rpms / vim

Clone
Source Code
GIT

Blame 7.3.070

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta c9s-sig-hyperscale
  1.   de19434fbcf72591f0b8386d5d9d65cae12d9f90
  2.   7.3.070
Blob History Raw
Karsten Hopp 35c509 
To: vim_dev@googlegroups.com
Karsten Hopp 35c509 
Subject: Patch 7.3.070
Karsten Hopp 35c509 
Fcc: outbox
Karsten Hopp 35c509 
From: Bram Moolenaar <Bram@moolenaar.net>
Karsten Hopp 35c509 
Mime-Version: 1.0
Karsten Hopp 35c509 
Content-Type: text/plain; charset=UTF-8
Karsten Hopp 35c509 
Content-Transfer-Encoding: 8bit
Karsten Hopp 35c509 
------------
Karsten Hopp 35c509
Karsten Hopp 35c509 
Patch 7.3.070
Karsten Hopp 35c509 
Problem:    Can set environment variables in the sandbox, could be abused.
Karsten Hopp 35c509 
Solution:   Disallow it.
Karsten Hopp 35c509 
Files:	    src/eval.c
Karsten Hopp 35c509
Karsten Hopp 35c509
Karsten Hopp 35c509 
*** ../vim-7.3.069/src/eval.c	2010-11-10 20:31:24.000000000 +0100
Karsten Hopp 35c509 
--- src/eval.c	2010-12-02 14:42:31.000000000 +0100
Karsten Hopp 35c509 
***************
Karsten Hopp 35c509 
*** 2326,2332 ****
Karsten Hopp 35c509 
  	    else if (endchars != NULL
Karsten Hopp 35c509 
  			     && vim_strchr(endchars, *skipwhite(arg)) == NULL)
Karsten Hopp 35c509 
  		EMSG(_(e_letunexp));
Karsten Hopp 35c509 
! 	    else
Karsten Hopp 35c509 
  	    {
Karsten Hopp 35c509 
  		c1 = name[len];
Karsten Hopp 35c509 
  		name[len] = NUL;
Karsten Hopp 35c509 
--- 2326,2332 ----
Karsten Hopp 35c509 
  	    else if (endchars != NULL
Karsten Hopp 35c509 
  			     && vim_strchr(endchars, *skipwhite(arg)) == NULL)
Karsten Hopp 35c509 
  		EMSG(_(e_letunexp));
Karsten Hopp 35c509 
! 	    else if (!check_secure())
Karsten Hopp 35c509 
  	    {
Karsten Hopp 35c509 
  		c1 = name[len];
Karsten Hopp 35c509 
  		name[len] = NUL;
Karsten Hopp 35c509 
*** ../vim-7.3.069/src/version.c	2010-11-24 18:48:08.000000000 +0100
Karsten Hopp 35c509 
--- src/version.c	2010-12-02 14:46:44.000000000 +0100
Karsten Hopp 35c509 
***************
Karsten Hopp 35c509 
*** 716,717 ****
Karsten Hopp 35c509 
--- 716,719 ----
Karsten Hopp 35c509 
  {   /* Add new patch number below this line */
Karsten Hopp 35c509 
+ /**/
Karsten Hopp 35c509 
+     70,
Karsten Hopp 35c509 
  /**/
Karsten Hopp 35c509
Karsten Hopp 35c509 
--
Karsten Hopp 35c509 
The only way the average employee can speak to an executive is by taking a
Karsten Hopp 35c509 
second job as a golf caddie.
Karsten Hopp 35c509 
				(Scott Adams - The Dilbert principle)
Karsten Hopp 35c509
Karsten Hopp 35c509 
 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
Karsten Hopp 35c509 
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
Karsten Hopp 35c509 
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
Karsten Hopp 35c509 
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation