r1016 - in /branches/packages/vim/etch: debian/README debian/changelog debian/rules upstream/patches/7.0.234 upstream/patches/7.0.235 upstream/patches/7.1.039
jamessan at users.alioth.debian.org
jamessan at users.alioth.debian.org
Sat Sep 1 22:01:59 UTC 2007
Author: jamessan
Date: Sat Sep 1 22:01:59 2007
New Revision: 1016
URL: http://svn.debian.org/wsvn/pkg-vim/?sc=1&rev=1016
Log:
Add upstream patches 7.1.039, 7.0.234, and 7.0.235 to fix CVEs 2007-2438 and 2007-2953. Stable security update.
Added:
branches/packages/vim/etch/upstream/patches/7.0.234
branches/packages/vim/etch/upstream/patches/7.0.235
branches/packages/vim/etch/upstream/patches/7.1.039
Modified:
branches/packages/vim/etch/debian/README
branches/packages/vim/etch/debian/changelog
branches/packages/vim/etch/debian/rules
Modified: branches/packages/vim/etch/debian/README
URL: http://svn.debian.org/wsvn/pkg-vim/branches/packages/vim/etch/debian/README?rev=1016&op=diff
==============================================================================
--- branches/packages/vim/etch/debian/README (original)
+++ branches/packages/vim/etch/debian/README Sat Sep 1 22:01:59 2007
@@ -123,7 +123,7 @@
2561 7.0.096 taglist() does not use path of tags file
2617 7.0.097 tab pages line was not updated for ":tabclose N"
2196 7.0.098 redirection didn't work inside cmdline completion
- 2189 7.0.099 GUI: scrolling causes problems for the popup menu
+ 2189 7.0.099 GUI: scrolling causes problems for the popup menu
2086 7.0.100 "zug" may report the wrong filename
2732 7.0.101 "zw" mostly doesn't work; "zg" may create wrong directory
1634 7.0.102 redraw problem in cmdline when using SCIM
@@ -147,3 +147,6 @@
1780 7.0.120 crash when using getreg('=') in the = register
1549 7.0.121 GUI: dragging last status line doesn't work with text tabline
2865 7.0.122 only half of double-wide bold character may be drawn
+ 1723 7.0.234 feedkeys() may be invoked from a modeline
+ 2299 7.0.235 writefile() may be invoked from a modeline
+ 1750 7.1.039 weird help-tags tag in docs file may make cause a crash
Modified: branches/packages/vim/etch/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-vim/branches/packages/vim/etch/debian/changelog?rev=1016&op=diff
==============================================================================
--- branches/packages/vim/etch/debian/changelog (original)
+++ branches/packages/vim/etch/debian/changelog Sat Sep 1 22:01:59 2007
@@ -1,3 +1,11 @@
+vim (1:7.0-122+1etch3) stable-security; urgency=high
+
+ * Add upstream patches 7.0.234 and 7.0.235 which fix CVE-2007-2438.
