diff --git a/backport-CVE-2025-9389.patch b/backport-CVE-2025-9389.patch deleted file mode 100644 index 949bbf5635eb155121e86241571df264d3c1b177..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-9389.patch +++ /dev/null @@ -1,104 +0,0 @@ -From b922b30cfe4c044c83bac3cc908084ed20a83598 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Joakim=20Nohlg=C3=A5rd?= -Date: Sun, 24 Aug 2025 12:36:44 +0200 -Subject: [PATCH] patch 9.1.1683: xxd: Avoid null dereference in autoskip - colorless -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Problem: xxd: Avoid null dereference in autoskip colorless -Solution: Verify that colors is not null (Joakim Nohlgård) - -Fixes bug introduced in 6897f18ee6e5bb78b32c97616e484030fd514750 -(v9.1.1459) which does a memcpy from NULL when color=never and the -autoskip option is used. - -Before: - -dd if=/dev/zero bs=100 count=1 status=none | xxd -a -R never -00000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ -Segmentation fault (core dumped) - -After: - -dd if=/dev/zero bs=100 count=1 status=none | ./xxd/xxd -a -R never -00000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ -* -00000060: 0000 0000 .... - -closes: #18008 - -Signed-off-by: Joakim Nohlgård -Signed-off-by: Christian Brabandt ---- - src/testdir/test_xxd.vim | 24 ++++++++++++++++++++++++ - src/xxd/xxd.c | 8 ++++++-- - 2 files changed, 30 insertions(+), 2 deletions(-) - -diff --git a/src/testdir/test_xxd.vim b/src/testdir/test_xxd.vim -index 477af7a540fc30..b98988157b08ac 100644 ---- a/src/testdir/test_xxd.vim -+++ b/src/testdir/test_xxd.vim -@@ -701,4 +701,28 @@ func Test_xxd_overflow() - call assert_equal(expected, getline(1, 5)) - bw! - endfunc -+ -+" this caused a NULL derefence -+func Test_xxd_null_dereference() -+ CheckUnix -+ CheckExecutable /bin/true -+ new -+ " we are only checking, that there are addresses in the first 5 lines -+ let expected = [ -+ \ '00000000: ', -+ \ '00000010: ', -+ \ '00000020: ', -+ \ '00000030: ', -+ \ '00000040: '] -+ exe "0r! " s:xxd_cmd "-a -R never /bin/true 2>&1" -+ " there should be more than 6 lines -+ call assert_true(line('$') > 5) -+ " there should not be an ASAN error message -+ call getline(1, '$')->join('\n')->assert_notmatch('runtime error') -+ 6,$d -+ %s/^\x\+: \zs.*//g -+ call assert_equal(expected, getline(1, 5)) -+ bw! -+endfunc -+ - " vim: shiftwidth=2 sts=2 expandtab -diff --git a/src/xxd/xxd.c b/src/xxd/xxd.c -index 0c70b5a95d7506..b46cee41f0be35 100644 ---- a/src/xxd/xxd.c -+++ b/src/xxd/xxd.c -@@ -70,6 +70,7 @@ - * 15.06.2025 improve color code logic - * 08.08.2025 fix overflow with bitwise output - * 20.08.2025 remove external library call for autoconversion on z/OS (MVS) -+ * 24.08.2025 avoid NULL dereference with autoskip colorless - * - * (c) 1990-1998 by Juergen Weigert (jnweiger@gmail.com) - * -@@ -150,7 +151,7 @@ extern void perror __P((char *)); - # endif - #endif - --char version[] = "xxd 2025-08-20 by Juergen Weigert et al."; -+char version[] = "xxd 2025-08-24 by Juergen Weigert et al."; - #ifdef WIN32 - char osver[] = " (Win32)"; - #else -@@ -599,7 +600,10 @@ xxdline(FILE *fp, char *l, char *colors, int nz) - if (!nz && zero_seen == 1) - { - strcpy(z, l); -- memcpy(z_colors, colors, strlen(z)); -+ if (colors) -+ { -+ memcpy(z_colors, colors, strlen(z)); -+ } - } - - if (nz || !zero_seen++) diff --git a/v9.1.1663.tar.gz b/v9.1.1846.tar.gz similarity index 32% rename from v9.1.1663.tar.gz rename to v9.1.1846.tar.gz index 9425263c1b386c6dc2a3467ef1fbe18dc19ea81c..8bd43dd69ed9fccb1c2f49ee479ebcd78b5f15ca 100644 --- a/v9.1.1663.tar.gz +++ b/v9.1.1846.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ad9c65b4020b6f9a7640b9df1a86945884ded148e0e5454803b2211512078ed7 -size 18777558 +oid sha256:2eec8a2e97a1b7b16ebab844685fb9e957b48a103b1b7ca3be0d20a10cf4a4b7 +size 19142762 diff --git a/vim.spec b/vim.spec index bf76af3672d89ab7105b1ebfef7fd442bf957c6b..79d65bc9a5595f0c2ad413bc51216efb447a0e2f 100644 --- a/vim.spec +++ b/vim.spec @@ -4,13 +4,13 @@ %{!?_with_netbeans__:%define _with_netbeans__ 1} %define baseversion 9.1 -%define patchlevel 1663 +%define patchlevel 1846 %define vimdir vim91 Name: vim Epoch: 2 Version: %{baseversion}.%{patchlevel} -Release: 2 +Release: 1 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim AND LGPL-2.1-or-later AND MIT AND GPL-1.0-only AND (GPL-2.0-only OR Vim) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND GPL-2.0-or-later AND GPL-3.0-or-later AND OPUBL-1.0 AND Apache-2.0 WITH Swift-exception URL: https://www.vim.org @@ -24,7 +24,6 @@ Patch0002: vim-8.0-copy-paste.patch Patch0003: vim-python3-tests.patch Patch0005: bugfix-rm-modify-info-version.patch Patch0006: vim-Add-sw64-architecture-debcontrol.patch -Patch0007: backport-CVE-2025-9389.patch BuildRequires: autoconf python3-devel ncurses-devel gettext perl-devel perl-generators gcc BuildRequires: perl(ExtUtils::Embed) perl(ExtUtils::ParseXS) libacl-devel gpm-devel file @@ -430,6 +429,9 @@ LC_ALL=en_US.UTF-8 make -j1 test || echo "Warning: Please check tests." %{_mandir}/man1/evim.* %changelog +* Sat Oct 11 2025 Funda Wang - 2:9.1.1846-1 +- update to 9.1 patchlevel 1846 + * Wed Aug 27 2025 wangjiang - 2:9.1.1663-2 - fix CVE-2025-9389