diff options
| author | Daniel Sabogal <dsabogalcc@gmail.com> | 2016-11-22 16:28:57 -0500 |
|---|---|---|
| committer | Jakub Jirutka <jakub@jirutka.cz> | 2016-11-23 00:44:33 +0100 |
| commit | 4334497e10a06b4bf609c459421f38f4f107273e (patch) | |
| tree | 748d48a5d94ae85eee9750376b0cdf869ebeb860 | |
| parent | be37a94bd55747bcd97f496950ca42f597156ab0 (diff) | |
| download | aports-4334497e10a06b4bf609c459421f38f4f107273e.tar.bz2 aports-4334497e10a06b4bf609c459421f38f4f107273e.tar.xz | |
community/neovim: security fix for CVE-2016-1248
Patch from Debian unstable (0.1.6-4)
| -rw-r--r-- | community/neovim/APKBUILD | 18 | ||||
| -rw-r--r-- | community/neovim/CVE-2016-1248.patch | 71 |
2 files changed, 84 insertions, 5 deletions
diff --git a/community/neovim/APKBUILD b/community/neovim/APKBUILD index f5190e0beb..cabf75b05c 100644 --- a/community/neovim/APKBUILD +++ b/community/neovim/APKBUILD @@ -3,7 +3,7 @@ # TODO: Try to trim the base package to include only common syntax files etc. pkgname=neovim pkgver=0.1.6 -pkgrel=0 +pkgrel=1 pkgdesc="Vim-fork focused on extensibility and agility" url="https://neovim.io" arch="all" @@ -13,9 +13,14 @@ makedepends="cmake gettext-dev gperf libtermkey-dev libuv-dev libvterm-dev lua5.1-lpeg lua5.1-mpack luajit-dev msgpack-c-dev unibilium-dev" subpackages="$pkgname-lang $pkgname-doc" source="$pkgname-$pkgver.tar.gz::https://github.com/neovim/$pkgname/archive/v$pkgver.tar.gz - nodoc.txt" + nodoc.txt + CVE-2016-1248.patch" builddir="$srcdir/$pkgname-$pkgver" +# secfixes: +# 0.1.6-r1: +# - CVE-2016-1248 + build() { mkdir -p "$builddir"/build cd "$builddir"/build @@ -55,8 +60,11 @@ doc() { } md5sums="307978937c7fc2ebd796b345d99ed7cd neovim-0.1.6.tar.gz -c910a91b399ebbd498cf6f96ce247cb6 nodoc.txt" +c910a91b399ebbd498cf6f96ce247cb6 nodoc.txt +62fa2153774023d9a9882c4f5987911c CVE-2016-1248.patch" sha256sums="a9fe7aadd38ef015f82ec340f6b6c0629d02c9ca4d85352db0934ae511d2f02a neovim-0.1.6.tar.gz -7ecadab8a847334060eb1f16e5c0cec6e12e183d8695f6f924429184cd22e463 nodoc.txt" +7ecadab8a847334060eb1f16e5c0cec6e12e183d8695f6f924429184cd22e463 nodoc.txt +8182111c741004de62543050958b535d300969ab395a0853cfe38e1d7adfc1aa CVE-2016-1248.patch" sha512sums="360d69bc11a3cb7b2c203adc7e76edad736b1a2fb7033d2d0c6444da168053ea0b621daf7978e9c158e14c5e04af8599005bf5eb800d9d1776007257b0e0e56f neovim-0.1.6.tar.gz -72ab288f53acddc088c567aafe8c5afa6835325fab7879e782d1d62f87a662f3a6bac123c450debbae1b32336cc60b2830b429838ee3dfcc7524773b5069f4f0 nodoc.txt" +72ab288f53acddc088c567aafe8c5afa6835325fab7879e782d1d62f87a662f3a6bac123c450debbae1b32336cc60b2830b429838ee3dfcc7524773b5069f4f0 nodoc.txt +0bc6db4051564e4a2146e403c0a3f7128457b5190594ac570f51f787d6f70e80d692b7c1d3431273f6bc4a7edf24f6978590953fce6fc935c12ceb07d5c6bd92 CVE-2016-1248.patch" diff --git a/community/neovim/CVE-2016-1248.patch b/community/neovim/CVE-2016-1248.patch new file mode 100644 index 0000000000..4a20d14028 --- /dev/null +++ b/community/neovim/CVE-2016-1248.patch @@ -0,0 +1,71 @@ +From 177272f1f76565205c5c381bdf7dd020d7c5a5a8 Mon Sep 17 00:00:00 2001 +From: James McCoy <jamessan@jamessan.com> +Date: Sun, 20 Nov 2016 08:42:38 -0700 +Subject: [PATCH] vim-patch:8.0.0056 + +Problem: When setting 'filetype' there is no check for a valid name. +Solution: Only allow valid characters in 'filetype', 'syntax' and 'keymap'. + +https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a +--- + src/nvim/option.c | 33 ++++++++++++++++++++++++++++----- + 1 file changed, 28 insertions(+), 5 deletions(-) + +diff --git a/src/nvim/option.c b/src/nvim/option.c +index 5f338ea..24444ee 100644 +--- a/src/nvim/option.c ++++ b/src/nvim/option.c +@@ -2389,6 +2389,18 @@ static char *set_string_option(const int opt_idx, const char *const value, + return r; + } + ++/// Return true if "val" is a valid 'filetype' name. ++/// Also used for 'syntax' and 'keymap'. ++static bool valid_filetype(char_u *val) ++{ ++ for (char_u *s = val; *s != NUL; s++) { ++ if (!ASCII_ISALNUM(*s) && vim_strchr((char_u *)".-_", *s) == NULL) { ++ return false; ++ } ++ } ++ return true; ++} ++ + /* + * Handle string options that need some action to perform when changed. + * Returns NULL for success, or an error message for an error. +@@ -2620,8 +2632,12 @@ did_set_string_option ( + xfree(p_penc); + p_penc = p; + } else if (varp == &curbuf->b_p_keymap) { +- /* load or unload key mapping tables */ +- errmsg = keymap_init(); ++ if (!valid_filetype(*varp)) { ++ errmsg = e_invarg; ++ } else { ++ // load or unload key mapping tables ++ errmsg = keymap_init(); ++ } + + if (errmsg == NULL) { + if (*curbuf->b_p_keymap != NUL) { +@@ -3110,9 +3126,16 @@ did_set_string_option ( + else if (gvarp == &p_cino) { + /* TODO: recognize errors */ + parse_cino(curbuf); +- } +- /* Options that are a list of flags. */ +- else { ++ } else if (gvarp == &p_ft) { ++ if (!valid_filetype(*varp)) { ++ errmsg = e_invarg; ++ } ++ } else if (gvarp == &p_syn) { ++ if (!valid_filetype(*varp)) { ++ errmsg = e_invarg; ++ } ++ } else { ++ // Options that are a list of flags. + p = NULL; + if (varp == &p_ww) + p = (char_u *)WW_ALL; |