Commit 74071d50 authored by Kevin Daudt's avatar Kevin Daudt 💬

main/vim: security fix for CVE-2019-12735

Arbitrary code execution has been found in vim modelines. Upstream patch
has been applied:

https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040.patch
parent 165df433
......@@ -4,7 +4,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=vim
pkgver=8.0.1359
pkgrel=0
pkgrel=1
pkgdesc="advanced text editor"
url="http://www.vim.org"
arch="all"
......@@ -15,6 +15,7 @@ makedepends="ncurses-dev lua5.2-dev python3-dev"
subpackages="$pkgname-doc ${pkgname}diff::noarch"
source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz
vimrc
vim-modeline-ace-fix.patch
"
builddir="$srcdir/$pkgname-$pkgver"
......@@ -66,4 +67,5 @@ vimdiff() {
}
sha512sums="4166a5ef190f62a09fad15cb2a3daf9a5e1df4eb788d9ef8ca0024731a0e6afc205f4bdb3111ff9e8685907fbbb7cf97238f83a5e6db3a33de60fac757908340 vim-8.0.1359.tar.gz
d9586b777881973cb5e48e18750336a522ed72c3127b2d6b6991e2b943468ca5b694476e7fa39ab469178c1375fc8f52627484e0fe377aea5811a513e35a7b02 vimrc"
d9586b777881973cb5e48e18750336a522ed72c3127b2d6b6991e2b943468ca5b694476e7fa39ab469178c1375fc8f52627484e0fe377aea5811a513e35a7b02 vimrc
9ffd4b88720308c94a1a5c015501f5818a9c8e671b9b10a36177eb15eb3730ab9463d031030b18033d058f303ba46029c622540d10fc33c8415a9394f4770a1e vim-modeline-ace-fix.patch"
From 53575521406739cf20bbe4e384d88e7dca11f040 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 22 May 2019 22:38:25 +0200
Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox
Problem: Source command doesn't check for the sandbox. (Armin Razmjou)
Solution: Check for the sandbox when sourcing a file.
---
src/getchar.c | 6 ++++++
src/testdir/test_source.vim | 9 +++++++++
src/version.c | 2 ++
3 files changed, 17 insertions(+)
diff --git a/src/getchar.c b/src/getchar.c
index 9379a6a8d4..debad7efd2 100644
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -1407,6 +1407,12 @@ openscript(
emsg(_(e_nesting));
return;
}
+
+ // Disallow sourcing a file in the sandbox, the commands would be executed
+ // later, possibly outside of the sandbox.
+ if (check_secure())
+ return;
+
#ifdef FEAT_EVAL
if (ignore_script)
/* Not reading from script, also don't open one. Warning message? */
diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim
index a33d286e75..5166bafb15 100644
--- a/src/testdir/test_source.vim
+++ b/src/testdir/test_source.vim
@@ -36,3 +36,12 @@ func Test_source_cmd()
au! SourcePre
au! SourcePost
endfunc
+
+func Test_source_sandbox()
+ new
+ call writefile(["Ohello\<Esc>"], 'Xsourcehello')
+ source! Xsourcehello | echo
+ call assert_equal('hello', getline(1))
+ call assert_fails('sandbox source! Xsourcehello', 'E48:')
+ bwipe!
+endfunc
diff --git a/src/version.c b/src/version.c
index b0736df46a..b2fcbfb14c 100644
--- a/src/version.c
+++ b/src/version.c
@@ -767,6 +767,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1365,
/**/
1364,
/**/
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment