r249 - in trunk/vim: debian upstream/patches
James Vega
jamessan-guest at costa.debian.org
Wed Jul 20 12:41:24 UTC 2005
Author: jamessan-guest
Date: 2005-07-20 12:41:23 +0000 (Wed, 20 Jul 2005)
New Revision: 249
Added:
trunk/vim/upstream/patches/6.3.081
trunk/vim/upstream/patches/6.3.082
Modified:
trunk/vim/debian/changelog
Log:
Upstream patches 081 and 082
Modified: trunk/vim/debian/changelog
===================================================================
--- trunk/vim/debian/changelog 2005-07-13 13:53:58 UTC (rev 248)
+++ trunk/vim/debian/changelog 2005-07-20 12:41:23 UTC (rev 249)
@@ -1,6 +1,6 @@
vim (1:6.3-080+1) UNRELEASED; urgency=low
- * New upstream patches (079 and 080), see README.gz for details.
+ * New upstream patches (079 and 082), see README.gz for details.
* James Vega <jamessan at jamessan.com>
+ Added patch 129_filetype.vim.diff, which sets the filetype to perl for
@@ -9,7 +9,7 @@
+ Added patch 130_fstab.vim.diff, Added bind as option. (Closes: #308890)
+ Added patch 131_xxd.1.diff, Fixes typo in xxd manpage. (Closes: #311234)
- -- Debian VIM Maintainers <pkg-vim-maintainers at lists.alioth.debian.org> Wed, 6 Jul 2005 22:21:58 +0200
+ -- Debian VIM Maintainers <pkg-vim-maintainers at lists.alioth.debian.org> Wed, 20 Jul 2005 08:39:51 -0400
vim (1:6.3-078+1) unstable; urgency=low
Added: trunk/vim/upstream/patches/6.3.081
===================================================================
--- trunk/vim/upstream/patches/6.3.081 2005-07-13 13:53:58 UTC (rev 248)
+++ trunk/vim/upstream/patches/6.3.081 2005-07-20 12:41:23 UTC (rev 249)
@@ -0,0 +1,57 @@
+To: vim-dev at vim.org
+Subject: Patch 6.3.081
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 6.3.081
+Problem: Unix: glob() may execute a shell command when it's not wanted.
+ (Georgi Guninski)
+Solution: Verify the sandbox flag is not set.
+Files: src/os_unix.c
+
+
+*** ../vim-6.3.080/src/os_unix.c Sat Jan 29 16:14:42 2005
+--- src/os_unix.c Tue Jul 19 22:29:34 2005
+***************
+*** 4700,4706 ****
+ /*
+ * Don't allow the use of backticks in secure and restricted mode.
+ */
+! if (secure || restricted)
+ for (i = 0; i < num_pat; ++i)
+ if (vim_strchr(pat[i], '`') != NULL
+ && (check_restricted() || check_secure()))
+--- 4700,4710 ----
+ /*
+ * Don't allow the use of backticks in secure and restricted mode.
+ */
+! if (secure || restricted
+! # ifdef HAVE_SANDBOX
+! || sandbox != 0
+! # endif
+! )
+ for (i = 0; i < num_pat; ++i)
+ if (vim_strchr(pat[i], '`') != NULL
+ && (check_restricted() || check_secure()))
+*** ../vim-6.3.080/src/version.c Mon Jul 4 12:19:01 2005
+--- src/version.c Tue Jul 19 22:26:32 2005
+***************
+*** 643,644 ****
+--- 643,646 ----
+ { /* Add new patch number below this line */
++ /**/
++ 81,
+ /**/
+
+--
+ With sufficient thrust, pigs fly just fine.
+ -- RFC 1925
+
+ /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net \\\
+/// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\ Project leader for A-A-P -- http://www.A-A-P.org ///
+ \\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html ///
+
Added: trunk/vim/upstream/patches/6.3.082
===================================================================
--- trunk/vim/upstream/patches/6.3.082 2005-07-13 13:53:58 UTC (rev 248)
+++ trunk/vim/upstream/patches/6.3.082 2005-07-20 12:41:23 UTC (rev 249)
@@ -0,0 +1,68 @@
+To: vim-dev at vim.org
+Subject: Patch 6.3.082
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 6.3.082 (after 6.3.081)
+Problem: Unix: expand() may execute a shell command when it's not wanted.
+ (Georgi Guninski)
+Solution: A more generic solution than 6.3.081.
+Files: src/os_unix.c
+
+
+*** ../vim-6.3.081/src/os_unix.c Tue Jul 19 22:31:54 2005
+--- src/os_unix.c Wed Jul 20 10:54:12 2005
+***************
+*** 4697,4710 ****
+ if (!have_wildcard(num_pat, pat))
+ return save_patterns(num_pat, pat, num_file, file);
+
+ /*
+ * Don't allow the use of backticks in secure and restricted mode.
+ */
+! if (secure || restricted
+! # ifdef HAVE_SANDBOX
+! || sandbox != 0
+! # endif
+! )
+ for (i = 0; i < num_pat; ++i)
+ if (vim_strchr(pat[i], '`') != NULL
+ && (check_restricted() || check_secure()))
+--- 4697,4712 ----
+ if (!have_wildcard(num_pat, pat))
+ return save_patterns(num_pat, pat, num_file, file);
+
++ # ifdef HAVE_SANDBOX
++ /* Don't allow any shell command in the sandbox. */
++ if (sandbox != 0 && check_secure())
++ return FAIL;
++ # endif
++
+ /*
+ * Don't allow the use of backticks in secure and restricted mode.
+ */
+! if (secure || restricted)
+ for (i = 0; i < num_pat; ++i)
+ if (vim_strchr(pat[i], '`') != NULL
+ && (check_restricted() || check_secure()))
+*** ../vim-6.3.081/src/version.c Tue Jul 19 22:31:54 2005
+--- src/version.c Wed Jul 20 11:03:50 2005
+***************
+*** 643,644 ****
+--- 643,646 ----
+ { /* Add new patch number below this line */
++ /**/
++ 82,
+ /**/
+
+--
+No letters of the alphabet were harmed in the creation of this message.
+
+ /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net \\\
+/// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\ Project leader for A-A-P -- http://www.A-A-P.org ///
+ \\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html ///
+
More information about the pkg-vim-maintainers
mailing list