diff options
| author | Andreas Rammhold <andreas@rammhold.de> | 2019-06-05 11:31:23 +0200 |
|---|---|---|
| committer | Vladimír Čunát <v@cunat.cz> | 2019-06-06 10:47:28 +0200 |
| commit | 9e5afbee969780b7342d57cc5afc7b2f0e32011a (patch) | |
| tree | c9d0c82b64f39deb7f8235e13b4ae9ae5206d6fa | |
| parent | Merge pull request #62292 from etu/php-upgrades-1809 (diff) | |
| download | nixpkgs-9e5afbee969780b7342d57cc5afc7b2f0e32011a.tar.gz | |
Merge #62713: vim/neovim: Backports fix for ACE
(cherry picked from commit 0d62805dbf966021147019ed8e6ab8ef4d66ac94)
The patch is fairly simple and the vulnerability seems important.
3 files changed, 47 insertions, 1 deletions
diff --git a/pkgs/applications/editors/neovim/default.nix b/pkgs/applications/editors/neovim/default.nix index 6690e4c9c1b9..c6108fd99946 100644 --- a/pkgs/applications/editors/neovim/default.nix +++ b/pkgs/applications/editors/neovim/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, cmake, gettext, msgpack, libtermkey, libiconv +{ stdenv, fetchFromGitHub, fetchpatch, cmake, gettext, msgpack, libtermkey, libiconv , libuv, luaPackages, ncurses, pkgconfig , unibilium, xsel, gperf , libvterm-neovim @@ -20,6 +20,15 @@ let sha256 = "19jy9nr2ffscli6wsysqkdvqvh7sgkkwhzkw3yypfrvg4pj9rl56"; }; + patches = [ + # Arbitrary code execution fix + # https://github.com/numirias/security/blob/cf4f74e0c6c6e4bbd6b59823aa1b85fa913e26eb/doc/2019-06-04_ace-vim-neovim.md + (fetchpatch { + url = "https://github.com/neovim/neovim/pull/10082.patch"; + sha256 = "0g4knlpaabbq6acqgqm765b1knqv981nk2gf84fmknqnv4sgbsq2"; + }) + ]; + enableParallelBuilding = true; buildInputs = [ diff --git a/pkgs/applications/editors/vim/0001-source-command-doesnt-check-for-the-sandbox-5357552.patch b/pkgs/applications/editors/vim/0001-source-command-doesnt-check-for-the-sandbox-5357552.patch new file mode 100644 index 000000000000..06d9971de9e4 --- /dev/null +++ b/pkgs/applications/editors/vim/0001-source-command-doesnt-check-for-the-sandbox-5357552.patch @@ -0,0 +1,31 @@ +From 53575521406739cf20bbe4e384d88e7dca11f040 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Wed, 22 May 2019 22:38:25 +0200 +Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox + +Problem: Source command doesn't check for the sandbox. (Armin Razmjou) +Solution: Check for the sandbox when sourcing a file. +--- + src/getchar.c | 6 ++++++ + src/testdir/test_source.vim | 9 +++++++++ + src/version.c | 2 ++ + 3 files changed, 17 insertions(+) + +diff --git a/src/getchar.c b/src/getchar.c +index 9379a6a8d4..debad7efd2 100644 +--- a/src/getchar.c ++++ b/src/getchar.c +@@ -1407,6 +1407,12 @@ openscript( + emsg(_(e_nesting)); + return; + } ++ ++ // Disallow sourcing a file in the sandbox, the commands would be executed ++ // later, possibly outside of the sandbox. ++ if (check_secure()) ++ return; ++ + #ifdef FEAT_EVAL + if (ignore_script) + /* Not reading from script, also don't open one. Warning message? */ +diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim diff --git a/pkgs/applications/editors/vim/default.nix b/pkgs/applications/editors/vim/default.nix index 26cd61d182bd..e532dcc3bb32 100644 --- a/pkgs/applications/editors/vim/default.nix +++ b/pkgs/applications/editors/vim/default.nix @@ -21,6 +21,12 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses ] ++ stdenv.lib.optionals stdenv.hostPlatform.isDarwin [ Carbon Cocoa ]; + patches = [ + # Arbitrary code execution fix + # https://github.com/numirias/security/blob/cf4f74e0c6c6e4bbd6b59823aa1b85fa913e26eb/doc/2019-06-04_ace-vim-neovim.md + ./0001-source-command-doesnt-check-for-the-sandbox-5357552.patch + ]; + configureFlags = [ "--enable-multibyte" "--enable-nls" |