diff options
| author | Jan Pavlinec <jan.pavlinec@nic.cz> | 2019-06-06 15:53:19 +0200 |
|---|---|---|
| committer | Jan Pavlinec <jan.pavlinec@nic.cz> | 2019-06-06 15:54:55 +0200 |
| commit | f2417d71986cd0c6fb55dc8dcece4a51fb4c2055 (patch) | |
| tree | 54b84a4ade457a3b9f7422835e6deb9ab663a28e | |
| parent | d9f29124b754ce6f6a520a15a69a3e6d635e00cd (diff) | |
vim: patch security issue
Fixes CVE-2019-12735
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
| -rw-r--r-- | utils/vim/Makefile | 2 | ||||
| -rw-r--r-- | utils/vim/patches/003-CVE-2019-12735.patch | 15 |
2 files changed, 16 insertions, 1 deletions
diff --git a/utils/vim/Makefile b/utils/vim/Makefile index 03eeec84a..1e1ec75fe 100644 --- a/utils/vim/Makefile +++ b/utils/vim/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=vim PKG_VERSION:=8.1 -PKG_RELEASE:=3 +PKG_RELEASE:=4 VIMVER:=81 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 diff --git a/utils/vim/patches/003-CVE-2019-12735.patch b/utils/vim/patches/003-CVE-2019-12735.patch new file mode 100644 index 000000000..bf29ce91d --- /dev/null +++ b/utils/vim/patches/003-CVE-2019-12735.patch @@ -0,0 +1,15 @@ +--- a/src/getchar.c ++++ b/src/getchar.c +@@ -1407,6 +1407,12 @@ openscript( + emsg(_(e_nesting)); + return; + } ++ ++ // Disallow sourcing a file in the sandbox, the commands would be executed ++ // later, possibly outside of the sandbox. ++ if (check_secure()) ++ return; ++ + #ifdef FEAT_EVAL + if (ignore_script) + /* Not reading from script, also don't open one. Warning message? */ |