import vim-8.0.1763-13.el8
This commit is contained in:
parent
6d39e2600f
commit
9e2b1476a5
86
SOURCES/vim-crypto-warning.patch
Normal file
86
SOURCES/vim-crypto-warning.patch
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
diff --git a/src/config.h.in b/src/config.h.in
|
||||||
|
index 7d61220..ca0b1a8 100644
|
||||||
|
--- a/src/config.h.in
|
||||||
|
+++ b/src/config.h.in
|
||||||
|
@@ -478,3 +478,12 @@
|
||||||
|
|
||||||
|
/* Define to inline symbol or empty */
|
||||||
|
#undef inline
|
||||||
|
+
|
||||||
|
+/* Do we need FIPS warning? */
|
||||||
|
+#undef HAVE_FIPS_WARNING
|
||||||
|
+
|
||||||
|
+/* Link to system-fips file */
|
||||||
|
+#undef SYSTEM_FIPS_FILE_LINK
|
||||||
|
+
|
||||||
|
+/* Link to fips_enabled file */
|
||||||
|
+#undef FIPS_ENABLED_FILE_LINK
|
||||||
|
diff --git a/src/configure.ac b/src/configure.ac
|
||||||
|
index 1e7d444..5e45762 100644
|
||||||
|
--- a/src/configure.ac
|
||||||
|
+++ b/src/configure.ac
|
||||||
|
@@ -525,6 +525,38 @@ else
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
fi
|
||||||
|
|
||||||
|
+dnl Checking if we want FIPS warning
|
||||||
|
+
|
||||||
|
+AC_MSG_CHECKING(--enable-fips-warning)
|
||||||
|
+AC_ARG_ENABLE([fips-warning],
|
||||||
|
+ AS_HELP_STRING([--enable-fips-warning], [Enable FIPS warning]),
|
||||||
|
+ ,[enable_fips_warning="no"])
|
||||||
|
+
|
||||||
|
+if test "$enable_fips_warning" = "yes"; then
|
||||||
|
+ AC_MSG_RESULT(yes)
|
||||||
|
+ AC_DEFINE([HAVE_FIPS_WARNING])
|
||||||
|
+
|
||||||
|
+ dnl Setting path for system-fips file
|
||||||
|
+
|
||||||
|
+ AC_MSG_CHECKING(--with-system-fips-file argument)
|
||||||
|
+ AC_ARG_WITH([system-fips-file], [ --with-system-fips-file=PATH Link to system-fips file (default: /etc/system-fips)],
|
||||||
|
+ with_system_fips_file=$withval,
|
||||||
|
+ with_system_fips_file="/etc/system-fips")
|
||||||
|
+ AC_MSG_RESULT([$with_system_fips_file])
|
||||||
|
+ AC_DEFINE_UNQUOTED([SYSTEM_FIPS_FILE_LINK], ["$with_system_fips_file"])
|
||||||
|
+
|
||||||
|
+ dnl Setting link to fips_enabled file
|
||||||
|
+
|
||||||
|
+ AC_MSG_CHECKING(--with-fips-enabled-file argument)
|
||||||
|
+ AC_ARG_WITH([fips-enabled-file], [ --with-fips-enabled-file=PATH Link to fibs_enabled file (default: /proc/sys/crypto/fips_enabled)],
|
||||||
|
+ with_fips_enabled_file=$withval,
|
||||||
|
+ with_fips_enabled_file="/proc/sys/crypto/fips_enabled")
|
||||||
|
+ AC_MSG_RESULT([$with_fips_enabled_file])
|
||||||
|
+ AC_DEFINE_UNQUOTED([FIPS_ENABLED_FILE_LINK], ["$with_fips_enabled_file"])
|
||||||
|
+else
|
||||||
|
+ AC_MSG_RESULT(no)
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
dnl Check for Lua feature.
