Mercurial > vim
annotate .cirrus.yml @ 33096:828bcb1a37e7 v9.0.1833
patch 9.0.1833: [security] runtime file fixes
Commit: https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c
Author: Christian Brabandt <cb@256bit.org>
Date: Thu Aug 31 23:52:30 2023 +0200
patch 9.0.1833: [security] runtime file fixes
Problem: runtime files may execute code in current dir
Solution: only execute, if not run from current directory
The perl, zig and ruby filetype plugins and the zip and gzip autoload
plugins may try to load malicious executable files from the current
working directory. This is especially a problem on windows, where the
current directory is implicitly in your $PATH and windows may even run a
file with the extension `.bat` because of $PATHEXT.
So make sure that we are not trying to execute a file from the current
directory. If this would be the case, error out (for the zip and gzip)
plugins or silently do not run those commands (for the ftplugins).
This assumes, that only the current working directory is bad. For all
other directories, it is assumed that those directories were
intentionally set to the $PATH by the user.
Signed-off-by: Christian Brabandt <cb@256bit.org>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Fri, 01 Sep 2023 00:00:02 +0200 |
| parents | 3046c7ce2469 |
| children | 6c1d29d45734 |
| rev | line source |
|---|---|
|
18728
9f1cf1458708
patch 8.1.2354: Cirrus CI runs on another repository
Bram Moolenaar <Bram@vim.org>
parents:
18722
diff
changeset
|
1 env: |
|
18736
97d534e17874
patch 8.1.2358: tests fail on Cirrus CI for FreeBSD
Bram Moolenaar <Bram@vim.org>
parents:
18728
diff
changeset
|
2 CIRRUS_CLONE_DEPTH: 3 |
|
18728
9f1cf1458708
patch 8.1.2354: Cirrus CI runs on another repository
Bram Moolenaar <Bram@vim.org>
parents:
18722
diff
changeset
|
3 FEATURES: huge |
|
9f1cf1458708
patch 8.1.2354: Cirrus CI runs on another repository
Bram Moolenaar <Bram@vim.org>
parents:
18722
diff
changeset
|
4 |
|
28729
1bd1bfc64a47
patch 8.2.4889: CI only tests with FreeBSD 12
Bram Moolenaar <Bram@vim.org>
parents:
28658
diff
changeset
|
5 freebsd_task: |
|
1bd1bfc64a47
patch 8.2.4889: CI only tests with FreeBSD 12
Bram Moolenaar <Bram@vim.org>
parents:
28658
diff
changeset
|
6 name: FreeBSD |
|
1bd1bfc64a47
patch 8.2.4889: CI only tests with FreeBSD 12
Bram Moolenaar <Bram@vim.org>
parents:
28658
diff
changeset
|
7 matrix: |
|
1bd1bfc64a47
patch 8.2.4889: CI only tests with FreeBSD 12
Bram Moolenaar <Bram@vim.org>
parents:
28658
diff
changeset
|
8 - name: FreeBSD 13.1 |
|
1bd1bfc64a47
patch 8.2.4889: CI only tests with FreeBSD 12
Bram Moolenaar <Bram@vim.org>
parents:
28658
diff
changeset
|
9 freebsd_instance: |
|
1bd1bfc64a47
patch 8.2.4889: CI only tests with FreeBSD 12
Bram Moolenaar <Bram@vim.org>
parents:
28658
diff
changeset
|
10 image_family: freebsd-13-1 |
|
31381
d81e09faf28e
patch 9.0.1024: CI doesn't use the latest FreeBSD version
Bram Moolenaar <Bram@vim.org>
parents:
30683
diff
changeset
|
11 - name: FreeBSD 12.4 |
|
28729
1bd1bfc64a47
patch 8.2.4889: CI only tests with FreeBSD 12
Bram Moolenaar <Bram@vim.org>
parents:
28658
diff
changeset
|
12 freebsd_instance: |
|
31381
d81e09faf28e
patch 9.0.1024: CI doesn't use the latest FreeBSD version
Bram Moolenaar <Bram@vim.org>
parents:
30683
diff
changeset
|
13 image_family: freebsd-12-4 |
|
23225
b2660a8bbf36
patch 8.2.2158: CI on cirrus times out, coveralls doesn't always run
Bram Moolenaar <Bram@vim.org>
parents:
21580
diff
changeset
|
14 timeout_in: 20m |
|
18722
3bc59131171f
Cirrus CI: add a simple CI using BSD
Bram Moolenaar <Bram@vim.org>
parents:
diff
changeset
|
15 install_script: |
|
28658
3a4ed4d1080d
patch 8.2.4853: CI with FreeBSD is a bit outdated
Bram Moolenaar <Bram@vim.org>
parents:
23225
diff
changeset
|
16 - pkg install -y gettext |
|
18722
3bc59131171f
Cirrus CI: add a simple CI using BSD
Bram Moolenaar <Bram@vim.org>
parents:
diff
changeset
|
17 build_script: |
|
18728
9f1cf1458708
patch 8.1.2354: Cirrus CI runs on another repository
Bram Moolenaar <Bram@vim.org>
parents:
18722
diff
changeset
|
18 - NPROC=$(getconf _NPROCESSORS_ONLN) |
|
9f1cf1458708
patch 8.1.2354: Cirrus CI runs on another repository
Bram Moolenaar <Bram@vim.org>
parents:
18722
diff
changeset
