Change-Id: I4cb56954569334db478e08d80fb6127d4042cf2a
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/2081
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,13 @@ |
0 |
+diff -rup vim74/src/spell.c vim74-new/src/spell.c |
|
1 |
+--- vim74/src/spell.c 2013-07-17 08:28:28.000000000 -0700 |
|
2 |
+@@ -4043,6 +4043,9 @@ spell_read_tree(fd, bytsp, idxsp, prefix |
|
3 |
+ len = get4c(fd); |
|
4 |
+ if (len < 0) |
|
5 |
+ return SP_TRUNCERROR; |
|
6 |
++ if (len >= 0x3fffffff) |
|
7 |
++ /* Invalid length, multiply with sizeof(int) would overflow. */ |
|
8 |
++ return SP_FORMERROR; |
|
9 |
+ if (len > 0) |
|
10 |
+ { |
|
11 |
+ /* Allocate the byte array. */ |
... | ... |
@@ -3,7 +3,7 @@ |
3 | 3 |
Summary: Text editor |
4 | 4 |
Name: vim |
5 | 5 |
Version: 7.4 |
6 |
-Release: 8%{?dist} |
|
6 |
+Release: 9%{?dist} |
|
7 | 7 |
License: Charityware |
8 | 8 |
URL: http://www.vim.org |
9 | 9 |
Group: Applications/Editors |
... | ... |
@@ -12,6 +12,7 @@ Distribution: Photon |
12 | 12 |
Source0: %{name}-%{version}.tar.bz2 |
13 | 13 |
%define sha1 vim=601abf7cc2b5ab186f40d8790e542f86afca86b7 |
14 | 14 |
Patch0: vim-CVE-2016-1248.patch |
15 |
+Patch1: vim-7.4-CVE-2017-5953.patch |
|
15 | 16 |
BuildRequires: ncurses-devel |
16 | 17 |
Requires: tcsh |
17 | 18 |
|
... | ... |
@@ -29,6 +30,7 @@ The vim extra package contains a extra files for powerful text editor. |
29 | 29 |
%prep |
30 | 30 |
%setup -q -n %{name}74 |
31 | 31 |
%patch0 -p1 |
32 |
+%patch1 -p1 |
|
32 | 33 |
echo '#define SYS_VIMRC_FILE "/etc/vimrc"' >> src/feature.h |
33 | 34 |
%build |
34 | 35 |
./configure \ |
... | ... |
@@ -157,6 +159,8 @@ make test |
157 | 157 |
%{_bindir}/vimdiff |
158 | 158 |
|
159 | 159 |
%changelog |
160 |
+* Fri Feb 17 2017 Anish Swaminathan <anishs@vmware.com> 7.4-9 |
|
161 |
+- Fix for CVE-2017-5953 |
|
160 | 162 |
* Fri Nov 18 2016 Anish Swaminathan <anishs@vmware.com> 7.4-8 |
161 | 163 |
- Fix for CVE-2016-1248 |
162 | 164 |
* Wed Oct 05 2016 ChangLee <changlee@vmware.com> 7.4-7 |