Merge pull request #9168 from ja-pa/vim-security-patch
vim: patch security issue
This commit is contained in:
Rosen Penev
GitHub
commit
885c8c8e75
2 changed files with 16 additions and 1 deletions
|
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=vim
|
||||
PKG_VERSION:=8.1
|
||||
PKG_RELEASE:=3
|
||||
PKG_RELEASE:=4
|
||||
VIMVER:=81
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||
|
|
|
|||
15
utils/vim/patches/003-CVE-2019-12735.patch
Normal file
15
utils/vim/patches/003-CVE-2019-12735.patch
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
--- a/src/getchar.c
|
||||
+++ b/src/getchar.c
|
||||
@@ -1407,6 +1407,12 @@ openscript(
|
||||
emsg(_(e_nesting));
|
||||
return;
|
||||
}
|
||||
+
|
||||
+ // Disallow sourcing a file in the sandbox, the commands would be executed
|
||||
+ // later, possibly outside of the sandbox.
|
||||
+ if (check_secure())
|
||||
+ return;
|
||||
+
|
||||
#ifdef FEAT_EVAL
|
||||
if (ignore_script)
|
||||
/* Not reading from script, also don't open one. Warning message? */
|
||||
Loading…
Reference in a new issue