diff --git a/7.1.039 b/7.1.039 new file mode 100644 index 0000000..2d0078f --- /dev/null +++ b/7.1.039 @@ -0,0 +1,39 @@ +To: vim-dev@vim.org +Subject: patch 7.1.039 +Fcc: outbox +From: Bram Moolenaar +Mime-Version: 1.0 +Content-Type: text/plain; charset=ISO-8859-1 +Content-Transfer-Encoding: 8bit +------------ + +Patch 7.1.039 +Problem: A tag in a help file that starts with "help-tags" and contains a + percent sign may make Vim crash. (Ulf Harnhammar) +Solution: Use puts() instead of fprintf(). +Files: src/ex_cmds.c + + +*** ../vim-7.1.038/src/ex_cmds.c Tue Jul 24 11:15:46 2007 +--- src/ex_cmds.c Wed Jul 25 20:06:20 2007 +*************** +*** 6374,6382 **** + for (i = 0; i < ga.ga_len; ++i) + { + s = ((char_u **)ga.ga_data)[i]; +! if (STRNCMP(s, "help-tags", 9) == 0) + /* help-tags entry was added in formatted form */ +! fprintf(fd_tags, (char *)s); + else + { + fprintf(fd_tags, "%s\t/*", s); +--- 6374,6382 ---- + for (i = 0; i < ga.ga_len; ++i) + { + s = ((char_u **)ga.ga_data)[i]; +! if (STRNCMP(s, "help-tags\t", 10) == 0) + /* help-tags entry was added in formatted form */ +! fputs((char *)s, fd_tags); + else + { + fprintf(fd_tags, "%s\t/*", s); diff --git a/apparmor.vim b/apparmor.vim index 4be90d2..4daee3a 100644 --- a/apparmor.vim +++ b/apparmor.vim @@ -52,10 +52,14 @@ hi sdEntryCPX ctermfg=darkgreen hi sdEntryW ctermfg=darkyellow hi sdCap ctermfg=lightblue + hi sdNetwork ctermfg=lightblue + hi sdNetworkDanger ctermfg=darkred hi sdCapKey cterm=underline ctermfg=lightblue - hi def link sdEntryR Normal - hi def link sdFlags Normal hi sdCapDanger ctermfg=darkred + hi def link sdEntryR Normal + hi def link sdEntryK Normal + hi def link sdFlags Normal + hi sdEntryChangeProfile ctermfg=darkgreen cterm=underline "else " dark background " hi sdProfileName ctermfg=white @@ -86,9 +90,6 @@ high def link sdError ErrorMsg " that many rules and profiles shouldn't be _extremely_ large... syn sync fromstart -syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease -syn keyword sdCapDanger sys_admin - syn keyword sdFlagKey complain audit debug " highlight some invalid syntax @@ -101,29 +102,53 @@ syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z]*\}/ syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryCPX,sdEntryUX,sdEntryCUX,sdEntryM,sdCap -" write + exec/mmap - danger! -syn match sdEntryWriteExec /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|m|[iuUpP]x)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -" unconstrained entry, flag the line red -syn match sdEntryUX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|ux)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -" Ux - like ux + clean environment -syn match sdEntryCUX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|Ux)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -" standard exec entry, flag the line blue -syn match sdEntryPX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|px)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -" Px - like px + clean environment -syn match sdEntryCPX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|Px)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -" standard exec entry, flag the line green -syn match sdEntryIX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|ix)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -" mmap with PROT_EXEC -syn match sdEntryM /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude +" Capability line +syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease +syn keyword sdCapDanger sys_admin + +syn match sdCap /\v^\s*capability\s+\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger nextgroup=@sdEntry,sdComment,sdError,sdInclude + +" Network line +" Syntax: network domain (inet, ...) type (stream, ...) protocol (tcp, ...) +syn keyword sdNetworkDanger raw +syn match sdNetwork /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(stream|dgram|seqpacket|raw|rdm|packet))?(\s+(tcp|udp|icmp))?,(\s*$|(\s*#.*$)\@=)/ contains=sdNetworkDanger nextgroup=@sdEntry,sdComment,sdError,sdInclude +"syn match sdNetworkDanger /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(raw))?(\s+(tcp|udp|icmp))?,(\s*$|(\s*#.