Re: Commit: patch 9.0.1833: [security] runtime file fixes

2023-09-01 Fir de Conversatie Anton Sharonov 
On Fri, Sep 01, 2023 at 12:00:02AM +0200, Christian Brabandt wrote:
> patch 9.0.1833: [security] runtime file fixes
> 
> Commit: 
> https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c
> Author: Christian Brabandt 
> Date:   Thu Aug 31 23:52:30 2023 +0200
> 
> patch 9.0.1833: [security] runtime file fixes
> 
> Problem:  runtime files may execute code in current dir
> Solution: only execute, if not run from current directory
> 
> The perl, zig and ruby filetype plugins and the zip and gzip autoload
> plugins may try to load malicious executable files from the current
> working directory.  This is especially a problem on windows, where the
> current directory is implicitly in your $PATH and windows may even run a
> file with the extension `.bat` because of $PATHEXT.
> 
> So make sure that we are not trying to execute a file from the current
> directory. If this would be the case, error out (for the zip and gzip)
> plugins or silently do not run those commands (for the ftplugins).
> 
> This assumes, that only the current working directory is bad. For all
> other directories, it is assumed that those directories were
> intentionally set to the $PATH by the user.
> 
> Signed-off-by: Christian Brabandt 
> 

[snip]

> diff --git a/runtime/ftplugin/perl.vim b/runtime/ftplugin/perl.vim
> index d0bdbc0cf..edc7b960f 100644
> --- a/runtime/ftplugin/perl.vim
> +++ b/runtime/ftplugin/perl.vim
> @@ -54,7 +54,8 @@ endif
>  
>  " Set this once, globally.
>  if !exists("perlpath")
> -if executable("perl")
> +" safety check: don't execute perl from current directory
> +if executable("perl") && fnamemodify(exepath("perl"), ":p:h") != getcwd()
>try
>   if &shellxquote != '"'
>   let perlpath = system('perl -e "print join(q/,/,@INC)"')

[snip]

Just to point out to one (probably not so desired?) sideffect:
after this patch my &path do not contain any of the @INC
directories of perl, if vim was started from /usr/bin (where
_real_ perl executable is sitting).

Anton

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/vim_dev/ZPLatTGnSaOGn0I9%40allu5.

Re: Compilation error after patch 9.0.1681 using MinGW64, perl 5.32 on Windows 10

2023-08-12 Fir de Conversatie Anton Sharonov 
On Sat, Aug 12, 2023 at 09:51:52AM -0700, Cesar wrote:
> I'm building vim under Windows 10 using MinGW64 and perl 5.32. After patch 
> 9.0.1681 I'm getting:
> 
> [...]
> if_perl.xs:742:1: error: redefinition of 'Perl_SvTRUE'
>   742 | Perl_SvTRUE(pTHX_ SV *sv) {
>   | ^~~
> In file included from C:/Perl/perl/lib/Core/perl.h:6158,
>  from if_perl.xs:62:
> C:/Perl/perl/lib/Core/inline.h:199:1: note: previous definition of 
> 'Perl_SvTRUE' was here
>   199 | Perl_SvTRUE(pTHX_ SV *sv) {
>   | ^~~
> make: *** [Make_cyg_ming.mak:1306: gobjx86-64/if_perl.o] Error 1
> Error by compiling gvim.exe
> 
> Regards,


most probably @k-takata recent PR is a solution for it, try "Fix
compilation error with Perl 5.32 #12755"

Anton

> 
> --
> Cesar
> 
> -- 
> -- 
> You received this message from the "vim_dev" maillist.
> Do not top-post! Type your reply below the text you are replying to.
> For more information, visit http://www.vim.org/maillist.php
> 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "vim_dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to vim_dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/vim_dev/1200073f-e1f1-4ce0-9042-5b7917b18695n%40googlegroups.com.

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/vim_dev/ZNfA8%2BmPJn9r6jWW%40localhost.

Re: Health update

2022-10-27 Fir de Conversatie Anton Sharonov 
Get well soon, Bram!

