Apply to source tree by doing:

Apply to source tree by doing:
cd /usr/src
patch -p0 < 007_recover.patch

Apply to binary tree by doing:
cd /usr/libexec
patch -p3 vi.recover < 007_recover.patch
rm vi.recover.orig # if patch succeeds

Index: usr.bin/vi/build/recover
===================================================================
RCS file: /cvs/src/usr.bin/vi/build/recover,v
retrieving revision 1.7
retrieving revision 1.9
diff -u -r1.7 -r1.9
--- usr.bin/vi/build/recover 11 Jan 2001 04:56:52 -0000 1.7
+++ usr.bin/vi/build/recover 6 Nov 2001 23:31:08 -0000 1.9
@@ -78,6 +78,7 @@
close(RECFILE);
next;
}
+ $owner = (stat(_))[4];
if (! -f _ || ! -s _) {
unlink($file) unless -d _;
close(RECFILE);
@@ -95,16 +96,31 @@
# Delete any recovery files that have no (or more than one)
# corresponding backup file.
#
- @backups = grep(/^X-vi-recover-path:/, @recfile);
- unlink($file) unless $#backups == 0;
+ @backups = grep(m#^X-vi-recover-path:\s*\Q$recoverdir\E/+#, @recfile);
+ if (@backups != 1) {
+ unlink($file);
+ next;
+ }

#
- # If recovery file is zero length, remove it.
- # Else send mail to the user.
+ # Make a copy of the backup file path.
+ # We must not modify @backups directly since it contains
+ # references to data in @recfile which we pipe to sendmail.
#
- $backups[0] =~ /^X-vi-recover-path:\s*(.*)[\r\n]*$/;
+ $backups[0] =~ m#^X-vi-recover-path:\s*\Q$recoverdir\E/+(.*)[\r\n]*$#;
$backup = $1;
- if (! -s $backup) {
+
+ #
+ # If backup file is not rooted in the recover dir, ignore it.
+ # If backup file owner doesn't match recovery file owner, ignore it.
+ # If backup file is zero length or not a regular file, remove it.
+ # Else send mail to the user.
+ #
+ if ($backup =~ m#/# || !lstat($backup)) {
+ unlink($file);
+ } elsif ($owner != 0 && (stat(_))[4] != $owner) {
+ unlink($file);
+ } elsif (! -f _ || ! -s _) {
unlink($file, $backup);
} else {
open(SENDMAIL, "|$sendmail -t") ||