From c8b5fd3ac4f034ef92137d96f88c62f600678ca3 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Fri, 10 Oct 2025 17:02:09 +0800 Subject: [PATCH 1/5] [CVE]update to vim-8.0.1763-21 to #ID18XX update to vim-8.0.1763-21 for CVE-2025-53905 CVE-2025-53906 Project: TC2024080204 Signed-off-by: Jacob Wang --- ...ecurity-path-traversal-issue-in-zip..patch | 70 +++ ...ecurity-path-traversal-issue-in-tar..patch | 288 +++++++++++++ 0001-vim-anolis-build-with-ruby26.patch | 60 --- dist | 1 + vim-7.0-hunspell.patch | 399 ++++++++++++++++++ ...onfigure-does-not-recognize-gcc-10.0.patch | 66 --- vim.spec | 73 ++-- vim80-sw.patch | 24 -- 8 files changed, 789 insertions(+), 192 deletions(-) create mode 100644 0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch create mode 100644 0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch delete mode 100644 0001-vim-anolis-build-with-ruby26.patch create mode 100644 dist create mode 100644 vim-7.0-hunspell.patch delete mode 100644 vim-8.2-configure-does-not-recognize-gcc-10.0.patch delete mode 100644 vim80-sw.patch diff --git a/0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch b/0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch new file mode 100644 index 0000000..b482436 --- /dev/null +++ b/0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch @@ -0,0 +1,70 @@ +diff -up vim82/runtime/autoload/zip.vim.CVE-2025-53906 vim82/runtime/autoload/zip.vim +--- vim82/runtime/autoload/zip.vim.CVE-2025-53906 2021-03-22 10:02:41.000000000 +0100 ++++ vim82/runtime/autoload/zip.vim 2025-09-10 19:33:11.491115978 +0200 +@@ -251,6 +251,7 @@ fun! zip#Write(fname) + " call Dfunc("zip#Write(fname<".a:fname.">) zipfile_".winnr()."<".s:zipfile_{winnr()}.">") + let repkeep= &report + set report=10 ++ let need_rename = 0 + + " sanity checks + if !executable(substitute(g:zip_zipcmd,'\s\+.*$','','')) +@@ -261,14 +262,6 @@ fun! zip#Write(fname) + " call Dret("zip#Write") + return + endif +- if !exists("*mkdir") +- redraw! +- echohl Error | echo "***error*** (zip#Write) sorry, mkdir() doesn't work on your system" | echohl None +-" call inputsave()|call input("Press to continue")|call inputrestore() +- let &report= repkeep +-" call Dret("zip#Write") +- return +- endif + + let curdir= getcwd() + let tmpdir= tempname() +@@ -302,6 +295,11 @@ fun! zip#Write(fname) + let zipfile = substitute(a:fname,'^.\{-}zipfile:\(.\{-}\)::[^\\].*$','\1','') + let fname = substitute(a:fname,'^.\{-}zipfile:.\{-}::\([^\\].*\)$','\1','') + endif ++ if fname =~ '^[.]\{1,2}/' ++ call system(g:zip_zipcmd." -d ".s:Escape(fnamemodify(zipfile,":p"),0)." ".s:Escape(fname,0)) ++ let fname = substitute(fname, '^\([.]\{1,2}/\)\+', '', 'g') ++ let need_rename = 1 ++ endif + " call Decho("zipfile<".zipfile.">") + " call Decho("fname <".fname.">") + +@@ -318,7 +316,7 @@ fun! zip#Write(fname) + endif + " call Decho("zipfile<".zipfile."> fname<".fname.">") + +- exe "w! ".fnameescape(fname) ++ exe "w ".fnameescape(fname) + if has("win32unix") && executable("cygpath") + let zipfile = substitute(system("cygpath ".s:Escape(zipfile,0)),'\n','','e') + endif +@@ -348,6 +346,10 @@ fun! zip#Write(fname) + let &binary = binkeep + q! + unlet s:zipfile_{winnr()} ++ elseif need_rename ++ sil exe 'keepalt file '.fnameescape("zipfile://".zipfile.'::'.fname) ++ redraw! ++ echohl Error | echo "***error*** (zip#Browse) Path Traversal Attack detected, dropping relative path" | echohl None + endif + + " cleanup and restore current directory +@@ -383,6 +385,11 @@ fun! zip#Extract() + let &report= repkeep + " call Dret("zip#Extract") + return ++ elseif fname =~ '^[.]\?[.]/' ++ redraw! ++ echohl Error | echo "***error*** (zip#Browse) Path Traversal Attack detected, not extracting!" | echohl None ++ let &report= repkeep ++ return + endif + + " extract the file mentioned under the cursor diff --git a/0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch b/0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch new file mode 100644 index 0000000..477d688 --- /dev/null +++ b/0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch @@ -0,0 +1,288 @@ +diff --git a/runtime/autoload/tar.vim b/runtime/autoload/tar.vim +index 9c518cb..e320b9a 100644 +--- a/runtime/autoload/tar.vim ++++ b/runtime/autoload/tar.vim +@@ -37,10 +37,10 @@ set cpo&vim + " --------------------------------------------------------------------- + " Default Settings: {{{1 + if !exists("g:tar_browseoptions") +- let g:tar_browseoptions= "Ptf" ++ let g:tar_browseoptions= "tf" + endif + if !exists("g:tar_readoptions") +- let g:tar_readoptions= "OPxf" ++ let g:tar_readoptions= "Oxf" + endif + if !exists("g:tar_cmd") + let g:tar_cmd= "tar" +@@ -95,6 +95,9 @@ if !exists("g:tar_shq") + " call Decho("g:tar_shq<".g:tar_shq.">") + endif + ++let g:tar_secure=' -- ' ++let g:tar_leading_pat='^\%([.]\{,2\}/\)\+' ++ + " ---------------- + " Functions: {{{1 + " ---------------- +@@ -195,6 +198,15 @@ fun! tar#Browse(tarfile) + return + endif + ++ " remove tar: Removing leading '/' from member names ++ " Note: the message could be localized ++ if search('^tar: ') > 0 || search(g:tar_leading_pat) > 0 ++ call append(3,'" Note: Path Traversal Attack detected!') ++ let b:leading_slash = 1 ++ " remove the message output ++ sil g/^tar: /d ++ endif ++ + setlocal noma nomod ro + noremap :call TarBrowseSelect() + +@@ -211,12 +223,7 @@ fun! s:TarBrowseSelect() + let fname= getline(".") + " call Decho("fname<".fname.">") + +- if !exists("g:tar_secure") && fname =~ '^\s*-\|\s\+-' +- redraw! +- echohl WarningMsg | echo '***warning*** (tar#BrowseSelect) rejecting tarfile member<'.fname.'> because of embedded "-"' +-" call Dret('tar#BrowseSelect : rejecting tarfile member<'.fname.'> because of embedded "-"') +- return +- endif ++ let ls= get(b:, 'leading_slash', 0) + + " sanity check + if fname =~ '^"' +@@ -238,7 +245,8 @@ fun! s:TarBrowseSelect() + wincmd _ + endif + let s:tblfile_{winnr()}= curfile +- call tar#Read("tarfile:".tarfile.'::'.fname,1) ++ let b:leading_slash= ls ++ call tar#Read("tarfile:".tarfile.'::'.fname) + filetype detect + set nomod + exe 'com! -buffer -nargs=? -complete=file TarDiff :call tar#Diff(,"'.fnameescape(fname).'")' +@@ -249,8 +257,8 @@ endfun + + " --------------------------------------------------------------------- + " tar#Read: {{{2 +-fun! tar#Read(fname,mode) +-" call Dfunc("tar#Read(fname<".a:fname.">,mode=".a:mode.")") ++fun! tar#Read(fname) ++" call Dfunc("tar#Read(fname<".a:fname.">)") + let repkeep= &report + set report=10 + let tarfile = substitute(a:fname,'tarfile:\(.\{-}\)::.