Christ van Willegen  schrieb am Do., 27. Okt. 2022,
20:56:

>
>
> Op do 27 okt. 2022 20:55 schreef Bram Moolenaar :
>
>>
>> I am very sorry to report that I have a medical problem.
>>
>
> Beterschap!!
>
> Christ van Willegen
>
>> --
> --
> You received this message from the "vim_dev" maillist.
> Do not top-post! Type your reply below the text you are replying to.
> For more information, visit http://www.vim.org/maillist.php
>
> ---
> You received this message because you are subscribed to the Google Groups
> "vim_dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vim_dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vim_dev/CA%2BOt1Owhf%2B%3DzQfT4FJZi2-bRQhfvdwwPSt4W4uSJos%2BbgXKniA%40mail.gmail.com
> 
> .
>

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/vim_dev/CAMoRF4%3DL4_0WO3Sxh0C%2BOioHgcDw4JMnvdPjL4jiWr7gLpogEg%40mail.gmail.com.

Re: [vim/vim] gtk GUI: Fix Ctrl+[ (Belgian,German keyb. layout) (PR #10658)

2022-07-09 Fir de Conversatie Anton Sharonov 
Hi, Vivian,

Did you made your tests on Linux or on windows, because my patch is only
for unix-like GTK gvim. What does your :version command in gvim reports?

(Windows version of the patch is in pipeline yet 

Vivian De Smedt  schrieb am Sa., 9. Juli 2022,
15:34:

> I have tested release 9.00.35 and build release 9.00.48 and I still have
> the problem.
> I'm afraid the patch doesn't solves the problem and issue should be reopen.
>
> —
> Reply to this email directly, view it on GitHub
> .
> You are receiving this because you are subscribed to this thread.Message
> ID: 
>
> --
> --
> You received this message from the "vim_dev" maillist.
> Do not top-post! Type your reply below the text you are replying to.
> For more information, visit http://www.vim.org/maillist.php
>
> ---
> You received this message because you are subscribed to the Google Groups
> "vim_dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vim_dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vim_dev/vim/vim/pull/10658/c1179546260%40github.com
> 
> .
>

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/vim_dev/CAMoRF4%3DJjD17%3Dv7FOo0PvoB6ypaGi-GH8Ej1KOcLQ5yTYD4czQ%40mail.gmail.com.

Re: [vim/vim] Ctrl-[ don't escape from insert mode (like Esc) on Belgian keyboard (Issue #10454)

2022-07-03 Fir de Conversatie Anton Sharonov 
Hi Vivian

On Wed, Jun 29, 2022 at 10:08:14PM -0700, Vivian De Smedt wrote:
> Thanks! Let me know if I can contribute in any ways.

Just created my first PR https://github.com/vim/vim/pull/10658
 for GTK version which fixes Ctrl+[ for you on linux (i
believe at least, i have just enabled belgian keyboard layout on
my opensuse machine and did some quick tests with it)

Anyway it seems they messed up GTK back-end quite some time ago
already in that respect. Motif back-end (+formerly Athena, now
disappeared - dont know why) still works perfectly but looks
quite ugly - Motif is pretty outdated graphical library as of
today.

For windows part of the problem we need to wait for somebody else
- chances are not so high that I will have similarly big time
slot of spare time to play with mingw compilers on cygwin, and it
seems that checking that on windows will be completely new story
- from scratch again again - seems that every kind of GUI
back-end has subtle differences of obtaining key-codes from
underlying levels of the operating system.

Anyway, it is extremely nice feeling - to know that I am not
alone in PSI who really enjoys using VIM  

With best regards, Anton

> 
> -- 
> Reply to this email directly or view it on GitHub:
> https://github.com/vim/vim/issues/10454#issuecomment-1170768995
> You are receiving this because you are subscribed to this thread.
> 
> Message ID: 
> 
> -- 
> -- 
> You received this message from the "vim_dev" maillist.
> Do not top-post! Type your reply below the text you are replying to.
> For more information, visit http://www.vim.org/maillist.php
> 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "vim_dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to vim_dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/vim_dev/vim/vim/issues/10454/1170768995%40github.com.

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/vim_dev/YsIqngebZYTDe1qN%40DESKTOP-75K4M1M.

Vim patch to complete buffer names case insensitive on Unix

2009-09-25 Fir de Conversatie Anton Sharonov 

This patch is not thought to be included into the mainline VIM
sources (yet). Patch solves my problem, may be it will be useful
for somebody else as well.

I have long time missed in Unix VIM one small feature, which is
available in windows GVIM - "case insensitive buffer names
completion". Therefore this patch.

Description:

Assuming two buffers are opened in VIM

path/to/TMaster.java
path/to/TSlave.java

On windows, :b tma finds TMaster

On Unix, only :b TMa finds, :b tma finds nothing.

