[pkgsrc/trunk]: pkgsrc/editors/emacs25 emacs25: fix security issue

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/editors/emacs25 emacs25: fix security issue
From: wiz <wiz%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 07:51:32 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/bb29b8fb95ee
branches:  trunk
changeset: 368151:bb29b8fb95ee
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Mon Sep 11 11:33:08 2017 +0000

description:
emacs25: fix security issue

GNU Emacs is an extensible, customizable, free/libre text editor and software
environment.  When Emacs renders MIME text/enriched data (Internet RFC 1896), it
is vulnerable to arbitrary code execution. Since Emacs-based mail clients decode
"Content-Type: text/enriched", this code is exploitable remotely. This bug
affects GNU Emacs versions 19.29 through 25.2.

Although we know no efforts to exploit this in the wild, exploitation is easy.

http://www.openwall.com/lists/oss-security/2017/09/11/1

diffstat:

 editors/emacs25/Makefile                                 |   4 +-
 editors/emacs25/distinfo                                 |   4 +-
 editors/emacs25/patches/patch-lisp_gnus_mm-view.el       |  29 +++++++
 editors/emacs25/patches/patch-lisp_textmodes_enriched.el |  64 ++++++++++++++++
 4 files changed, 98 insertions(+), 3 deletions(-)

diffs (129 lines):

diff -r e8d91fd37f2e -r bb29b8fb95ee editors/emacs25/Makefile
--- a/editors/emacs25/Makefile  Mon Sep 11 09:57:39 2017 +0000
+++ b/editors/emacs25/Makefile  Mon Sep 11 11:33:08 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.9 2017/07/23 18:47:10 dholland Exp $
+# $NetBSD: Makefile,v 1.10 2017/09/11 11:33:08 wiz Exp $
 
 CONFLICTS+=    emacs25-nox11-[0-9]*
 
-PKGREVISION=   1
+PKGREVISION=   2
 .include "../../editors/emacs25/Makefile.common"
 
 .include "options.mk"
diff -r e8d91fd37f2e -r bb29b8fb95ee editors/emacs25/distinfo
--- a/editors/emacs25/distinfo  Mon Sep 11 09:57:39 2017 +0000
+++ b/editors/emacs25/distinfo  Mon Sep 11 11:33:08 2017 +0000
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.3 2017/04/27 13:27:57 ryoon Exp $
+$NetBSD: distinfo,v 1.4 2017/09/11 11:33:08 wiz Exp $
 
