X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-oi0-f68.google.com (mail-oi0-f68.google.com [209.85.218.68])
	by lists.alpinelinux.org (Postfix) with ESMTP id 2D9735C442F
	for <alpine-aports@lists.alpinelinux.org>; Tue, 22 Nov 2016 21:28:50 +0000 (GMT)
Received: by mail-oi0-f68.google.com with SMTP id v84so4691608oie.2
        for <alpine-aports@lists.alpinelinux.org>; Tue, 22 Nov 2016 13:28:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:to:subject:date:message-id;
        bh=baV3837qur73BVBm9B4tvvpZcQcsdpk7X3Yz5T2F1kE=;
        b=xexicbxQHmLXPEBzJntQgLidETEC8mYZLu8IV+FaLNSsw1gfZk4tpIXunZ4gk/pjV1
         ePVXFwkVp47uz33hw30zCx8bn1h2HMLFwvfLH0SEHJ0Tn7zKUt2lLcGyGfy66mmBKcnx
         4on1gTwk6gY8q9iJrdtlrdarGGH325uUc7+4Eh8rWaKl0Od/3l7/Ea7EfEnQ4Wm2QnUd
         qrD1TrpeQ35qz97sK9EwtYyNdCVBpYmJp2gj8vB+F9ycT0JorgBQAMg4A7D4NlYcYv91
         vSVsQrYE1OIr9jMraixs7/2nUQj4p9hwn+CgbpnhQpRKPeiWKq7UqaiuLNWEr2+4rIJh
         faEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:to:subject:date:message-id;
        bh=baV3837qur73BVBm9B4tvvpZcQcsdpk7X3Yz5T2F1kE=;
        b=nLOAnmEASZcciKIZoUpoxaLnFQtNbJzR8jMUmSUZtSPEBv9R3OmUX/0P6lFjo8lvf8
         j/ltu7bCj4I7QliqiGkt6FAGZWnyi1djDIdljAFfFH2cW2OzTjt/l2NQ6YmIR1LO94xH
         UBWlI5TP6XLiQ4P4iyE+rMgHv5D8tc9l3YlNQsNXP4nYW9d2VBD+lkWWlj0KYk5dbKPg
         fUZ4oJ0An4+CFgvOYsfEOh2fl91YxhEmwQuo9pNoMGZnKq8ztfCz68WfCP+v20BibxAS
         kTVKR0hmmzoVo/N/QMVD/VrzYbkeiQ3FuI2HZvjfSLk3rwOtr8EjiPewY1YUzjueq0wa
         iKJA==
X-Gm-Message-State: AKaTC01eyn3viBuHmvWLvb/rjX/CKQxdCTLcUZg341wNtRceNRonnfXYz3RbwQcZZG5NeA==
X-Received: by 10.157.10.40 with SMTP id 37mr12997165otg.190.1479850129724;
        Tue, 22 Nov 2016 13:28:49 -0800 (PST)
Received: from alp.my.domain ([2600:8807:c246:be00:9eb7:dff:feb2:27a1])
        by smtp.gmail.com with ESMTPSA id q8sm7301058oia.22.2016.11.22.13.28.49
        for <alpine-aports@lists.alpinelinux.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 22 Nov 2016 13:28:49 -0800 (PST)
From: Daniel Sabogal <dsabogalcc@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Subject: [alpine-aports] [PATCH] community/neovim: security fix for CVE-2016-1248
Date: Tue, 22 Nov 2016 16:28:57 -0500
Message-Id: <20161122212857.29033-1-dsabogalcc@gmail.com>
X-Mailer: git-send-email 2.10.2
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

Patch from Debian unstable (0.1.6-4)
---
 community/neovim/APKBUILD            | 18 ++++++---
 community/neovim/CVE-2016-1248.patch | 71 ++++++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+), 5 deletions(-)
 create mode 100644 community/neovim/CVE-2016-1248.patch

diff --git a/community/neovim/APKBUILD b/community/neovim/APKBUILD
index f5190e0..cabf75b 100644
--- a/community/neovim/APKBUILD
+++ b/community/neovim/APKBUILD
@@ -3,7 +3,7 @@
 # TODO: Try to trim the base package to include only common syntax files etc.
 pkgname=neovim
 pkgver=0.1.6
-pkgrel=0
+pkgrel=1
 pkgdesc="Vim-fork focused on extensibility and agility"
 url="https://neovim.io"
 arch="all"
@@ -13,9 +13,14 @@ makedepends="cmake gettext-dev gperf libtermkey-dev libuv-dev libvterm-dev
 	lua5.1-lpeg lua5.1-mpack luajit-dev msgpack-c-dev unibilium-dev"
 subpackages="$pkgname-lang $pkgname-doc"
 source="$pkgname-$pkgver.tar.gz::https://github.com/neovim/$pkgname/archive/v$pkgver.tar.gz
-	nodoc.txt"
+	nodoc.txt
+	CVE-2016-1248.patch"
 builddir="$srcdir/$pkgname-$pkgver"
 
