OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 20-Jan-2003 18:25:35
Branch: OPENPKG_1_1_SOLID Handle: 2003012017253400
Added files: (Branch: OPENPKG_1_1_SOLID)
openpkg-src/vim vim.patch
Modified files: (Branch: OPENPKG_1_1_SOLID)
openpkg-src/vim vim.spec
Log:
apply backported security fix for CAN-2002-1377
Summary:
Revision Changes Path
1.1.4.1 +123 -0 openpkg-src/vim/vim.patch
1.97.2.2 +4 -1 openpkg-src/vim/vim.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/vim/vim.patch
============================================================================
$ cvs diff -u -r0 -r1.1.4.1 vim.patch
--- /dev/null 2003-01-20 18:25:34.000000000 +0100
+++ vim.patch 2003-01-20 18:25:34.000000000 +0100
@@ -0,0 +1,123 @@
+--- src/eval.c.orig Tue Mar 12 17:59:58 2002
++++ src/eval.c Mon Jan 20 16:20:46 2003
+@@ -3280,6 +3280,9 @@
+ else
+ retvar->var_val.var_string = NULL;
+
++ if (check_restricted() || check_secure())
++ return;
++
+ #ifdef FEAT_LIBCALL
+ /* The first two args must be strings, otherwise its meaningless */
+ if (argvars[0].var_type == VAR_STRING && argvars[1].var_type == VAR_STRING)
+@@ -3312,7 +3315,10 @@
+ VAR argvars;
+ VAR retvar;
+ {
+- retvar->var_val.var_number = mch_remove(get_var_string(&argvars[0]));
++ if (check_restricted() || check_secure())
++ retvar->var_val.var_number = -1;
++ else
++ retvar->var_val.var_number = mch_remove(get_var_string(&argvars[0]));
+ }
+
+ /*
+@@ -4521,7 +4527,12 @@
+ int histype;
+ char_u *str;
+ char_u buf[NUMBUFLEN];
++#endif
+
++ retvar->var_val.var_number = FALSE;
++ if (check_restricted() || check_secure())
++ return;
++#ifdef FEAT_CMDHIST
+ histype = get_histtype(get_var_string(&argvars[0]));
+ if (histype >= 0)
+ {
+@@ -4534,7 +4545,6 @@
+ }
+ }
+ #endif
+- retvar->var_val.var_number = FALSE;
+ }
+
+ /*
+@@ -5162,7 +5172,10 @@
+ {
+ char_u buf[NUMBUFLEN];
+
+- retvar->var_val.var_number = vim_rename(get_var_string(&argvars[0]),
++ if (check_restricted() || check_secure())
++ retvar->var_val.var_number = -1;
++ else
++ retvar->var_val.var_number = vim_rename(get_var_string(&argvars[0]),
+ get_var_string_buf(&argvars[1], buf));
+ }
+
+@@ -5442,6 +5455,8 @@
+ VAR varp;
+ char_u nbuf[NUMBUFLEN];
+
++ if (check_restricted() || check_secure())
++ return;
+ ++emsg_off;
+ buf = get_buf_var(&argvars[0]);
+ varname = get_var_string(&argvars[1]);
+@@ -5528,6 +5543,8 @@
+ VAR varp;
+ char_u nbuf[NUMBUFLEN];
+
++ if (check_restricted() || check_secure())
++ return;
+ ++emsg_off;
+ win = find_win_by_nr(&argvars[0]);
+ varname = get_var_string(&argvars[1]);
+@@ -5660,6 +5677,11 @@
+ var v;
+ char_u *s;
+
++ if (check_restricted() || check_secure())
++ {
++ retvar->var_val.var_number = -1;
++ return;
++ }
+ # ifdef WIN32
+ int n = 0;
+
+@@ -5700,6 +5722,8 @@
+ char_u *r = NULL;
+
+ #ifdef FEAT_CLIENTSERVER
++ if (!check_restricted() && !check_secure())
++ {
+ # ifdef WIN32
+ /* The server's HWND is encoded in the 'id' parameter */
+ int n = 0;
+@@ -5714,6 +5738,7 @@
+ serverStrToWin(get_var_string(&argvars[0])), &r, FALSE) < 0)
+ # endif
+ EMSG(_("E277: Unable to read a server reply"));
++ }
+ #endif
+ retvar->var_type = VAR_STRING;
+ retvar->var_val.var_string = r;
+@@ -5731,6 +5756,8 @@
+ char_u *reply = get_var_string_buf(&argvars[1], buf);
+
+ retvar->var_val.var_number = -1;
++ if (check_restricted() || check_secure())
++ return;
+ # ifndef WIN32
+ if (check_connection() == FAIL)
+ return;
+@@ -5765,6 +5792,9 @@
+ # else
+ Window w;
+ # endif
++
++ if (check_restricted() || check_secure())
++ return;
+
+ # ifdef FEAT_X11
+ if (check_connection() == FAIL)
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/vim/vim.spec
============================================================================
$ cvs diff -u -r1.97.2.1 -r1.97.2.2 vim.spec
--- openpkg-src/vim/vim.spec 26 Aug 2002 19:55:30 -0000 1.97.2.1
+++ openpkg-src/vim/vim.spec 20 Jan 2003 17:25:34 -0000 1.97.2.2
@@ -43,7 +43,7 @@
Group: Editor
License: Charityware
Version: %{V_vl}.%{V_pl}
-Release: 1.1.0
+Release: 1.1.1
# list of sources
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{V_vl}-src1.tar.gz
@@ -117,6 +117,7 @@
Patch163: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.163
Patch164: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.164
Patch165: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.165
+Patch166: vim.patch
# build information
Prefix: %{l_prefix}
@@ -154,6 +155,8 @@
%{l_patch} -p0 -E -t -s >/dev/null 2>&1 || true
i=`expr $i + 1`
done
+ cd vim%{V_vs}
+ %patch166 -p0
%build
( cd vim%{V_vs}/src
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
