r980 - in /trunk/packages/vim: debian/changelog debian/rules debian/runtime/debian.vim.in patches/series patches/spell.c_getc-eof.diff
jamessan at users.alioth.debian.org
jamessan at users.alioth.debian.org
Sat Jun 30 17:08:52 UTC 2007
Author: jamessan
Date: Sat Jun 30 17:08:51 2007
New Revision: 980
URL: http://svn.debian.org/wsvn/pkg-vim/?sc=1&rev=980
Log:
* debian/rules
- Update the extract and clean targets to not fail if quilt exits with
$? == 2. Also, remove the .pc directory in the clean target.
- Remove preinst from the list of per-variant files
* Add spell.c_getc-eof.diff, which causes Vim to stop reading a truncated
spellfile when it reaches EOF.
* debian/runtime/debian.vim.in
- set 'nomodeline' by default since modelines have historically been a
source of security/resource vulnerabilities. Users should have to
explicitly enable the option to assume the associated risks.
Added:
trunk/packages/vim/patches/spell.c_getc-eof.diff
Modified:
trunk/packages/vim/debian/changelog
trunk/packages/vim/debian/rules
trunk/packages/vim/debian/runtime/debian.vim.in
trunk/packages/vim/patches/series
Modified: trunk/packages/vim/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim/debian/changelog?rev=980&op=diff
==============================================================================
--- trunk/packages/vim/debian/changelog (original)
+++ trunk/packages/vim/debian/changelog Sat Jun 30 17:08:51 2007
@@ -21,6 +21,16 @@
* debian/control
- Clarify the package description for the vim package to indicate it does
not provide a GUI version of Vim.
+ * debian/rules
+ - Update the extract and clean targets to not fail if quilt exits with
+ $? == 2. Also, remove the .pc directory in the clean target.
+ - Remove preinst from the list of per-variant files
+ * Add spell.c_getc-eof.diff, which causes Vim to stop reading a truncated
+ spellfile when it reaches EOF.
+ * debian/runtime/debian.vim.in
+ - set 'nomodeline' by default since modelines have historically been a
+ source of security/resource vulnerabilities. Users should have to
+ explicitly enable the option to assume the associated risks.
[ Stefano Zacchiroli ]
* Add javac_cmdline-vim.diff, which fixes the invocation of the javac
@@ -39,7 +49,7 @@
* Add map.vim-syntax.diff which ships syntax file for UMN map server
(Closes: #355900)
- -- James Vega <jamessan at debian.org> Fri, 29 Jun 2007 10:31:34 -0400
+ -- James Vega <jamessan at debian.org> Sat, 30 Jun 2007 13:08:19 -0400
vim (1:7.1-000+1) unstable; urgency=low
Modified: trunk/packages/vim/debian/rules
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim/debian/rules?rev=980&op=diff
==============================================================================
--- trunk/packages/vim/debian/rules (original)
+++ trunk/packages/vim/debian/rules Sat Jun 30 17:08:51 2007
@@ -172,7 +172,7 @@
LANG_TARBALL=$(NAME)-$(VERSION)$(SNAPSHOT)-lang.tar.gz
EXTRA_TARBALL=$(NAME)-$(VERSION)$(SNAPSHOT)-extra.tar.gz
SOURCES = $(MAIN_TARBALL) $(LANG_TARBALL) $(EXTRA_TARBALL)
-PER_VARIANT_FILES = install postinst prerm links preinst
+PER_VARIANT_FILES = install postinst prerm links
LANGS += fr fr.ISO8859-1 fr.UTF-8
LANGS += it it.ISO8859-1 it.UTF-8
LANGS += pl pl.ISO8859-2 pl.UTF-8
@@ -199,7 +199,7 @@
echo "applying upstream patch: $$f" ;\
cat upstream/patches/$$f | patch -s -d$(SRCDIR) -p0 ;\
done
- quilt push -a
+ quilt push -a || test $$? = 2
touch $@
extract-stamp-%.bz2:
@@ -219,7 +219,8 @@
dh_testroot
rm -f extract-stamp* build-stamp* install-stamp*
rm -f debian/helpztags.1
- - quilt pop -a
+ quilt pop -a || test $$? = 2
+ rm -rf .pc
rm -rf $(SRCDIR)
rm -f vim
dh_clean
Modified: trunk/packages/vim/debian/runtime/debian.vim.in
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim/debian/runtime/debian.vim.in?rev=980&op=diff
==============================================================================
--- trunk/packages/vim/debian/runtime/debian.vim.in (original)
+++ trunk/packages/vim/debian/runtime/debian.vim.in Sat Jun 30 17:08:51 2007
@@ -15,6 +15,10 @@
" set linebreak " Don't wrap words by default
set history=50 " keep 50 lines of command line history
set ruler " show the cursor position all the time
+
+ " modelines have historically been a source of security/resource
+ " vulnerabilities -- disable by default, even when 'nocompatible' is set
+ set nomodeline
" Suffixes that get lower priority when doing tab completion for filenames.
" These are files we are not likely to want to edit or read.
Modified: trunk/packages/vim/patches/series
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim/patches/series?rev=980&op=diff
==============================================================================
--- trunk/packages/vim/patches/series (original)
+++ trunk/packages/vim/patches/series Sat Jun 30 17:08:51 2007
@@ -17,3 +17,4 @@
Makefile_no-strip.diff -p0
debchangelog-closes_omni.vim.diff -p0
map.vim-syntax.diff -p0
+spell.c_getc-eof.diff -p0
Added: trunk/packages/vim/patches/spell.c_getc-eof.diff
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim/patches/spell.c_getc-eof.diff?rev=980&op=file
==============================================================================
--- trunk/packages/vim/patches/spell.c_getc-eof.diff (added)
+++ trunk/packages/vim/patches/spell.c_getc-eof.diff Sat Jun 30 17:08:51 2007
@@ -1,0 +1,25 @@
+Index: vim/src/spell.c
+===================================================================
+--- vim/src/spell.c.orig
++++ vim/src/spell.c
+@@ -2954,11 +2954,18 @@
+ str = alloc((unsigned)cnt + 1);
+ if (str != NULL)
+ {
+- /* Read the string. Doesn't check for truncated file. */
+- for (i = 0; i < cnt; ++i)
++ /* Read the string. Check for truncated files. This will prevent us
++ * from using all the memory we're allocated if it isn't necessary --
++ * important for COW memory access such as in Linux. */
++ for (i = 0; i < cnt && !feof(fd); ++i)
+ str[i] = getc(fd);
+ str[i] = NUL;
+ }
++ /* Realloc to how much memory we actually used if we didn't need all the
++ * initial memory alloc asked for. */
++ if (i < cnt) {
++ str = vim_realloc(str, (unsigned)i + 1);
++ }
+ return str;
+ }
+
More information about the pkg-vim-maintainers
mailing list