[SCM] Vim packaging branch, maint/etch, updated. 3ba3d446924a9eb5e86bfaa4758a71225ce012bb
James Vega
jamessan at debian.org
Fri Feb 6 23:47:58 UTC 2009
The following commit has been merged in the maint/etch branch:
commit 53b4d64290c592e002ac7463d020af9f95185faf
Author: James Vega <jamessan at debian.org>
Date: Tue Feb 3 22:46:46 2009 -0500
Add upstream patches 7.1.299, 7.1.300, and 7.1.305
These address the gzip.vim and filetype.vim vulnerabilities from CVE 2008-2712
Signed-off-by: James Vega <jamessan at debian.org>
diff --git a/debian/changelog b/debian/changelog
index cbad029..110771a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+vim (1:7.0-122+1etch4) UNRELEASED; urgency=high
+
+ * Backport upstream patches and runtime fixes for filename escaping
+ vulnerabilities. (Closes: #486502, CVE 2008-2712)
+ - Add upstream patches 7.1.299, 7.1.300, 7.1.305.
+
+ -- James Vega <jamessan at debian.org> Tue, 03 Feb 2009 22:19:11 -0500
+
vim (1:7.0-122+1etch3) stable-security; urgency=high
* Add upstream patches 7.0.234 and 7.0.235 which fix CVE-2007-2438.
diff --git a/upstream/patches/7.1.299 b/upstream/patches/7.1.299
new file mode 100644
index 0000000..6d3581f
--- /dev/null
+++ b/upstream/patches/7.1.299
@@ -0,0 +1,280 @@
+To: vim-dev at vim.org
+Subject: Patch 7.1.299
+Fcc: outbox
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.1.299
+Problem: Filetype detection doesn't work properly for file names ending in
+ a part that is ignored and contain a space or other special
+ characters.
+Solution: Escape the special characters using the new fnameescape function.
+Files: runtime/doc/eval.txt, runtime/filetype.vim, src/eval.c,
+ src/ex_getln.c, src/proto/ex_getln.pro, src/vim.h
+
+
+*** ../vim-7.1.298/runtime/doc/eval.txt Wed Feb 20 20:09:44 2008
+--- runtime/doc/eval.txt Wed May 28 16:42:42 2008
+***************
+*** 1,4 ****
+! *eval.txt* For Vim version 7.0. Last change: 2006 Sep 22
+
+
+ VIM REFERENCE MANUAL by Bram Moolenaar
+--- 1,4 ----
+! *eval.txt* For Vim version 7.1. Last change: 2008 May 28
+
+
+ VIM REFERENCE MANUAL by Bram Moolenaar
+***************
+*** 1567,1572 ****
+--- 1567,1573 ----
+ String find directory {name} in {path}
+ findfile( {name}[, {path}[, {count}]])
+ String find file {name} in {path}
++ fnameescape( {fname}) String escape special characters in {fname}
+ fnamemodify( {fname}, {mods}) String modify file name
+ foldclosed( {lnum}) Number first line of fold at {lnum} if closed
+ foldclosedend( {lnum}) Number last line of fold at {lnum} if closed
+***************
+*** 2551,2556 ****
+--- 2551,2569 ----
+ exist, or is not writable, the result is 0. If (file) is a
+ directory, and we can write to it, the result is 2.
+
++ fnameescape({string}) *fnameescape()*
++ Escape {string} for use as file name command argument. All
++ characters that have a special meaning, such as '%' and '|'
++ are escaped with a backslash.
++ For most systems the characters escaped are "". For systems
++ where a backslash appears in a filename, it depends on the
++ value of 'isfname'.