*$','\1','') +@@ -262,6 +270,8 @@ fun! tar#Read(fname,mode) + " call Decho("tarfile<".tarfile.">") + " call Decho("fname<".fname.">") + ++ let curdir= getcwd() ++ let b:curdir= curdir + if fname =~ '\.bz2$' && executable("bzcat") + let decmp= "|bzcat" + let doro = 1 +@@ -282,33 +292,31 @@ fun! tar#Read(fname,mode) + endif + endif + +- if exists("g:tar_secure") +- let tar_secure= " -- " +- else +- let tar_secure= " " +- endif + if tarfile =~# '\.bz2$' +-" call Decho("7: exe silent r! bzip2 -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp) +- exe "sil! r! bzip2 -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp ++" call Decho("7: exe silent r! bzip2 -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp) ++ exe "sil! r! bzip2 -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp + elseif tarfile =~# '\.\(gz\|tgz\)$' +-" call Decho("5: exe silent r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd.' -'.g:tar_readoptions.' - '.tar_secure.shellescape(fname,1)) +- exe "sil! r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp ++" call Decho("5: exe silent r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd.' -'.g:tar_readoptions.' - '.g:tar_secure.shellescape(fname,1)) ++ exe "sil! r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp + elseif tarfile =~# '\.lrp$' +-" call Decho("6: exe silent r! cat ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp) +- exe "sil! r! cat -- ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp ++" call Decho("6: exe silent r! cat ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp) ++ exe "sil! r! cat -- ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp + elseif tarfile =~# '\.lzma$' +-" call Decho("7: exe silent r! lzma -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp) +- exe "sil! r! lzma -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp ++" call Decho("7: exe silent r! lzma -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp) ++ exe "sil! r! lzma -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp + elseif tarfile =~# '\.\(xz\|txz\)$' +-" call Decho("3: exe silent r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp) +- exe "sil! r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp ++" call Decho("3: exe silent r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp) ++ exe "sil! r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp + else + if tarfile =~ '^\s*-' + " A file name starting with a dash is taken as an option. Prepend ./ to avoid that. + let tarfile = substitute(tarfile, '-', './-', '') + endif +-" call Decho("8: exe silent r! ".g:tar_cmd." -".g:tar_readoptions.tar_secure.shellescape(tarfile,1)." ".shellescape(fname,1).decmp) +- exe "silent r! ".g:tar_cmd." -".g:tar_readoptions.shellescape(tarfile,1)." ".tar_secure.shellescape(fname,1).decmp ++" call Decho("8: exe silent r! ".g:tar_cmd." -".g:tar_readoptions.g:tar_secure.shellescape(tarfile,1)." ".shellescape(fname,1).decmp) ++ exe "silent r! ".g:tar_cmd." -".g:tar_readoptions.shellescape(tarfile,1)." ".g:tar_secure.shellescape(fname,1).decmp ++ endif ++ if get(b:, 'leading_slash', 0) ++ sil g/^tar: /d + endif + + if doro +@@ -317,13 +325,14 @@ fun! tar#Read(fname,mode) + endif + + let b:tarfile= a:fname +- exe "file tarfile::".fnameescape(fname) + + " cleanup + keepj sil! 0d + set nomod + + let &report= repkeep ++ exe "lcd ".fnameescape(curdir) ++ silent exe "file tarfile::".fnameescape(fname) + " call Dret("tar#Read : b:tarfile<".b:tarfile.">") + endfun + +@@ -334,13 +343,6 @@ fun! tar#Write(fname) + let repkeep= &report + set report=10 + +- if !exists("g:tar_secure") && a:fname =~ '^\s*-\|\s\+-' +- redraw! +- echohl WarningMsg | echo '***warning*** (tar#Write) rejecting tarfile member<'.a:fname.'> because of embedded "-"' +-" call Dret('tar#Write : rejecting tarfile member<'.fname.'> because of embedded "-"') +- return +- endif +- + " sanity checks + if !executable(g:tar_cmd) + redraw! +@@ -389,6 +391,13 @@ fun! tar#Write(fname) + let tarfile = substitute(b:tarfile,'tarfile:\(.\{-}\)::.*$','\1','') + let fname = substitute(b:tarfile,'tarfile:.\{-}::\(.*\)$','\1','') + ++ if get(b:, 'leading_slash', 0) ++ redraw! ++ echohl Error | echo "***error*** (tar#Write) sorry, not attempting to update ".tarfile." with ".fname | echohl None ++ let &report= repkeep ++ return ++ endif ++ + " handle compressed archives + if tarfile =~# '\.bz2' + call system("bzip2 -d -- ".shellescape(tarfile,0)) +@@ -442,27 +451,23 @@ fun! tar#Write(fname) + endif + " call Decho("tarfile<".tarfile."> fname<".fname.">") + +- if exists("g:tar_secure") +- let tar_secure= " -- " +- else +- let tar_secure= " " +- endif +- exe "w! ".fnameescape(fname) ++ " don't overwrite a file forcefully ++ exe "w ".fnameescape(fname) + if has("win32unix") && executable("cygpath") + let tarfile = substitute(system("cygpath ".shellescape(tarfile,0)),'\n','','e') + endif + + " delete old file from tarfile + " call Decho("system(".g:tar_cmd." --delete -f ".shellescape(tarfile,0)." -- ".shellescape(fname,0).")") +- call system(g:tar_cmd." --delete -f ".shellescape(tarfile,0).tar_secure.shellescape(fname,0)) ++ call system(g:tar_cmd." --delete -f ".shellescape(tarfile,0).g:tar_secure.shellescape(fname,0)) + if v:shell_error != 0 + redraw! + echohl Error | echo "***error*** (tar#Write) sorry, unable to update ".fnameescape(tarfile)." with ".fnameescape(fname) | echohl None + else + + " update tarfile with new file +-" call Decho(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).tar_secure.shellescape(fname,0)) +- call system(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).tar_secure.shellescape(fname,0)) ++" call Decho(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).g:tar_secure.shellescape(fname,0)) ++ call system(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).g:tar_secure.shellescape(fname,0)) + if v:shell_error != 0 + redraw! + echohl Error | echo "***error*** (tar#Write) sorry, unable to update ".fnameescape(tarfile)." with ".fnameescape(fname) | echohl None +@@ -511,6 +516,7 @@ fun! tar#Diff(userfname,fname) + if a:userfname != "" + let fname= a:userfname + endif ++ exe "lcd ".fnameescape(b:tmpdir). '/_ZIPVIM_' + if filereadable(fname) + " sets current file (from tarball) for diff'ing + " splits window vertically +diff --git a/runtime/doc/pi_tar.txt b/runtime/doc/pi_tar.txt +index 1b03d31..a6c72cd 100644 +--- a/runtime/doc/pi_tar.txt ++++ b/runtime/doc/pi_tar.txt +@@ -61,7 +61,7 @@ Copyright 2005-2012: *tar-copyright* + the file mentioned in the tarball. If the current directory is not + correct for that path, :TarDiff will fail to find the associated file. + +- If the [filename] is