summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnuj Mittal <anuj.mittal@intel.com>2019-07-26 12:47:24 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-07-29 10:25:30 +0100
commit474376e2229c4dd763e1a4500fc41619cf8e277e (patch)
tree253c3c00db9864cd6df8ff03f95bcf01b4ffce5d
parentc9e2f1f7f754ff828711097f103fdea85996a333 (diff)
downloadpoky-474376e2229c4dd763e1a4500fc41619cf8e277e.tar.gz
poky-474376e2229c4dd763e1a4500fc41619cf8e277e.tar.bz2
poky-474376e2229c4dd763e1a4500fc41619cf8e277e.zip
vim: fix CVE-2019-12735
(From OE-Core rev: c7efa41e7fed263413d5f55d5ed5d17e874623a3) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/vim/files/CVE-2019-12735.patch64
-rw-r--r--meta/recipes-support/vim/vim_8.1.1017.bb1
2 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-support/vim/files/CVE-2019-12735.patch b/meta/recipes-support/vim/files/CVE-2019-12735.patch
new file mode 100644
index 0000000000..d8afa1867b
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2019-12735.patch
@@ -0,0 +1,64 @@
+From e8197acdd091881fdbf9ed6ca8318f3c96465f0a Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 22 May 2019 22:38:25 +0200
+Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox
+
+Problem: Source command doesn't check for the sandbox. (Armin Razmjou)
+Solution: Check for the sandbox when sourcing a file.
+
+Upstream-Status: Backport
+CVE: CVE-2019-12735
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ src/getchar.c | 6 ++++++
+ src/testdir/test_source.vim | 9 +++++++++
+ src/version.c | 2 ++
+ 3 files changed, 17 insertions(+)
+
+diff --git a/src/getchar.c b/src/getchar.c
+index 0e9942b..475f644 100644
+--- a/src/getchar.c
++++ b/src/getchar.c
+@@ -1407,6 +1407,12 @@ openscript(
+ emsg(_(e_nesting));
+ return;
+ }
++
++ // Disallow sourcing a file in the sandbox, the commands would be executed
++ // later, possibly outside of the sandbox.
++ if (check_secure())
++ return;
++
+ #ifdef FEAT_EVAL
+ if (ignore_script)
+ /* Not reading from script, also don't open one. Warning message? */
+diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim
+index a33d286..5166baf 100644
+--- a/src/testdir/test_source.vim
++++ b/src/testdir/test_source.vim
+@@ -36,3 +36,12 @@ func Test_source_cmd()
+ au! SourcePre
+ au! SourcePost
+ endfunc
++
++func Test_source_sandbox()
++ new
++ call writefile(["Ohello\<Esc>"], 'Xsourcehello')
++ source! Xsourcehello | echo
++ call assert_equal('hello', getline(1))
++ call assert_fails('sandbox source! Xsourcehello', 'E48:')
++ bwipe!
++endfunc
+diff --git a/src/version.c b/src/version.c
+index a49f6fb..e4f74be 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -780,6 +780,8 @@ static char *(features[]) =
+ static int included_patches[] =
+ { /* Add new patch number below this line */
+ /**/
++ 1365,
++/**/
+ 1017,
+ /**/
+ 1016,
diff --git a/meta/recipes-support/vim/vim_8.1.1017.bb b/meta/recipes-support/vim/vim_8.1.1017.bb
index 7627d2844b..e161e12eed 100644
--- a/meta/recipes-support/vim/vim_8.1.1017.bb
+++ b/meta/recipes-support/vim/vim_8.1.1017.bb
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/vim/vim.git \
file://disable_acl_header_check.patch;patchdir=.. \
file://vim-add-knob-whether-elf.h-are-checked.patch;patchdir=.. \
file://0001-src-Makefile-improve-reproducibility.patch;patchdir=.. \
+ file://CVE-2019-12735.patch;patchdir=.. \
"
SRCREV = "493fbe4abee660d30b4f2aef87b754b0a720213c"