++ Example: >
++ :let fname = 'some str%nge|name'
++ :exe "edit " . fnameescape(fname)
++ < results in executing: >
++ edit some\ str\%nge\|name
++
+ fnamemodify({fname}, {mods}) *fnamemodify()*
+ Modify file name {fname} according to {mods}. {mods} is a
+ string of characters like it is used for file names on the
+*** ../vim-7.1.298/runtime/filetype.vim Tue May 15 09:14:33 2007
+--- runtime/filetype.vim Wed May 28 16:39:09 2008
+***************
+*** 16,35 ****
+ augroup filetypedetect
+
+ " Ignored extensions
+ au BufNewFile,BufRead ?\+.orig,?\+.bak,?\+.old,?\+.new,?\+.rpmsave,?\+.rpmnew
+! \ exe "doau filetypedetect BufRead " . expand("<afile>:r")
+ au BufNewFile,BufRead *~
+ \ let s:name = expand("<afile>") |
+ \ let s:short = substitute(s:name, '\~$', '', '') |
+ \ if s:name != s:short && s:short != "" |
+! \ exe "doau filetypedetect BufRead " . s:short |
+ \ endif |
+! \ unlet s:name |
+! \ unlet s:short
+ au BufNewFile,BufRead ?\+.in
+ \ if expand("<afile>:t") != "configure.in" |
+! \ exe "doau filetypedetect BufRead " . expand("<afile>:r") |
+ \ endif
+
+ " Pattern used to match file names which should not be inspected.
+ " Currently finds compressed files.
+--- 16,38 ----
+ augroup filetypedetect
+
+ " Ignored extensions
++ if exists("*fnameescape")
+ au BufNewFile,BufRead ?\+.orig,?\+.bak,?\+.old,?\+.new,?\+.rpmsave,?\+.rpmnew
+! \ exe "doau filetypedetect BufRead " . fnameescape(expand("<afile>:r"))
+ au BufNewFile,BufRead *~
+ \ let s:name = expand("<afile>") |
+ \ let s:short = substitute(s:name, '\~$', '', '') |
+ \ if s:name != s:short && s:short != "" |
+! \ exe "doau filetypedetect BufRead " . fnameescape(s:short) |
+ \ endif |
+! \ unlet s:name s:short
+ au BufNewFile,BufRead ?\+.in
+ \ if expand("<afile>:t") != "configure.in" |
+! \ exe "doau filetypedetect BufRead " . fnameescape(expand("<afile>:r")) |
+ \ endif
++ elseif &verbose > 0
++ echomsg "Warning: some filetypes will not be recognized because this version of Vim does not have fnameescape()"
++ endif
+
+ " Pattern used to match file names which should not be inspected.
+ " Currently finds compressed files.
+*** ../vim-7.1.298/src/eval.c Tue Apr 1 13:10:45 2008
+--- src/eval.c Wed May 28 16:35:51 2008
+***************
+*** 507,512 ****
+--- 516,522 ----
+ static void f_filter __ARGS((typval_T *argvars, typval_T *rettv));
+ static void f_finddir __ARGS((typval_T *argvars, typval_T *rettv));
+ static void f_findfile __ARGS((typval_T *argvars, typval_T *rettv));
++ static void f_fnameescape __ARGS((typval_T *argvars, typval_T *rettv));
+ static void f_fnamemodify __ARGS((typval_T *argvars, typval_T *rettv));
+ static void f_foldclosed __ARGS((typval_T *argvars, typval_T *rettv));
+ static void f_foldclosedend __ARGS((typval_T *argvars, typval_T *rettv));
+***************
+*** 7107,7112 ****
+--- 7437,7443 ----
+ {"filter", 2, 2, f_filter},
+ {"finddir", 1, 3, f_finddir},
+ {"findfile", 1, 3, f_findfile},
++ {"fnameescape", 1, 1, f_fnameescape},
+ {"fnamemodify", 2, 2, f_fnamemodify},
+ {"foldclosed", 1, 1, f_foldclosed},
+ {"foldclosedend", 1, 1, f_foldclosedend},
+***************
+*** 9465,9470 ****
+--- 9804,9822 ----
+ }
+
+ /*
++ * "fnameescape({string})" function
++ */
++ static void
++ f_fnameescape(argvars, rettv)
++ typval_T *argvars;
++ typval_T *rettv;
++ {
++ rettv->vval.v_string = vim_strsave_fnameescape(
++ get_tv_string(&argvars[0]), FALSE);
++ rettv->v_type = VAR_STRING;
++ }
++
++ /*
+ * "fnamemodify({fname}, {mods})" function
+ */
+ static void
+*** ../vim-7.1.298/src/ex_getln.c Tue Jan 22 12:44:03 2008
+--- src/ex_getln.c Mon May 26 22:14:51 2008
+***************
+*** 3656,3677 ****
+ #endif
+ }
+ }
+! #ifdef BACKSLASH_IN_FILENAME
+! {
+! char_u buf[20];
+! int j = 0;
+!
