From 0cde7a370d07f80208bcd29597cf30d5274f38b0 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 6 May 2024 04:44:26 +0200 Subject: Adding debian version 2:8.1.0875-5+deb10u2. Signed-off-by: Daniel Baumann --- ...ource-command-doesn-t-check-for-the-sandb.patch | 63 ++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 debian/patches/patch-8.1.1365-source-command-doesn-t-check-for-the-sandb.patch (limited to 'debian/patches/patch-8.1.1365-source-command-doesn-t-check-for-the-sandb.patch') diff --git a/debian/patches/patch-8.1.1365-source-command-doesn-t-check-for-the-sandb.patch b/debian/patches/patch-8.1.1365-source-command-doesn-t-check-for-the-sandb.patch new file mode 100644 index 0000000..0124ad8 --- /dev/null +++ b/debian/patches/patch-8.1.1365-source-command-doesn-t-check-for-the-sandb.patch @@ -0,0 +1,63 @@ +From: Bram Moolenaar +Date: Wed, 22 May 2019 22:38:25 +0200 +Subject: patch 8.1.1365: source command doesn't check for the sandbox + +Problem: Source command doesn't check for the sandbox. (Armin Razmjou) +Solution: Check for the sandbox when sourcing a file. + +(cherry picked from commit 53575521406739cf20bbe4e384d88e7dca11f040) + +Signed-off-by: James McCoy +--- + src/getchar.c | 6 ++++++ + src/testdir/test_source.vim | 9 +++++++++ + src/version.c | 2 ++ + 3 files changed, 17 insertions(+) + +diff --git a/src/getchar.c b/src/getchar.c +index fe74dbf..3e4c964 100644 +--- a/src/getchar.c ++++ b/src/getchar.c +@@ -1407,6 +1407,12 @@ openscript( + emsg(_(e_nesting)); + return; + } ++ ++ // Disallow sourcing a file in the sandbox, the commands would be executed ++ // later, possibly outside of the sandbox. ++ if (check_secure()) ++ return; ++ + #ifdef FEAT_EVAL + if (ignore_script) + /* Not reading from script, also don't open one. Warning message? */ +diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim +index a33d286..5166baf 100644 +--- a/src/testdir/test_source.vim ++++ b/src/testdir/test_source.vim +@@ -36,3 +36,12 @@ func Test_source_cmd() + au! SourcePre + au! SourcePost + endfunc ++ ++func Test_source_sandbox() ++ new ++ call writefile(["Ohello\"], 'Xsourcehello') ++ source! Xsourcehello | echo ++ call assert_equal('hello', getline(1)) ++ call assert_fails('sandbox source! Xsourcehello', 'E48:') ++ bwipe! ++endfunc +diff --git a/src/version.c b/src/version.c +index 1a7ffa4..3040409 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -791,6 +791,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 1365, + /**/ + 1046, + /**/ -- cgit v1.2.3