vim has sufficiently improved the security of its modeline processing.

The FreeBSD Security Team no longer feels that the warning to disable modeline support is needed. Discussed with: delphij, des With Hat: secteam-ports Feature safe: yes
svn path=/head/; revision=315831
2024-11-29 01:13:08 +00:00 · 2013-04-16 16:04:14 +00:00 · 2013-04-16 16:04:14 +00:00 · 93dadb3c36 · 2021-03-31 03:12:20 +00:00
commit 93dadb3c36
parent 5727b9916c
2 changed files with 0 additions and 9 deletions
--- a/editors/vim/Makefile
+++ b/editors/vim/Makefile
@ -225,9 +225,6 @@ post-install:
 	${ECHO_CMD} "x!"				>> ${WRKDIR}/ex.script
 	${CP} -p ${TMPPLIST} ${TMPPLIST}.pre-share-vim
 	cd ${WRKDIR} ; ex < ex.script
-	@${ECHO_CMD}
-	@${CAT} ${PKGMESSAGE}
-	@${ECHO_CMD}

 .if defined(ONT_CHECKSUM)
 checksum:
--- a/editors/vim/pkg-message
+++ b/editors/vim/pkg-message
@ -1,6 +0,0 @@
-SECURITY NOTE: The VIM software has had several remote vulnerabilities
-discovered within VIM's modeline support.  It allowed remote attackers to
-execute arbitrary code as the user running VIM.  All known problems
-have been fixed, but the FreeBSD Security Team advises that VIM users
-use 'set nomodeline' in ~/.vimrc to avoid the possibility of trojaned
-text files.