+! /* Don't escape '[' and '{' if they are in 'isfname'. */
+! for (p = PATH_ESC_CHARS; *p != NUL; ++p)
+! if ((*p != '[' && *p != '{') || !vim_isfilec(*p))
+! buf[j++] = *p;
+! buf[j] = NUL;
+! p = vim_strsave_escaped(files[i], buf);
+! }
+! #else
+! p = vim_strsave_escaped(files[i],
+! xp->xp_shell ? SHELL_ESC_CHARS : PATH_ESC_CHARS);
+! #endif
+ if (p != NULL)
+ {
+ vim_free(files[i]);
+--- 3656,3662 ----
+ #endif
+ }
+ }
+! p = vim_strsave_fnameescape(files[i], xp->xp_shell);
+ if (p != NULL)
+ {
+ vim_free(files[i]);
+***************
+*** 3710,3715 ****
+--- 3695,3725 ----
+ }
+
+ /*
++ * Escape special characters in "fname" for when used as a file name argument
++ * after a Vim command, or, when "shell" is non-zero, a shell command.
++ * Returns the result in allocated memory.
++ */
++ char_u *
++ vim_strsave_fnameescape(fname, shell)
++ char_u *fname;
++ int shell;
++ {
++ #ifdef BACKSLASH_IN_FILENAME
++ char_u buf[20];
++ int j = 0;
++
++ /* Don't escape '[' and '{' if they are in 'isfname'. */
++ for (p = PATH_ESC_CHARS; *p != NUL; ++p)
++ if ((*p != '[' && *p != '{') || !vim_isfilec(*p))
++ buf[j++] = *p;
++ buf[j] = NUL;
++ return vim_strsave_escaped(fname, buf);
++ #else
++ return vim_strsave_escaped(fname, shell ? SHELL_ESC_CHARS : PATH_ESC_CHARS);
++ #endif
++ }
++
++ /*
+ * Put a backslash before the file name in "pp", which is in allocated memory.
+ */
+ static void
+*** ../vim-7.1.298/src/proto/ex_getln.pro Sat May 5 19:24:48 2007
+--- src/proto/ex_getln.pro Mon May 26 22:14:41 2008
+***************
+*** 24,29 ****
+--- 24,30 ----
+ extern void ExpandInit __ARGS((expand_T *xp));
+ extern void ExpandCleanup __ARGS((expand_T *xp));
+ extern void ExpandEscape __ARGS((expand_T *xp, char_u *str, int numfiles, char_u **files, int options));
++ extern char_u *vim_strsave_fnameescape __ARGS((char_u *fname, int shell));
+ extern void tilde_replace __ARGS((char_u *orig_pat, int num_files, char_u **files));
+ extern char_u *sm_gettail __ARGS((char_u *s));
+ extern char_u *addstar __ARGS((char_u *fname, int len, int context));
+*** ../vim-7.1.298/src/vim.h Sun Mar 16 16:02:47 2008
+--- src/vim.h Wed May 28 16:37:50 2008
+***************
+*** 336,345 ****
+ # endif
+ #endif
+ #ifdef BACKSLASH_IN_FILENAME
+! # define PATH_ESC_CHARS ((char_u *)" \t*?[{`%#")
+ #else
+! # define PATH_ESC_CHARS ((char_u *)" \t*?[{`$\\%#'\"|")
+! # define SHELL_ESC_CHARS ((char_u *)" \t*?[{`$\\%#'\"|<>();&!")
+ #endif
+
+ #define NUMBUFLEN 30 /* length of a buffer to store a number in ASCII */
+--- 336,345 ----
+ # endif
+ #endif
+ #ifdef BACKSLASH_IN_FILENAME
+! # define PATH_ESC_CHARS ((char_u *)" \t\n*?[{`%#'\"|!<")
+ #else
+! # define PATH_ESC_CHARS ((char_u *)" \t\n*?[{`$\\%#'\"|!<")
+! # define SHELL_ESC_CHARS ((char_u *)" \t\n*?[{`$\\%#'\"|!<>();&")
+ #endif
+
+ #define NUMBUFLEN 30 /* length of a buffer to store a number in ASCII */
+*** ../vim-7.1.298/src/version.c Sat May 10 21:37:56 2008
+--- src/version.c Wed May 28 16:40:11 2008
+***************
+*** 668,669 ****
+--- 673,676 ----
+ { /* Add new patch number below this line */
++ /**/
++ 299,
+ /**/
+
+--
+FIRST SOLDIER: So they wouldn't be able to bring a coconut back anyway.