given, that that filename (and path) will be used ++ If the [filename] is given, that filename (and path) will be used + to specify the associated file. + + +@@ -86,18 +86,6 @@ Copyright 2005-2012: *tar-copyright* + *g:tar_readoptions* "OPxf" used to extract a file from a tarball + *g:tar_cmd* "tar" the name of the tar program + *g:tar_nomax* 0 if true, file window will not be maximized +- *g:tar_secure* undef if exists: +- "--"s will be used to prevent unwanted +- option expansion in tar commands. +- Please be sure that your tar command +- accepts "--"; Posix compliant tar +- utilities do accept them. +- if not exists: +- The tar plugin will reject any tar +- files or member files that begin with +- "-" +- Not all tar's support the "--" which is why +- it isn't default. + *g:tar_writeoptions* "uf" used to update/replace a file + + +diff --git a/runtime/doc/tags b/runtime/doc/tags +index 5895c05..2e09b72 100644 +--- a/runtime/doc/tags ++++ b/runtime/doc/tags +@@ -6517,7 +6517,6 @@ g:tar_copycmd pi_tar.txt /*g:tar_copycmd* + g:tar_extractcmd pi_tar.txt /*g:tar_extractcmd* + g:tar_nomax pi_tar.txt /*g:tar_nomax* + g:tar_readoptions pi_tar.txt /*g:tar_readoptions* +-g:tar_secure pi_tar.txt /*g:tar_secure* + g:tar_writeoptions pi_tar.txt /*g:tar_writeoptions* + g:terminal_ansi_colors terminal.txt /*g:terminal_ansi_colors* + g:tex_comment_nospell syntax.txt /*g:tex_comment_nospell* +diff --git a/runtime/plugin/tarPlugin.vim b/runtime/plugin/tarPlugin.vim +index 6d9e6bd..471712f 100644 +--- a/runtime/plugin/tarPlugin.vim ++++ b/runtime/plugin/tarPlugin.vim +@@ -22,14 +22,14 @@ set cpo&vim + " Public Interface: {{{1 + augroup tar + au! +- au BufReadCmd tarfile::* call tar#Read(expand(""), 1) +- au FileReadCmd tarfile::* call tar#Read(expand(""), 0) ++ au BufReadCmd tarfile::* call tar#Read(expand("")) ++ au FileReadCmd tarfile::* call tar#Read(expand("")) + au BufWriteCmd tarfile::* call tar#Write(expand("")) + au FileWriteCmd tarfile::* call tar#Write(expand("")) + + if has("unix") +- au BufReadCmd tarfile::*/* call tar#Read(expand(""), 1) +- au FileReadCmd tarfile::*/* call tar#Read(expand(""), 0) ++ au BufReadCmd tarfile::*/* call tar#Read(expand("")) ++ au FileReadCmd tarfile::*/* call tar#Read(expand("")) + au BufWriteCmd tarfile::*/* call tar#Write(expand("")) + au FileWriteCmd tarfile::*/* call tar#Write(expand("")) + endif diff --git a/0001-vim-anolis-build-with-ruby26.patch b/0001-vim-anolis-build-with-ruby26.patch deleted file mode 100644 index 4611343..0000000 --- a/0001-vim-anolis-build-with-ruby26.patch +++ /dev/null @@ -1,60 +0,0 @@ -From b09c684195d803137d52c34fb4d3a410be5ac10f Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar -Date: Thu, 27 Dec 2018 22:11:01 +0100 -Subject: [PATCH] patch 8.1.0646: cannot build with Ruby 2.6.0 - -Problem: Cannot build with Ruby 2.6.0. -Solution: Add rb_ary_detransient(). (Ozaki Kiichi, closes #3724) ---- - src/if_ruby.c | 15 +++++++++++---- - src/version.c | 2 ++ - 2 files changed, 13 insertions(+), 4 deletions(-) - -diff --git a/src/if_ruby.c b/src/if_ruby.c -index cb9b416036f..34fc0ed1cb3 100644 ---- a/src/if_ruby.c -+++ b/src/if_ruby.c -@@ -123,6 +123,10 @@ - # define rb_gc_writebarrier_unprotect rb_gc_writebarrier_unprotect_stub - #endif - -+#if defined(DYNAMIC_RUBY_VER) && DYNAMIC_RUBY_VER >= 26 -+# define rb_ary_detransient (*dll_rb_ary_detransient) -+#endif -+ - #include - #ifdef RUBY19_OR_LATER - # include -@@ -455,6 +459,9 @@ static VALUE (*dll_rb_float_new) (double); - static VALUE (*dll_rb_float_new) (double); - static VALUE (*dll_rb_ary_new) (void); - static VALUE (*dll_rb_ary_push) (VALUE, VALUE); -+# if DYNAMIC_RUBY_VER >= 26 -+static void (*dll_rb_ary_detransient) (VALUE); -+# endif - # if defined(RUBY19_OR_LATER) || defined(RUBY_INIT_STACK) - # ifdef __ia64 - static void * (*dll_rb_ia64_bsp) (void); -@@ -666,6 +673,9 @@ static struct - {"rb_ary_new", (RUBY_PROC*)&dll_rb_ary_new}, - {"rb_ary_push", (RUBY_PROC*)&dll_rb_ary_push}, - # endif -+# if DYNAMIC_RUBY_VER >= 26 -+ {"rb_ary_detransient", (RUBY_PROC*)&dll_rb_ary_detransient}, -+# endif - # ifdef RUBY19_OR_LATER - {"rb_int2big", (RUBY_PROC*)&dll_rb_int2big}, - {"ruby_script", (RUBY_PROC*)&dll_ruby_script}, -@@ -966,11 +976,8 @@ static int ensure_ruby_initialized(void) - - static void error_print(int state) - { --#ifndef DYNAMIC_RUBY --#if !(defined(RUBY_VERSION) && RUBY_VERSION >= 19) \ -- && !(defined(DYNAMIC_RUBY_VER) && DYNAMIC_RUBY_VER >= 19) -+#if !defined(DYNAMIC_RUBY) && !defined(RUBY19_OR_LATER) - RUBYEXTERN VALUE ruby_errinfo; --#endif - #endif - VALUE eclass; - VALUE einfo; diff --git a/dist b/dist new file mode 100644 index 0000000..1fe92cf --- /dev/null +++ b/dist @@ -0,0 +1 @@ +an8_10 diff --git a/vim-7.0-hunspell.patch b/vim-7.0-hunspell.patch new file mode 100644 index 0000000..ea26bcd --- /dev/null +++ b/vim-7.0-hunspell.patch @@ -0,0 +1,399 @@ +diff -ru vim70.orig/src/Makefile vim70.hunspell/src/Makefile +--- vim70.orig/src/Makefile 2006-12-15 12:29:41.000000000 +0000 ++++ vim70.hunspell/src/Makefile 2006-12-14 11:11:20.000000000 +0000 +@@ -1287,7 +1287,7 @@ + PFLAGS = $(PROTO_FLAGS) -DPROTO $(LINT_CFLAGS) + + ALL_LIB_DIRS = $(GUI_LIBS_DIR) $(X_LIBS_DIR) +-ALL_LIBS = $(GUI_LIBS1) $(GUI_X_LIBS) $(GUI_LIBS2) $(X_PRE_LIBS) $(X_LIBS) $(X_EXTRA_LIBS) $(LIBS) $(EXTRA_LIBS) $(MZSCHEME_LIBS) $(PERL_LIBS) $(PYTHON_LIBS) $(TCL_LIBS) $(RUBY_LIBS) $(PROFILE_LIBS) ++ALL_LIBS = $(GUI_LIBS1) $(GUI_X_LIBS) $(GUI_LIBS2) $(X_PRE_LIBS) $(X_LIBS) $(X_EXTRA_LIBS) $(LIBS) $(EXTRA_LIBS) $(MZSCHEME_LIBS) $(PERL_LIBS) $(PYTHON_LIBS) $(TCL_LIBS) $(RUBY_LIBS) $(PROFILE_LIBS) -lhunspell-1.1 + + # abbreviations + DEST_BIN = $(DESTDIR)$(BINDIR) +diff -ru vim70.orig/src/spell.c vim70.hunspell/src/spell.c +--- vim70.orig/src/spell.c 2006-12-15 12:29:44.000000000 +0000 ++++ vim70.hunspell/src/spell.c 2006-12-15 12:27:49.000000000 +0000 +@@ -319,6 +319,8 @@ + # include /* for time_t */ + #endif + ++#include "hunspell/hunspell.h" ++ + #define MAXWLEN 250 /* Assume max. word len is this many bytes. + Some places assume a word length fits in a + byte, thus it can't be above 255. */ +@@ -428,6 +430,8 @@ + #define SP_FORMERROR -2 /* format error in spell file */ + #define SP_OTHERERROR -3 /* other error while reading spell file */ + ++#define MAXREGIONS 20 ++ + /* + * Structure used to store words and other info for one language, loaded from + * a .spl file. +@@ -450,6 +454,10 @@ + char_u *sl_name; /* language name "en", "en.rare", "nl", etc. */ + char_u *sl_fname; /* name of .spl file */ + int sl_add; /* TRUE if it's a .add file. */ ++ int sl_ishunspell; /* TRUE if it's