[SCM] Vim packaging branch, maint/etch, updated. 94dad9d12d6985367ed37b65fceb1e72e11b67ae
James Vega
jamessan at debian.org
Mon Feb 9 00:36:53 UTC 2009
The following commit has been merged in the maint/etch branch:
commit 94dad9d12d6985367ed37b65fceb1e72e11b67ae
Author: James Vega <jamessan at debian.org>
Date: Sat Feb 7 19:12:53 2009 -0500
Add patch CVE-2008-3074-tar.vim.diff to fix autoload/tar.vim.
diff --git a/debian/changelog b/debian/changelog
index b0ceb0e..1304c89 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,12 @@
vim (1:7.0-122+1etch4) UNRELEASED; urgency=high
* Backport upstream patches and runtime fixes for filename escaping
- vulnerabilities. (Closes: #486502, CVE 2008-2712)
+ vulnerabilities. (Closes: #486502, CVE 2008-2712, CVE 2008-3074)
- Add upstream patches 7.1.299, 7.1.300, 7.1.305.
- Add patch CVE-2008-2712-xpm.vim.diff to fix syntax/xpm.vim and
syntax/xpm2.vim.
- Add patch CVE-2008-2712-zip.vim.diff to fix autoload/zip.vim.
+ - Add patch CVE-2008-3074-tar.vim.diff to fix autoload/tar.vim.
-- James Vega <jamessan at debian.org> Tue, 03 Feb 2009 22:19:11 -0500
diff --git a/patches/CVE-2008-3074-tar.vim.diff b/patches/CVE-2008-3074-tar.vim.diff
new file mode 100644
index 0000000..ef71554
--- /dev/null
+++ b/patches/CVE-2008-3074-tar.vim.diff
@@ -0,0 +1,234 @@
+Index: vim/runtime/autoload/tar.vim
+===================================================================
+--- vim/runtime/autoload/tar.vim.orig
++++ vim/runtime/autoload/tar.vim
+@@ -1,7 +1,7 @@
+ " tar.vim: Handles browsing tarfiles
+ " AUTOLOAD PORTION
+ " Date: May 02, 2006
+-" Version: 9
++" Version: 9+debian
+ " Maintainer: Charles E Campbell, Jr <drchipNOSPAM at campbellfamily dot biz>
+ " License: Vim License (see vim's :help license)
+ "
+@@ -24,8 +24,16 @@
+ if exists("g:loaded_tar")
+ finish
+ endif
+-let g:loaded_tar= "v9"
++let g:loaded_tar= "v9+debian"
+ "call Decho("loading autoload/tar.vim")
++if !exists('*fnameescape')
++ echoerr "(autoload/tar.vim) need a Vim that has the fnameescape function"
++ finish
++endif
++if !exists('*shellescape')
++ echoerr "(autoload/tar.vim) need a Vim that has the shellescape function"
++ finish
++endif
+
+ " ---------------------------------------------------------------------
+ " Default Settings: {{{1
+@@ -86,38 +94,33 @@
+
+ " give header
+ " call Decho("printing header")
+- exe "$put ='".'\"'." tar.vim version ".g:loaded_tar."'"
+- exe "$put ='".'\"'." Browsing tarfile ".a:tarfile."'"
+- exe "$put ='".'\"'." Select a file with cursor and press ENTER"."'"
++ let lastline= line("$")
++ call setline(lastline+1,'" tar.vim version '.g:loaded_tar)
++ call setline(lastline+2,'" Browsing tarfile '.a:tarfile)
++ call setline(lastline+3,'" Select a file with cursor and press ENTER')
+ 0d
+ $
+
+ let tarfile= a:tarfile
+ if has("win32") && executable("cygpath")
+ " assuming cygwin
+- let tarfile=substitute(system("cygpath -u ".tarfile),'\n$','','e')
++ let tarfile=substitute(system("cygpath -u ".shellescape(tarfile)),'\n$','','e')
+ endif
+ let curlast= line("$")
+ if tarfile =~# '\.\(gz\|tgz\)$'
+ " call Decho("exe silent r! gzip -d -c '".tarfile."'| tar -".g:tar_browseoptions." - ")
+- exe "silent r! gzip -d -c '".tarfile."'| tar -".g:tar_browseoptions." - "
++ exe "silent r! gzip -d -c -- ".shellescape(tarfile,1)."| tar -".g:tar_browseoptions." - "
+ elseif tarfile =~# '\.bz2$'
+ " call Decho("exe silent r! bzip2 -d -c '".tarfile."'| tar -".g:tar_browseoptions." - ")
+- exe "silent r! bzip2 -d -c '".tarfile."'| tar -".g:tar_browseoptions." - "
++ exe "silent r! bzip2 -d -c -- ".shellescape(tarfile,1)."| tar -".g:tar_browseoptions." - "
+ else
+ " call Decho("exe silent r! ".g:tar_cmd." -".g:tar_browseoptions." '".tarfile."'")