+SECOND SOLDIER: Wait a minute! Suppose two swallows carried it together?
+FIRST SOLDIER: No, they'd have to have it on a line.
+ "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
+
+ /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net \\\
+/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\ download, build and distribute -- http://www.A-A-P.org ///
+ \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
diff --git a/upstream/patches/7.1.300 b/upstream/patches/7.1.300
new file mode 100644
index 0000000..630649d
--- /dev/null
+++ b/upstream/patches/7.1.300
@@ -0,0 +1,52 @@
+To: vim-dev at vim.org
+Subject: Patch 7.1.300
+Fcc: outbox
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.1.300
+Problem: Value of asmsyntax argument isn't checked for valid characters.
+Solution: Only accepts letters and digits.
+Files: runtime/filetype.vim
+
+
+*** ../vim-7.1.299/runtime/filetype.vim Wed May 28 16:48:00 2008
+--- runtime/filetype.vim Wed May 28 17:11:37 2008
+***************
+*** 190,196 ****
+ let head = " ".getline(1)." ".getline(2)." ".getline(3)." ".getline(4).
+ \" ".getline(5)." "
+ if head =~ '\sasmsyntax=\S\+\s'
+! let b:asmsyntax = substitute(head, '.*\sasmsyntax=\(\S\+\)\s.*','\1', "")
+ elseif ((head =~? '\.title') || (head =~? '\.ident') || (head =~? '\.macro') || (head =~? '\.subtitle') || (head =~? '\.library'))
+ let b:asmsyntax = "vmasm"
+ endif
+--- 190,196 ----
+ let head = " ".getline(1)." ".getline(2)." ".getline(3)." ".getline(4).
+ \" ".getline(5)." "
+ if head =~ '\sasmsyntax=\S\+\s'
+! let b:asmsyntax = substitute(head, '.*\sasmsyntax=\([a-zA-Z0-9]\+\)\s.*','\1', "")
+ elseif ((head =~? '\.title') || (head =~? '\.ident') || (head =~? '\.macro') || (head =~? '\.subtitle') || (head =~? '\.library'))
+ let b:asmsyntax = "vmasm"
+ endif
+*** ../vim-7.1.299/src/version.c Wed May 28 16:48:01 2008
+--- src/version.c Wed May 28 17:28:05 2008
+***************
+*** 668,669 ****
+--- 673,676 ----
+ { /* Add new patch number below this line */
++ /**/
++ 300,
+ /**/
+
+--
+If you don't get everything you want, think of
+everything you didn't get and don't want.
+
+ /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net \\\
+/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\ download, build and distribute -- http://www.A-A-P.org ///
+ \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
diff --git a/upstream/patches/7.1.305 b/upstream/patches/7.1.305
new file mode 100644
index 0000000..8e52fee
--- /dev/null
+++ b/upstream/patches/7.1.305
@@ -0,0 +1,155 @@
+To: vim-dev at vim.org
+Subject: Patch 7.1.305
+Fcc: outbox
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.1.305
+Problem: Editing a compressed file with special characters in the name
+ doesn't work properly.
+Solution: Escape special characters.
+Files: runtime/autoload/gzip.vim
+
+
+*** ../vim-7.1.304/runtime/autoload/gzip.vim Thu May 10 18:54:26 2007
+--- runtime/autoload/gzip.vim Thu May 29 22:30:59 2008
+***************
+*** 1,6 ****
+ " Vim autoload file for editing compressed files.
+ " Maintainer: Bram Moolenaar <Bram at vim.org>
+! " Last Change: 2006 Oct 03
+
+ " These functions are used by the gzip plugin.
+
+--- 1,6 ----
+ " Vim autoload file for editing compressed files.
+ " Maintainer: Bram Moolenaar <Bram at vim.org>
+! " Last Change: 2008 May 29
+
+ " These functions are used by the gzip plugin.
