From 03244751b7cd2bf0cf0323620fadff9b22515a65 Mon Sep 17 00:00:00 2001 From: Sean Budd Date: Thu, 11 Jan 2024 13:44:13 +1100 Subject: [PATCH] Fix GHSA-h7pp-6jqw-g3pj --- source/appModules/nvda.py | 17 +++++++++++++++-- source/buildVersion.py | 2 +- user_docs/en/changes.t2t | 9 +++++++++ 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/source/appModules/nvda.py b/source/appModules/nvda.py index d33ba6cb86d..0beebafaec9 100755 --- a/source/appModules/nvda.py +++ b/source/appModules/nvda.py @@ -1,5 +1,5 @@ # A part of NonVisual Desktop Access (NVDA) -# Copyright (C) 2008-2021 NV Access Limited, James Teh, Michael Curran, Leonard de Ruijter, Reef Turner, +# Copyright (C) 2008-2024 NV Access Limited, James Teh, Michael Curran, Leonard de Ruijter, Reef Turner, # Julien Cochuyt # This file may be used under the terms of the GNU General Public License, version 2 or later. # For more details see: https://www.gnu.org/licenses/gpl-2.0.html @@ -17,7 +17,6 @@ from scriptHandler import script import speech import textInfos -import braille import config from logHandler import log @@ -27,6 +26,7 @@ nvdaMenuIaIdentity = None + class NvdaDialog(IAccessible): """Fix to ensure NVDA message dialogs get reported when they pop up. """ @@ -253,3 +253,16 @@ def chooseNVDAObjectOverlayClasses(self, obj, clsList): elif self.isNvdaPythonConsoleUIOutputCtrl(obj): clsList.insert(0, NvdaPythonConsoleUIOutputClear) clsList.insert(0, NvdaPythonConsoleUIOutputCtrl) + + @gui.blockAction.when( + gui.blockAction.Context.SECURE_MODE, + gui.blockAction.Context.WINDOWS_LOCKED, + ) + @script(gesture="kb:control+v") + def script_paste(self, gesture: "inputCore.InputGesture") -> None: + # This function has no description and does not appear in input gestures + # as it should not be modified by the user. + # This function processes the paste gesture when performed in NVDA windows for security reasons. + # When in secure mode, or while Windows is locked, the default paste behaviour is blocked. + # Refer to this NVDA security advisory for details: https://github.com/nvaccess/nvda/security/advisories/GHSA-h7pp-6jqw-g3pj + gesture.send() diff --git a/source/buildVersion.py b/source/buildVersion.py index dbbe28d2f6c..94129d6c92a 100644 --- a/source/buildVersion.py +++ b/source/buildVersion.py @@ -67,7 +67,7 @@ def formatVersionForGUI(year, major, minor): name = "NVDA" version_year = 2023 version_major = 3 -version_minor = 0 +version_minor = 1 version_build = 0 # Should not be set manually. Set in 'sconscript' provided by 'appVeyor.yml' version=_formatDevVersionString() publisher="unknown" diff --git a/user_docs/en/changes.t2t b/user_docs/en/changes.t2t index 49de5a445de..f337ea1dc98 100644 --- a/user_docs/en/changes.t2t +++ b/user_docs/en/changes.t2t @@ -4,6 +4,15 @@ What's New in NVDA %!includeconf: ../changes.t2tconf %!includeconf: ./locale.t2tconf += 2023.3.1 = +This is a patch release to fix a security issue. +Please responsibly disclose security issues following NVDA's [security policy https://github.com/nvaccess/nvda/blob/master/security.md]. + +== Security Fixes == +- Prevents possible system access and arbitrary code execution with system privileges for unauthenticated users. +([GHSA-h7pp-6jqw-g3pj https://github.com/nvaccess/nvda/security/advisories/GHSA-h7pp-6jqw-g3pj]) +- + = 2023.3 = This release includes improvements to performance, responsiveness and stability of audio output. Options have been added to control the volume of NVDA sounds and beeps, or to have them follow the volume of the voice you are using.