diff options
author | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-06-05 18:31:28 +0000 |
---|---|---|
committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-06-05 18:31:28 +0000 |
commit | 74071d50c5e7b91e5a0c1803758fcb1de721d712 (patch) | |
tree | 606557adb6158c91a19af9577461522bbad9451c | |
parent | 165df433b6fd3e30ce578c4f54946a2079aa963c (diff) | |
download | aports-74071d50c5e7b91e5a0c1803758fcb1de721d712.tar.bz2 aports-74071d50c5e7b91e5a0c1803758fcb1de721d712.tar.xz |
main/vim: security fix for CVE-2019-12735
Arbitrary code execution has been found in vim modelines. Upstream patch
has been applied:
https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040.patch
-rw-r--r-- | main/vim/APKBUILD | 6 | ||||
-rw-r--r-- | main/vim/vim-modeline-ace-fix.patch | 60 |
2 files changed, 64 insertions, 2 deletions
diff --git a/main/vim/APKBUILD b/main/vim/APKBUILD index af0651a78c..09037792c4 100644 --- a/main/vim/APKBUILD +++ b/main/vim/APKBUILD @@ -4,7 +4,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=vim pkgver=8.0.1359 -pkgrel=0 +pkgrel=1 pkgdesc="advanced text editor" url="http://www.vim.org" arch="all" @@ -15,6 +15,7 @@ makedepends="ncurses-dev lua5.2-dev python3-dev" subpackages="$pkgname-doc ${pkgname}diff::noarch" source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz vimrc + vim-modeline-ace-fix.patch " builddir="$srcdir/$pkgname-$pkgver" @@ -66,4 +67,5 @@ vimdiff() { } sha512sums="4166a5ef190f62a09fad15cb2a3daf9a5e1df4eb788d9ef8ca0024731a0e6afc205f4bdb3111ff9e8685907fbbb7cf97238f83a5e6db3a33de60fac757908340 vim-8.0.1359.tar.gz -d9586b777881973cb5e48e18750336a522ed72c3127b2d6b6991e2b943468ca5b694476e7fa39ab469178c1375fc8f52627484e0fe377aea5811a513e35a7b02 vimrc" +d9586b777881973cb5e48e18750336a522ed72c3127b2d6b6991e2b943468ca5b694476e7fa39ab469178c1375fc8f52627484e0fe377aea5811a513e35a7b02 vimrc +9ffd4b88720308c94a1a5c015501f5818a9c8e671b9b10a36177eb15eb3730ab9463d031030b18033d058f303ba46029c622540d10fc33c8415a9394f4770a1e vim-modeline-ace-fix.patch" diff --git a/main/vim/vim-modeline-ace-fix.patch b/main/vim/vim-modeline-ace-fix.patch new file mode 100644 index 0000000000..86c9f5b9b4 --- /dev/null +++ b/main/vim/vim-modeline-ace-fix.patch @@ -0,0 +1,60 @@ +From 53575521406739cf20bbe4e384d88e7dca11f040 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Wed, 22 May 2019 22:38:25 +0200 +Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox + +Problem: Source command doesn't check for the sandbox. (Armin Razmjou) +Solution: Check for the sandbox when sourcing a file. +--- + src/getchar.c | 6 ++++++ + src/testdir/test_source.vim | 9 +++++++++ + src/version.c | 2 ++ + 3 files changed, 17 insertions(+) + +diff --git a/src/getchar.c b/src/getchar.c +index 9379a6a8d4..debad7efd2 100644 +--- a/src/getchar.c ++++ b/src/getchar.c +@@ -1407,6 +1407,12 @@ openscript( + emsg(_(e_nesting)); + return; + } ++ ++ // Disallow sourcing a file in the sandbox, the commands would be executed ++ // later, possibly outside of the sandbox. ++ if (check_secure()) ++ return; ++ + #ifdef FEAT_EVAL + if (ignore_script) + /* Not reading from script, also don't open one. Warning message? */ +diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim +index a33d286e75..5166bafb15 100644 +--- a/src/testdir/test_source.vim ++++ b/src/testdir/test_source.vim +@@ -36,3 +36,12 @@ func Test_source_cmd() + au! SourcePre + au! SourcePost + endfunc ++ ++func Test_source_sandbox() ++ new ++ call writefile(["Ohello\<Esc>"], 'Xsourcehello') ++ source! Xsourcehello | echo ++ call assert_equal('hello', getline(1)) ++ call assert_fails('sandbox source! Xsourcehello', 'E48:') ++ bwipe! ++endfunc +diff --git a/src/version.c b/src/version.c +index b0736df46a..b2fcbfb14c 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -767,6 +767,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 1365, + /**/ + 1364, + /**/ |