an unconverted hunspell aff/dic combination. */ ++ Hunhandle *sl_hunspell; ++ vimconv_T sl_tohunconv; ++ vimconv_T sl_fromhunconv; + + char_u *sl_fbyts; /* case-folded word bytes */ + idx_T *sl_fidxs; /* case-folded word indexes */ +@@ -460,7 +468,7 @@ + + char_u *sl_info; /* infotext string or NULL */ + +- char_u sl_regions[17]; /* table with up to 8 region names plus NUL */ ++ char_u sl_regions[MAXREGIONS * 2 + 1]; /* table with up to 8 region names plus NUL */ + + char_u *sl_midword; /* MIDWORD string or NULL */ + +@@ -997,6 +1005,36 @@ + static char_u *repl_from = NULL; + static char_u *repl_to = NULL; + ++static void ++ensurehunspellinit(lp) ++ slang_T *lp; ++{ ++ if (!lp->sl_hunspell) ++ { ++ char_u *dic = lp->sl_fname; ++ char_u *aff = vim_strnsave(dic, strlen(dic)); ++ ++ vim_strncpy(aff + strlen(aff) - 3, "aff", 3); ++ ++ lp->sl_hunspell = Hunspell_create(aff, dic); ++ ++ vim_free(aff); ++ ++ if (convert_setup(&lp->sl_tohunconv, spell_enc(), ++ Hunspell_get_dic_encoding(lp->sl_hunspell)) == FAIL) ++ { ++ lp->sl_tohunconv.vc_fail = TRUE; ++ } ++ ++ if (convert_setup(&lp->sl_fromhunconv, ++ Hunspell_get_dic_encoding(lp->sl_hunspell), spell_enc()) == FAIL) ++ { ++ lp->sl_fromhunconv.vc_fail = TRUE; ++ } ++ } ++} ++ ++ + /* + * Main spell-checking function. + * "ptr" points to a character that could be the start of a word. +@@ -1101,27 +1139,70 @@ + { + mi.mi_lp = LANGP_ENTRY(wp->w_buffer->b_langp, lpi); + ++ if (mi.mi_lp->lp_slang->sl_ishunspell) ++ { ++ slang_T *lp = mi.mi_lp->lp_slang; ++ char_u *converted = 0; ++ char_u *thisword; ++ char_u *mi_end = mi.mi_end; ++ char_u *mi_final = mi.mi_word + strlen(mi.mi_word); ++ ++ while (1) ++ { ++ ensurehunspellinit(lp); ++ if ((lp->sl_tohunconv.vc_fail == TRUE) || (lp->sl_fromhunconv.vc_fail == TRUE)) ++ break; ++ ++ if (mi_end != mi.mi_word) ++ { ++ thisword = vim_strnsave(mi.mi_word, mi_end - mi.mi_word); ++ converted = string_convert(&lp->sl_tohunconv, thisword, NULL); ++ if (converted) ++ { ++ if (Hunspell_spell(lp->sl_hunspell, converted) != 0) ++ { ++ mi.mi_result = SP_OK; ++ mi.mi_end = mi.mi_cend = mi.mi_word + strlen(thisword); ++ } ++ vim_free(converted); ++ } ++ vim_free(thisword); ++ } ++ ++ if (mi_end == mi_final) ++ break; ++ ++ do ++ { ++ mb_ptr_adv(mi_end); ++ } while (*mi_end != NUL && spell_iswordp(mi_end, wp->w_buffer)); ++ } ++ } ++ + /* If reloading fails the language is still in the list but everything + * has been cleared. */ +- if (mi.mi_lp->lp_slang->sl_fidxs == NULL) ++ if (!mi.mi_lp->lp_slang->sl_ishunspell && mi.mi_lp->lp_slang->sl_fidxs == NULL) + continue; + +- /* Check for a matching word in case-folded words. */ +- find_word(&mi, FIND_FOLDWORD); ++ if (!mi.mi_lp->lp_slang->sl_ishunspell) ++ { ++ /* Check for a matching word in case-folded words. */ ++ find_word(&mi, FIND_FOLDWORD); + +- /* Check for a matching word in keep-case words. */ +- find_word(&mi, FIND_KEEPWORD); ++ /* Check for a matching word in keep-case words. */ ++ find_word(&mi, FIND_KEEPWORD); + +- /* Check for matching prefixes. */ +- find_prefix(&mi, FIND_FOLDWORD); ++ /* Check for matching prefixes. */ ++ find_prefix(&mi, FIND_FOLDWORD); + +- /* For a NOBREAK language, may want to use a word without a following +- * word as a backup. */ +- if (mi.mi_lp->lp_slang->sl_nobreak && mi.mi_result == SP_BAD +- && mi.mi_result2 != SP_BAD) +- { +- mi.mi_result = mi.mi_result2; +- mi.mi_end = mi.mi_end2; ++ /* For a NOBREAK language, may want to use a word without a following ++ * word as a backup. */ ++ if (mi.mi_lp->lp_slang->sl_nobreak && mi.mi_result == SP_BAD ++ && mi.mi_result2 != SP_BAD) ++ { ++ mi.mi_result = mi.mi_result2; ++ mi.mi_end = mi.mi_end2; ++ } + } + + /* Count the word in the first language where it's found to be OK. */ +@@ -2359,6 +2440,80 @@ + + if (r == FAIL) + { ++# define HUNSPELLDICT "/usr/share/myspell/" ++ DIR *dirp = opendir(HUNSPELLDICT); ++ if (dirp != NULL) ++ { ++ slang_T* thislang[MAXREGIONS] = {0}; ++ slang_T *lp = 0; ++ struct dirent *dp; ++ int i = 0; ++ ++ while ((dp = readdir(dirp)) != NULL) ++ { ++ char_u final_name[MAXPATHL]; ++ char_u spf_name[MAXPATHL]; ++ char_u thisregion[3] = {0}; ++ char *resolvedlink = final_name; ++ int j, regionpos; ++ ++ if (strncmp(dp->d_name, lang, strlen(lang)) != 0) ++ continue; ++ ++ if ((strlen(dp->d_name) <= 4) || (dp->d_name[strlen(lang)] != '_')) ++ continue; ++ ++ if (strncmp(".dic", dp->d_name + strlen(dp->d_name) - 4, 4) != 0) ++ continue; ++ ++ vim_strncpy(spf_name, HUNSPELLDICT, strlen(HUNSPELLDICT)); ++ vim_strncpy(spf_name + strlen(HUNSPELLDICT), dp->d_name, strlen(HUNSPELLDICT)); ++ ++ if (realpath(spf_name, resolvedlink) != resolvedlink) ++ continue; ++ ++ thisregion[0] = tolower(dp->d_name[strlen(lang)+1]); ++ thisregion[1] = tolower(dp->d_name[strlen(lang)+1+1]); ++ ++ r = OK; ++ ++ for (j = 0; j < MAXREGIONS; ++j) ++ { ++ if (thislang[j] && (strcmp(thislang[j]->sl_fname, final_name) == 0)) ++ break; ++ } ++ ++ if (j < MAXREGIONS) ++ lp = thislang[j]; ++ else ++ { ++ lp = slang_alloc(lang); ++ lp->sl_ishunspell = TRUE; ++ ++ lp->sl_fname = vim_strsave(resolvedlink); ++ ++ lp->sl_next = first_lang; ++ first_lang = lp; ++ thislang[i] = lp; ++ } ++ ++ regionpos = 0; ++ while (lp->sl_regions[regionpos] != 0) ++regionpos; ++ ++ //silently lose regions which won't fit in ++ if (regionpos == MAXREGIONS * 2) ++ continue; ++ ++ vim_strncpy(lp->sl_regions + regionpos, thisregion, 2); ++ ++ ++i; ++ } ++ closedir(dirp); ++ } ++ } ++ ++ if (r == FAIL) ++ { + smsg((char_u *)_("Warning: Cannot find word list \"%s.%s.spl\" or \"%s.ascii.spl\""), + lang, spell_enc(), lang); + } +@@ -2429,6 +2584,9 @@ + slang_free(lp) + slang_T *lp; + { ++ Hunspell_destroy(lp->sl_hunspell); ++ convert_setup(&lp->sl_tohunconv, NULL, NULL); ++ convert_setup(&lp->sl_fromhunconv, NULL, NULL); + vim_free(lp->sl_name); + vim_free(lp->sl_fname); + slang_clear(lp); +@@ -2974,7 +3132,7 @@ + { + int i; + +- if (len > 16) ++ if (len > MAXREGIONS*2) + return SP_FORMERROR; + for (i = 0; i < len; ++i) + lp->sl_regions[i] = getc(fd); /* */ +@@ -4112,6 +4270,7 @@ + /* loop over comma separated language names. */ + for (splp = buf->b_p_spl; *splp != NUL; ) + { ++ int hunspellregionunsupported; + /* Get one language name. */ + copy_option_part(&splp, lang, MAXWLEN, ","); + +@@ -4182,6 +4341,7 @@ + /* + * Loop over the languages, there can be several files for "lang". + */ ++ hunspellregionunsupported = 0; + for (slang = first_lang; slang != NULL; slang = slang->sl_next) + if (filename ? fullpathcmp(lang, slang->sl_fname, FALSE) == FPC_SAME + : STRICMP(lang, slang->sl_name) == 0) +@@ -4199,6 +4359,11 @@ + /* This addition file is for other regions. */ + region_mask = 0; + } ++ else if (slang->sl_ishunspell) ++ { ++ region_mask = 0; ++ hunspellregionunsupported++; ++ } + else + /* This is probably an error. Give a warning and + * accept the words anyway. */ +@@ -4207,7 +4372,10 @@ + region); + } + else ++ { ++ hunspellregionunsupported--; + region_mask = 1 << c; ++ } + } + + if (region_mask != 0) +@@ -4225,6 +4393,9 @@ + nobreak = TRUE; + } + } ++ ++ if (region && hunspellregionunsupported >= 1) ++ smsg((char_u *) _("Warning: region %s not supported"), region); + } + + /* round 0: load int_wordlist, if possible. +@@ -4832,7 +5003,7 @@ + char_u *si_info; /* info text chars or NULL */ + int si_region_count; /* number of regions supported (1 when there + are no regions) */ +- char_u si_region_name[16]; /* region names; used only if ++ char_u si_region_name[MAXREGIONS*2]; /* region names; used only if + * si_region_count > 1) */ + + garray_T si_rep; /* list of fromto_T entries from REP lines */ +@@ -7093,7 +7264,7 @@ + else + { + line += 8; +- if (STRLEN(line) > 16) ++ if (STRLEN(line) > MAXREGIONS) + smsg((char_u *)_("Too many regions in %s line %d: %s"), + fname, lnum, line); + else +@@ -8973,7 +9144,7 @@ + char_u wfname[MAXPATHL]; + char_u **innames; + int incount; +- afffile_T *(afile[8]); ++ afffile_T *(afile[MAXREGIONS]); + int i; + int len; + struct stat st; +@@ -9040,8 +9211,8 @@ + EMSG(_(e_invarg)); /* need at least output and input names */ + else if (vim_strchr(gettail(wfname), '_') != NULL) + EMSG(_("E751: Output file name must not have region name")); +- else if (incount > 8) +- EMSG(_("E754: Only up to 8 regions supported")); ++ else if (incount > MAXREGIONS) ++ EMSG2(_("E754: Only up to %d regions supported"), MAXREGIONS); + else + { + /* Check for overwriting before doing things that may take a lot of +@@ -11097,6 +11268,36 @@ + { + lp = LANGP_ENTRY(curbuf->b_langp, lpi); + ++ if (lp->lp_slang->sl_ishunspell) ++ { ++ slang_T *slp = lp->lp_slang; ++ char **slst; ++ char_u *converted = 0; ++ ++ ensurehunspellinit(slp); ++ ++ converted = string_convert(&slp->sl_tohunconv, su->su_fbadword, NULL); ++ if (converted) ++ { ++ int suggests; ++ suggests = Hunspell_suggest(slp->sl_hunspell, &slst, converted); ++ if (suggests > 0) ++ { ++ int i; ++ char_u *suggest; ++ for (i = 0; i < suggests; ++i) ++ { ++ suggest = string_convert(&slp->sl_fromhunconv, slst[i], NULL); ++ add_suggestion(su, &su->su_ga, suggest, su->su_badlen, i, 0, FALSE, ++ slp, FALSE); ++ vim_free(suggest); ++ } ++ free(slst); ++ } ++ vim_free(converted); ++ } ++ } ++ + /* If reloading a spell file fails it's still in the list but + * everything has been cleared. */ + if (lp->lp_slang->sl_fbyts == NULL) diff --git a/vim-8.2-configure-does-not-recognize-gcc-10.0.patch b/vim-8.2-configure-does-not-recognize-gcc-10.0.patch deleted file mode 100644 index 136a76e..0000000 --- a/vim-8.2-configure-does-not-recognize-gcc-10.0.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 6b9c1662eb49612bbcfc3e07167cbde7c4ec6aef Mon Sep 17 00:00:00 2001 -From: Weisson -Date: Mon, 20 Nov 2023 16:40:44 +0800 -Subject: [PATCH] patch 8.2.0213: configure does not recognize gcc 10.0 and - later - -Problem: Configure does not recognize gcc 10.0 and later. -Solution: Adjust the pattern matching the version number. (Sergei - Trofimovich, closes #5580) -Signed-off-by: Weisson ---- - src/auto/configure | 2 +- - src/configure.ac | 4 ++-- - src/version.c | 2 ++ - 3 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/auto/configure b/src/auto/configure -index a0e9ea5..0c4c9c3 100755 ---- a/src/auto/configure -+++ b/src/auto/configure -@@ -14686,7 +14686,7 @@ DEPEND_CFLAGS_FILTER= - if test "$GCC" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GCC 3 or later" >&5 - $as_echo_n "checking for GCC 3 or later... " >&6; } -- gccmajor=`echo "$gccversion" | sed -e 's/^\([1-9]\)\..*$/\1/g'` -+ gccmajor=`echo "$gccversion" | sed -e 's/^\([0-9]\+\)\..*$/\1/g'` - if test "$gccmajor" -gt "2"; then - DEPEND_CFLAGS_FILTER="| sed 's+-I */+-isystem /+g'" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -diff --git a/src/configure.ac b/src/configure.ac -index 5e45762..73ef5e9 100644 ---- a/src/configure.ac -+++ b/src/configure.ac -@@ -2204,7 +2204,7 @@ else - fi - - dnl On my HPUX system the X include dir is found, but the lib dir not. -- dnl This is a desparate try to fix this. -+ dnl This is a desperate try to fix this. - - if test -d "$x_includes" && test ! -d "$x_libraries"; then - x_libraries=`echo "$x_includes" | sed s/include/lib/` -@@ -4424,7 +4424,7 @@ dnl the number before the version number. - DEPEND_CFLAGS_FILTER= - if test "$GCC" = yes; then - AC_MSG_CHECKING(for GCC 3 or later) -- gccmajor=`echo "$gccversion" | sed -e 's/^\([[1-9]]\)\..*$/\1/g'` -+ gccmajor=`echo "$gccversion" | sed -e 's/^\([[0-9]]\+\)\..*$/\1/g'` - if test "$gccmajor" -gt "2"; then - DEPEND_CFLAGS_FILTER="| sed 's+-I */+-isystem /+g'" - AC_MSG_RESULT(yes) -diff --git a/src/version.c b/src/version.c -index f5d4c5a..2ae07d2 100644 ---- a/src/version.c -+++ b/src/version.c -@@ -761,6 +761,8 @@ static char *(features[]) = - - static int included_patches[] = - { /* Add new patch number below this line */ -+/**/ -+ 232, - /**/ - 1763, - /**/ --- -2.31.1 \ No newline at end of file diff --git a/vim.spec b/vim.spec index 41a720d..88e5333 100644 --- a/vim.spec +++ b/vim.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.2 %define patchlevel 1763 %if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1} %define WITH_SELINUX 1 @@ -25,7 +24,7 @@ Summary: The VIM editor URL: http://www.vim.org/ Name: vim Version: %{baseversion}.