vim: fix CVE-2019-12735

(From OE-Core rev: c7efa41e7fed263413d5f55d5ed5d17e874623a3) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Anuj Mittal <anuj.mittal@intel.com> 2019-07-26 12:47:24 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-29 23:50:49 +0100
commit: 4626a7f6d1537906be433b5cc4ca8d740c0a690f (patch)
tree: 253c3c00db9864cd6df8ff03f95bcf01b4ffce5d /meta/recipes-support
parent: 069cfba445baeb93fb7e038f807a91f92c597d01 (diff)
download: poky-4626a7f6d1537906be433b5cc4ca8d740c0a690f.tar.gz
2 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-support/vim/files/CVE-2019-12735.patch b/meta/recipes-support/vim/files/CVE-2019-12735.patch
new file mode 100644
index 0000000000..d8afa1867b
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2019-12735.patch
@@ -0,0 +1,64 @@
+From e8197acdd091881fdbf9ed6ca8318f3c96465f0a Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 22 May 2019 22:38:25 +0200
+Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox
+Problem:    Source command doesn't check for the sandbox. (Armin Razmjou)
+Solution:   Check for the sandbox when sourcing a file.
+Upstream-Status: Backport
+CVE: CVE-2019-12735
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ src/getchar.c               | 6 ++++++
+ src/testdir/test_source.vim | 9 +++++++++
+ src/version.c               | 2 ++
+ 3 files changed, 17 insertions(+)
+diff --git a/src/getchar.c b/src/getchar.c
+index 0e9942b..475f644 100644
+--- a/src/getchar.c
+++ b/src/getchar.c
+@@ -1407,6 +1407,12 @@ openscript(
+        emsg(_(e_nesting));
+        return;
+     }
+
+    // Disallow sourcing a file in the sandbox, the commands would be executed
+    // later, possibly outside of the sandbox.
+    if (check_secure())
+       return;
+
+ #ifdef FEAT_EVAL
+     if (ignore_script)
+        /* Not reading from script, also don't open one.  Warning message? */
+diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim
+index a33d286..5166baf 100644
+--- a/src/testdir/test_source.vim
+++ b/src/testdir/test_source.vim
+@@ -36,3 +36,12 @@ func Test_source_cmd()
+   au! SourcePre
+   au! SourcePost
+ endfunc
+
+func Test_source_sandbox()
+  new
+  call writefile(["Ohello\<Esc>"], 'Xsourcehello')
+  source! Xsourcehello | echo
+  call assert_equal('hello', getline(1))
+  call assert_fails('sandbox source! Xsourcehello', 'E48:')
+  bwipe!
+endfunc
+diff --git a/src/version.c b/src/version.c
+index a49f6fb..e4f74be 100644
+--- a/src/version.c
+++ b/src/version.c
+@@ -780,6 +780,8 @@ static char *(features[]) =
+ static int included_patches[] =
+ {   /* Add new patch number below this line */
+ /**/
+    1365,
+/**/
+     1017,
+ /**/
+     1016,
diff --git a/meta/recipes-support/vim/vim_8.1.1017.bb b/meta/recipes-support/vim/vim_8.1.1017.bb
index 7627d2844b..e161e12eed 100644
--- a/meta/recipes-support/vim/vim_8.1.1017.bb
+++ b/meta/recipes-support/vim/vim_8.1.1017.bb
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/vim/vim.git \
           file://disable_acl_header_check.patch;patchdir=.. \
           file://vim-add-knob-whether-elf.h-are-checked.patch;patchdir=.. \
           file://0001-src-Makefile-improve-reproducibility.patch;patchdir=.. \
+           file://CVE-2019-12735.patch;patchdir=.. \
 "
 SRCREV = "493fbe4abee660d30b4f2aef87b754b0a720213c"
author	Anuj Mittal <anuj.mittal@intel.com>	2019-07-26 12:47:24 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-29 23:50:49 +0100
commit	4626a7f6d1537906be433b5cc4ca8d740c0a690f (patch)
tree	253c3c00db9864cd6df8ff03f95bcf01b4ffce5d /meta/recipes-support
parent	069cfba445baeb93fb7e038f807a91f92c597d01 (diff)
download	poky-4626a7f6d1537906be433b5cc4ca8d740c0a690f.tar.gz

