From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 1/1] gnu: vim: Fix CVE-2017-5953. Date: Mon, 13 Feb 2017 17:33:56 -0500 Message-ID: References: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40395) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cdPCA-0003Qh-St for guix-devel@gnu.org; Mon, 13 Feb 2017 17:34:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cdPC6-0004uy-Ep for guix-devel@gnu.org; Mon, 13 Feb 2017 17:34:06 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:55096) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cdPC6-0004uh-7q for guix-devel@gnu.org; Mon, 13 Feb 2017 17:34:02 -0500 Received: from localhost.localdomain (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 4969024354 for ; Mon, 13 Feb 2017 17:34:01 -0500 (EST) In-Reply-To: In-Reply-To: References: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org * gnu/packages/patches/vim-CVE-2017-5953.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/vim.scm (vim)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/vim-CVE-2017-5953.patch | 36 ++++++++++++++++++++++++++++ gnu/packages/vim.scm | 1 + 3 files changed, 38 insertions(+) create mode 100644 gnu/packages/patches/vim-CVE-2017-5953.patch diff --git a/gnu/local.mk b/gnu/local.mk index 0e8d90110..8e5555a1a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -951,6 +951,7 @@ dist_patch_DATA = \ %D%/packages/patches/util-linux-tests.patch \ %D%/packages/patches/upower-builddir.patch \ %D%/packages/patches/valgrind-enable-arm.patch \ + %D%/packages/patches/vim-CVE-2017-5953.patch \ %D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch \ %D%/packages/patches/vorbis-tools-CVE-2014-9640.patch \ %D%/packages/patches/vorbis-tools-CVE-2015-6749.patch \ diff --git a/gnu/packages/patches/vim-CVE-2017-5953.patch b/gnu/packages/patches/vim-CVE-2017-5953.patch new file mode 100644 index 000000000..69f93d9af --- /dev/null +++ b/gnu/packages/patches/vim-CVE-2017-5953.patch @@ -0,0 +1,36 @@ +Fix CVE-2017-5953: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953 +https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY + +Patch adapted from upstream source repository: + +https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d + +From 399c297aa93afe2c0a39e2a1b3f972aebba44c9d Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Thu, 9 Feb 2017 21:07:12 +0100 +Subject: [PATCH] patch 8.0.0322: possible overflow with corrupted spell file + +Problem: Possible overflow with spell file where the tree length is + corrupted. +Solution: Check for an invalid length (suggested by shqking) +--- + src/spellfile.c | 3 +++ + src/version.c | 2 ++ + 2 files changed, 5 insertions(+) + +diff --git a/src/spellfile.c b/src/spellfile.c +index c7d87c6..8b1a3a6 100644 +--- a/src/spellfile.c ++++ b/src/spellfile.c +@@ -1595,6 +1595,9 @@ spell_read_tree( + len = get4c(fd); + if (len < 0) + return SP_TRUNCERROR; ++ if (len >= 0x3ffffff) ++ /* Invalid length, multiply with sizeof(int) would overflow. */ ++ return SP_FORMERROR; + if (len > 0) + { + /* Allocate the byte array. */ diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm index f042aba93..cdb32ac7e 100644 --- a/gnu/packages/vim.scm +++ b/gnu/packages/vim.scm @@ -63,6 +63,7 @@ (uri (string-append "https://github.com/vim/vim/archive/v" version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) + (patches (search-patches "vim-CVE-2017-5953.patch")) (sha256 (base32 "04samk2bakyixbxyc3p0g6ypls45105sikibg0wc6lmak9bqjs85")))) -- 2.11.1