Mercurial > vim

annotate .appveyor.yml @ 33664:06b59278bfcf v9.0.2070

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.2070: [security] disallow setting env in restricted mode Commit: https://github.com/vim/vim/commit/6b89dd6a7257a1e2e9c7ea070b407bc4674a5118 Author: Christian Brabandt <cb@256bit.org> Date: Thu Oct 26 22:14:17 2023 +0200 patch 9.0.2070: [security] disallow setting env in restricted mode Problem: [security] disallow setting env in restricted mode Solution: Setting environment variables in restricted mode could potentially be used to execute shell commands. Disallow this. restricted mode: disable allow setting of environment variables Setting environment variables in restricted mode, may have some unwanted consequences. So, for example by setting $GCONV_PATH in restricted mode and then calling the iconv() function, one may be able to execute some unwanted payload, because the `iconv_open()` function internally uses the `$GCONV_PATH` variable to find its conversion data. So let's disable setting environment variables, even so this is no complete protection, since we are not clearing the existing environment. I tried a few ways but wasn't successful :( One could also argue to disable the iconv() function completely in restricted mode, but who knows what other API functions can be influenced by setting some other unrelated environment variables. So let's leave it as it is currently. closes: #13394 See: https://huntr.com/bounties/b0a2eda1-459c-4e36-98e6-0cc7d7faccfe/ Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Thu, 26 Oct 2023 22:30:03 +0200
parents 93c715c63a4a
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
7121
a497a9868255 commit https://github.com/vim/vim/commit/0600f3511c6018cbcdb170a904bcf6533a06bf2d
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
1 version: "{build}"
a497a9868255 commit https://github.com/vim/vim/commit/0600f3511c6018cbcdb170a904bcf6533a06bf2d
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
2
31716
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
3 image: Visual Studio 2015
31628
238f424acc6c patch 9.0.1146: MS-Windows: various special keys/modifiers are not mappable
Bram Moolenaar <Bram@vim.org>
parents: 31561
diff changeset
4
8244
acc8029e530f commit https://github.com/vim/vim/commit/84f4996d2ab2982006d79ee69df4688c966bf8e8
Christian Brabandt <cb@256bit.org>
parents: 8242
diff changeset
5 skip_tags: true
acc8029e530f commit https://github.com/vim/vim/commit/84f4996d2ab2982006d79ee69df4688c966bf8e8
Christian Brabandt <cb@256bit.org>
parents: 8242
diff changeset
6
8242
1313d2e282dc commit https://github.com/vim/vim/commit/81275ca9ce3059148fdb65dff29f7ecdbca446fb
Christian Brabandt <cb@256bit.org>
parents: 7370
diff changeset
7 environment:
1313d2e282dc commit https://github.com/vim/vim/commit/81275ca9ce3059148fdb65dff29f7ecdbca446fb
Christian Brabandt <cb@256bit.org>
parents: 7370
diff changeset
8 matrix:
1313d2e282dc commit https://github.com/vim/vim/commit/81275ca9ce3059148fdb65dff29f7ecdbca446fb
Christian Brabandt <cb@256bit.org>
parents: 7370
diff changeset
9 - FEATURE: HUGE
31716
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
10
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
11 # Alternate environments, not used right now. 2022 is a lot slower.
