[OE-core] [warrior][PATCH 2/7] vim: fix CVE-2019-12735
Anuj Mittal
anuj.mittal at intel.com
Fri Jul 26 04:47:24 UTC 2019
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
---
.../recipes-support/vim/files/CVE-2019-12735.patch | 64 ++++++++++++++++++++++
meta/recipes-support/vim/vim_8.1.1017.bb | 1 +
2 files changed, 65 insertions(+)
create mode 100644 meta/recipes-support/vim/files/CVE-2019-12735.patch
diff --git a/meta/recipes-support/vim/files/CVE-2019-12735.patch b/meta/recipes-support/vim/files/CVE-2019-12735.patch
new file mode 100644
index 0000000..d8afa18
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2019-12735.patch
@@ -0,0 +1,64 @@
+From e8197acdd091881fdbf9ed6ca8318f3c96465f0a Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram at vim.org>
+Date: Wed, 22 May 2019 22:38:25 +0200
+Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox
+
+Problem: Source command doesn't check for the sandbox. (Armin Razmjou)
+Solution: Check for the sandbox when sourcing a file.
+
+Upstream-Status: Backport
+CVE: CVE-2019-12735
+Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
+---
+ src/getchar.c | 6 ++++++
+ src/testdir/test_source.vim | 9 +++++++++
+ src/version.c | 2 ++
+ 3 files changed, 17 insertions(+)
+
+diff --git a/src/getchar.c b/src/getchar.c
+index 0e9942b..475f644 100644
+--- a/src/getchar.c
++++ b/src/getchar.c
+@@ -1407,6 +1407,12 @@ openscript(
+ emsg(_(e_nesting));
+ return;
+ }
++
++ // Disallow sourcing a file in the sandbox, the commands would be executed
++ // later, possibly outside of the sandbox.
++ if (check_secure())
++ return;
++
+ #ifdef FEAT_EVAL
+ if (ignore_script)
+ /* Not reading from script, also don't open one. Warning message? */
+diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim
+index a33d286..5166baf 100644
+--- a/src/testdir/test_source.vim
++++ b/src/testdir/test_source.vim
+@@ -36,3 +36,12 @@ func Test_source_cmd()
+ au! SourcePre
+ au! SourcePost
+ endfunc
++
++func Test_source_sandbox()
++ new
++ call writefile(["Ohello\<Esc>"], 'Xsourcehello')
++ source! Xsourcehello | echo
++ call assert_equal('hello', getline(1))
++ call assert_fails('sandbox source! Xsourcehello', 'E48:')
++ bwipe!
++endfunc
+diff --git a/src/version.c b/src/version.c
+index a49f6fb..e4f74be 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -780,6 +780,8 @@ static char *(features[]) =
+ static int included_patches[] =
+ { /* Add new patch number below this line */
+ /**/
++ 1365,
++/**/
+ 1017,
+ /**/
+ 1016,
diff --git a/meta/recipes-support/vim/vim_8.1.1017.bb b/meta/recipes-support/vim/vim_8.1.1017.bb
index 7627d28..e161e12 100644
--- a/meta/recipes-support/vim/vim_8.1.1017.bb
+++ b/meta/recipes-support/vim/vim_8.1.1017.bb
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/vim/vim.git \
file://disable_acl_header_check.patch;patchdir=.. \
file://vim-add-knob-whether-elf.h-are-checked.patch;patchdir=.. \
file://0001-src-Makefile-improve-reproducibility.patch;patchdir=.. \
+ file://CVE-2019-12735.patch;patchdir=.. \
"
SRCREV = "493fbe4abee660d30b4f2aef87b754b0a720213c"
--
2.7.4
More information about the Openembedded-core
mailing list