pool/vim
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Drop vim-7.1.314-CVE-2009-0316-debian.patch, Python 2.7 has

Browse Source 
the appropriate fix.

OBS-URL: https://build.opensuse.org/package/show/editors/vim?expand=0&rev=314
This commit is contained in:
Ismail Dönmez 2016-02-22 13:18:20 +00:00 committed by Git OBS Bridge
parent 8099e65826
commit 0bcdcbe57b
3 changed files with 7 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
vim-7.1.314-CVE-2009-0316-debian.patch
View File

@ -1,53 +0,0 @@
Index: vim74/src/if_python.c
===================================================================
--- vim74.orig/src/if_python.c
+++ vim74/src/if_python.c
@@ -806,6 +806,7 @@ py_memsave(void *p, size_t len)
*/
static int PythonMod_Init(void);
+static void Python_FixPath(void);
/******************************************************
@@ -933,6 +934,11 @@ Python_Init(void)
* the current directory in sys.path. */
PyRun_SimpleString("import sys; sys.path = filter(lambda x: x != '/must>not&exist', sys.path)");
+ /* Remove empty elements from sys.path since that causes the PWD to be
+ * used for imports, possibly masking system libraries and/or running
+ * arbitrary code. */
+ Python_FixPath();
+
/* lock is created and acquired in PyEval_InitThreads() and thread
* state is created in Py_Initialize()
* there _PyGILState_NoteThreadState() also sets gilcounter to 1
@@ -1417,6 +1423,28 @@ PythonMod_Init(void)
return 0;
}
+ static void
+Python_FixPath(void)
+{
+ PyObject *sys = PyImport_ImportModule("sys");
+ PyObject *sysdict = PyModule_GetDict(sys);
+ PyObject *path = PyDict_GetItemString(sysdict, "path");
+ PyObject *newpath = PyList_New(0);
+ if (newpath != NULL) {
+ Py_INCREF(newpath);
+ PyInt n = PyList_Size(path);
+ PyInt i;
+ for (i = 0; i < n; i++) {
+ PyObject *item = PyList_GetItem(path, i);
+ if (strlen(PyString_AsString(item)) != 0) {
+ PyList_Append(newpath, PyList_GetItem(path, i));
+ }
+ }
+ PyDict_SetItemString(sysdict, "path", newpath);
+ Py_DECREF(newpath);
+ }
+}
+
/*************************************************************************
* 4. Utility functions for handling the interface between Vim and Python.
*/

6
vim.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Feb 22 13:17:45 UTC 2016 - idonmez@suse.com
- Drop vim-7.1.314-CVE-2009-0316-debian.patch, Python 2.7 has
the appropriate fix.
-------------------------------------------------------------------
Mon Feb 22 09:53:40 UTC 2016 - idonmez@suse.com

4
vim.spec
View File

@ -90,8 +90,7 @@ Patch15: %{name}-7.4-filetype_apparmor.patch
Patch18: %{name}-7.3-filetype_spec.patch
Patch21: %{name}-7.3-filetype_changes.patch
Patch22: %{name}-7.4-filetype_mine.patch
Patch100: vim-7.1.314-CVE-2009-0316-debian.patch
Patch101: vim73-no-static-libpython.patch
Patch100: vim73-no-static-libpython.patch
%description
Vim (Vi IMproved) is an almost compatible version of the UNIX editor
@ -166,7 +165,6 @@ cp %{SOURCE23} runtime/syntax/apparmor.vim
%patch21 -p1
%patch22 -p1
%patch100 -p1
%patch101 -p1
cp %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE8} %{SOURCE10} .
%build