%{patchlevel} -Release: 19%{anolis_release}%{?dist}.5 +Release: 21%{?dist} License: Vim and MIT Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2 Source1: vim.sh @@ -48,10 +47,7 @@ Source16: macros.vim Patch2002: vim-7.0-fixkeys.patch Patch2003: vim-7.4-specsyntax.patch -%if %{withhunspell} Patch2011: vim-7.0-hunspell.patch -BuildRequires: hunspell-devel -%endif Patch3000: vim-7.4-syntax.patch Patch3002: vim-7.4-nowarnings.patch @@ -101,7 +97,7 @@ Patch3032: 0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch Patch3033: 0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch # CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch -# CVE-2022-1154 vim: use after free in utf_ptr2char +# 2073391 - CVE-2022-1154 vim: use after free in utf_ptr2char Patch3035: 0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch # CVE-2022-1621 vim: heap buffer overflow Patch3036: 0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch @@ -113,13 +109,11 @@ Patch3038: 0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch Patch3039: 0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch # CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c Patch3040: 0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch +# RHEL-112003 CVE-2025-53905 vim: Vim path traversial +Patch3041: 0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch +# RHEL-112007 CVE-2025-53906 vim: Vim path traversal +Patch3042: 0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch -# Add by Anolis -# backport patch to fix build error with ruby -Patch10000: 0001-vim-anolis-build-with-ruby26.patch -# End -Patch10001: vim80-sw.patch -Patch10002: vim-8.2-configure-does-not-recognize-gcc-10.0.patch # gcc is no longer in buildroot by default BuildRequires: gcc @@ -144,6 +138,11 @@ BuildRequires: lua-devel Requires: desktop-file-utils BuildRequires: desktop-file-utils >= %{desktop_file_utils_version} %endif + +%if %{withhunspell} +BuildRequires: hunspell-devel +%endif + Epoch: 2 Conflicts: filesystem < 3 @@ -161,7 +160,7 @@ Conflicts: man-pages-pl < 0.24-2 Requires: %{name}-filesystem # it conflicts with older version of vim-minimal during update because of manpage # move -Conflicts: %{name}-minimal < 8.0.1428-4 +Conflicts: %{name}-minimal < 2:8.0.1428-4 %description common VIM (VIsual editor iMproved) is an updated and improved version of the @@ -184,11 +183,11 @@ many different languages. %package minimal Summary: A minimal version of the VIM editor -Provides: vi = %{version}-%{release} +Provides: vi = %{epoch}:%{version}-%{release} Provides: %{_bindir}/vi # it conflicts with older version of vim-common during update because of manpage # move -Conflicts: %{name}-common < 8.0.1428-4 +Conflicts: %{name}-common < 2:8.0.1428-4 %description minimal VIM (VIsual editor iMproved) is an updated and improved version of the @@ -203,7 +202,7 @@ package is installed. %package enhanced Summary: A version of the VIM editor which includes recent enhancements Requires: vim-common = %{epoch}:%{version}-%{release} which -Provides: vim = %{version}-%{release} +Provides: vim = %{epoch}:%{version}-%{release} Provides: %{_bindir}/mergetool Provides: %{_bindir}/vim # suggest python3, python2, lua, ruby and perl packages because of their @@ -234,7 +233,6 @@ need to install the vim-common package. %package filesystem Summary: VIM filesystem layout BuildArch: noarch - %Description filesystem This package provides some directories which are required by other packages that add vim files, p.e. additional syntax files or filetypes. @@ -250,7 +248,7 @@ BuildRequires: libXpm-devel BuildRequires: libICE-devel Requires: vim-common = %{epoch}:%{version}-%{release} libattr >= 2.4 gtk3 -Provides: gvim = %{version}-%{release} +Provides: gvim = %{epoch}:%{version}-%{release} Provides: %{_bindir}/mergetool Provides: %{_bindir}/gvim Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) @@ -337,12 +335,9 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk %patch3038 -p1 -b .cve1785 %patch3039 -p1 -b .cve1897 %patch3040 -p1 -b .cve1927 +%patch -P 3041 -p1 -b .CVE-2025-53905 +%patch -P 3042 -p1 -b .CVE-2025-53906 -%patch10000 -p1 -%patch10001 -p1 -%ifarch sw_64 -%patch10002 -p1 -%endif %build %if 0%{?rhel} > 7 export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 @@ -372,8 +367,8 @@ perl -pi -e "s/vimrc/virc/" os_unix.h --disable-pythoninterp --disable-perlinterp --disable-tclinterp \ --with-tlib=ncurses --enable-gui=no --disable-gpm --exec-prefix=/ \ --enable-fips-warning \ - --with-compiledby="OpenAnolis Community" \ - --with-modified-by="OpenAnolis Community" + --with-compiledby="" \ + --with-modified-by="" make VIMRCLOC=/etc VIMRUNTIMEDIR=/usr/share/vim/%{vimdir} %{?_smp_mflags} cp vim minimal-vim @@ -391,8 +386,8 @@ mv -f ex_cmds.c.save ex_cmds.c --with-tlib=ncurses \ --enable-gtk3-check --enable-gui=gtk3 \ --enable-fips-warning \ - --with-compiledby="OpenAnolis Community" --enable-cscope \ - --with-modified-by="OpenAnolis Community" \ + --with-compiledby="" --enable-cscope \ + --with-modified-by="" \ %if "%{withnetbeans}" == "1" --enable-netbeans \ %else @@ -426,10 +421,10 @@ make clean --disable-tclinterp \ --with-x=no \ --enable-gui=no --exec-prefix=%{_prefix} --enable-multibyte \ - --enable-cscope --with-modified-by="OpenAnolis Community" \ + --enable-cscope --with-modified-by="" \ --with-tlib=ncurses \ --enable-fips-warning \ - --with-compiledby="OpenAnolis Community" \ + --with-compiledby="" \ %if "%{withnetbeans}" == "1" --enable-netbeans \ %else @@ -860,29 +855,23 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags %{_datadir}/icons/locolor/*/apps/* %changelog -* Mon Nov 20 2023 Weisson - 2:8.0.1763-19.0.2.5 -- add support for gcc having version beyond 10.0. - -* Fri May 12 2023 wxiat - 2:8.0.1763-19.0.1.5 -- add sw patch - -* Mon Aug 08 2022 Mahailiang - 2:8.0.1763-19.0.1.4 -- Rebrand to Anolis(Xiaoxuan Yang) -- Fix build issue with ruby(Liwei Ge) +* Wed Sep 17 2025 Zdenek Dohnal - 2:8.0.1763-21 +- RHEL-112003 CVE-2025-53905 vim: Vim path traversial +- RHEL-112007 CVE-2025-53906 vim: Vim path traversal -* Tue Jun 14 2022 Zdenek Dohnal - 2:8.0.1763-19.4 +* Tue Jun 14 2022 Zdenek Dohnal - 2:8.0.1763-20 - fix issue reported by covscan -* Mon Jun 13 2022 Zdenek Dohnal - 2:8.0.1763-19.3 +* Mon Jun 13 2022 Zdenek Dohnal - 2:8.0.1763-20 - CVE-2022-1785 vim: Out-of-bounds Write - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c - CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c -* Wed May 25 2022 Zdenek Dohnal - 2:8.0.1763-19.2 +* Sat May 14 2022 Zdenek Dohnal - 2:8.0.1763-20 - CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1629 vim: buffer over-read -* Sat Apr 09 2022 Zdenek Dohnal - 2:8.0.1763-19.1 +* Sat Apr 09 2022 Zdenek Dohnal - 2:8.0.1763-20 - CVE-2022-1154 vim: use after free in utf_ptr2char * Tue Feb 08 2022 Zdenek Dohnal - 2:8.0.1763-19 diff --git a/vim80-sw.patch b/vim80-sw.patch deleted file mode 100644 index a440eac..0000000 --- a/vim80-sw.