Patch enables windows behavior (case insensitive buffer names
completion) on Unix as well.

See also following thread in vim_use mailing list:

http://groups.google.com/group/vim_use/browse_thread/thread/047b0f89bd0fc022/5a919dd6d1f64928?#5a919dd6d1f64928

PS: To make the patch ready for the mainline, case sensitivity on
buffer completion should not be just always "off", it must be
controlled by a new option: for example 'ignorebuffercase'
(analog with 'ignorefilecase' from TODO). Although TODO list
already contains proposal for the similar 'ignorefilecase'
option, in my opinion it is better to made the extra option for
buffer names case sensitivity.

-- 
Anton

*** src/buffer.c.orig   2009-09-25 21:29:04.0 +0200
--- src/buffer.c2009-09-25 21:29:17.0 +0200
***
*** 2271,2277 
  if (name != NULL)
  {
regmatch.regprog = prog;
! #ifdef CASE_INSENSITIVE_FILENAME
regmatch.rm_ic = TRUE;  /* Always ignore case */
  #else
regmatch.rm_ic = FALSE; /* Never ignore case */
--- 2271,2279 
  if (name != NULL)
  {
regmatch.regprog = prog;
! /* always ignore case for :buf buf*name command
!  * completion */
! #if (1)
regmatch.rm_ic = TRUE;  /* Always ignore case */
  #else
regmatch.rm_ic = FALSE; /* Never ignore case */

--~--~-~--~~~---~--~~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: off-topic: How to build git was: Re: help for a git newbie -- no merge candidate found

2009-02-12 Fir de Conversatie Anton Sharonov 

I will rather recommend to build the latest git version from the
tarball available form git web page.

I did so on Open SUSE 10.2, and even on SuSE9.3 recently - it is
very easy, git has surprisingly small dependencies - so you can
avoid all this headaches with upgrading OS, or finding ready
rpm's packages.

-- 
Anton

--~--~-~--~~~---~--~~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: In Windows, :ruby command is not works around socket

2008-12-26 Fir de Conversatie Anton Sharonov 

In case, that subject will not be correctly recognized by mail
clients, I'm trying to continue old thread "In Windows, :ruby
command is not works around socket" [1]:

1 Jul., 04:00 todesking wrote:
> I found a ruby command's bug on Windows VIM.
>
> :ruby require 'open-uri'
> :ruby open('http://google.com/')
>  => SocketError: `initialize': getaddrinfo: non-recoverable
> failure in
> name resolution.
> :ruby open('http://66.249.89.147')
>  => vim dies

I can confirm that bug still persist in recent VIM (7.2, Included
patches: 1-69).

I can confirm as well, that proposed patch fixes that (I have
modified this according Bram's proposal with initialization of
argc = 1 and removing typecasting).

--
Anton

[1] Original thread "In Windows, :ruby command is not works
around socket"

 http://groups.google.com/group/vim_dev/browse_thread/thread/528607752ef92e68

--~--~-~--~~~---~--~~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: VIM for programmers: what is needed ?

2008-11-09 Fir de Conversatie Anton Sharonov 

Have a look on eclim [1] project. This attempts to integrate vim
into eclipse IDE. AFAIK, it has not yet support for C++, but this
is just a question of time, in case of C++ support in eclipse is
good enough (eclim already supports integration of java, python
related features, so it must be possible to extend it for C++ as
well).

For Java programming IMO eclim is already in the stage of "must
have".

