diff options
author | remko <remko@FreeBSD.org> | 2005-08-17 00:48:41 +0800 |
---|---|---|
committer | remko <remko@FreeBSD.org> | 2005-08-17 00:48:41 +0800 |
commit | 301c04880b885958c0e284d48d381cc2a41f9a5d (patch) | |
tree | 88e2972c648919615699d5bc133a708bf1769ed2 /editors | |
parent | a14da5ee7ac75d278ab3238933098613bbbf6f26 (diff) | |
download | freebsd-ports-gnome-301c04880b885958c0e284d48d381cc2a41f9a5d.tar.gz freebsd-ports-gnome-301c04880b885958c0e284d48d381cc2a41f9a5d.tar.zst freebsd-ports-gnome-301c04880b885958c0e284d48d381cc2a41f9a5d.zip |
Add a note about VIM's modeline support. This will instruct users
that do not need the modeline support to disable it, since it contained
remote vulnerabilities.
Reviewed by: simon
Approved by: portsmgr (blanket, secteam), obrien (maintainer)
Diffstat (limited to 'editors')
-rw-r--r-- | editors/vim/Makefile | 3 | ||||
-rw-r--r-- | editors/vim/pkg-message | 6 |
2 files changed, 9 insertions, 0 deletions
diff --git a/editors/vim/Makefile b/editors/vim/Makefile index 1acea07b52ec..cf07df492f75 100644 --- a/editors/vim/Makefile +++ b/editors/vim/Makefile @@ -173,6 +173,9 @@ post-install: ${ECHO_CMD} "x!" >> ${WRKDIR}/ex.script ${CP} -p ${TMPPLIST} ${TMPPLIST}.pre-share-vim cd ${WRKDIR} ; ex < ex.script + @${ECHO_CMD} + @${CAT} ${PKGMESSAGE} + @${ECHO_CMD} cklatest: @-ncftpls \ diff --git a/editors/vim/pkg-message b/editors/vim/pkg-message new file mode 100644 index 000000000000..066bbb9cb5ef --- /dev/null +++ b/editors/vim/pkg-message @@ -0,0 +1,6 @@ +SECURITY NOTE: The VIM software has had several remote vulnerabilities +discovered within VIM's modeline support. It allowed remote attackers to +execute arbitrary code as the user running VIM. All known problems +have been fixed, but the FreeBSD Security Team advises that VIM users +use 'set nomodeline' in ~/.vimrc to avoid the possibility of trojaned +text files. |