Sync from SUSE:ALP:Source:Standard:1.0 vim revision 68dd4be74f07dce8b65942311916b4c9

2024-03-05 18:15:50 +01:00 · 2024-03-05 18:15:50 +01:00 · f5b815f3c9
commit f5b815f3c9
parent b1749489f7
4 changed files with 48 additions and 28 deletions
--- a/vim-9.0.1894.tar.gz
+++ b/vim-9.0.1894.tar.gz
--- a/vim-9.1.0111.tar.gz
+++ b/vim-9.1.0111.tar.gz
--- a/vim.changes
+++ b/vim.changes
@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Thu Feb 29 16:49:15 UTC 2024 - Zoltan Balogh <zbalogh@suse.com>
+
+- Updated to version 9.1 with patch level 0111, fixes the following security problems
+  * Fixing bsc#1217316 (CVE-2023-48231) - VUL-0: CVE-2023-48231: vim: Use-After-Free in win_close()
+  * Fixing bsc#1217320 (CVE-2023-48232) - VUL-0: CVE-2023-48232: vim: Floating point Exception in adjust_plines_for_skipcol()
+  * Fixing bsc#1217321 (CVE-2023-48233) - VUL-0: CVE-2023-48233: vim: overflow with count for :s command
+  * Fixing bsc#1217324 (CVE-2023-48234) - VUL-0: CVE-2023-48234: vim: overflow in nv_z_get_count
+  * Fixing bsc#1217326 (CVE-2023-48235) - VUL-0: CVE-2023-48235: vim: overflow in ex address parsing
+  * Fixing bsc#1217329 (CVE-2023-48236) - VUL-0: CVE-2023-48236: vim: overflow in get_number
+  * Fixing bsc#1217330 (CVE-2023-48237) - VUL-0: CVE-2023-48237: vim: overflow in shift_line
+  * Fixing bsc#1217432 (CVE-2023-48706) - VUL-0: CVE-2023-48706: vim: heap-use-after-free in ex_substitute
+  * Fixing bsc#1219581 (CVE-2024-22667) - VUL-0: CVE-2024-22667: vim: stack-based buffer overflow in did_set_langmap function in map.c
+  * Fixing bsc#1215005 (CVE-2023-4750) - VUL-0: CVE-2023-4750: vim: Heap use-after-free in function bt_quickfix
+  * Fixing bsc#1215940 (CVE-2023-5344) - VUL-0: CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969.
+  * Fixing bsc#1216001 (CVE-2023-5441) - VUL-0: CVE-2023-5441: vim: segfault in exmode when redrawing
+  * Fixing bsc#1216167 (CVE-2023-5535) - VUL-0: CVE-2023-5535: vim: use-after-free from buf_contents_changed()
+  * Fixing bsc#1216696 (CVE-2023-46246) - VUL-0: CVE-2023-46246: vim: Integer Overflow in :history command
+  * Fixing bsc#1215004 (CVE-2023-4733) - VUL-0: CVE-2023-4733: vim: use-after-free in function buflist_altfpos
+  * Fixing bsc#1215006 (CVE-2023-4752) - VUL-0: CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp
+  * Fixing bsc#1215033 (CVE-2023-4781) - VUL-0: CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both
+- for the complete list of changes see
+  https://github.com/vim/vim/compare/v9.0.1894...v9.1.0111
+ 
+
 -------------------------------------------------------------------
 Mon Sep 11 14:51:02 UTC 2023 - Ondřej Súkup <mimi.vx@gmail.com>

--- a/vim.spec
+++ b/vim.spec
@ -1,7 +1,7 @@
 #
 # spec file for package vim
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,10 +16,10 @@
 #


-%define pkg_version 9.0
-%define patchlevel 1894
+%define pkg_version 9.1
+%define patchlevel 0111
 %define patchlevel_compact %{patchlevel}
-%define VIM_SUBDIR vim90
+%define VIM_SUBDIR vim91
 %define site_runtimepath %{_datadir}/vim/site
 %define make make VIMRCLOC=%{_sysconfdir} VIMRUNTIMEDIR=%{_datadir}/vim/current MAKE="make -e" %{?_smp_mflags}
 %if 0%{?suse_version} > 1500
@ -33,7 +33,6 @@ Version:        %{pkg_version}.%{patchlevel_compact}
 Release:        0
 Summary:        Vi IMproved
 License:        Vim
-Group:          Productivity/Text/Editors
 URL:            https://www.vim.org/
 Source:         https://github.com/vim/vim/archive/v%{pkg_version}.%{patchlevel}.tar.gz#/vim-%{pkg_version}.%{patchlevel}.tar.gz
 Source3:        suse.vimrc
@ -138,7 +137,6 @@ file name completion, block operations, and editing of binary data.

 %package data
 Summary:        Data files needed for extended vim functionality
-Group:          Productivity/Text/Editors
 Requires:       vim-data-common = %{version}-%{release}
 # Used to be in vim-plugins package
 Obsoletes:      vim-plugin-matchit <= 1.13.2
@ -153,7 +151,6 @@ This package contains optional runtime & syntax files for vim.

 %package data-common
 Summary:        Common Data files for vim & gvim
-Group:          Productivity/Text/Editors
 BuildArch:      noarch

 %description data-common
@ -161,7 +158,6 @@ This package contains basic runtime & syntax files for vim

 %package -n gvim
 Summary:        A GUI for Vi
-Group:          Productivity/Text/Editors
 Requires:       gvim_client
 Requires:       vim-data = %{version}-%{release}
 Requires:       xxd = %{version}-%{release}
@ -189,7 +185,6 @@ want less features, you might want to install vim instead.

 %package small
 Summary:        Vim with reduced features
-Group:          Productivity/Text/Editors
 Requires:       vim-data-common = %{version}-%{release}
 Provides:       vi
 Provides:       vim_client
@ -216,23 +211,23 @@ a hex dump back to its original binary form.
 %prep
 %setup -q -n %{name}-%{pkg_version}.%{patchlevel}

-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
+%patch -P 3 -p1
+%patch -P 4 -p1
+%patch -P 5 -p1
+%patch -P 6 -p1
+%patch -P 7 -p1
+%patch -P 8 -p1
+%patch -P 9 -p1
+%patch -P 10 -p1
+%patch -P 11 -p1
 cp %{SOURCE23} runtime/syntax/apparmor.vim
-%patch15 -p1
-%patch18 -p1
-%patch21 -p1
-%patch22 -p1
-%patch100 -p1
-%patch101 -p1
-%patch104 -p1
+%patch -P 15 -p1
+%patch -P 18 -p1
+%patch -P 21 -p1
+%patch -P 22 -p1
+%patch -P 100 -p1
+%patch -P 101 -p1
+%patch -P 104 -p1
 cp %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE8} %{SOURCE10} .

 %build