diff options
Diffstat (limited to 'meta/recipes-support/vim/files/CVE-2019-12735.patch')
-rw-r--r-- | meta/recipes-support/vim/files/CVE-2019-12735.patch | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/meta/recipes-support/vim/files/CVE-2019-12735.patch b/meta/recipes-support/vim/files/CVE-2019-12735.patch deleted file mode 100644 index d8afa1867b..0000000000 --- a/meta/recipes-support/vim/files/CVE-2019-12735.patch +++ /dev/null @@ -1,64 +0,0 @@ -From e8197acdd091881fdbf9ed6ca8318f3c96465f0a Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar <Bram@vim.org> -Date: Wed, 22 May 2019 22:38:25 +0200 -Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox - -Problem: Source command doesn't check for the sandbox. (Armin Razmjou) -Solution: Check for the sandbox when sourcing a file. - -Upstream-Status: Backport -CVE: CVE-2019-12735 -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> ---- - src/getchar.c | 6 ++++++ - src/testdir/test_source.vim | 9 +++++++++ - src/version.c | 2 ++ - 3 files changed, 17 insertions(+) - -diff --git a/src/getchar.c b/src/getchar.c -index 0e9942b..475f644 100644 ---- a/src/getchar.c -+++ b/src/getchar.c -@@ -1407,6 +1407,12 @@ openscript( - emsg(_(e_nesting)); - return; - } -+ -+ // Disallow sourcing a file in the sandbox, the commands would be executed -+ // later, possibly outside of the sandbox. -+ if (check_secure()) -+ return; -+ - #ifdef FEAT_EVAL - if (ignore_script) - /* Not reading from script, also don't open one. Warning message? */ -diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim -index a33d286..5166baf 100644 ---- a/src/testdir/test_source.vim -+++ b/src/testdir/test_source.vim -@@ -36,3 +36,12 @@ func Test_source_cmd() - au! SourcePre - au! SourcePost - endfunc -+ -+func Test_source_sandbox() -+ new -+ call writefile(["Ohello\<Esc>"], 'Xsourcehello') -+ source! Xsourcehello | echo -+ call assert_equal('hello', getline(1)) -+ call assert_fails('sandbox source! Xsourcehello', 'E48:') -+ bwipe! -+endfunc -diff --git a/src/version.c b/src/version.c -index a49f6fb..e4f74be 100644 ---- a/src/version.c -+++ b/src/version.c -@@ -780,6 +780,8 @@ static char *(features[]) = - static int included_patches[] = - { /* Add new patch number below this line */ - /**/ -+ 1365, -+/**/ - 1017, - /**/ - 1016, |