From 1d29eb2e408d7b8b5a3be3348edbb6d23513ecc8 Mon Sep 17 00:00:00 2001 From: ut001695 Date: Fri, 17 Nov 2023 14:01:12 +0800 Subject: [PATCH] fix:CVE-2023-48235 --- backport-CVE-2023-48235.patch | 54 +++++++++++++++++++++++++++++++++++ vim.spec | 9 +++++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2023-48235.patch diff --git a/backport-CVE-2023-48235.patch b/backport-CVE-2023-48235.patch new file mode 100644 index 0000000..e5da54d --- /dev/null +++ b/backport-CVE-2023-48235.patch @@ -0,0 +1,54 @@ +From 9a4e6805a43ef295f71a94971ccc79fa48eb3100 Mon Sep 17 00:00:00 2001 +From: root +Date: Fri, 17 Nov 2023 13:52:58 +0800 +Subject: [PATCH] CVE-2023-48235 + +--- + src/ex_docmd.c | 2 +- + src/testdir/test_excmd.vim | 5 ++++- + src/version.c | 2 ++ + 3 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index e8e41ad..559dc1b 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -4603,7 +4603,7 @@ get_address( + lnum -= n; + else + { +- if (n >= LONG_MAX - lnum) ++ if (lnum >= 0 && n >= LONG_MAX - lnum) + { + emsg(_(e_line_number_out_of_range)); + goto error; +diff --git a/src/testdir/test_excmd.vim b/src/testdir/test_excmd.vim +index f55e6a5..d6f3a37 100644 +--- a/src/testdir/test_excmd.vim ++++ b/src/testdir/test_excmd.vim +@@ -725,5 +725,8 @@ func Test_using_zero_in_range() + bwipe! + endfunc + +- ++" catch address lines overflow ++func Test_ex_address_range_overflow() ++ call assert_fails(':--+foobar', 'E492:') ++endfunc + " vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 5e21279..6cf6862 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -735,6 +735,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 2110, + /**/ + 0 + }; +-- +2.27.0 + diff --git a/vim.spec b/vim.spec index 997f6a8..843525a 100644 --- a/vim.spec +++ b/vim.spec @@ -12,7 +12,7 @@ Name: vim Epoch: 2 Version: 9.0 -Release: 40 +Release: 41 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -115,6 +115,7 @@ Patch6084: backport-CVE-2023-46246.patch Patch6085: backport-patch-improve-the-error-detection.patch Patch9000: bugfix-rm-modify-info-version.patch +Patch9001: backport-CVE-2023-48235.patch BuildRequires: autoconf python3-devel ncurses-devel gettext perl-devel perl-generators gcc BuildRequires: perl(ExtUtils::Embed) perl(ExtUtils::ParseXS) libacl-devel gpm-devel file @@ -520,6 +521,12 @@ LC_ALL=en_US.UTF-8 make -j1 test %{_mandir}/man1/evim.* %changelog +* Fri Nov 17 2023 zhangkea - 2:9.0-41 +- Type:CVE +- ID:CVE-2023-48235 +- SUG:NA +- DESC:fix CVE-2023-48235 + * Mon Nov 06 2023 wangjiang - 2:9.0-40 - Type:bugfix - ID:NA -- Gitee