diff options
| author | Remko Lodder <remko@FreeBSD.org> | 2005-08-16 16:48:41 +0000 |
|---|---|---|
| committer | Remko Lodder <remko@FreeBSD.org> | 2005-08-16 16:48:41 +0000 |
| commit | ec9063b927c04100d801449c74031154c3758571 (patch) | |
| tree | a21b9fe30184d15864b7d1017ee12f35787d0b68 /editors | |
| parent | a02d5df60081d139d8dbed68eaaabf637785a0ed (diff) | |
| download | ports-ec9063b927c04100d801449c74031154c3758571.tar.gz ports-ec9063b927c04100d801449c74031154c3758571.zip | |
Add a note about VIM's modeline support. This will instruct users
that do not need the modeline support to disable it, since it contained
remote vulnerabilities.
Reviewed by: simon
Approved by: portsmgr (blanket, secteam), obrien (maintainer)
Notes
Notes:
svn path=/head/; revision=140893
Diffstat (limited to 'editors')
| -rw-r--r-- | editors/vim/Makefile | 3 | ||||
| -rw-r--r-- | editors/vim/pkg-message | 6 |
2 files changed, 9 insertions, 0 deletions
diff --git a/editors/vim/Makefile b/editors/vim/Makefile index 1acea07b52ec..cf07df492f75 100644 --- a/editors/vim/Makefile +++ b/editors/vim/Makefile @@ -173,6 +173,9 @@ post-install: ${ECHO_CMD} "x!" >> ${WRKDIR}/ex.script ${CP} -p ${TMPPLIST} ${TMPPLIST}.pre-share-vim cd ${WRKDIR} ; ex < ex.script + @${ECHO_CMD} + @${CAT} ${PKGMESSAGE} + @${ECHO_CMD} cklatest: @-ncftpls \ diff --git a/editors/vim/pkg-message b/editors/vim/pkg-message new file mode 100644 index 000000000000..066bbb9cb5ef --- /dev/null +++ b/editors/vim/pkg-message @@ -0,0 +1,6 @@ +SECURITY NOTE: The VIM software has had several remote vulnerabilities +discovered within VIM's modeline support. It allowed remote attackers to +execute arbitrary code as the user running VIM. All known problems +have been fixed, but the FreeBSD Security Team advises that VIM users +use 'set nomodeline' in ~/.vimrc to avoid the possibility of trojaned +text files. |