summaryrefslogtreecommitdiffstats
path: root/debian/patches/patch-8.1.1365-source-command-doesn-t-check-for-the-sandb.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 02:44:26 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 02:44:26 +0000
commit0cde7a370d07f80208bcd29597cf30d5274f38b0 (patch)
treee228a85db87eb0491d2937e213bbbab19826b682 /debian/patches/patch-8.1.1365-source-command-doesn-t-check-for-the-sandb.patch
parentAdding upstream version 2:8.1.0875. (diff)
downloadvim-0cde7a370d07f80208bcd29597cf30d5274f38b0.tar.xz
vim-0cde7a370d07f80208bcd29597cf30d5274f38b0.zip
Adding debian version 2:8.1.0875-5+deb10u2.debian/2%8.1.0875-5+deb10u2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/patches/patch-8.1.1365-source-command-doesn-t-check-for-the-sandb.patch63
1 files changed, 63 insertions, 0 deletions
diff --git a/debian/patches/patch-8.1.1365-source-command-doesn-t-check-for-the-sandb.patch b/debian/patches/patch-8.1.1365-source-command-doesn-t-check-for-the-sandb.patch
new file mode 100644
index 0000000..0124ad8
--- /dev/null
+++ b/debian/patches/patch-8.1.1365-source-command-doesn-t-check-for-the-sandb.patch
@@ -0,0 +1,63 @@
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 22 May 2019 22:38:25 +0200
+Subject: patch 8.1.1365: source command doesn't check for the sandbox
+
+Problem: Source command doesn't check for the sandbox. (Armin Razmjou)
+Solution: Check for the sandbox when sourcing a file.
+
+(cherry picked from commit 53575521406739cf20bbe4e384d88e7dca11f040)
+
+Signed-off-by: James McCoy <jamessan@debian.org>
+---
+ src/getchar.c | 6 ++++++
+ src/testdir/test_source.vim | 9 +++++++++
+ src/version.c | 2 ++
+ 3 files changed, 17 insertions(+)
+
+diff --git a/src/getchar.c b/src/getchar.c
+index fe74dbf..3e4c964 100644
+--- a/src/getchar.c
++++ b/src/getchar.c
+@@ -1407,6 +1407,12 @@ openscript(
+ emsg(_(e_nesting));
+ return;
+ }
++
++ // Disallow sourcing a file in the sandbox, the commands would be executed
++ // later, possibly outside of the sandbox.
++ if (check_secure())
++ return;
++
+ #ifdef FEAT_EVAL
+ if (ignore_script)
+ /* Not reading from script, also don't open one. Warning message? */
+diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim
+index a33d286..5166baf 100644
+--- a/src/testdir/test_source.vim
++++ b/src/testdir/test_source.vim
+@@ -36,3 +36,12 @@ func Test_source_cmd()
+ au! SourcePre
+ au! SourcePost
+ endfunc
++
++func Test_source_sandbox()
++ new
++ call writefile(["Ohello\<Esc>"], 'Xsourcehello')
++ source! Xsourcehello | echo
++ call assert_equal('hello', getline(1))
++ call assert_fails('sandbox source! Xsourcehello', 'E48:')
++ bwipe!
++endfunc
+diff --git a/src/version.c b/src/version.c
+index 1a7ffa4..3040409 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -791,6 +791,8 @@ static char *(features[]) =
+
+ static int included_patches[] =
+ { /* Add new patch number below this line */
++/**/
++ 1365,
+ /**/
+ 1046,
+ /**/