diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-support/vim/files')
3 files changed, 135 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-support/vim/files/CVE-2017-17087.patch b/meta-openembedded/meta-oe/recipes-support/vim/files/CVE-2017-17087.patch new file mode 100644 index 000000000..937b9ba31 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/vim/files/CVE-2017-17087.patch @@ -0,0 +1,70 @@ +From 9c11f80339372b7aa2f43153d574f2b5abb79708 Mon Sep 17 00:00:00 2001 +From: Li Zhou <li.zhou@windriver.com> +Date: Sun, 17 Dec 2017 23:09:35 -0800 +Subject: [PATCH] vim: patch 8.0.1263: others can read the swap file if a user + is careless + +Problem: Others can read the swap file if a user is careless with his + primary group. +Solution: If the group permission allows for reading but the world + permissions doesn't, make sure the group is right. + +Upstream-Status: Backport +CVE: CVE-2017-17087 +Signed-off-by: Li Zhou <li.zhou@windriver.com> +--- + src/fileio.c | 24 +++++++++++++++++++++++- + src/version.c | 2 ++ + 2 files changed, 25 insertions(+), 1 deletion(-) + +diff --git a/src/fileio.c b/src/fileio.c +index f54fb8465..2c7740af9 100644 +--- a/src/fileio.c ++++ b/src/fileio.c +@@ -716,7 +716,29 @@ readfile( + /* Set swap file protection bits after creating it. */ + if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL + && curbuf->b_ml.ml_mfp->mf_fname != NULL) +- (void)mch_setperm(curbuf->b_ml.ml_mfp->mf_fname, (long)swap_mode); ++ { ++ char_u *swap_fname = curbuf->b_ml.ml_mfp->mf_fname; ++ ++ /* ++ * If the group-read bit is set but not the world-read bit, then ++ * the group must be equal to the group of the original file. If ++ * we can't make that happen then reset the group-read bit. This ++ * avoids making the swap file readable to more users when the ++ * primary group of the user is too permissive. ++ */ ++ if ((swap_mode & 044) == 040) ++ { ++ stat_T swap_st; ++ ++ if (mch_stat((char *)swap_fname, &swap_st) >= 0 ++ && st.st_gid != swap_st.st_gid ++ && fchown(curbuf->b_ml.ml_mfp->mf_fd, -1, st.st_gid) ++ == -1) ++ swap_mode &= 0600; ++ } ++ ++ (void)mch_setperm(swap_fname, (long)swap_mode); ++ } + #endif + } + +diff --git a/src/version.c b/src/version.c +index a5cb078f0..5c0df475f 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -770,6 +770,8 @@ static char *(features[]) = + static int included_patches[] = + { /* Add new patch number below this line */ + /**/ ++ 1263, ++/**/ + 983, + /**/ + 982, +-- +2.11.0 + diff --git a/meta-openembedded/meta-oe/recipes-support/vim/files/disable_acl_header_check.patch b/meta-openembedded/meta-oe/recipes-support/vim/files/disable_acl_header_check.patch new file mode 100644 index 000000000..65e5f58c6 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/vim/files/disable_acl_header_check.patch @@ -0,0 +1,27 @@ +Upstream-Status: pending + +Don't check 'sys/acl.h' if acl support disabled for vim/vim-tiny. + +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> +================================================ +diff --git a/src/configure.ac b/src/configure.ac +index fb965e5..d734064 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -2511,7 +2511,7 @@ AC_CHECK_HEADERS(stdarg.h stdint.h stdlib.h string.h \ + sys/systeminfo.h locale.h sys/stream.h termios.h \ + libc.h sys/statfs.h poll.h sys/poll.h pwd.h \ + utime.h sys/param.h libintl.h libgen.h \ +- util/debug.h util/msg18n.h frame.h sys/acl.h \ ++ util/debug.h util/msg18n.h frame.h \ + sys/access.h sys/sysinfo.h wchar.h wctype.h) + + dnl sys/ptem.h depends on sys/stream.h on Solaris +@@ -3112,6 +3112,7 @@ AC_ARG_ENABLE(acl, + , [enable_acl="yes"]) + if test "$enable_acl" = "yes"; then + AC_MSG_RESULT(no) ++AC_CHECK_HEADERS(sys/acl.h) + AC_CHECK_LIB(posix1e, acl_get_file, [LIBS="$LIBS -lposix1e"], + AC_CHECK_LIB(acl, acl_get_file, [LIBS="$LIBS -lacl" + AC_CHECK_LIB(attr, fgetxattr, LIBS="$LIBS -lattr",,)],,),) diff --git a/meta-openembedded/meta-oe/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch b/meta-openembedded/meta-oe/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch new file mode 100644 index 000000000..6c620f9f2 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch @@ -0,0 +1,38 @@ +vim: add knob whether elf.h are checked + +Previously, it still was checked when there was no elf library in sysroots directory. +Add knob to decide whether elf.h are checked or not. + +Upstream-status: Pending + +Signed-off-by: Chong Lu <Chong.Lu@windriver.com> +--- + src/configure.ac | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/configure.ac b/src/configure.ac +index d734064..f504fa6 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -2483,11 +2483,18 @@ AC_TRY_COMPILE([#include <stdio.h>], [int x __attribute__((unused));], + AC_MSG_RESULT(no)) + + dnl Checks for header files. ++AC_MSG_CHECKING(whether or not to look for elf.h) ++AC_ARG_ENABLE(elf-check, ++ [ --enable-elf-check If elfutils, check for elf.h [default=no]], ++ , enable_elf_check="no") ++AC_MSG_RESULT($enable_elf_check) ++if test "x$enable_elf_check" != "xno"; then + AC_CHECK_HEADER(elf.h, HAS_ELF=1) + dnl AC_CHECK_HEADER(dwarf.h, SVR4=1) + if test "$HAS_ELF" = 1; then + AC_CHECK_LIB(elf, main) + fi ++fi + + AC_HEADER_DIRENT + +-- +1.7.9.5 + |