|
19 - ./configure --with-features=${FEATURES} |
|
9f1cf1458708
patch 8.1.2354: Cirrus CI runs on another repository
Bram Moolenaar <Bram@vim.org>
parents:
18722
diff
changeset
|
20 - make -j${NPROC} |
|
21580
93dae47699fb
patch 8.2.1340: some tests fail on Cirrus CI and/or with FreeBSD
Bram Moolenaar <Bram@vim.org>
parents:
20299
diff
changeset
|
21 test_script: |
|
18728
9f1cf1458708
patch 8.1.2354: Cirrus CI runs on another repository
Bram Moolenaar <Bram@vim.org>
parents:
18722
diff
changeset
|
22 - src/vim --version |
|
21580
93dae47699fb
patch 8.2.1340: some tests fail on Cirrus CI and/or with FreeBSD
Bram Moolenaar <Bram@vim.org>
parents:
20299
diff
changeset
|
23 # run tests as user "cirrus" instead of root |
|
93dae47699fb
patch 8.2.1340: some tests fail on Cirrus CI and/or with FreeBSD
Bram Moolenaar <Bram@vim.org>
parents:
20299
diff
changeset
|
24 - pw useradd cirrus -m |
|
93dae47699fb
patch 8.2.1340: some tests fail on Cirrus CI and/or with FreeBSD
Bram Moolenaar <Bram@vim.org>
parents:
20299
diff
changeset
|
25 - chown -R cirrus:cirrus . |
|
93dae47699fb
patch 8.2.1340: some tests fail on Cirrus CI and/or with FreeBSD
Bram Moolenaar <Bram@vim.org>
parents:
20299
diff
changeset
|
26 - sudo -u cirrus make test |
|
30489
1e4d93103d01
patch 9.0.0580: no CI running for MacOS on M1
Bram Moolenaar <Bram@vim.org>
parents:
28729
diff
changeset
|
27 |
|
1e4d93103d01
patch 9.0.0580: no CI running for MacOS on M1
Bram Moolenaar <Bram@vim.org>
parents:
28729
diff
changeset
|
28 macos_task: |
|
30683
9549234f3f95
patch 9.0.0676: CI on Mac M1 with gcc actually uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30667
diff
changeset
|
29 name: macOS m1 |
|
30489
1e4d93103d01
patch 9.0.0580: no CI running for MacOS on M1
Bram Moolenaar <Bram@vim.org>
parents:
28729
diff
changeset
|
30 macos_instance: |
|
1e4d93103d01
patch 9.0.0580: no CI running for MacOS on M1
Bram Moolenaar <Bram@vim.org>
parents:
28729
diff
changeset
|
31 image: ghcr.io/cirruslabs/macos-ventura-xcode:latest |
|
30683
9549234f3f95
patch 9.0.0676: CI on Mac M1 with gcc actually uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30667
diff
changeset
|
32 env: |
|
9549234f3f95
patch 9.0.0676: CI on Mac M1 with gcc actually uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30667
diff
changeset
|
33 # only run with clang, gcc is not real, it is a link to clang |
|
9549234f3f95
patch 9.0.0676: CI on Mac M1 with gcc actually uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30667
diff
changeset
|
34 CC: clang |
|
30489
1e4d93103d01
patch 9.0.0580: no CI running for MacOS on M1
Bram Moolenaar <Bram@vim.org>
parents:
28729
diff
changeset
|
35 timeout_in: 20m |
|
1e4d93103d01
patch 9.0.0580: no CI running for MacOS on M1
Bram Moolenaar <Bram@vim.org>
parents:
28729
diff
changeset
|
36 install_script: |
|
30667
6f76a14e0140
patch 9.0.0668: CI on Mac M1 only uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30521
diff
changeset
|
37 - brew update |
|
32234
e87f89061076
patch 9.0.1448: diff test fails on MacOS 13
Bram Moolenaar <Bram@vim.org>
parents:
31381
diff
changeset
|
38 - brew install gettext libtool diffutils |
|
30667
6f76a14e0140
patch 9.0.0668: CI on Mac M1 only uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30521
diff
changeset
|
39 build_script: |
|
6f76a14e0140
patch 9.0.0668: CI on Mac M1 only uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30521
diff
changeset
|
40 - NPROC=$(getconf _NPROCESSORS_ONLN) |
|
6f76a14e0140
patch 9.0.0668: CI on Mac M1 only uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30521
diff
changeset
|
41 - ./configure --with-features=${FEATURES} |
|
6f76a14e0140
patch 9.0.0668: CI on Mac M1 only uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30521
diff
changeset
|
42 - make -j${NPROC} |
|
6f76a14e0140
patch 9.0.0668: CI on Mac M1 only uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30521
diff
changeset
|
43 test_script: |
|
6f76a14e0140
patch 9.0.0668: CI on Mac M1 only uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30521
diff
changeset
|
44 - src/vim --version |
|
6f76a14e0140
patch 9.0.0668: CI on Mac M1 only uses clang
Bram Moolenaar <Bram@vim.org>
parents:
30521
diff
changeset
|
45 - make test |