[Frugalware-darcs] frugalware-0.6: gvim-7.0-4terminus1-i686

VMiklos vmiklos at frugalware.org
Thu Aug 2 22:43:07 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070802204101-e2957-b96f63ddab8c3e2859fb6c032e8a27c8e096b3ce.gz;

[gvim-7.0-4terminus1-i686
VMiklos <vmiklos at frugalware.org>**20070802204101
 added CVE-2007-2438.diff and '7.1.039' secfixes
 closes #2010 and #2292
] {
addfile ./source/xapps/gvim/CVE-2007-2438.diff
hunk ./source/xapps/gvim/CVE-2007-2438.diff 1
+To: vim-dev at vim.org
+Subject: patch 7.0.235
+Fcc: outbox
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.0.235
+Problem:    It is possible to use writefile() in the sandbox.
+Solution:   Add a few more checks for the sandbox.
+Files:      src/eval.c
+    
+
+*** ../vim-7.0.234/src/eval.c	Fri Apr 27 22:17:43 2007
+--- src/eval.c	Sat Apr 28 21:36:02 2007
+***************
+*** 15598,15603 ****
+--- 15598,15606 ----
+      int		err = FALSE;
+      FILE	*fd;
+  
++     if (check_restricted() || check_secure())
++ 	return;
++ 
+      if (argvars[1].v_type != VAR_UNKNOWN)
+      {
+  	/*
+***************
+*** 16430,16435 ****
+--- 16433,16441 ----
+      char_u	*s;
+      int		ret = 0;
+      int		c;
++ 
++     if (check_restricted() || check_secure())
++ 	return;
+  
+      if (argvars[0].v_type != VAR_LIST)
+      {
+*** ../vim-7.0.234/src/version.c	Fri Apr 27 22:17:43 2007
+--- src/version.c	Sun Apr 29 13:54:29 2007
+***************
+*** 668,669 ****
+--- 668,671 ----
+  {   /* Add new patch number below this line */
++ /**/
++     235,
+  /**/
+
hunk ./source/xapps/gvim/FrugalBuild 6
-pkgrel=3
+pkgrel=4terminus1
hunk ./source/xapps/gvim/FrugalBuild 14
-source=(ftp://ftp.vim.org/pub/vim/unix/vim-$pkgver.tar.bz2 $pkgname.xpm)
-sha1sums=('38ef48cabf942d0dc804a794dcc6f002b9457fc8'
-	  'f7262c7429c42b7c1ef9cf1eaa6aa12292933525')
+source=(ftp://ftp.vim.org/pub/vim/unix/vim-$pkgver.tar.bz2 $pkgname.xpm \
+	CVE-2007-2438.diff \
+	ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039)
+sha1sums=('38ef48cabf942d0dc804a794dcc6f002b9457fc8' \
+          'f7262c7429c42b7c1ef9cf1eaa6aa12292933525' \
+          '033deb2f4a736835fd590aeff4fec65f82db34f8' \
+          '87ee68d607022d1dea8496c9a6a88185040d292e')
hunk ./source/xapps/gvim/FrugalBuild 26
+	Fpatch 7.1.039
}


More information about the Frugalware-darcs mailing list