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -Naur vim80.org/runtime/syntax/debcontrol.vim vim80.sw/runtime/syntax/debcontrol.vim ---- vim80.org/runtime/syntax/debcontrol.vim 2018-02-12 16:55:41.000000000 +0800 -+++ vim80.sw/runtime/syntax/debcontrol.vim 2023-05-12 14:59:37.859109283 +0800 -@@ -31,7 +31,7 @@ - \ 'alpha', 'amd64', 'armeb', 'armel', 'armhf', 'arm64', 'avr32', 'hppa' - \, 'i386', 'ia64', 'lpia', 'm32r', 'm68k', 'mipsel', 'mips64el', 'mips' - \, 'powerpcspe', 'powerpc', 'ppc64el', 'ppc64', 's390x', 's390', 'sh3eb' -- \, 'sh3', 'sh4eb', 'sh4', 'sh', 'sparc64', 'sparc', 'x32' -+ \, 'sh3', 'sh4eb', 'sh4', 'sh', 'sparc64', 'sparc', 'x32', 'sw_64' - \ ] - let s:pairs = [ - \ 'hurd-i386', 'kfreebsd-i386', 'kfreebsd-amd64', 'knetbsd-i386' -diff -Naur vim80.org/src/osdef1.h.in vim80.sw/src/osdef1.h.in ---- vim80.org/src/osdef1.h.in 2016-12-02 16:39:09.000000000 +0800 -+++ vim80.sw/src/osdef1.h.in 2023-05-12 15:02:42.527581672 +0800 -@@ -130,7 +130,7 @@ - #else - extern char *getwd(char *); - #endif --#ifndef __alpha /* suggested by Campbell */ -+#if !defined __alpha && !defined __sw_64 /* suggested by Campbell */ - extern int ioctl(int, int, ...); - #endif - extern int chmod(const char *, mode_t); -- Gitee From 3404b24f1b1edc39eb981171351286158bd3397d Mon Sep 17 00:00:00 2001 From: yangxiaoxuan Date: Thu, 28 Jan 2021 08:55:59 +0800 Subject: [PATCH 2/5] spec: rebrand to anolis modify bugurl Signed-off-by: yangxiaoxuan Change-Id: I5b26e101bdec7a3f037b710bab1d4dc31b0a29b2 --- vim.spec | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/vim.spec b/vim.spec index 88e5333..3015e0f 100644 --- a/vim.spec +++ b/vim.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 %define patchlevel 1763 %if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1} %define WITH_SELINUX 1 @@ -24,7 +25,7 @@ Summary: The VIM editor URL: http://www.vim.org/ Name: vim Version: %{baseversion}.%{patchlevel} -Release: 21%{?dist} +Release: 21%{anolis_release}%{?dist} License: Vim and MIT Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2 Source1: vim.sh @@ -367,8 +368,8 @@ perl -pi -e "s/vimrc/virc/" os_unix.h --disable-pythoninterp --disable-perlinterp --disable-tclinterp \ --with-tlib=ncurses --enable-gui=no --disable-gpm --exec-prefix=/ \ --enable-fips-warning \ - --with-compiledby="" \ - --with-modified-by="" + --with-compiledby="OpenAnolis Community" \ + --with-modified-by="OpenAnolis Community" make VIMRCLOC=/etc VIMRUNTIMEDIR=/usr/share/vim/%{vimdir} %{?_smp_mflags} cp vim minimal-vim @@ -386,8 +387,8 @@ mv -f ex_cmds.c.save ex_cmds.c --with-tlib=ncurses \ --enable-gtk3-check --enable-gui=gtk3 \ --enable-fips-warning \ - --with-compiledby="" --enable-cscope \ - --with-modified-by="" \ + --with-compiledby="OpenAnolis Community" --enable-cscope \ + --with-modified-by="OpenAnolis Community" \ %if "%{withnetbeans}" == "1" --enable-netbeans \ %else @@ -421,10 +422,10 @@ make clean --disable-tclinterp \ --with-x=no \ --enable-gui=no --exec-prefix=%{_prefix} --enable-multibyte \ - --enable-cscope --with-modified-by="" \ + --enable-cscope --with-modified-by="OpenAnolis Community" \ --with-tlib=ncurses \ --enable-fips-warning \ - --with-compiledby="" \ + --with-compiledby="OpenAnolis Community" \ %if "%{withnetbeans}" == "1" --enable-netbeans \ %else @@ -855,6 +856,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags %{_datadir}/icons/locolor/*/apps/* %changelog +* Fri Oct 10 2025 Mahailiang - 2:8.0.1763-21.0.1 +- Rebrand to Anolis + * Wed Sep 17 2025 Zdenek Dohnal - 2:8.0.1763-21 - RHEL-112003 CVE-2025-53905 vim: Vim path traversial - RHEL-112007 CVE-2025-53906 vim: Vim path traversal -- Gitee From 6d84556fc13415577296efdda6698eb291a25f1d Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Tue, 2 Feb 2021 20:59:11 +0800 Subject: [PATCH 3/5] build: fix build issue with ruby Signed-off-by: Liwei Ge Change-Id: I549044bc52aa557941a2d87f6fe8b8ce6a7b7539 --- 1000-vim-anolis-build-with-ruby26.patch | 60 +++++++++++++++++++++++++ vim.spec | 10 ++++- 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 1000-vim-anolis-build-with-ruby26.patch diff --git a/1000-vim-anolis-build-with-ruby26.patch b/1000-vim-anolis-build-with-ruby26.patch new file mode 100644 index 0000000..4611343 --- /dev/null +++ b/1000-vim-anolis-build-with-ruby26.patch @@ -0,0 +1,60 @@ +From b09c684195d803137d52c34fb4d3a410be5ac10f Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Thu, 27 Dec 2018 22:11:01 +0100 +Subject: [PATCH] patch 8.1.0646: cannot build with Ruby 2.6.0 + +Problem: Cannot build with Ruby 2.6.0. +Solution: Add rb_ary_detransient(). (Ozaki Kiichi, closes #3724) +--- + src/if_ruby.c | 15 +++++++++++---- + src/version.c | 2 ++ + 2 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/src/if_ruby.c b/src/if_ruby.c +index cb9b416036f..34fc0ed1cb3 100644 +--- a/src/if_ruby.c ++++ b/src/if_ruby.c +@@ -123,6 +123,10 @@ + # define rb_gc_writebarrier_unprotect rb_gc_writebarrier_unprotect_stub + #endif + ++#if defined(DYNAMIC_RUBY_VER) && DYNAMIC_RUBY_VER >= 26 ++# define rb_ary_detransient (*dll_rb_ary_detransient) ++#endif ++ + #include + #ifdef RUBY19_OR_LATER + # include +@@ -455,6 +459,9 @@ static VALUE (*dll_rb_float_new) (double); + static VALUE (*dll_rb_float_new) (double); + static VALUE (*dll_rb_ary_new) (void); + static VALUE (*dll_rb_ary_push) (VALUE, VALUE); ++# if DYNAMIC_RUBY_VER >= 26 ++static void (*dll_rb_ary_detransient) (VALUE); ++# endif + # if defined(RUBY19_OR_LATER) || defined(RUBY_INIT_STACK) + # ifdef __ia64 + static void * (*dll_rb_ia64_bsp) (void); +@@ -666,6 +673,9 @@ static struct + {"rb_ary_new", (RUBY_PROC*)&dll_rb_ary_new}, + {"rb_ary_push", (RUBY_PROC*)&dll_rb_ary_push}, + # endif ++# if DYNAMIC_RUBY_VER >= 26 ++ {"rb_ary_detransient", (RUBY_PROC*)&dll_rb_ary_detransient}, ++# endif + # ifdef RUBY19_OR_LATER + {"rb_int2big", (RUBY_PROC*)&dll_rb_int2big}, + {"ruby_script", (RUBY_PROC*)&dll_ruby_script}, +@@ -966,11 +976,8 @@ static int ensure_ruby_initialized(void) + + static void error_print(int state) + { +-#ifndef DYNAMIC_RUBY +-#if !(defined(RUBY_VERSION) && RUBY_VERSION >= 19) \ +- && !(defined(DYNAMIC_RUBY_VER) && DYNAMIC_RUBY_VER >= 19) ++#if !defined(DYNAMIC_RUBY) && !defined(RUBY19_OR_LATER) + RUBYEXTERN VALUE ruby_errinfo; +-#endif + #endif + VALUE eclass; + VALUE einfo; diff --git a/vim.spec b/vim.spec index 3015e0f..1e6a179 100644 --- a/vim.spec +++ b/vim.spec @@ -116,6 +116,11 @@ Patch3041: 0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch Patch3042: 0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch +# Add by Anolis +# backport patch to fix build error with ruby +Patch10000: 1000-vim-anolis-build-with-ruby26.patch +# End + # gcc is no longer in buildroot by default BuildRequires: gcc @@ -339,6 +344,8 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk %patch -P 3041 -p1 -b .CVE-2025-53905 %patch -P 3042 -p1 -b .CVE-2025-53906 +%patch10000 -p1 + %build %if 0%{?rhel} > 7 export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 @@ -857,7 +864,8 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags %changelog * Fri Oct 10 2025 Mahailiang - 2:8.0.1763-21.0.1 -- Rebrand to Anolis +- Rebrand to Anolis(Xiaoxuan Yang) +- Fix