+ (Closes: #435401)
+ * Add upstream patch 7.1.039 which fixes CVE-2007-2953. (Closes: #438593)
+
+ -- James Vega <jamessan at debian.org> Fri, 17 Aug 2007 22:46:28 -0400
+
vim (1:7.0-122+1etch2) testing-proposed-updates; urgency=low
* Fix the file test for deciding whether we need to remove alternatives to
Modified: branches/packages/vim/etch/debian/rules
URL: http://svn.debian.org/wsvn/pkg-vim/branches/packages/vim/etch/debian/rules?rev=1016&op=diff
==============================================================================
--- branches/packages/vim/etch/debian/rules (original)
+++ branches/packages/vim/etch/debian/rules Sat Sep 1 22:01:59 2007
@@ -221,7 +221,8 @@
if [ ! -L vim -o "`readlink vim`" != "$(VIMCUR)" ]; then \
ln -fs $(SRCDIR) vim; \
fi
- @for f in `find upstream/patches -type f -name '$(VERSION).*' -printf "%P\n" | grep -v .svn | sort -n` ; do\
+ # Add 7.1 patches for upstream's fix for CVE-2007-2953
+ @for f in `find upstream/patches -type f -name '$(VERSION).*' -printf "%P\n" -o -type f -name "7.1.*" -printf "%P\n" | grep -v .svn | sort -n` ; do\
echo "applying upstream patch: $$f" ;\
cat upstream/patches/$$f | patch -s -d$(SRCDIR) -p0 ;\
done
Added: branches/packages/vim/etch/upstream/patches/7.0.234
URL: http://svn.debian.org/wsvn/pkg-vim/branches/packages/vim/etch/upstream/patches/7.0.234?rev=1016&op=file
==============================================================================
--- branches/packages/vim/etch/upstream/patches/7.0.234 (added)
+++ branches/packages/vim/etch/upstream/patches/7.0.234 Sat Sep 1 22:01:59 2007
@@ -1,0 +1,53 @@
+To: vim-dev at vim.org
+Subject: patch 7.0.234
+Fcc: outbox
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.0.234
+Problem: It's possible to use feedkeys() from a modeline. That is a
+ security issue, can be used for a trojan horse.
+Solution: Disallow using feedkeys() in the sandbox.
+Files: src/eval.c
+
+
+*** ../vim-7.0.233/src/eval.c Thu Apr 26 17:08:16 2007
+--- src/eval.c Fri Apr 27 21:48:18 2007
+***************
+*** 9078,9083 ****
+--- 9078,9089 ----
+ int typed = FALSE;
+ char_u *keys_esc;
+
++ /* This is not allowed in the sandbox. If the commands would still be
++ * executed in the sandbox it would be OK, but it probably happens later,
++ * when "sandbox" is no longer set. */
++ if (check_secure())
++ return;
++
+ rettv->vval.v_number = 0;
+ keys = get_tv_string(&argvars[0]);
+ if (*keys != NUL)
+*** ../vim-7.0.233/src/version.c Thu Apr 26 18:42:17 2007
+--- src/version.c Fri Apr 27 22:13:23 2007
+***************
+*** 668,669 ****
+--- 668,671 ----
+ { /* Add new patch number below this line */
++ /**/
++ 234,
+ /**/
+
+--
+"Making it up? Why should I want to make anything up? Life's bad enough
+as it is without wanting to invent any more of it."
+ -- Marvin, the Paranoid Android in Douglas Adams'
+ "The Hitchhiker's Guide to the Galaxy"
+
+ /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net \\\
+/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\ download, build and distribute -- http://www.A-A-P.org ///
+ \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
Added: branches/packages/vim/etch/upstream/patches/7.0.235
URL: http://svn.debian.org/wsvn/pkg-vim/branches/packages/vim/etch/upstream/patches/7.0.235?rev=1016&op=file
==============================================================================
--- branches/packages/vim/etch/upstream/patches/7.0.235 (added)
+++ branches/packages/vim/etch/upstream/patches/7.0.235 Sat Sep 1 22:01:59 2007
@@ -1,0 +1,71 @@
+To: vim-dev at vim.org
+Subject: patch 7.0.235
+Fcc: outbox
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.0.235
+Problem: It is possible to use writefile() in the sandbox.
+Solution: Add a few more checks for the sandbox.