*$)\@=)/ + +syn match sdEntryChangeProfile /\v^\s*change_profile\s+(\/|\@\{\S*\})\S*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude + +" file permissions +" +" write + exec/mmap - danger! +" known bug: accepts 'aw' to keep things simple +syn match sdEntryWriteExec /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|a|m|k|[iuUpP]x)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude + +" ux(mr) - unconstrained entry, flag the line red +syn match sdEntryUX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|ux)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude +" Ux(mr) - like ux + clean environment +syn match sdEntryCUX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|Ux)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude +" px(mr) - standard exec entry, flag the line blue +syn match sdEntryPX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|px)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude +" Px(mr) - like px + clean environment +syn match sdEntryCPX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|Px)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude +" ix(mr) - standard exec entry, flag the line green +syn match sdEntryIX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|ix)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude +" mr - mmap with PROT_EXEC +syn match sdEntryM /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude " if we've got u or i without x, it's an error -syn match sdError /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|u|p|i)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude +syn match sdError /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|k|u|p|i)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude + +" write + append is an error also +syn match sdError /\v^\s*(\/|\@\{\S*\})\S*\s+([lrkupi]*w[lrkupi]*a[lrkupi]*|[lrkupi]*a[lrkupi]*w[lrkupi]*)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude " write entry, flag the line yellow -syn match sdEntryW /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -" Capability line -syn match sdCap /\v^\s*capability\s+\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger nextgroup=@sdEntry,sdComment,sdError,sdInclude +syn match sdEntryW /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude +" append entry, flag the line yellow +syn match sdEntryW /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|k|a)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude + +" read entry + locking, currently no highlighting +syn match sdEntryK /\v^\s*(\/|\@\{\S*\})\S*\s+[rlk]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError " read entry, no highlighting syn match sdEntryR /\v^\s*(\/|\@\{\S*\})\S*\s+[rl]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError diff --git a/suse.vimrc b/suse.vimrc index 6d8e36e..3131199 100644 --- a/suse.vimrc +++ b/suse.vimrc @@ -6,7 +6,7 @@ " commented lines start with `"' " enable syntax highlighting -" syntax on +syntax on " automatically indent lines (default) " set noautoindent diff --git a/vim.changes b/vim.changes index 7518754..2d0e2bf 100644 --- a/vim.changes +++ b/vim.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Wed Aug 22 15:40:16 CEST 2007 - mkoenig@suse.de + +- really enable syntax highlighting [#274600] +- update apparmor syntax rules [#301605] + +------------------------------------------------------------------- +Wed Aug 15 11:38:42 CEST 2007 - kssingvo@suse.de + +- fixed helpline issue CVE-2007-2953, swamp#12271 [#292433] + ------------------------------------------------------------------- Thu Jul 26 14:28:16 CEST 2007 - mkoenig@suse.de diff --git a/vim.spec b/vim.spec index 4deacd8..1429763 100644 --- a/vim.spec +++ b/vim.spec @@ -12,7 +12,7 @@ Name: vim Version: 7.1 -Release: 17 +Release: 30 # License: Other uncritical OpenSource License, http://vimdoc.sourceforge.net/htmldoc/uganda.html#license Group: Productivity/Editors/Vi @@ -86,6 +86,7 @@ Patch18: vim-7.1-syntax_spec.patch # tbd??? %name-6.3-ga-utf8.diff # tbd??? %name-6.3-initvals.diff # tbd??? vim64-svn-crash.patch +Patch100: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039 Summary: Vi IMproved %description @@ -279,6 +280,7 @@ Authors: %patch16 %patch17 -p1 %patch18 +%patch100 -p0 cp %{S:3} %{S:4} %{S:5} %{S:6} %{S:8} %{S:9} %{S:10} . rename no nb $RPM_BUILD_DIR/vim*/src/po/no.* rename menu_no menu_nb $RPM_BUILD_DIR/vim*/runtime/lang/menu_no* @@ -631,6 +633,11 @@ fi %endif %changelog +* Wed Aug 22 2007 - mkoenig@suse.de +- really enable syntax highlighting [#274600] +- update apparmor syntax rules [#301605] +* Wed Aug 15 2007 - kssingvo@suse.de +- fixed helpline issue CVE-2007-2953, swamp#12271 [#292433] * Thu Jul 26 2007 - mkoenig@suse.de - avoid duplicate installs of manpages [#294155] - remove old Obsoletes for vim-fat