- a/lisp/textmodes/enriched.el
++++ b/lisp/textmodes/enriched.el
+@@ -117,12 +117,7 @@ expression, which is evaluated to get the string to insert.")
+ 		   (full        "flushboth")
+ 		   (center      "center"))
+     (PARAMETER     (t           "param")) ; Argument of preceding annotation
+-    ;; The following are not part of the standard:
+-    (FUNCTION      (enriched-decode-foreground "x-color")
+-		   (enriched-decode-background "x-bg-color")
+-		   (enriched-decode-display-prop "x-display"))
+     (read-only     (t           "x-read-only"))
+-    (display	   (nil		enriched-handle-display-prop))
+     (unknown       (nil         format-annotate-value))
+ ;   (font-size     (2           "bigger")       ; unimplemented
+ ;		   (-2          "smaller"))
+@@ -477,32 +472,5 @@ Return value is \(begin end name positive-p), or nil if none was found."
+     (message "Warning: no color specified for <x-bg-color>")
+     nil))
+ \f
+-;;; Handling the `display' property.
+-
+-
+-(defun enriched-handle-display-prop (old new)
+-  "Return a list of annotations for a change in the `display' property.
+-OLD is the old value of the property, NEW is the new value.  Value
+-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+-close and OPEN a list of annotations to open.  Each of these lists
+-has the form `(ANNOTATION PARAM ...)'."
+-  (let ((annotation "x-display")
+-	(param (prin1-to-string (or old new))))
+-    (if (null old)
+-        (cons nil (list (list annotation param)))
+-      (cons (list (list annotation param)) nil))))
+-
+-(defun enriched-decode-display-prop (start end &optional param)
+-  "Decode a `display' property for text between START and END.
+-PARAM is a `<param>' found for the property.
+-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+-the range of text to assign text property SYMBOL with value VALUE."
+-  (let ((prop (when (stringp param)
+-		(condition-case ()
+-		    (car (read-from-string param))
+-		  (error nil)))))
+-    (unless prop
+-      (message "Warning: invalid <x-display> parameter %s" param))
+-    (list start end 'display prop)))
+ 
+ ;;; enriched.el ends here