+# secfixes:
+#   0.1.6-r1:
+#     - CVE-2016-1248
+
 build() {
 	mkdir -p "$builddir"/build
 	cd "$builddir"/build
@@ -55,8 +60,11 @@ doc() {
 }
 
 md5sums="307978937c7fc2ebd796b345d99ed7cd  neovim-0.1.6.tar.gz
-c910a91b399ebbd498cf6f96ce247cb6  nodoc.txt"
+c910a91b399ebbd498cf6f96ce247cb6  nodoc.txt
+62fa2153774023d9a9882c4f5987911c  CVE-2016-1248.patch"
 sha256sums="a9fe7aadd38ef015f82ec340f6b6c0629d02c9ca4d85352db0934ae511d2f02a  neovim-0.1.6.tar.gz
-7ecadab8a847334060eb1f16e5c0cec6e12e183d8695f6f924429184cd22e463  nodoc.txt"
+7ecadab8a847334060eb1f16e5c0cec6e12e183d8695f6f924429184cd22e463  nodoc.txt
+8182111c741004de62543050958b535d300969ab395a0853cfe38e1d7adfc1aa  CVE-2016-1248.patch"
 sha512sums="360d69bc11a3cb7b2c203adc7e76edad736b1a2fb7033d2d0c6444da168053ea0b621daf7978e9c158e14c5e04af8599005bf5eb800d9d1776007257b0e0e56f  neovim-0.1.6.tar.gz
-72ab288f53acddc088c567aafe8c5afa6835325fab7879e782d1d62f87a662f3a6bac123c450debbae1b32336cc60b2830b429838ee3dfcc7524773b5069f4f0  nodoc.txt"
+72ab288f53acddc088c567aafe8c5afa6835325fab7879e782d1d62f87a662f3a6bac123c450debbae1b32336cc60b2830b429838ee3dfcc7524773b5069f4f0  nodoc.txt
+0bc6db4051564e4a2146e403c0a3f7128457b5190594ac570f51f787d6f70e80d692b7c1d3431273f6bc4a7edf24f6978590953fce6fc935c12ceb07d5c6bd92  CVE-2016-1248.patch"
diff --git a/community/neovim/CVE-2016-1248.patch b/community/neovim/CVE-2016-1248.patch
new file mode 100644
index 0000000..4a20d14
--- /dev/null
+++ b/community/neovim/CVE-2016-1248.patch
@@ -0,0 +1,71 @@
+From 177272f1f76565205c5c381bdf7dd020d7c5a5a8 Mon Sep 17 00:00:00 2001
+From: James McCoy <jamessan@jamessan.com>
+Date: Sun, 20 Nov 2016 08:42:38 -0700
+Subject: [PATCH] vim-patch:8.0.0056
+
+Problem:    When setting 'filetype' there is no check for a valid name.
+Solution:   Only allow valid characters in 'filetype', 'syntax' and 'keymap'.
+
+https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
+---
+ src/nvim/option.c | 33 ++++++++++++++++++++++++++++-----
+ 1 file changed, 28 insertions(+), 5 deletions(-)
+
+diff --git a/src/nvim/option.c b/src/nvim/option.c
+index 5f338ea..24444ee 100644
+--- a/src/nvim/option.c
++++ b/src/nvim/option.c
+@@ -2389,6 +2389,18 @@ static char *set_string_option(const int opt_idx, const char *const value,
+   return r;
+ }
+ 
++/// Return true if "val" is a valid 'filetype' name.
++/// Also used for 'syntax' and 'keymap'.
++static bool valid_filetype(char_u *val)
++{
++  for (char_u *s = val; *s != NUL; s++) {
++    if (!ASCII_ISALNUM(*s) && vim_strchr((char_u *)".-_", *s) == NULL) {
++      return false;
++    }
++  }
++  return true;
++}
++
+ /*
+  * Handle string options that need some action to perform when changed.
+  * Returns NULL for success, or an error message for an error.
+@@ -2620,8 +2632,12 @@ did_set_string_option (
+     xfree(p_penc);
+     p_penc = p;
+   } else if (varp == &curbuf->b_p_keymap) {
+-    /* load or unload key mapping tables */
+-    errmsg = keymap_init();
++    if (!valid_filetype(*varp)) {
++      errmsg = e_invarg;
++    } else {
++      // load or unload key mapping tables
++      errmsg = keymap_init();
++    }
+ 
+     if (errmsg == NULL) {
+       if (*curbuf->b_p_keymap != NUL) {
+@@ -3110,9 +3126,16 @@ did_set_string_option (
+   else if (gvarp == &p_cino) {
+     /* TODO: recognize errors */
+     parse_cino(curbuf);
+-  }
+-  /* Options that are a list of flags. */
+-  else {
++  } else if (gvarp == &p_ft) {
++    if (!valid_filetype(*varp)) {
++      errmsg = e_invarg;
++    }
++  } else if (gvarp == &p_syn) {
++    if (!valid_filetype(*varp)) {
++      errmsg = e_invarg;
++    }
++  } else {
++    // Options that are a list of flags.
+     p = NULL;
+     if (varp == &p_ww)
+       p = (char_u *)WW_ALL;
-- 
2.10.2



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---