Hello community,
here is the log from the commit of package emacs for openSUSE:Factory checked
in at 2017-09-18 19:53:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/emacs (Old)
and /work/SRC/openSUSE:Factory/.emacs.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "emacs"
Mon Sep 18 19:53:03 2017 rev:133 rq:524572 version:25.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/emacs/emacs.changes 2017-08-24
18:18:48.785252881 +0200
+++ /work/SRC/openSUSE:Factory/.emacs.new/emacs.changes 2017-09-18
19:53:05.214748100 +0200
@@ -1,0 +2,6 @@
+Wed Sep 13 07:21:34 UTC 2017 - wer...@suse.de
+
+- Add patch emacs-25.2-bsc1058425.patch to fix bsc#1058425
+ VUL-0: emacs: GNU Emacs 25.2 enriched text remote code execution
+
+-------------------------------------------------------------------
New:
----
emacs-25.2-bsc1058425.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ emacs.spec ++++++
--- /var/tmp/diff_new_pack.jDrmUs/_old 2017-09-18 19:53:07.042491028 +0200
+++ /var/tmp/diff_new_pack.jDrmUs/_new 2017-09-18 19:53:07.050489903 +0200
@@ -130,6 +130,8 @@
Patch25: gnulib.git-94e01571.patch
#
http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d781662873f228b110a128f7a2b6583a4d5e0a3a
Patch26: emacs-25.2-xwidget.patch
+# PATCH-FIX-UPSTREAM bsc#1058425 -- VUL-0: emacs: GNU Emacs 25.2 enriched text
remote code execution
+Patch27: emacs-25.2-bsc1058425.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{expand: %%global include_info %(test -s /usr/share/info/info.info* && echo 0
|| echo 1)}
@@ -248,6 +250,7 @@
%if 0%{?suse_version} > 1320
%patch26 -p1
%endif
+%patch27 -p0
%patch -p0 -b .0
%if %{without autoconf}
++++++ emacs-25.2-bsc1058425.patch ++++++
>From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001
From: Lars Ingebrigtsen <la...@gnus.org>
Date: Fri, 8 Sep 2017 20:23:31 -0700
Subject: Remove unsafe enriched mode translations
* lisp/gnus/mm-view.el (mm-inline-text):
Do not worry about enriched or richtext type.
* lisp/textmodes/enriched.el (enriched-translations):
Remove translations for FUNCTION, display (Bug#28350).
(enriched-handle-display-prop, enriched-decode-display-prop): Remove.
---
lisp/gnus/mm-view.el | 4 ----
lisp/textmodes/enriched.el | 32 --------------------------------
2 files changed, 36 deletions(-)
--- lisp/gnus/mm-view.el
+++ lisp/gnus/mm-view.el 2017-09-13 07:19:26.107456442 +0000
@@ -383,10 +383,6 @@
(goto-char (point-max))))
(save-restriction
(narrow-to-region b (point))
- (when (member type '("enriched" "richtext"))
- (set-text-properties (point-min) (point-max) nil)
- (ignore-errors
- (enriched-decode (point-min) (point-max))))
(mm-handle-set-undisplayer
handle
`(lambda ()
--- lisp/textmodes/enriched.el
+++ lisp/textmodes/enriched.el 2017-09-13 07:19:26.119456217 +0000
@@ -117,12 +117,7 @@ expression, which is evaluated to get th
(full "flushboth")
(center "center"))
(PARAMETER (t "param")) ; Argument of preceding annotation
- ;; The following are not part of the standard:
- (FUNCTION (enriched-decode-foreground "x-color")
- (enriched-decode-background "x-bg-color")
- (enriched-decode-display-prop "x-display"))
(read-only (t "x-read-only"))
- (display (nil enriched-handle-display-prop))
(unknown (nil format-annotate-value))
; (font-size (2 "bigger") ; unimplemented
; (-2 "smaller"))
@@ -477,32 +472,5 @@ Return value is \(begin end name positiv
(message "Warning: no color specified for <x-bg-color>")
nil))
�
-;;; Handling the `display' property.
-
-
-(defun enriched-handle-display-prop (old new)
- "Return a list of annotations for a change in the `display' property.
-OLD is the old value of the property, NEW is the new value. Value
-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
-close and OPEN a list of annotations to open. Each of these lists
-has the form `(ANNOTATION PARAM ...)'."
- (let ((annotation "x-display")
- (param (prin1-to-string (or old new))))
- (if (null old)
- (cons nil (list (list annotation param)))
- (cons (list (list annotation param)) nil))))
-
-(defun enriched-decode-display-prop (start end &optional param)
- "Decode a `display' property for text between START and END.
-PARAM is a `<param>' found for the property.
-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
-the range of text to assign text property SYMBOL with value VALUE."
- (let ((prop (when (stringp param)
- (condition-case ()
- (car (read-from-string param))
- (error nil)))))
- (unless prop
- (message "Warning: invalid <x-display> parameter %s" param))
- (list start end 'display prop)))
;;; enriched.el ends here