--
Anton

[1] Eclim
http://eclim.sourceforge.net/


2008/11/9, alex <[EMAIL PROTECTED]>:
>
> Hi,
>
> I use vim for writing documents in latex since a few years, and I
> think vim is the best editor for writing text files that exists ! The
> vim latex suite is also very good.
>
> Now I am beginning to learn C++ programming, and of course I need some
> tools for doing that. In other words I need an IDE or "somthing like
> an IDE"...
>
> Because vim is the best text editor, I would like to keep working with
> VIM and NOT switching to IDEs like NetBeans or Eclipse (I work on
> Linux and on Windows).
> I think that VIM could boost productivity far more than Eclipse does.
> It would also be possible to use VIM side by side with NetBeans or
> Eclipse switching between the two softwares... but in the practice all
> is not so simple.
>
> The only tool I miss in VIM (for now) is an efficeint class and source
> code browser, that recognizes the object oriented features of C++ (and
> other languages), so that i can find class members, etc. etc. I need
> something like an improved cscope for object oriented programming.
> I have tried exuberant ctags, the taglist plugin and omincppcomplete.
> Omincppcomplete seems to work good, but I dont have found nothing
> better than this packages (Vim intellisens works on Windows only). I
> tried GNU global too.
>
> Doxygen is very good, but it is not intended to be used dinamically,
> and does not support text editor integration (you use a HTML browser
> to see the infos about the classes and members in the source code).
>
> A possible alternative is to use the jVi (another vi clone) in
> NetBeans (nbvi).
>
> So the question is (I have read similar treads in this group):
> - does there exist some tools for navigating classes and members
> efficiently in C++ projects, better than exuberant ctags or cscope or
> GNU global or gnutags, that are simply to use and that can be used
> with vim or form the command line ? Or I have to use NetBeans or
> Eclipse ? Because there exists omnicppcomplete i do not give up my
> hopes.
> - where can i find a complete introduction to how to use the plugins
> for vim for programming (taglist, omincppcomplete, and others) ?
> - emacs has OObrowser, Ebrowse, xrefacotry. Does vim has similar
> tools ?
> - NetBeans has jVi, but why you dont work thowards a full integration
> of vim in Eclipse or NetBeans. I mean using all the (g)vim
> functionality within this modern IDEs... this would be a way for
> bringing vim in the 21st century. The editors of Eclipse and NetBeans
> are very poor if compared to vim !
> - what tools can I use under GNU linux for programming and navigating
> object-oriented source code outside of vim ?
>
> Vim is only an editor, but the people do not need only an editor, they
> need IDEs too (or at least extra software like of course g++ make gdb
> etcetera). But modern IDEs simply do not have editors that are so good
> as vim, who is the best editor.
>
> Sorry for the long threat and thank you in advance for any reply (i
> have read all the similar threads but i still ask you).
>
> Thank you !
>
> >
>

--~--~-~--~~~---~--~~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: Vim syntax: "highlight" keyword not highlighted inside functions

2008-11-09 Fir de Conversatie Anton Sharonov 

%s/there are recent versions/there is no recent versions/

Sorry for small typo.

--
Anton

2008/11/9, Anton Sharonov <[EMAIL PROTECTED]>:
>> I should add that I'm using Vim 7.2.26, compiled by myself
>> using the sources from the CVS, so I guess the syntax file also
>> comes from the CVS. I get the same result when using Vim -u
>> NONE -U NONE, and enabling only syntax highlighting after that.
>
>> ... so I guess the syntax file also
>> comes from the CVS. ...
>
> Unfortunately, it is not true. At least for SVN, (and I suspect
> that for CVS it is as well the case) there are recent versions of
> the runtime files (don't ask me why, for me it is also _very_
> confusing). Anyway, to get recent runtime files, please use
> rsync, as described on Tony's howto [1] about compiling vim.
>
> --
> Anton
>
> [1] Tony's how to for VIM compilation
>  UNIX:
> http://users.skynet.be/antoine.mechelynck/vim/compunix.htm
>  WINDOWS:
> http://users.skynet.be/antoine.mechelynck/vim/compile.htm
>

--~--~-~--~~~---~--~~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---

Re: Vim syntax: "highlight" keyword not highlighted inside functions

2008-11-09 Fir de Conversatie Anton Sharonov 

> I should add that I'm using Vim 7.2.26, compiled by myself
> using the sources from the CVS, so I guess the syntax file also
> comes from the CVS. I get the same result when using Vim -u
> NONE -U NONE, and enabling only syntax highlighting after that.

> ... so I guess the syntax file also
> comes from the CVS. ...

Unfortunately, it is not true. At least for SVN, (and I suspect
that for CVS it is as well the case) there are recent versions of
the runtime files (don't ask me why, for me it is also _very_
confusing). Anyway, to get recent runtime files, please use
rsync, as described on Tony's howto [1] about compiling vim.

--
Anton

[1] Tony's how to for VIM compilation
 UNIX:
http://users.skynet.be/antoine.mechelynck/vim/compunix.htm
 WINDOWS:
http://users.skynet.be/antoine.mechelynck/vim/compile.htm

--~--~-~--~~~---~--~~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~--~~~~--~~--~--~---