diff --git a/meta/recipes-support/vim/files/CVE-2019-12735.patch b/meta/recipes-support/vim/files/CVE-2019-12735.patch new file mode 100644 index 0000000000..d8afa1867b --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2019-12735.patch
@@ -0,0 +1,64 @@
		1	From e8197acdd091881fdbf9ed6ca8318f3c96465f0a Mon Sep 17 00:00:00 2001
		2	From: Bram Moolenaar <Bram@vim.org>
		3	Date: Wed, 22 May 2019 22:38:25 +0200
		4	Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox
		5
		6	Problem: Source command doesn't check for the sandbox. (Armin Razmjou)
		7	Solution: Check for the sandbox when sourcing a file.
		8
		9	Upstream-Status: Backport
		10	CVE: CVE-2019-12735
		11	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
		12	---
		13	src/getchar.c \| 6 ++++++
		14	src/testdir/test_source.vim \| 9 +++++++++
		15	src/version.c \| 2 ++
		16	3 files changed, 17 insertions(+)
		17
		18	diff --git a/src/getchar.c b/src/getchar.c
		19	index 0e9942b..475f644 100644
		20	--- a/src/getchar.c
		21	+++ b/src/getchar.c
		22	@@ -1407,6 +1407,12 @@ openscript(
		23	emsg(_(e_nesting));
		24	return;
		25	}
		26	+
		27	+ // Disallow sourcing a file in the sandbox, the commands would be executed
		28	+ // later, possibly outside of the sandbox.
		29	+ if (check_secure())
		30	+ return;
		31	+
		32	#ifdef FEAT_EVAL
		33	if (ignore_script)
		34	/* Not reading from script, also don't open one. Warning message? */
		35	diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim
		36	index a33d286..5166baf 100644
		37	--- a/src/testdir/test_source.vim
		38	+++ b/src/testdir/test_source.vim
		39	@@ -36,3 +36,12 @@ func Test_source_cmd()
		40	au! SourcePre
		41	au! SourcePost
		42	endfunc
		43	+
		44	+func Test_source_sandbox()
		45	+ new
		46	+ call writefile(["Ohello\<Esc>"], 'Xsourcehello')
		47	+ source! Xsourcehello \| echo
		48	+ call assert_equal('hello', getline(1))
		49	+ call assert_fails('sandbox source! Xsourcehello', 'E48:')
		50	+ bwipe!
		51	+endfunc
		52	diff --git a/src/version.c b/src/version.c
		53	index a49f6fb..e4f74be 100644
		54	--- a/src/version.c
		55	+++ b/src/version.c
		56	@@ -780,6 +780,8 @@ static char *(features[]) =
		57	static int included_patches[] =
		58	{ /* Add new patch number below this line */
		59	/**/
		60	+ 1365,
		61	+/**/
		62	1017,
		63	/**/
		64	1016,


diff --git a/meta/recipes-support/vim/vim_8.1.1017.bb b/meta/recipes-support/vim/vim_8.1.1017.bb index 7627d2844b..e161e12eed 100644 --- a/meta/recipes-support/vim/vim_8.1.1017.bb +++ b/meta/recipes-support/vim/vim_8.1.1017.bb
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/vim/vim.git \
12	file://disable_acl_header_check.patch;patchdir=.. \	12	file://disable_acl_header_check.patch;patchdir=.. \
13	file://vim-add-knob-whether-elf.h-are-checked.patch;patchdir=.. \	13	file://vim-add-knob-whether-elf.h-are-checked.patch;patchdir=.. \
14	file://0001-src-Makefile-improve-reproducibility.patch;patchdir=.. \	14	file://0001-src-Makefile-improve-reproducibility.patch;patchdir=.. \
		15	file://CVE-2019-12735.patch;patchdir=.. \
15	"	16	"
16	SRCREV = "493fbe4abee660d30b4f2aef87b754b0a720213c"	17	SRCREV = "493fbe4abee660d30b4f2aef87b754b0a720213c"
17		18