From: Jan Pavlinec Date: Thu, 6 Jun 2019 13:53:19 +0000 (+0200) Subject: vim: patch security issue X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=f2417d71986cd0c6fb55dc8dcece4a51fb4c2055;p=feed%2Fpackages.git vim: patch security issue Fixes CVE-2019-12735 Signed-off-by: Jan Pavlinec --- diff --git a/utils/vim/Makefile b/utils/vim/Makefile index 03eeec84a9..1e1ec75fe2 100644 --- a/utils/vim/Makefile +++ b/utils/vim/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=vim PKG_VERSION:=8.1 -PKG_RELEASE:=3 +PKG_RELEASE:=4 VIMVER:=81 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 diff --git a/utils/vim/patches/003-CVE-2019-12735.patch b/utils/vim/patches/003-CVE-2019-12735.patch new file mode 100644 index 0000000000..bf29ce91d2 --- /dev/null +++ b/utils/vim/patches/003-CVE-2019-12735.patch @@ -0,0 +1,15 @@ +--- a/src/getchar.c ++++ b/src/getchar.c +@@ -1407,6 +1407,12 @@ openscript( + emsg(_(e_nesting)); + return; + } ++ ++ // Disallow sourcing a file in the sandbox, the commands would be executed ++ // later, possibly outside of the sandbox. ++ if (check_secure()) ++ return; ++ + #ifdef FEAT_EVAL + if (ignore_script) + /* Not reading from script, also don't open one. Warning message? */