+- exe "silent r! ".g:tar_cmd." -".g:tar_browseoptions." '".tarfile."'"
++ exe "silent r! ".g:tar_cmd." -".g:tar_browseoptions." ".shellescape(tarfile,1)
+ endif
+ if v:shell_error != 0
+ echohl WarningMsg | echo "***warning*** (tar#Browse) please check your g:tar_browseoptions<".g:tar_browseoptions.">"
+ call inputsave()|call input("Press <cr> to continue")|call inputrestore()
+ " call Dret("tar#Browse : a:tarfile<".a:tarfile.">")
+- silent %d
+- let eikeep= &ei
+- set ei=BufReadCmd,FileReadCmd
+- exe "r ".a:tarfile
+- let &ei= eikeep
+- 1d
+ return
+ endif
+ if line("$") == curlast || ( line("$") == (curlast + 1) && getline("$") =~? '\c\%(warning\|error\|inappropriate\|unrecognized\)')
+@@ -126,7 +129,7 @@
+ silent %d
+ let eikeep= &ei
+ set ei=BufReadCmd,FileReadCmd
+- exe "r ".a:tarfile
++ exe "r ".fnameescape(a:tarfile)
+ let &ei= eikeep
+ 1d
+ " call Dret("tar#Browse : a:tarfile<".a:tarfile.">")
+@@ -161,7 +164,7 @@
+ let curfile= expand("%")
+ if has("win32") && executable("cygpath")
+ " assuming cygwin
+- let tarfile=substitute(system("cygpath -u ".tarfile),'\n$','','e')
++ let tarfile=substitute(system("cygpath -u ".shellescape(tarfile)),'\n$','','e')
+ endif
+
+ new
+@@ -184,23 +187,23 @@
+ let fname = substitute(a:fname,'tarfile:.\{-}:\(.*\)$','\1','')
+ if has("win32") && executable("cygpath")
+ " assuming cygwin
+- let tarfile=substitute(system("cygpath -u ".tarfile),'\n$','','e')
++ let tarfile=substitute(system("cygpath -u ".shellescape(tarfile)),'\n$','','e')
+ endif
+ " call Decho("tarfile<".tarfile.">")
+ " call Decho("fname<".fname.">")
+
+ if tarfile =~# '\.\(gz\|tgz\)$'
+ " call Decho("exe silent r! gzip -d -c '".tarfile."'| tar -OPxf - '".fname."'")
+- exe "silent r! gzip -d -c '".tarfile."'| tar -".g:tar_readoptions." - '".fname."'"
++ exe "silent r! gzip -d -c -- ".shellescape(tarfile,1)."| tar -".g:tar_readoptions." - ".shellescape(fname,1)
+ elseif tarfile =~# '\.bz2$'
+ " call Decho("exe silent r! bzip2 -d -c '".tarfile."'| tar -".g:tar_readoptions." - '".fname."'")
+- exe "silent r! bzip2 -d -c '".tarfile."'| tar -".g:tar_readoptions." - '".fname."'"
++ exe "silent r! bzip2 -d -c -- ".shellescape(tarfile,1)."| tar -".g:tar_readoptions." - ".shellescape(fname,1)
+ else
+ " call Decho("exe silent r! tar -".g:tar_readoptions." '".tarfile."' '".fname."'")
+- exe "silent r! ".g:tar_cmd." -".g:tar_readoptions." '".tarfile."' '".fname."'"
++ exe "silent r! ".g:tar_cmd." -".g:tar_readoptions." ".shellescape(tarfile,1)." ".shellescape(fname,1)
+ endif
+ let w:tarfile= a:fname
+- exe "file tarfile:".fname
++ exe "file tarfile:".fnameescape(fname)
+
+ " cleanup
+ 0d
+@@ -244,7 +247,7 @@
+
+ " attempt to change to the indicated directory
+ try
+- exe "cd ".escape(tmpdir,' \')
++ exe "cd ".fnameescape(tmpdir)
+ catch /^Vim\%((\a\+)\)\=:E344/
+ echohl Error | echo "***error*** (tar#Write) cannot cd to temporary directory" | Echohl None
+ call inputsave()|call input("Press <cr> to continue")|call inputrestore()
+@@ -267,18 +270,18 @@
+
+ " handle compressed archives
+ if tarfile =~# '\.gz'
+- call system("gzip -d ".tarfile)
++ call system("gzip -d -- ".shellescape(tarfile))
+ let tarfile = substitute(tarfile,'\.gz','','e')
+- let compress= "gzip '".tarfile."'"
