diff --git a/backport-CVE-2025-29768.patch b/backport-CVE-2025-29768.patch new file mode 100644 index 0000000000000000000000000000000000000000..2270a35180016a60c5a067f360494151757c6a1a --- /dev/null +++ b/backport-CVE-2025-29768.patch @@ -0,0 +1,44 @@ +From f209dcd3defb95bae21b2740910e6aa7bb940531 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Wed, 12 Mar 2025 22:04:01 +0100 +Subject: [PATCH] patch 9.1.1198: [security]: potential data loss with zip.vim + +Problem: [security]: potential data loss with zip.vim and special + crafted zip files (RyotaK) +Solution: use glob '[-]' to protect filenames starting with '-' + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf + +Signed-off-by: Christian Brabandt +--- + runtime/autoload/zip.vim | 6 ++++++ + 1 files changed, 6 insertions(+) + +diff --git a/runtime/autoload/zip.vim b/runtime/autoload/zip.vim +index 4a53fc5f2..dae4ddeb9 100644 +--- a/runtime/autoload/zip.vim ++++ b/runtime/autoload/zip.vim +@@ -14,6 +14,7 @@ + " 2024 Aug 05 by Vim Project: clean-up and make it work with shellslash on Windows + " 2024 Aug 18 by Vim Project: correctly handle special globbing chars + " 2024 Aug 21 by Vim Project: simplify condition to detect MS-Windows ++" 2025 Mar 11 by Vim Project: handle filenames with leading '-' correctly + " License: Vim License (see vim's :help license) + " Copyright: Copyright (C) 2005-2019 Charles E. Campbell {{{1 + " Permission is hereby granted to use and distribute this code, +@@ -343,6 +344,11 @@ fun! zip#Extract() + return + endif + let target = fname->substitute('\[', '[[]', 'g') ++ " unzip 6.0 does not support -- to denote end-of-arguments ++ " unzip 6.1 (2010) apparently supports, it, but hasn't been released ++ " so the workaround is to use glob '[-]' so that it won't be considered an argument ++ " else, it would be possible to use 'unzip -o '-d/tmp' to extract the whole archive ++ let target = target->substitute('^-', '[&]', '') + if &shell =~ 'cmd' && has("win32") + let target = target + \ ->substitute('[?*]', '[&]', 'g') +-- +2.33.0 + diff --git a/vim.spec b/vim.spec index 73976fe1c65c076c85ecc2d878ff89c486748bc6..532e2d58c549c93ea5ea421e156549812ab316a7 100644 --- a/vim.spec +++ b/vim.spec @@ -10,7 +10,7 @@ Name: vim Epoch: 2 Version: %{baseversion}.%{patchlevel} -Release: 1 +Release: 2 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim AND LGPL-2.1-or-later AND MIT AND GPL-1.0-only AND (GPL-2.0-only OR Vim) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND GPL-2.0-or-later AND GPL-3.0-or-later AND OPUBL-1.0 AND Apache-2.0 WITH Swift-exception URL: https://www.vim.org @@ -25,6 +25,8 @@ Patch0003: vim-python3-tests.patch Patch0005: bugfix-rm-modify-info-version.patch Patch0006: vim-Add-sw64-architecture-debcontrol.patch +Patch6000: backport-CVE-2025-29768.patch + BuildRequires: autoconf python3-devel ncurses-devel gettext perl-devel perl-generators gcc BuildRequires: perl(ExtUtils::Embed) perl(ExtUtils::ParseXS) libacl-devel gpm-devel file BuildRequires: pkgconfig(libsodium) @@ -420,6 +422,9 @@ popd %{_mandir}/man1/evim.* %changelog +* Tue Mar 18 2025 wangjiang - 2:9.1.1166-2 +- fix CVE-2025-29768 + * Mon Mar 03 2025 Funda Wang - 2:9.1.1166-1 - update to 9.1 patchlevel 1166