|
||||||
|
AC_MSG_CHECKING(--enable-luainterp argument)
|
||||||
|
AC_ARG_ENABLE(luainterp,
|
||||||
|
diff --git a/src/crypt.c b/src/crypt.c
|
||||||
|
index dfbf02c..c935bc0 100644
|
||||||
|
--- a/src/crypt.c
|
||||||
|
+++ b/src/crypt.c
|
||||||
|
@@ -501,6 +501,21 @@ crypt_check_method(int method)
|
||||||
|
msg_scroll = TRUE;
|
||||||
|
MSG(_("Warning: Using a weak encryption method; see :help 'cm'"));
|
||||||
|
}
|
||||||
|
+#ifdef HAVE_FIPS_WARNING
|
||||||
|
+ FILE *fips_enable_fd = fopen(FIPS_ENABLED_FILE_LINK, "r");
|
||||||
|
+ if (fips_enable_fd == NULL)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ int enabled = fgetc(fips_enable_fd);
|
||||||
|
+
|
||||||
|
+ if ( access(SYSTEM_FIPS_FILE_LINK, F_OK) != -1 && enabled == '1')
|
||||||
|
+ {
|
||||||
|
+ msg_scroll = TRUE;
|
||||||
|
+ MSG(_("Warning: This cryptography is not FIPS 140-2 compliant."));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ fclose(fips_enable_fd);
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
@ -24,7 +24,7 @@ Summary: The VIM editor
|
|||||||
URL: http://www.vim.org/
|
URL: http://www.vim.org/
|
||||||
Name: vim
|
Name: vim
|
||||||
Version: %{baseversion}.%{patchlevel}
|
Version: %{baseversion}.%{patchlevel}
|
||||||
Release: 11%{?dist}
|
Release: 13%{?dist}
|
||||||
License: Vim and MIT
|
License: Vim and MIT
|
||||||
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
||||||
Source1: vim.sh
|
Source1: vim.sh
|
||||||
@ -71,6 +71,8 @@ Patch3017: vim-python3-tests.patch
|
|||||||
Patch3018: vim-covscan.patch
|
Patch3018: vim-covscan.patch
|
||||||
# 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
|
# 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
|
||||||
Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
|
Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
|
||||||
|
# 1605095 - vim: should not re-implement crypto
|
||||||
|
Patch3020: vim-crypto-warning.patch
|
||||||
|
|
||||||
# gcc is no longer in buildroot by default
|
# gcc is no longer in buildroot by default
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -267,6 +269,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
|||||||
%patch3017 -p1
|
%patch3017 -p1
|
||||||
%patch3018 -p1
|
%patch3018 -p1
|
||||||
%patch3019 -p1 -b .cve
|
%patch3019 -p1 -b .cve
|
||||||
|
%patch3020 -p1 -b .crypto-warning
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?rhel} > 7
|
%if 0%{?rhel} > 7
|
||||||
@ -296,6 +299,7 @@ perl -pi -e "s/vimrc/virc/" os_unix.h
|
|||||||
%endif
|
%endif
|
||||||
--disable-pythoninterp --disable-perlinterp --disable-tclinterp \
|
--disable-pythoninterp --disable-perlinterp --disable-tclinterp \
|
||||||
--with-tlib=ncurses --enable-gui=no --disable-gpm --exec-prefix=/ \
|
--with-tlib=ncurses --enable-gui=no --disable-gpm --exec-prefix=/ \
|
||||||
|
--enable-fips-warning \
|
||||||
--with-compiledby="<bugzilla@redhat.com>" \
|
--with-compiledby="<bugzilla@redhat.com>" \
|
||||||
--with-modified-by="<bugzilla@redhat.com>"
|
--with-modified-by="<bugzilla@redhat.com>"
|
||||||
|
|
||||||
@ -314,6 +318,7 @@ mv -f ex_cmds.c.save ex_cmds.c
|
|||||||
--enable-xim --enable-multibyte \
|
--enable-xim --enable-multibyte \
|
||||||
--with-tlib=ncurses \
|
--with-tlib=ncurses \
|
||||||
--enable-gtk3-check --enable-gui=gtk3 \
|
--enable-gtk3-check --enable-gui=gtk3 \
|
||||||
|
--enable-fips-warning \
|
||||||
--with-compiledby="<bugzilla@redhat.com>" --enable-cscope \
|
--with-compiledby="<bugzilla@redhat.com>" --enable-cscope \
|
||||||
--with-modified-by="<bugzilla@redhat.com>" \
|
--with-modified-by="<bugzilla@redhat.com>" \
|
||||||
%if "%{withnetbeans}" == "1"
|
%if "%{withnetbeans}" == "1"
|
||||||
@ -351,6 +356,7 @@ make clean
|
|||||||
--enable-gui=no --exec-prefix=%{_prefix} --enable-multibyte \
|
--enable-gui=no --exec-prefix=%{_prefix} --enable-multibyte \
|
||||||
--enable-cscope --with-modified-by="<bugzilla@redhat.com>" \
|
--enable-cscope --with-modified-by="<bugzilla@redhat.com>" \
|
||||||
--with-tlib=ncurses \
|
--with-tlib=ncurses \
|
||||||
|
--enable-fips-warning \
|
||||||
--with-compiledby="<bugzilla@redhat.com>" \
|
--with-compiledby="<bugzilla@redhat.com>" \
|
||||||
%if "%{withnetbeans}" == "1"
|
%if "%{withnetbeans}" == "1"
|
||||||
--enable-netbeans \
|
--enable-netbeans \
|
||||||
@ -792,6 +798,12 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
|||||||
%{_datadir}/icons/locolor/*/apps/*
|
%{_datadir}/icons/locolor/*/apps/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jul 23 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-13
|
||||||
|
- fixing covscan issues raised by previous commit
|
||||||
|
|
||||||
|
* Tue Jul 23 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-12
|
||||||
|
- 1605095 - vim: should not re-implement crypto
|
||||||
|
|
||||||
* Fri Jun 14 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-11
|
* Fri Jun 14 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-11
|
||||||
- 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
|
- 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user