 SHA1 (emacs-25.2.tar.gz) = 30c18fb0cd932736bb6a7232ab62f562cf89a785
 RMD160 (emacs-25.2.tar.gz) = 2b0cd1fa04abb2156fd4a33f73e9b929f97dca43
 SHA512 (emacs-25.2.tar.gz) = 3ddecdfb64fba400d82b6d44fd03799ac1a2032aa3bda6eb18a83d680465f1df3e8128b9544daaeed4b5ead0ac11955c1ad613de6a489236995def840c4d501c
 Size (emacs-25.2.tar.gz) = 64289988 bytes
+SHA1 (patch-lisp_gnus_mm-view.el) = b654fffd12d3467ea6ffa33f7d831ff69054dc4f
+SHA1 (patch-lisp_textmodes_enriched.el) = 62d807368088b11722cd68fafb0017c64f1eac3b
 SHA1 (patch-src_inotify.c) = 1fdc6566ed57e8418f1ddc85bb03518d7d9d6bb3
diff -r e8d91fd37f2e -r bb29b8fb95ee editors/emacs25/patches/patch-lisp_gnus_mm-view.el
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/editors/emacs25/patches/patch-lisp_gnus_mm-view.el        Mon Sep 11 11:33:08 2017 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-lisp_gnus_mm-view.el,v 1.1 2017/09/11 11:33:33 wiz Exp $
+
+GNU Emacs is an extensible, customizable, free/libre text editor and software
+environment.  When Emacs renders MIME text/enriched data (Internet RFC 1896),
+it is vulnerable to arbitrary code execution. Since Emacs-based mail clients
+decode "Content-Type: text/enriched", this code is exploitable remotely. This
+bug affects GNU Emacs versions 19.29 through 25.2.
+
+== Details ==
+
+https://bugs.gnu.org/28350
+
+== Patch ==
+
+https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
+
+--- lisp/gnus/mm-view.el.orig  2017-02-03 10:25:44.000000000 +0000
++++ lisp/gnus/mm-view.el
+@@ -383,10 +383,6 @@
+       (goto-char (point-max))))
+     (save-restriction
+       (narrow-to-region b (point))
+-      (when (member type '("enriched" "richtext"))
+-        (set-text-properties (point-min) (point-max) nil)
+-      (ignore-errors
+-        (enriched-decode (point-min) (point-max))))
+       (mm-handle-set-undisplayer
+        handle
+        `(lambda ()
diff -r e8d91fd37f2e -r bb29b8fb95ee editors/emacs25/patches/patch-lisp_textmodes_enriched.el
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/editors/emacs25/patches/patch-lisp_textmodes_enriched.el  Mon Sep 11 11:33:08 2017 +0000
@@ -0,0 +1,64 @@
+$NetBSD: patch-lisp_textmodes_enriched.el,v 1.1 2017/09/11 11:33:33 wiz Exp $
+
+GNU Emacs is an extensible, customizable, free/libre text editor and software
+environment.  When Emacs renders MIME text/enriched data (Internet RFC 1896),
+it is vulnerable to arbitrary code execution. Since Emacs-based mail clients
+decode "Content-Type: text/enriched", this code is exploitable remotely. This
+bug affects GNU Emacs versions 19.29 through 25.2.
+
+== Details ==
+
+https://bugs.gnu.org/28350
+
+== Patch ==
+
+https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
+
+--- lisp/textmodes/enriched.el.orig    2017-02-03 10:25:44.000000000 +0000
++++ lisp/textmodes/enriched.el
+@@ -117,12 +117,7 @@ expression, which is evaluated to get th
+                  (full        "flushboth")
+                  (center      "center"))
+     (PARAMETER     (t           "param")) ; Argument of preceding annotation
+-    ;; The following are not part of the standard:
+-    (FUNCTION      (enriched-decode-foreground "x-color")
+-                 (enriched-decode-background "x-bg-color")
+-                 (enriched-decode-display-prop "x-display"))
+     (read-only     (t           "x-read-only"))
+-    (display     (nil         enriched-handle-display-prop))
+     (unknown       (nil         format-annotate-value))
+ ;   (font-size     (2           "bigger")       ; unimplemented
+ ;                (-2          "smaller"))
+@@ -477,32 +472,5 @@ Return value is \(begin end name positiv
+     (message "Warning: no color specified for <x-bg-color>")
+     nil))
+ 
+-;;; Handling the `display' property.
+-
+-
+-(defun enriched-handle-display-prop (old new)
+-  "Return a list of annotations for a change in the `display' property.
+-OLD is the old value of the property, NEW is the new value.  Value
+-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+-close and OPEN a list of annotations to open.  Each of these lists
+-has the form `(ANNOTATION PARAM ...)'."
+-  (let ((annotation "x-display")
+-      (param (prin1-to-string (or old new))))
+-    (if (null old)
+-        (cons nil (list (list annotation param)))
+-      (cons (list (list annotation param)) nil))))
+-
+-(defun enriched-decode-display-prop (start end &optional param)
+-  "Decode a `display' property for text between START and END.
+-PARAM is a `<param>' found for the property.
+-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+-the range of text to assign text property SYMBOL with value VALUE."
+-  (let ((prop (when (stringp param)
+-              (condition-case ()
+-                  (car (read-from-string param))
+-                (error nil)))))
+-    (unless prop
+-      (message "Warning: invalid <x-display> parameter %s" param))
+-    (list start end 'display prop)))
+ 
+ ;;; enriched.el ends here
Prev by Date: [pkgsrc/trunk]: pkgsrc Update HOMEPAGE.
Next by Date: [pkgsrc/trunk]: pkgsrc Drop www/p5-HTML-FixEntities & textproc/p5-Text-Substi...
Previous by Thread: [pkgsrc/trunk]: pkgsrc Update HOMEPAGE.
Next by Thread: [pkgsrc/trunk]: pkgsrc Drop www/p5-HTML-FixEntities & textproc/p5-Text-Substi...
Indexes:
Home | Main Index | Thread Index | Old Index