Browse Source
Merge pull request #9168 from ja-pa/vim-security-patch
vim: patch security issue
lilik-openwrt-22.03
Rosen Penev
5 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
16 additions and
1 deletions
-
utils/vim/Makefile
-
utils/vim/patches/003-CVE-2019-12735.patch
|
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk |
|
|
|
|
|
|
|
PKG_NAME:=vim |
|
|
|
PKG_VERSION:=8.1 |
|
|
|
PKG_RELEASE:=3 |
|
|
|
PKG_RELEASE:=4 |
|
|
|
VIMVER:=81 |
|
|
|
|
|
|
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 |
|
|
|
|
|
@ -0,0 +1,15 @@ |
|
|
|
--- a/src/getchar.c
|
|
|
|
+++ b/src/getchar.c
|
|
|
|
@@ -1407,6 +1407,12 @@ openscript(
|
|
|
|
emsg(_(e_nesting)); |
|
|
|
return; |
|
|
|
} |
|
|
|
+
|
|
|
|
+ // Disallow sourcing a file in the sandbox, the commands would be executed
|
|
|
|
+ // later, possibly outside of the sandbox.
|
|
|
|
+ if (check_secure())
|
|
|
|
+ return;
|
|
|
|
+
|
|
|
|
#ifdef FEAT_EVAL |
|
|
|
if (ignore_script) |
|
|
|
/* Not reading from script, also don't open one. Warning message? */ |