aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2019-06-22 09:30:19 +0200
committerNatanael Copa <ncopa@alpinelinux.org>2019-06-22 09:30:19 +0200
commitaaf594bc234db11d5ef457511b7b3cebb3bcba46 (patch)
tree487e023e73462c1141d158465595092befc2a6d9
parentddc09d8be2f9144d068ba3e266323c2ab0c1accc (diff)
downloadaports-aaf594bc234db11d5ef457511b7b3cebb3bcba46.tar.gz
aports-aaf594bc234db11d5ef457511b7b3cebb3bcba46.tar.bz2
aports-aaf594bc234db11d5ef457511b7b3cebb3bcba46.tar.xz
main/vim: backport fix for CVE-2019-12735
fixes #10562
-rw-r--r--main/vim/APKBUILD8
-rw-r--r--main/vim/CVE-2019-12735.patch60
2 files changed, 66 insertions, 2 deletions
diff --git a/main/vim/APKBUILD b/main/vim/APKBUILD
index 09037792c4..cf24093102 100644
--- a/main/vim/APKBUILD
+++ b/main/vim/APKBUILD
@@ -4,7 +4,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=vim
pkgver=8.0.1359
-pkgrel=1
+pkgrel=2
pkgdesc="advanced text editor"
url="http://www.vim.org"
arch="all"
@@ -16,10 +16,13 @@ subpackages="$pkgname-doc ${pkgname}diff::noarch"
source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz
vimrc
vim-modeline-ace-fix.patch
+ CVE-2019-12735.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 8.0.1359-r2:
+# - CVE-2019-12735
# 8.0.0329-r0:
# - CVE-2017-5953
# 8.0.0056-r0:
@@ -68,4 +71,5 @@ vimdiff() {
sha512sums="4166a5ef190f62a09fad15cb2a3daf9a5e1df4eb788d9ef8ca0024731a0e6afc205f4bdb3111ff9e8685907fbbb7cf97238f83a5e6db3a33de60fac757908340 vim-8.0.1359.tar.gz
d9586b777881973cb5e48e18750336a522ed72c3127b2d6b6991e2b943468ca5b694476e7fa39ab469178c1375fc8f52627484e0fe377aea5811a513e35a7b02 vimrc
-9ffd4b88720308c94a1a5c015501f5818a9c8e671b9b10a36177eb15eb3730ab9463d031030b18033d058f303ba46029c622540d10fc33c8415a9394f4770a1e vim-modeline-ace-fix.patch"
+9ffd4b88720308c94a1a5c015501f5818a9c8e671b9b10a36177eb15eb3730ab9463d031030b18033d058f303ba46029c622540d10fc33c8415a9394f4770a1e vim-modeline-ace-fix.patch
+9ffd4b88720308c94a1a5c015501f5818a9c8e671b9b10a36177eb15eb3730ab9463d031030b18033d058f303ba46029c622540d10fc33c8415a9394f4770a1e CVE-2019-12735.patch"
diff --git a/main/vim/CVE-2019-12735.patch b/main/vim/CVE-2019-12735.patch
new file mode 100644
index 0000000000..86c9f5b9b4
--- /dev/null
+++ b/main/vim/CVE-2019-12735.patch
@@ -0,0 +1,60 @@
+From 53575521406739cf20bbe4e384d88e7dca11f040 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 22 May 2019 22:38:25 +0200
+Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox
+
+Problem: Source command doesn't check for the sandbox. (Armin Razmjou)
+Solution: Check for the sandbox when sourcing a file.
+---
+ src/getchar.c | 6 ++++++
+ src/testdir/test_source.vim | 9 +++++++++
+ src/version.c | 2 ++
+ 3 files changed, 17 insertions(+)
+
+diff --git a/src/getchar.c b/src/getchar.c
+index 9379a6a8d4..debad7efd2 100644
+--- a/src/getchar.c
++++ b/src/getchar.c
+@@ -1407,6 +1407,12 @@ openscript(
+ emsg(_(e_nesting));
+ return;
+ }
++
++ // Disallow sourcing a file in the sandbox, the commands would be executed
++ // later, possibly outside of the sandbox.
++ if (check_secure())
++ return;
++
+ #ifdef FEAT_EVAL
+ if (ignore_script)
+ /* Not reading from script, also don't open one. Warning message? */
+diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim
+index a33d286e75..5166bafb15 100644
+--- a/src/testdir/test_source.vim
++++ b/src/testdir/test_source.vim
+@@ -36,3 +36,12 @@ func Test_source_cmd()
+ au! SourcePre
+ au! SourcePost
+ endfunc
++
++func Test_source_sandbox()
++ new
++ call writefile(["Ohello\<Esc>"], 'Xsourcehello')
++ source! Xsourcehello | echo
++ call assert_equal('hello', getline(1))
++ call assert_fails('sandbox source! Xsourcehello', 'E48:')
++ bwipe!
++endfunc
+diff --git a/src/version.c b/src/version.c
+index b0736df46a..b2fcbfb14c 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -767,6 +767,8 @@ static char *(features[]) =
+
+ static int included_patches[] =
+ { /* Add new patch number below this line */
++/**/
++ 1365,
+ /**/
+ 1364,
+ /**/