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
12 #
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
13 # - job_name: VS-2015
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
14 # appveyor_build_worker_image: Visual Studio 2015
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
15 # FEATURE: HUGE
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
16
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
17 # - job_name: VS-2017
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
18 # appveyor_build_worker_image: Visual Studio 2017
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
19 # FEATURE: HUGE
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
20
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
21 # - job_name: VS-2019
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
22 # appveyor_build_worker_image: Visual Studio 2019
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
23 # FEATURE: HUGE
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
24
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
25 # - job_name: VS-2022
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
26 # appveyor_build_worker_image: Visual Studio 2022
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
27 # FEATURE: HUGE
9dd5bc4f2783 patch 9.0.1190: AppVeyor runs much slower with MSVC 2022
Bram Moolenaar <Bram@vim.org>
parents: 31690
diff changeset
28
8242
1313d2e282dc commit https://github.com/vim/vim/commit/81275ca9ce3059148fdb65dff29f7ecdbca446fb
Christian Brabandt <cb@256bit.org>
parents: 7370
diff changeset
29 # disabled
1313d2e282dc commit https://github.com/vim/vim/commit/81275ca9ce3059148fdb65dff29f7ecdbca446fb
Christian Brabandt <cb@256bit.org>
parents: 7370
diff changeset
30 # - FEATURE: TINY
21534
69a59cc69519 patch 8.2.1317: MS-Windows tests on AppVeyor are slow
Bram Moolenaar <Bram@vim.org>
parents: 19663
diff changeset
31 # - FEATURE: NORMAL
8242
1313d2e282dc commit https://github.com/vim/vim/commit/81275ca9ce3059148fdb65dff29f7ecdbca446fb
Christian Brabandt <cb@256bit.org>
parents: 7370
diff changeset
32
1313d2e282dc commit https://github.com/vim/vim/commit/81275ca9ce3059148fdb65dff29f7ecdbca446fb
Christian Brabandt <cb@256bit.org>
parents: 7370
diff changeset
33 matrix:
1313d2e282dc commit https://github.com/vim/vim/commit/81275ca9ce3059148fdb65dff29f7ecdbca446fb
Christian Brabandt <cb@256bit.org>
parents: 7370
diff changeset
34 fast_finish: true
7252
1b591fcf2517 commit https://github.com/vim/vim/commit/7487792ab14c1fb8dbdb37bdd74265d8b1d3be50
Christian Brabandt <cb@256bit.org>
parents: 7121
diff changeset
35
7121
a497a9868255 commit https://github.com/vim/vim/commit/0600f3511c6018cbcdb170a904bcf6533a06bf2d
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
36 before_build:
31690
52232e3ff22f patch 9.0.1177: AppVeyor uses some older tools
Bram Moolenaar <Bram@vim.org>
parents: 31628
diff changeset
37 - call ver
31748
0c7d833308c7 patch 9.0.1206: testing with Python on AppVeyor does not work properly
Bram Moolenaar <Bram@vim.org>
parents: 31716
diff changeset
38 - ci\appveyor.bat install
7121
a497a9868255 commit https://github.com/vim/vim/commit/0600f3511c6018cbcdb170a904bcf6533a06bf2d
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
39
a497a9868255 commit https://github.com/vim/vim/commit/0600f3511c6018cbcdb170a904bcf6533a06bf2d
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
40 build_script:
31748
0c7d833308c7 patch 9.0.1206: testing with Python on AppVeyor does not work properly
Bram Moolenaar <Bram@vim.org>
parents: 31716
diff changeset
41 - ci\appveyor.bat build
7121
a497a9868255 commit https://github.com/vim/vim/commit/0600f3511c6018cbcdb170a904bcf6533a06bf2d
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
42
a497a9868255 commit https://github.com/vim/vim/commit/0600f3511c6018cbcdb170a904bcf6533a06bf2d
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
43 test_script:
31748
0c7d833308c7 patch 9.0.1206: testing with Python on AppVeyor does not work properly
Bram Moolenaar <Bram@vim.org>
parents: 31716
diff changeset
44 - ci\appveyor.bat test
8242
1313d2e282dc commit https://github.com/vim/vim/commit/81275ca9ce3059148fdb65dff29f7ecdbca446fb
Christian Brabandt <cb@256bit.org>
parents: 7370
diff changeset
45
31561
e24772b8fbc9 patch 9.0.1113: users cannot easily try out a PR
Bram Moolenaar <Bram@vim.org>
parents: 30645
diff changeset
46 artifacts:
e24772b8fbc9 patch 9.0.1113: users cannot easily try out a PR
Bram Moolenaar <Bram@vim.org>
parents: 30645
diff changeset
47 - path: src/vim.exe
e24772b8fbc9 patch 9.0.1113: users cannot easily try out a PR
Bram Moolenaar <Bram@vim.org>
parents: 30645
diff changeset
48 name: vim
e24772b8fbc9 patch 9.0.1113: users cannot easily try out a PR
Bram Moolenaar <Bram@vim.org>
parents: 30645
diff changeset
49 - path: src/gvim.exe
e24772b8fbc9 patch 9.0.1113: users cannot easily try out a PR
Bram Moolenaar <Bram@vim.org>
parents: 30645
diff changeset
50 name: gvim
e24772b8fbc9 patch 9.0.1113: users cannot easily try out a PR
Bram Moolenaar <Bram@vim.org>
parents: 30645
diff changeset
51
10080
e836872c2a4c commit https://github.com/vim/vim/commit/dd905a2ae14bf2ee59a068f1c3acbca1ff0b7067
Christian Brabandt <cb@256bit.org>
parents: 8244
diff changeset
52 # vim: sw=2 sts=2 et ts=8 sr