Your message dated Sat, 15 Mar 2025 09:44:44 +0000
with message-id <e1tto4s-005kos...@coccia.debian.org>
and subject line Close 1096100
has caused the Debian Bug report #1096100,
regarding bookworm-pu: package vim/2:9.0.1378-2+deb12u2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1096100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1096100
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: v...@packages.debian.org, 1094...@bugs.debian.org
Control: affects -1 + src:vim
This update is identical to the current upload in bookworm-proposed-updates
except that a test case that was breaking the builder on a number of
architectures has been dropped.
We know the test passes on amd64 and there's no reason to think there's
anything really architecture-specific about the bug.
The impact on stable users without this patch is that the fixes in #1094646
would not reach the users of all architectures.
I have uploaded. Thanks!
--
Sean Whitton
diff -Nru vim-9.0.1378/debian/changelog vim-9.0.1378/debian/changelog
--- vim-9.0.1378/debian/changelog 2025-01-23 21:00:20.000000000 +0800
+++ vim-9.0.1378/debian/changelog 2025-02-16 13:23:41.000000000 +0800
@@ -1,3 +1,12 @@
+vim (2:9.0.1378-2+deb12u2) bookworm; urgency=high
+
+ * Drop test case from CVE-2023-2610.patch.
+ This test was breaking the build on a number of architectures.
+ The test was removed upstream for similar reasons.
+ Thanks to James McCoy for reporting the problem.
+
+ -- Sean Whitton <spwhit...@spwhitton.name> Sun, 16 Feb 2025 13:23:41 +0800
+
vim (2:9.0.1378-2+deb12u1) bookworm; urgency=high
* Backport security fixes:
diff -Nru vim-9.0.1378/debian/patches/CVE-2023-2610.patch
vim-9.0.1378/debian/patches/CVE-2023-2610.patch
--- vim-9.0.1378/debian/patches/CVE-2023-2610.patch 2025-01-23
21:00:20.000000000 +0800
+++ vim-9.0.1378/debian/patches/CVE-2023-2610.patch 2025-02-16
13:19:59.000000000 +0800
@@ -7,10 +7,9 @@
Solution: Limit the text length to MAXCOL.
(cherry picked from commit ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a)
---
- src/regexp.c | 30 +++++++++++++++++++-----------
- src/testdir/test_substitute.vim | 14 ++++++++++++++
- src/version.c | 2 ++
- 3 files changed, 35 insertions(+), 11 deletions(-)
+ src/regexp.c | 30 +++++++++++++++++++-----------
+ src/version.c | 2 ++
+ 2 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/src/regexp.c b/src/regexp.c
index f18f33d..08a7cdd 100644
@@ -71,31 +70,6 @@
}
}
else if (magic)
-diff --git a/src/testdir/test_substitute.vim b/src/testdir/test_substitute.vim
-index 7491b61..32e2f27 100644
---- a/src/testdir/test_substitute.vim
-+++ b/src/testdir/test_substitute.vim
-@@ -1414,6 +1414,20 @@ func Test_substitute_short_cmd()
- bw!
- endfunc
-
-+" Check handling expanding "~" resulting in extremely long text.
-+func Test_substitute_tilde_too_long()
-+ enew!
-+
-+ s/.*/ixxx
-+ s//~~~~~~~~~AAAAAAA@(
-+
-+ " Either fails with "out of memory" or "text too long".
-+ " This can take a long time.
-+ call assert_fails('sil! norm &&&&&&&&&', ['E1240:\|E342:'])
-+
-+ bwipe!
-+endfunc
-+
- " This should be done last to reveal a memory leak when vim_regsub_both() is
- " called to evaluate an expression but it is not used in a second call.
- func Test_z_substitute_expr_leak()
diff --git a/src/version.c b/src/version.c
index 0e83a6f..63e2a41 100644
--- a/src/version.c
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Version: 12.10
This update has been released as part of 12.10. Thank you for your contribution.
--- End Message ---