+
+***************
+*** 73,80 ****
+ let empty = line("'[") == 1 && line("']") == line("$")
+ let tmp = tempname()
+ let tmpe = tmp . "." . expand("<afile>:e")
+ " write the just read lines to a temp file "'[,']w tmp.gz"
+! execute "silent '[,']w " . escape(tmpe, ' ')
+ " uncompress the temp file: call system("gzip -dn tmp.gz")
+ call system(a:cmd . " " . s:escape(tmpe))
+ if !filereadable(tmp)
+--- 73,87 ----
+ let empty = line("'[") == 1 && line("']") == line("$")
+ let tmp = tempname()
+ let tmpe = tmp . "." . expand("<afile>:e")
++ if exists('*fnameescape')
++ let tmp_esc = fnameescape(tmp)
++ let tmpe_esc = fnameescape(tmpe)
++ else
++ let tmp_esc = escape(tmp, ' ')
++ let tmpe_esc = escape(tmpe, ' ')
++ endif
+ " write the just read lines to a temp file "'[,']w tmp.gz"
+! execute "silent '[,']w " . tmpe_esc
+ " uncompress the temp file: call system("gzip -dn tmp.gz")
+ call system(a:cmd . " " . s:escape(tmpe))
+ if !filereadable(tmp)
+***************
+*** 95,106 ****
+ setlocal nobin
+ if exists(":lockmarks")
+ if empty
+! execute "silent lockmarks " . l . "r ++edit " . tmp
+ else
+! execute "silent lockmarks " . l . "r " . tmp
+ endif
+ else
+! execute "silent " . l . "r " . tmp
+ endif
+
+ " if buffer became empty, delete trailing blank line
+--- 102,113 ----
+ setlocal nobin
+ if exists(":lockmarks")
+ if empty
+! execute "silent lockmarks " . l . "r ++edit " . tmp_esc
+ else
+! execute "silent lockmarks " . l . "r " . tmp_esc
+ endif
+ else
+! execute "silent " . l . "r " . tmp_esc
+ endif
+
+ " if buffer became empty, delete trailing blank line
+***************
+*** 110,117 ****
+ endif
+ " delete the temp file and the used buffers
+ call delete(tmp)
+! silent! exe "bwipe " . tmp
+! silent! exe "bwipe " . tmpe
+ let &pm = pm_save
+ let &cpo = cpo_save
+ let &l:ma = ma_save
+--- 117,124 ----
+ endif
+ " delete the temp file and the used buffers
+ call delete(tmp)
+! silent! exe "bwipe " . tmp_esc
+! silent! exe "bwipe " . tmpe_esc
+ let &pm = pm_save
+ let &cpo = cpo_save
+ let &l:ma = ma_save
+***************
+*** 124,133 ****
+ let &l:ma = ma_save
+ " When uncompressed the whole buffer, do autocommands
+ if empty
+ if &verbose >= 8
+! execute "doau BufReadPost " . expand("%:r")
+ else
+! execute "silent! doau BufReadPost " . expand("%:r")
+ endif
+ endif
+ endfun
+--- 131,145 ----
+ let &l:ma = ma_save
+ " When uncompressed the whole buffer, do autocommands
+ if empty
++ if exists('*fnameescape')
++ let fname = fnameescape(expand("%:r"))
++ else
++ let fname = escape(expand("%:r"), " \t\n*?[{`$\\%#'\"|!<")
++ endif
+ if &verbose >= 8
+! execute "doau BufReadPost " . fname
+ else
+! execute "silent! doau BufReadPost " . fname
+ endif
+ endif
+ endfun
+*** ../vim-7.1.304/src/version.c Thu May 29 21:46:10 2008
+--- src/version.c Thu May 29 22:33:11 2008
+***************
+*** 668,669 ****
+--- 673,676 ----
+ { /* Add new patch number below this line */
++ /**/
++ 305,
+ /**/
+
+--
+OLD WOMAN: Well, how did you become king, then?
+ARTHUR: The Lady of the Lake, her arm clad in the purest shimmering samite,
+ held Excalibur aloft from the bosom of the water to signify by Divine
+ Providence ... that I, Arthur, was to carry Excalibur ... That is
+ why I am your king!
+ "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
+
+ /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net \\\
+/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\ download, build and distribute -- http://www.A-A-P.org ///
+ \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
Vim packaging
More information about the pkg-vim-maintainers
mailing list