++ let compress= "gzip -- ".shellescape(tarfile)
+ elseif tarfile =~# '\.tgz'
+- call system("gzip -d ".tarfile)
++ call system("gzip -d -- ".shellescape(tarfile))
+ let tarfile = substitute(tarfile,'\.tgz','.tar','e')
+- let compress= "gzip '".tarfile."'"
++ let compress= "gzip -- ".shellescape(tarfile)
+ let tgz = 1
+ elseif tarfile =~# '\.bz2'
+- call system("bzip2 -d ".tarfile)
++ call system("bzip2 -d -- ".shellescape(tarfile))
+ let tarfile = substitute(tarfile,'\.bz2','','e')
+- let compress= "bzip2 '".tarfile."'"
++ let compress= "bzip2 ".shellescape(tarfile)
+ endif
+
+ if v:shell_error != 0
+@@ -291,23 +294,27 @@
+ if fname =~ '/'
+ let dirpath = substitute(fname,'/[^/]\+$','','e')
+ if executable("cygpath")
+- let dirpath = substitute(system("cygpath ".dirpath),'\n','','e')
++ let dirpath = substitute(system("cygpath ".shellescape(dirpath)),'\n','','e')
+ endif
+ call mkdir(dirpath,"p")
+ endif
+ if tarfile !~ '/'
+ let tarfile= curdir.'/'.tarfile
+ endif
++ if tarfile =~ '^\s*-'
++ " A file name starting with a dash may be taken as an option. Prepend ./ to avoid that.
++ let tarfile = substitute(tarfile, '-', './-', '')
++ endif
+ " call Decho("tarfile<".tarfile."> fname<".fname.">")
+
+- exe "w! ".fname
++ exe "w! ".fnameescape(fname)
+ if executable("cygpath")
+- let tarfile = substitute(system("cygpath ".tarfile),'\n','','e')
++ let tarfile = substitute(system("cygpath ".shellescape(tarfile)),'\n','','e')
+ endif
+
+ " delete old file from tarfile
+ " call Decho("tar --delete -f '".tarfile."' '".fname."'")
+- call system("tar --delete -f '".tarfile."' '".fname."'")
++ call system("tar --delete -f ".shellescape(tarfile)." ".shellescape(fname))
+ if v:shell_error != 0
+ echohl Error | echo "***error*** (tar#Write) sorry, unable to update ".tarfile." with ".fname | echohl None
+ call inputsave()|call input("Press <cr> to continue")|call inputrestore()
+@@ -315,7 +322,7 @@
+
+ " update tarfile with new file
+ " call Decho("tar -".g:tar_writeoptions." '".tarfile."' '".fname."'")
+- call system("tar -".g:tar_writeoptions." '".tarfile."' '".fname."'")
++ call system("tar -".g:tar_writeoptions." ".shellescape(tarfile)." ".shellescape(fname))
+ if v:shell_error != 0
+ echohl Error | echo "***error*** (tar#Write) sorry, unable to update ".tarfile." with ".fname | echohl None
+ call inputsave()|call input("Press <cr> to continue")|call inputrestore()
+@@ -337,7 +344,7 @@
+ let binkeep= &binary
+ let eikeep = &ei
+ set binary ei=all
+- exe "e! ".tarfile
++ exe "e! ".fnameescape(tarfile)
+ call netrw#NetWrite(tblfile)
+ let &ei = eikeep
+ let &binary = binkeep
+@@ -349,7 +356,7 @@
+ " cleanup and restore current directory
+ cd ..
+ call s:Rmdir("_ZIPVIM_")
+- exe "cd ".escape(curdir,' \')
++ exe "cd ".fnameescape(curdir)
+ setlocal nomod
+
+ let &report= repkeep
+@@ -361,12 +368,12 @@
+ fun! s:Rmdir(fname)
+ " call Dfunc("Rmdir(fname<".a:fname.">)")
+ if has("unix")
+- call system("/bin/rm -rf ".a:fname)
++ call system("/bin/rm -rf -- ".shellescape(a:fname))
+ elseif has("win32") || has("win95") || has("win64") || has("win16")
+ if &shell =~? "sh$"
+- call system("/bin/rm -rf ".a:fname)
++ call system("/bin/rm -rf ".shellescape(a:fname))
+ else
+- call system("del /S ".a:fname)
++ call system("del /S ".shellescape(a:fname))
+ endif
+ endif
+ " call Dret("Rmdir")
diff --git a/patches/series b/patches/series
index dd47417..4c6dcf2 100644
--- a/patches/series
+++ b/patches/series
@@ -20,3 +20,4 @@ zh_TW.po-swap_recovery_typo.diff -p0
option.c-foldnestmax_check.diff -p0
CVE-2008-2712-xpm.vim.diff -p0
CVE-2008-2712-zip.vim.diff -p0
+CVE-2008-3074-tar.vim.diff -p0
--
Vim packaging
More information about the pkg-vim-maintainers
mailing list