new file mode 100644

@@ -0,0 +1,64 @@

+From 5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 Mon Sep 17 00:00:00 2001

+From: Bram Moolenaar <Bram@vim.org>

+Date: Sat, 4 Nov 2017 21:35:01 +0100

+Subject: [PATCH] patch 8.0.1263: others can read the swap file if a user is

+ careless

+

+Problem:    Others can read the swap file if a user is careless with his

+            primary group.

+Solution:   If the group permission allows for reading but the world

+            permissions doesn't, make sure the group is right.

+---

+ src/Makefile              |   1 +

+ src/fileio.c              |  24 +++++++++-

+ src/testdir/test_swap.vim | 112 ++++++++++++++++++++++++++++++----------------

+ src/version.c             |   2 +

+ 4 files changed, 99 insertions(+), 40 deletions(-)

+

+diff --git a/src/Makefile b/src/Makefile

+index e55e830..48487aa 100644

+--- a/src/Makefile

+@@ -2259,6 +2259,7 @@ test_arglist \

+ 	test_stat \

+ 	test_statusline \

+ 	test_substitute \

++	test_swap \

+ 	test_syn_attr \

+ 	test_syntax \

+ 	test_system \

+diff --git a/src/fileio.c b/src/fileio.c

+index 87b85cf..34dcdb6 100644

+--- a/src/fileio.c

+@@ -716,7 +716,29 @@ readfile(

+ 	/* Set swap file protection bits after creating it. */

+ 	if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL

+ 			  && curbuf->b_ml.ml_mfp->mf_fname != NULL)

+-	    (void)mch_setperm(curbuf->b_ml.ml_mfp->mf_fname, (long)swap_mode);

++	{

++	    char_u *swap_fname = curbuf->b_ml.ml_mfp->mf_fname;

++

++	    /*

++	     * If the group-read bit is set but not the world-read bit, then

++	     * the group must be equal to the group of the original file.  If

++	     * we can't make that happen then reset the group-read bit.  This

++	     * avoids making the swap file readable to more users when the

++	     * primary group of the user is too permissive.

++	     */

++	    if ((swap_mode & 044) == 040)

++	    {

++		stat_T	swap_st;

++

++		if (mch_stat((char *)swap_fname, &swap_st) >= 0

++			&& st.st_gid != swap_st.st_gid

++			&& fchown(curbuf->b_ml.ml_mfp->mf_fd, -1, st.st_gid)

++									 == -1)

++		    swap_mode &= 0600;

++	    }

++

++	    (void)mch_setperm(swap_fname, (long)swap_mode);

++	}

+ #endif

+     }

+ 

@@ -3,7 +3,7 @@

 Summary:        Text editor

 Name:           vim

 Version:        8.0.0533

-Release:        3%{?dist}

+Release:        4%{?dist}

 License:        Charityware

 URL:            http://www.vim.org

 Group:          Applications/Editors

@@ -12,6 +12,7 @@ Distribution:   Photon

 Source0:        %{name}-%{version}.tar.gz

 %define sha1    vim=6169cece15cb139db3ceff9c9ba2bf74013b1e02

 BuildRequires:  ncurses-devel

+Patch0:         CVE-2017-17087.patch

 %description

 The Vim package contains a powerful text editor.

@@ -26,6 +27,8 @@ The vim extra package contains a extra files for powerful text editor.

 %prep

 %setup -q

+%patch0 -p1

+

 echo '#define SYS_VIMRC_FILE "/etc/vimrc"' >> src/feature.h

 %build

 ./configure \

@@ -165,6 +168,8 @@ make test

 %{_bindir}/vimdiff

 %changelog

+*   Tue Jul 10 2018 Tapas Kundu <tkundu@vmware.com> 8.0.0533-4

+-   Fix for CVE-2017-17087.patch.

 *   Mon Aug 14 2017 Chang Lee <changlee@vmware.com>  8.0.0533-3

 -   Disabled Test_recover_root_dir in %check

 *   Tue May 02 2017 Anish Swaminathan <anishs@vmware.com>  8.0.0533-2