From 64e641356179107276d51479818026b4831a766e Mon Sep 17 00:00:00 2001 From: Sean Budd Date: Mon, 22 Jan 2024 15:41:51 +1100 Subject: [PATCH] Merge pull request from GHSA-h7pp-6jqw-g3pj --- source/appModules/nvda.py | 13 ------------- source/buildVersion.py | 2 +- source/core.py | 5 +++++ user_docs/en/changes.t2t | 12 ++++++++++++ 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/source/appModules/nvda.py b/source/appModules/nvda.py index 0beebafaec9..45e174fe9b0 100755 --- a/source/appModules/nvda.py +++ b/source/appModules/nvda.py @@ -253,16 +253,3 @@ def chooseNVDAObjectOverlayClasses(self, obj, clsList): elif self.isNvdaPythonConsoleUIOutputCtrl(obj): clsList.insert(0, NvdaPythonConsoleUIOutputClear) clsList.insert(0, NvdaPythonConsoleUIOutputCtrl) - - @gui.blockAction.when( - gui.blockAction.Context.SECURE_MODE, - gui.blockAction.Context.WINDOWS_LOCKED, - ) - @script(gesture="kb:control+v") - def script_paste(self, gesture: "inputCore.InputGesture") -> None: - # This function has no description and does not appear in input gestures - # as it should not be modified by the user. - # This function processes the paste gesture when performed in NVDA windows for security reasons. - # When in secure mode, or while Windows is locked, the default paste behaviour is blocked. - # Refer to this NVDA security advisory for details: https://github.com/nvaccess/nvda/security/advisories/GHSA-h7pp-6jqw-g3pj - gesture.send() diff --git a/source/buildVersion.py b/source/buildVersion.py index 94129d6c92a..6b6cd615161 100644 --- a/source/buildVersion.py +++ b/source/buildVersion.py @@ -67,7 +67,7 @@ def formatVersionForGUI(year, major, minor): name = "NVDA" version_year = 2023 version_major = 3 -version_minor = 1 +version_minor = 2 version_build = 0 # Should not be set manually. Set in 'sconscript' provided by 'appVeyor.yml' version=_formatDevVersionString() publisher="unknown" diff --git a/source/core.py b/source/core.py index dd98510f0d1..4b5de48d410 100644 --- a/source/core.py +++ b/source/core.py @@ -566,6 +566,11 @@ def main(): speech.speakMessage(_("Loading NVDA. Please wait...")) import wx import six + + # Disables wx logging in secure mode due to a security issue: GHSA-h7pp-6jqw-g3pj + # This is due to the wx.LogSysError dialog allowing a file explorer dialog to be opened. + wx.Log.EnableLogging(not globalVars.appArgs.secure) + log.info("Using wx version %s with six version %s"%(wx.version(), six.__version__)) class App(wx.App): def OnAssert(self,file,line,cond,msg): diff --git a/user_docs/en/changes.t2t b/user_docs/en/changes.t2t index f337ea1dc98..10feba4a94b 100644 --- a/user_docs/en/changes.t2t +++ b/user_docs/en/changes.t2t @@ -4,6 +4,18 @@ What's New in NVDA %!includeconf: ../changes.t2tconf %!includeconf: ./locale.t2tconf += 2023.3.2 = +This is a patch release to fix a security issue. +The security patch in 2023.3.1 was not resolved correctly. +Please responsibly disclose security issues following NVDA's [security policy https://github.com/nvaccess/nvda/blob/master/security.md]. + +== Security Fixes == +- The security patch in 2023.3.1 was not resolved correctly. +Prevents possible system access and arbitrary code execution with system privileges for unauthenticated users. +([GHSA-h7pp-6jqw-g3pj https://github.com/nvaccess/nvda/security/advisories/GHSA-h7pp-6jqw-g3pj]) +- + + = 2023.3.1 = This is a patch release to fix a security issue. Please responsibly disclose security issues following NVDA's [security policy https://github.com/nvaccess/nvda/blob/master/security.md].