Merge pull request #414 from citrus-it/vim

vim: Fix CVE-2017-17087

Author: oetiker

build/vim/build.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/bash
 #
-# CDDL HEADER START
+# {{ CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
 # Common Development and Distribution License, Version 1.0 only
@@ -18,8 +18,7 @@
 # fields enclosed by brackets "[]" replaced with your own identifying
 # information: Portions Copyright [yyyy] [name of copyright owner]
 #
-# CDDL HEADER END
-#
+# CDDL HEADER END }}}
 #
 # Copyright 2016 OmniTI Computer Consulting, Inc.  All rights reserved.
 # Copyright 2017 OmniOS Community Edition (OmniOSce) Association.
@@ -29,6 +28,7 @@
 . ../../lib/functions.sh
 
 PROG=vim
+# This is the last available bundled version
 VER=8.0.586
 PKG=editor/vim
 SUMMARY="Vi IMproved"
@@ -50,7 +50,6 @@ CONFIGURE_OPTS="
     --disable-gui
     --disable-gtktest
 "
-reset_configure_opts
 
 init
 download_source $PROG $PROG $VER
@@ -62,4 +61,4 @@ make_package
 clean_up
 
 # Vim hints
-# vim:ts=4:sw=4:et:
+# vim:ts=4:sw=4:et:fdm=marker

build/vim/patches/8.0.1263-CVE-2017-17087

@@ -0,0 +1,40 @@
+Patch 8.0.1263
+Problem:    Others can read the swap file if a user is careless with his
+            primary group.
+Solution:   If the group permission allows for reading but the world
+            permissions doesn't, make sure the group is right.
+
+diff -pruN '--exclude=*.orig' vim80~/src/fileio.c vim80/src/fileio.c
+--- vim80~/src/fileio.c	2017-04-07 17:40:58.000000000 +0000
++++ vim80/src/fileio.c	2017-12-01 16:31:01.109766011 +0000
+@@ -716,7 +716,29 @@ readfile(
+ 	/* Set swap file protection bits after creating it. */
+ 	if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL
+ 			  && curbuf->b_ml.ml_mfp->mf_fname != NULL)
+-	    (void)mch_setperm(curbuf->b_ml.ml_mfp->mf_fname, (long)swap_mode);
++	{
++	    char_u *swap_fname = curbuf->b_ml.ml_mfp->mf_fname;
++
++	    /*
++	     * If the group-read bit is set but not the world-read bit, then
++	     * the group must be equal to the group of the original file.  If
++	     * we can't make that happen then reset the group-read bit.  This
++	     * avoids making the swap file readable to more users when the
++	     * primary group of the user is too permissive.
++	     */
++	    if ((swap_mode & 044) == 040)
++	    {
++		stat_T	swap_st;
++
++		if (mch_stat((char *)swap_fname, &swap_st) >= 0
++			&& st.st_gid != swap_st.st_gid
++			&& fchown(curbuf->b_ml.ml_mfp->mf_fd, -1, st.st_gid)
++									 == -1)
++		    swap_mode &= 0600;
++	    }
++
++	    (void)mch_setperm(swap_fname, (long)swap_mode);
++	}
+ #endif
+     }
+ 

build/vim/patches/series

@@ -0,0 +1 @@
+8.0.1263-CVE-2017-17087