Browse code
Fix for CVE-2017-1000382
Move the swap file location to protect against CVE-2017-1000382
Change-Id: Iadbc39933c85dce3fd89c7c85d2a31cf2b652c98
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5356
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Tapas Kundu authored on 2018/07/16 23:11:24Showing 1 changed files
| ... | ... |
@@ -3,7 +3,7 @@ |
| 3 | 3 |
Summary: Text editor |
| 4 | 4 |
Name: vim |
| 5 | 5 |
Version: 7.4 |
| 6 |
-Release: 9%{?dist}
|
|
| 6 |
+Release: 10%{?dist}
|
|
| 7 | 7 |
License: Charityware |
| 8 | 8 |
URL: http://www.vim.org |
| 9 | 9 |
Group: Applications/Editors |
| ... | ... |
@@ -56,7 +56,12 @@ color desert |
| 56 | 56 |
if (&term == "iterm") || (&term == "putty") |
| 57 | 57 |
set background=dark |
| 58 | 58 |
endif |
| 59 |
- |
|
| 59 |
+" Move the swap file location to protect against CVE-2017-1000382 |
|
| 60 |
+" More information at http://security.cucumberlinux.com/security/details.php?id=120 |
|
| 61 |
+if ! isdirectory("~/.vim/swap/")
|
|
| 62 |
+ call system('install -d -m 700 ~/.vim/swap')
|
|
| 63 |
+endif |
|
| 64 |
+set directory=~/.vim/swap// |
|
| 60 | 65 |
" End /etc/vimrc |
| 61 | 66 |
EOF |
| 62 | 67 |
|
| ... | ... |
@@ -151,6 +156,8 @@ EOF |
| 151 | 151 |
%{_bindir}/vimdiff
|
| 152 | 152 |
|
| 153 | 153 |
%changelog |
| 154 |
+* Thu Jul 12 2018 Tapas Kundu <tkundu@vmware.com> 7.4-10 |
|
| 155 |
+- Fix for CVE-2017-1000382 |
|
| 154 | 156 |
* Mon Apr 3 2017 Alexey Makhalov <amakhalov@vmware.com> 7.4-9 |
| 155 | 157 |
- Use specified version of ncurses wich has long chtype and mmask_t |
| 156 | 158 |
(see ncurses changelog) |