diff options
Diffstat (limited to 'import-layers/meta-openembedded/meta-oe/recipes-support/vim')
-rw-r--r-- | import-layers/meta-openembedded/meta-oe/recipes-support/vim/files/CVE-2017-17087.patch | 70 | ||||
-rw-r--r-- | import-layers/meta-openembedded/meta-oe/recipes-support/vim/vim_8.0.0983.bb | 6 |
2 files changed, 74 insertions, 2 deletions
diff --git a/import-layers/meta-openembedded/meta-oe/recipes-support/vim/files/CVE-2017-17087.patch b/import-layers/meta-openembedded/meta-oe/recipes-support/vim/files/CVE-2017-17087.patch new file mode 100644 index 000000000..937b9ba31 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-support/vim/files/CVE-2017-17087.patch @@ -0,0 +1,70 @@ +From 9c11f80339372b7aa2f43153d574f2b5abb79708 Mon Sep 17 00:00:00 2001 +From: Li Zhou <li.zhou@windriver.com> +Date: Sun, 17 Dec 2017 23:09:35 -0800 +Subject: [PATCH] vim: patch 8.0.1263: others can read the swap file if a user + is careless + +Problem: Others can read the swap file if a user is careless with his + primary group. +Solution: If the group permission allows for reading but the world + permissions doesn't, make sure the group is right. + +Upstream-Status: Backport +CVE: CVE-2017-17087 +Signed-off-by: Li Zhou <li.zhou@windriver.com> +--- + src/fileio.c | 24 +++++++++++++++++++++++- + src/version.c | 2 ++ + 2 files changed, 25 insertions(+), 1 deletion(-) + +diff --git a/src/fileio.c b/src/fileio.c +index f54fb8465..2c7740af9 100644 +--- a/src/fileio.c ++++ b/src/fileio.c +@@ -716,7 +716,29 @@ readfile( + /* Set swap file protection bits after creating it. */ + if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL + && curbuf->b_ml.ml_mfp->mf_fname != NULL) +- (void)mch_setperm(curbuf->b_ml.ml_mfp->mf_fname, (long)swap_mode); ++ { ++ char_u *swap_fname = curbuf->b_ml.ml_mfp->mf_fname; ++ ++ /* ++ * If the group-read bit is set but not the world-read bit, then ++ * the group must be equal to the group of the original file. If ++ * we can't make that happen then reset the group-read bit. This ++ * avoids making the swap file readable to more users when the ++ * primary group of the user is too permissive. ++ */ ++ if ((swap_mode & 044) == 040) ++ { ++ stat_T swap_st; ++ ++ if (mch_stat((char *)swap_fname, &swap_st) >= 0 ++ && st.st_gid != swap_st.st_gid ++ && fchown(curbuf->b_ml.ml_mfp->mf_fd, -1, st.st_gid) ++ == -1) ++ swap_mode &= 0600; ++ } ++ ++ (void)mch_setperm(swap_fname, (long)swap_mode); ++ } + #endif + } + +diff --git a/src/version.c b/src/version.c +index a5cb078f0..5c0df475f 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -770,6 +770,8 @@ static char *(features[]) = + static int included_patches[] = + { /* Add new patch number below this line */ + /**/ ++ 1263, ++/**/ + 983, + /**/ + 982, +-- +2.11.0 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-support/vim/vim_8.0.0983.bb b/import-layers/meta-openembedded/meta-oe/recipes-support/vim/vim_8.0.0983.bb index 407ce5e73..44c868c74 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-support/vim/vim_8.0.0983.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-support/vim/vim_8.0.0983.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://../runtime/doc/uganda.txt;md5=eea32ac1424bba14096736a SRC_URI = "git://github.com/vim/vim.git \ file://disable_acl_header_check.patch;patchdir=.. \ file://vim-add-knob-whether-elf.h-are-checked.patch;patchdir=.. \ + file://CVE-2017-17087.patch;patchdir=.. \ " SRCREV = "3f9a1ff141412e9e85f7dff47d02946cb9be9228" @@ -16,8 +17,9 @@ S = "${WORKDIR}/git/src" VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}" -inherit autotools update-alternatives -inherit autotools-brokensep +inherit autotools-brokensep update-alternatives + +CLEANBROKEN = "1" # vim configure.in contains functions which got 'dropped' by autotools.bbclass do_configure () { |