aboutsummaryrefslogtreecommitdiffstats
path: root/editors
diff options
context:
space:
mode:
authorremko <remko@FreeBSD.org>2005-08-17 00:48:41 +0800
committerremko <remko@FreeBSD.org>2005-08-17 00:48:41 +0800
commit301c04880b885958c0e284d48d381cc2a41f9a5d (patch)
tree88e2972c648919615699d5bc133a708bf1769ed2 /editors
parenta14da5ee7ac75d278ab3238933098613bbbf6f26 (diff)
downloadfreebsd-ports-gnome-301c04880b885958c0e284d48d381cc2a41f9a5d.tar.gz
freebsd-ports-gnome-301c04880b885958c0e284d48d381cc2a41f9a5d.tar.zst
freebsd-ports-gnome-301c04880b885958c0e284d48d381cc2a41f9a5d.zip
Add a note about VIM's modeline support. This will instruct users
that do not need the modeline support to disable it, since it contained remote vulnerabilities. Reviewed by: simon Approved by: portsmgr (blanket, secteam), obrien (maintainer)
Diffstat (limited to 'editors')
-rw-r--r--editors/vim/Makefile3
-rw-r--r--editors/vim/pkg-message6
2 files changed, 9 insertions, 0 deletions
diff --git a/editors/vim/Makefile b/editors/vim/Makefile
index 1acea07b52ec..cf07df492f75 100644
--- a/editors/vim/Makefile
+++ b/editors/vim/Makefile
@@ -173,6 +173,9 @@ post-install:
${ECHO_CMD} "x!" >> ${WRKDIR}/ex.script
${CP} -p ${TMPPLIST} ${TMPPLIST}.pre-share-vim
cd ${WRKDIR} ; ex < ex.script
+ @${ECHO_CMD}
+ @${CAT} ${PKGMESSAGE}
+ @${ECHO_CMD}
cklatest:
@-ncftpls \
diff --git a/editors/vim/pkg-message b/editors/vim/pkg-message
new file mode 100644
index 000000000000..066bbb9cb5ef
--- /dev/null
+++ b/editors/vim/pkg-message
@@ -0,0 +1,6 @@
+SECURITY NOTE: The VIM software has had several remote vulnerabilities
+discovered within VIM's modeline support. It allowed remote attackers to
+execute arbitrary code as the user running VIM. All known problems
+have been fixed, but the FreeBSD Security Team advises that VIM users
+use 'set nomodeline' in ~/.vimrc to avoid the possibility of trojaned
+text files.