Browse Source

Merge pull request #9168 from ja-pa/vim-security-patch

vim: patch security issue
lilik-openwrt-22.03
Rosen Penev 5 years ago
committed by GitHub
parent
commit
885c8c8e75
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 1 deletions
  1. +1
    -1
      utils/vim/Makefile
  2. +15
    -0
      utils/vim/patches/003-CVE-2019-12735.patch

+ 1
- 1
utils/vim/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=vim
PKG_VERSION:=8.1
PKG_RELEASE:=3
PKG_RELEASE:=4
VIMVER:=81
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2


+ 15
- 0
utils/vim/patches/003-CVE-2019-12735.patch View File

@ -0,0 +1,15 @@
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -1407,6 +1407,12 @@ openscript(
emsg(_(e_nesting));
return;
}
+
+ // Disallow sourcing a file in the sandbox, the commands would be executed
+ // later, possibly outside of the sandbox.
+ if (check_secure())
+ return;
+
#ifdef FEAT_EVAL
if (ignore_script)
/* Not reading from script, also don't open one. Warning message? */

Loading…
Cancel
Save