import vim-8.0.1763-11.el8_0
This commit is contained in:
parent
646cab66bf
commit
5336484e4b
|
@ -0,0 +1,16 @@
|
||||||
|
diff -up vim80/src/getchar.c.cve vim80/src/getchar.c
|
||||||
|
--- vim80/src/getchar.c.cve 2019-06-14 13:46:17.269523985 +0200
|
||||||
|
+++ vim80/src/getchar.c 2019-06-14 13:46:58.427169288 +0200
|
||||||
|
@@ -1418,6 +1418,12 @@ openscript(
|
||||||
|
EMSG(_(e_nesting));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ // Disallow sourcing a file in the sandbox, the commands would be executed
|
||||||
|
+ // later, possibly outside of the sandbox.
|
||||||
|
+ if (check_secure())
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
#ifdef FEAT_EVAL
|
||||||
|
if (ignore_script)
|
||||||
|
/* Not reading from script, also don't open one. Warning message? */
|
|
@ -24,7 +24,7 @@ Summary: The VIM editor
|
||||||
URL: http://www.vim.org/
|
URL: http://www.vim.org/
|
||||||
Name: vim
|
Name: vim
|
||||||
Version: %{baseversion}.%{patchlevel}
|
Version: %{baseversion}.%{patchlevel}
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
License: Vim and MIT
|
License: Vim and MIT
|
||||||
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
||||||
Source1: vim.sh
|
Source1: vim.sh
|
||||||
|
@ -69,6 +69,8 @@ Patch3016: vim-8.0-copy-paste.patch
|
||||||
Patch3017: vim-python3-tests.patch
|
Patch3017: vim-python3-tests.patch
|
||||||
# 1602727 - fixed several covscan issues and backported from upstream
|
# 1602727 - fixed several covscan issues and backported from upstream
|
||||||
Patch3018: vim-covscan.patch
|
Patch3018: vim-covscan.patch
|
||||||
|
# 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
|
||||||
|
Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
|
||||||
|
|
||||||
# gcc is no longer in buildroot by default
|
# gcc is no longer in buildroot by default
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
|
@ -264,6 +266,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
||||||
%patch3016 -p1
|
%patch3016 -p1
|
||||||
%patch3017 -p1
|
%patch3017 -p1
|
||||||
%patch3018 -p1
|
%patch3018 -p1
|
||||||
|
%patch3019 -p1 -b .cve
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?rhel} > 7
|
%if 0%{?rhel} > 7
|
||||||
|
@ -789,6 +792,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
||||||
%{_datadir}/icons/locolor/*/apps/*
|
%{_datadir}/icons/locolor/*/apps/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 14 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-11
|
||||||
|
- 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
|
||||||
|
|
||||||
* Thu Dec 06 2018 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-10
|
* Thu Dec 06 2018 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-10
|
||||||
- do not strip binaries before build system strips them
|
- do not strip binaries before build system strips them
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue