import vim-8.0.1763-11.el8_0
This commit is contained in:
parent
646cab66bf
commit
5336484e4b
@ -0,0 +1,16 @@
|
||||
diff -up vim80/src/getchar.c.cve vim80/src/getchar.c
|
||||
--- vim80/src/getchar.c.cve 2019-06-14 13:46:17.269523985 +0200
|
||||
+++ vim80/src/getchar.c 2019-06-14 13:46:58.427169288 +0200
|
||||
@@ -1418,6 +1418,12 @@ openscript(
|
||||
EMSG(_(e_nesting));
|
||||
return;
|
||||
}
|
||||
+
|
||||
+ // Disallow sourcing a file in the sandbox, the commands would be executed
|
||||
+ // later, possibly outside of the sandbox.
|
||||
+ if (check_secure())
|
||||
+ return;
|
||||
+
|
||||
#ifdef FEAT_EVAL
|
||||
if (ignore_script)
|
||||
/* Not reading from script, also don't open one. Warning message? */
|
@ -24,7 +24,7 @@ Summary: The VIM editor
|
||||
URL: http://www.vim.org/
|
||||
Name: vim
|
||||
Version: %{baseversion}.%{patchlevel}
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: Vim and MIT
|
||||
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
||||
Source1: vim.sh
|
||||
@ -69,6 +69,8 @@ Patch3016: vim-8.0-copy-paste.patch
|
||||
Patch3017: vim-python3-tests.patch
|
||||
# 1602727 - fixed several covscan issues and backported from upstream
|
||||
Patch3018: vim-covscan.patch
|
||||
# 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
|
||||
Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
|
||||
|
||||
# gcc is no longer in buildroot by default
|
||||
BuildRequires: gcc
|
||||
@ -264,6 +266,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
||||
%patch3016 -p1
|
||||
%patch3017 -p1
|
||||
%patch3018 -p1
|
||||
%patch3019 -p1 -b .cve
|
||||
|
||||
%build
|
||||
%if 0%{?rhel} > 7
|
||||
@ -789,6 +792,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
||||
%{_datadir}/icons/locolor/*/apps/*
|
||||
|
||||
%changelog
|
||||
* Fri Jun 14 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-11
|
||||
- 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
|
||||
|
||||
* Thu Dec 06 2018 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-10
|
||||
- do not strip binaries before build system strips them
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user