+Files: src/eval.c
+
+
+*** ../vim-7.0.234/src/eval.c Fri Apr 27 22:17:43 2007
+--- src/eval.c Sat Apr 28 21:36:02 2007
+***************
+*** 15598,15603 ****
+--- 15598,15606 ----
+ int err = FALSE;
+ FILE *fd;
+
++ if (check_restricted() || check_secure())
++ return;
++
+ if (argvars[1].v_type != VAR_UNKNOWN)
+ {
+ /*
+***************
+*** 16430,16435 ****
+--- 16433,16441 ----
+ char_u *s;
+ int ret = 0;
+ int c;
++
++ if (check_restricted() || check_secure())
++ return;
+
+ if (argvars[0].v_type != VAR_LIST)
+ {
+*** ../vim-7.0.234/src/version.c Fri Apr 27 22:17:43 2007
+--- src/version.c Sun Apr 29 13:54:29 2007
+***************
+*** 668,669 ****
+--- 668,671 ----
+ { /* Add new patch number below this line */
++ /**/
++ 235,
+ /**/
+
+--
+Now it is such a bizarrely improbable coincidence that anything as
+mind-bogglingly useful as the Babel fish could have evolved purely by chance
+that some thinkers have chosen to see it as a final and clinching proof of the
+NON-existence of God.
+The argument goes something like this: 'I refuse to prove that I exist,' says
+God, 'for proof denies faith, and without faith I am nothing.'
+'But,' says Man, 'the Babel fish is a dead giveaway, isn't it? It could not
+have evolved by chance. It proves you exist, and so therefore, by your own
+arguments, you don't. QED.'
+'Oh dear,' says God, 'I hadn't thought of that,' and promptly vanishes in a
+puff of logic.
+'Oh, that was easy,' says Man, and for an encore goes on to prove that black
+is white and gets himself killed on the next pedestrian crossing.
+ -- Douglas Adams, "The Hitchhiker's Guide to the Galaxy"
+
+ /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net \\\
+/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\ download, build and distribute -- http://www.A-A-P.org ///
+ \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
Added: branches/packages/vim/etch/upstream/patches/7.1.039
URL: http://svn.debian.org/wsvn/pkg-vim/branches/packages/vim/etch/upstream/patches/7.1.039?rev=1016&op=file
==============================================================================
--- branches/packages/vim/etch/upstream/patches/7.1.039 (added)
+++ branches/packages/vim/etch/upstream/patches/7.1.039 Sat Sep 1 22:01:59 2007
@@ -1,0 +1,57 @@
+To: vim-dev at vim.org
+Subject: patch 7.1.039
+Fcc: outbox
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.1.039
+Problem: A tag in a help file that starts with "help-tags" and contains a
+ percent sign may make Vim crash. (Ulf Harnhammar)
+Solution: Use puts() instead of fprintf().
+Files: src/ex_cmds.c
+
+
+*** ../vim-7.1.038/src/ex_cmds.c Tue Jul 24 11:15:46 2007
+--- src/ex_cmds.c Wed Jul 25 20:06:20 2007
+***************
+*** 6374,6382 ****
+ for (i = 0; i < ga.ga_len; ++i)
+ {
+ s = ((char_u **)ga.ga_data)[i];
+! if (STRNCMP(s, "help-tags", 9) == 0)
+ /* help-tags entry was added in formatted form */
+! fprintf(fd_tags, (char *)s);
+ else
+ {
+ fprintf(fd_tags, "%s\t/*", s);
+--- 6374,6382 ----
+ for (i = 0; i < ga.ga_len; ++i)
+ {
+ s = ((char_u **)ga.ga_data)[i];
+! if (STRNCMP(s, "help-tags\t", 10) == 0)
+ /* help-tags entry was added in formatted form */
+! fputs((char *)s, fd_tags);
+ else
+ {
+ fprintf(fd_tags, "%s\t/*", s);
+*** ../vim-7.1.038/src/version.c Tue Jul 24 15:25:27 2007
+--- src/version.c Wed Jul 25 22:41:18 2007
+***************
+*** 668,669 ****
+--- 668,671 ----
+ { /* Add new patch number below this line */
++ /**/
++ 39,
+ /**/
+
+--
+On the other hand, you have different fingers.
+ -- Steven Wright
+
+ /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net \\\
+/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\ download, build and distribute -- http://www.A-A-P.org ///
+ \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
More information about the pkg-vim-maintainers
mailing list