build issue with ruby(Liwei Ge) * Wed Sep 17 2025 Zdenek Dohnal - 2:8.0.1763-21 - RHEL-112003 CVE-2025-53905 vim: Vim path traversial -- Gitee From 2eeb5de4ee49ecb06cb2df0c072204e033ba9f83 Mon Sep 17 00:00:00 2001 From: wxiat Date: Wed, 28 Jun 2023 10:55:02 +0800 Subject: [PATCH 4/5] add sw Signed-off-by: wxiat --- 1001-vim80-sw.patch | 24 ++++++++++++++++++++++++ vim.spec | 4 +++- 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 1001-vim80-sw.patch diff --git a/1001-vim80-sw.patch b/1001-vim80-sw.patch new file mode 100644 index 0000000..a440eac --- /dev/null +++ b/1001-vim80-sw.patch @@ -0,0 +1,24 @@ +diff -Naur vim80.org/runtime/syntax/debcontrol.vim vim80.sw/runtime/syntax/debcontrol.vim +--- vim80.org/runtime/syntax/debcontrol.vim 2018-02-12 16:55:41.000000000 +0800 ++++ vim80.sw/runtime/syntax/debcontrol.vim 2023-05-12 14:59:37.859109283 +0800 +@@ -31,7 +31,7 @@ + \ 'alpha', 'amd64', 'armeb', 'armel', 'armhf', 'arm64', 'avr32', 'hppa' + \, 'i386', 'ia64', 'lpia', 'm32r', 'm68k', 'mipsel', 'mips64el', 'mips' + \, 'powerpcspe', 'powerpc', 'ppc64el', 'ppc64', 's390x', 's390', 'sh3eb' +- \, 'sh3', 'sh4eb', 'sh4', 'sh', 'sparc64', 'sparc', 'x32' ++ \, 'sh3', 'sh4eb', 'sh4', 'sh', 'sparc64', 'sparc', 'x32', 'sw_64' + \ ] + let s:pairs = [ + \ 'hurd-i386', 'kfreebsd-i386', 'kfreebsd-amd64', 'knetbsd-i386' +diff -Naur vim80.org/src/osdef1.h.in vim80.sw/src/osdef1.h.in +--- vim80.org/src/osdef1.h.in 2016-12-02 16:39:09.000000000 +0800 ++++ vim80.sw/src/osdef1.h.in 2023-05-12 15:02:42.527581672 +0800 +@@ -130,7 +130,7 @@ + #else + extern char *getwd(char *); + #endif +-#ifndef __alpha /* suggested by Campbell */ ++#if !defined __alpha && !defined __sw_64 /* suggested by Campbell */ + extern int ioctl(int, int, ...); + #endif + extern int chmod(const char *, mode_t); diff --git a/vim.spec b/vim.spec index 1e6a179..45735ac 100644 --- a/vim.spec +++ b/vim.spec @@ -120,6 +120,7 @@ Patch3042: 0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch # backport patch to fix build error with ruby Patch10000: 1000-vim-anolis-build-with-ruby26.patch # End +Patch10001: 1001-vim80-sw.patch # gcc is no longer in buildroot by default BuildRequires: gcc @@ -345,7 +346,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk %patch -P 3042 -p1 -b .CVE-2025-53906 %patch10000 -p1 - +%patch10001 -p1 %build %if 0%{?rhel} > 7 export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 @@ -866,6 +867,7 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags * Fri Oct 10 2025 Mahailiang - 2:8.0.1763-21.0.1 - Rebrand to Anolis(Xiaoxuan Yang) - Fix build issue with ruby(Liwei Ge) +- add sw patch * Wed Sep 17 2025 Zdenek Dohnal - 2:8.0.1763-21 - RHEL-112003 CVE-2025-53905 vim: Vim path traversial -- Gitee From a082be8f0e3808d7a254541004c40ba23ed32238 Mon Sep 17 00:00:00 2001 From: Weisson Date: Mon, 20 Nov 2023 17:12:48 +0800 Subject: [PATCH 5/5] add support for gcc having version beyond 10.0. Signed-off-by: Weisson --- ...onfigure-does-not-recognize-gcc-10.0.patch | 66 +++++++++++++++++++ vim.spec | 5 ++ 2 files changed, 71 insertions(+) create mode 100644 1002-vim-8.2-configure-does-not-recognize-gcc-10.0.patch diff --git a/1002-vim-8.2-configure-does-not-recognize-gcc-10.0.patch b/1002-vim-8.2-configure-does-not-recognize-gcc-10.0.patch new file mode 100644 index 0000000..136a76e --- /dev/null +++ b/1002-vim-8.2-configure-does-not-recognize-gcc-10.0.patch @@ -0,0 +1,66 @@ +From 6b9c1662eb49612bbcfc3e07167cbde7c4ec6aef Mon Sep 17 00:00:00 2001 +From: Weisson +Date: Mon, 20 Nov 2023 16:40:44 +0800 +Subject: [PATCH] patch 8.2.0213: configure does not recognize gcc 10.0 and + later + +Problem: Configure does not recognize gcc 10.0 and later. +Solution: Adjust the pattern matching the version number. (Sergei + Trofimovich, closes #5580) +Signed-off-by: Weisson +--- + src/auto/configure | 2 +- + src/configure.ac | 4 ++-- + src/version.c | 2 ++ + 3 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/auto/configure b/src/auto/configure +index a0e9ea5..0c4c9c3 100755 +--- a/src/auto/configure ++++ b/src/auto/configure +@@ -14686,7 +14686,7 @@ DEPEND_CFLAGS_FILTER= + if test "$GCC" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GCC 3 or later" >&5 + $as_echo_n "checking for GCC 3 or later... " >&6; } +- gccmajor=`echo "$gccversion" | sed -e 's/^\([1-9]\)\..*$/\1/g'` ++ gccmajor=`echo "$gccversion" | sed -e 's/^\([0-9]\+\)\..*$/\1/g'` + if test "$gccmajor" -gt "2"; then + DEPEND_CFLAGS_FILTER="| sed 's+-I */+-isystem /+g'" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +diff --git a/src/configure.ac b/src/configure.ac +index 5e45762..73ef5e9 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -2204,7 +2204,7 @@ else + fi + + dnl On my HPUX system the X include dir is found, but the lib dir not. +- dnl This is a desparate try to fix this. ++ dnl This is a desperate try to fix this. + + if test -d "$x_includes" && test ! -d "$x_libraries"; then + x_libraries=`echo "$x_includes" | sed s/include/lib/` +@@ -4424,7 +4424,7 @@ dnl the number before the version number. + DEPEND_CFLAGS_FILTER= + if test "$GCC" = yes; then + AC_MSG_CHECKING(for GCC 3 or later) +- gccmajor=`echo "$gccversion" | sed -e 's/^\([[1-9]]\)\..*$/\1/g'` ++ gccmajor=`echo "$gccversion" | sed -e 's/^\([[0-9]]\+\)\..*$/\1/g'` + if test "$gccmajor" -gt "2"; then + DEPEND_CFLAGS_FILTER="| sed 's+-I */+-isystem /+g'" + AC_MSG_RESULT(yes) +diff --git a/src/version.c b/src/version.c +index f5d4c5a..2ae07d2 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -761,6 +761,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 232, + /**/ + 1763, + /**/ +-- +2.31.1 \ No newline at end of file diff --git a/vim.spec b/vim.spec index 45735ac..737914e 100644 --- a/vim.spec +++ b/vim.spec @@ -121,6 +121,7 @@ Patch3042: 0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch Patch10000: 1000-vim-anolis-build-with-ruby26.patch # End Patch10001: 1001-vim80-sw.patch +Patch10002: 1002-vim-8.2-configure-does-not-recognize-gcc-10.0.patch # gcc is no longer in buildroot by default BuildRequires: gcc @@ -347,6 +348,9 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk %patch10000 -p1 %patch10001 -p1 +%ifarch sw_64 +%patch10002 -p1 +%endif %build %if 0%{?rhel} > 7 export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 @@ -868,6 +872,7 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags - Rebrand to Anolis(Xiaoxuan Yang) - Fix build issue with ruby(Liwei Ge) - add sw patch +- add support for gcc having version beyond 10.0. * Wed Sep 17 2025 Zdenek Dohnal - 2:8.0.1763-21 - RHEL-112003 CVE-2025-53905 vim: Vim path traversial -- Gitee