[CVS] OpenPKG: OPENPKG_1_0_SOLID: openpkg-src/vim/ vim.patch vim.spec

Mon, 20 Jan 2003 09:24:02 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   20-Jan-2003 18:24:19
  Branch: OPENPKG_1_0_SOLID                Handle: 2003012017241900

  Added files:              (Branch: OPENPKG_1_0_SOLID)
    openpkg-src/vim         vim.patch
  Modified files:           (Branch: OPENPKG_1_0_SOLID)
    openpkg-src/vim         vim.spec

  Log:
    apply backported security fix for CAN-2002-1377

  Summary:
    Revision    Changes     Path
    1.1.2.1     +123 -0     openpkg-src/vim/vim.patch
    1.24.2.4    +3  -1      openpkg-src/vim/vim.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/vim/vim.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1.2.1 vim.patch
  --- /dev/null 2003-01-20 18:24:19.000000000 +0100
  +++ vim.patch 2003-01-20 18:24:19.000000000 +0100
  @@ -0,0 +1,123 @@
  +--- src/eval.c.orig  Mon Jan 20 16:03:00 2003
  ++++ src/eval.c       Mon Jan 20 16:23:44 2003
  +@@ -3178,6 +3178,9 @@
  +     else
  +     retvar->var_val.var_string = NULL;
  + 
  ++    if (check_restricted() || check_secure())
  ++    return;
  ++
  + #ifdef FEAT_LIBCALL
  +     /* The first two args must be strings, otherwise its meaningless */
  +     if (argvars[0].var_type == VAR_STRING && argvars[1].var_type == VAR_STRING)
  +@@ -3210,7 +3213,10 @@
  +     VAR             argvars;
  +     VAR             retvar;
  + {
  +-    retvar->var_val.var_number = mch_remove(get_var_string(&argvars[0]));
  ++    if (check_restricted() || check_secure())
  ++    retvar->var_val.var_number = -1;
  ++    else
  ++    retvar->var_val.var_number = mch_remove(get_var_string(&argvars[0]));
  + }
  + 
  + /*
  +@@ -4417,7 +4423,12 @@
  +     int             histype;
  +     char_u  *str;
  +     char_u  buf[NUMBUFLEN];
  ++#endif
  + 
  ++    retvar->var_val.var_number = FALSE;
  ++    if (check_restricted() || check_secure())
  ++    return;
  ++#ifdef FEAT_CMDHIST
  +     histype = get_histtype(get_var_string(&argvars[0]));
  +     if (histype >= 0)
  +     {
  +@@ -4430,7 +4441,6 @@
  +     }
  +     }
  + #endif
  +-    retvar->var_val.var_number = FALSE;
  + }
  + 
  + /*
  +@@ -5050,7 +5060,10 @@
  + {
  +     char_u  buf[NUMBUFLEN];
  + 
  +-    retvar->var_val.var_number = vim_rename(get_var_string(&argvars[0]),
  ++    if (check_restricted() || check_secure())
  ++    retvar->var_val.var_number = -1;
  ++    else
  ++    retvar->var_val.var_number = vim_rename(get_var_string(&argvars[0]),
  +                                     get_var_string_buf(&argvars[1], buf));
  + }
  + 
  +@@ -5330,6 +5343,8 @@
  +     VAR             varp;
  +     char_u  nbuf[NUMBUFLEN];
  + 
  ++    if (check_restricted() || check_secure())
  ++    return;
  +     ++emsg_off;
  +     buf = get_buf_var(&argvars[0]);
  +     varname = get_var_string(&argvars[1]);
  +@@ -5416,6 +5431,8 @@
  +     VAR             varp;
  +     char_u  nbuf[NUMBUFLEN];
  + 
  ++    if (check_restricted() || check_secure())
  ++    return;
  +     ++emsg_off;
  +     win = find_win_by_nr(&argvars[0]);
  +     varname = get_var_string(&argvars[1]);
  +@@ -5548,6 +5565,11 @@
  +     var             v;
  +     char_u  *s;
  + 
  ++    if (check_restricted() || check_secure())
  ++    {
  ++    retvar->var_val.var_number = -1;
  ++    return;
  ++    }
  + # ifdef WIN32
  +     int             n = 0;
  + 
  +@@ -5588,6 +5610,8 @@
  +     char_u  *r = NULL;
  + 
  + #ifdef FEAT_CLIENTSERVER
  ++    if (!check_restricted() && !check_secure())
  ++    {
  + # ifdef WIN32
  +     /* The server's HWND is encoded in the 'id' parameter */
  +     int             n = 0;
  +@@ -5602,6 +5626,7 @@
  +               serverStrToWin(get_var_string(&argvars[0])), &r, FALSE) < 0)
  + # endif
  +     EMSG(_("E277: Unable to read a server reply"));
  ++    }
  + #endif
  +     retvar->var_type = VAR_STRING;
  +     retvar->var_val.var_string = r;
  +@@ -5619,6 +5644,8 @@
  +     char_u  *reply = get_var_string_buf(&argvars[1], buf);
  + 
  +     retvar->var_val.var_number = -1;
  ++    if (check_restricted() || check_secure())
  ++    return;
  + # ifndef WIN32
  +     if (!check_connection())
  +     return;
  +@@ -5653,6 +5680,9 @@
  + # else
  +     Window  w;
  + # endif
  ++
  ++    if (check_restricted() || check_secure())
  ++    return;
  + 
  + # ifdef FEAT_X11
  +     if (!check_connection())
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/vim/vim.spec
  ============================================================================
  $ cvs diff -u -r1.24.2.3 -r1.24.2.4 vim.spec
  --- openpkg-src/vim/vim.spec  20 Dec 2001 08:38:58 -0000      1.24.2.3
  +++ openpkg-src/vim/vim.spec  20 Jan 2003 17:24:19 -0000      1.24.2.4
  @@ -37,7 +37,7 @@
   Group:        Editor
   License:      Charityware
   Version:      %{V_vl}.%{V_pl}
  -Release:      1.0.1
  +Release:      1.0.2
   
   #   list of sources
   Source0:      ftp://ftp.vim.org/pub/vim/unix/vim-%{V_vl}-src1.tar.gz
  @@ -138,6 +138,7 @@
   Patch90:      ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.091
   Patch91:      ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.092
   Patch92:      ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.093
  +Patch93:      vim.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -254,6 +255,7 @@
       %patch90 -p0
       %patch91 -p0
       #%patch92 -p0
  +    %patch93 -p0
       #   prevent execution of autoconf
       touch src/auto/configure
   
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to