Merge branch 'fasttrack/3.0' into tobiasb/symcrypt-debuginfo

SPECS/libarchive/libarchive.signatures.json

@@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "libarchive-3.7.1.tar.gz": "5d24e40819768f74daf846b99837fc53a3a9dcdf3ce1c2003fe0596db850f0f0"
- }
+  "Signatures": {
+    "libarchive-3.7.7.tar.gz": "4cc540a3e9a1eebdefa1045d2e4184831100667e6d7d5b315bb1cbc951f8ddff"
+  }
 }

SPECS/libarchive/libarchive.spec

@@ -1,18 +1,13 @@
 Summary:        Multi-format archive and compression library
 Name:           libarchive
-Version:        3.7.1
-Release:        2%{?dist}
+Version:        3.7.7
+Release:        1%{?dist}
 # Certain files have individual licenses. For more details see contents of "COPYING".
 License:        BSD AND Public Domain AND (ASL 2.0 OR CC0 1.0 OR OpenSSL)
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://www.libarchive.org/
 Source0:        https://github.com/libarchive/libarchive/releases/download/v%{version}/%{name}-%{version}.tar.gz
-Patch0:         CVE-2024-26256.patch
-# https://github.com/libarchive/libarchive/pull/2108 (needed to cleanly apply the ZIP OOB (CVE-2024-37407) patch)
-# Please remove when upgrading to v3.7.4 and above
-Patch1:         update-appledouble-support-directories.patch
-Patch2:         CVE-2024-37407.patch
 Provides:       bsdtar = %{version}-%{release}
 
 BuildRequires:  xz-libs
@@ -65,6 +60,10 @@ make %{?_smp_mflags} check
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Tue Oct 15 2024 Nan Liu <[email protected]> - 3.7.7-1
+- Upgrade to 3.7.7 - Fix CVE-2024-48957, CVE-2024-48958, CVE-2024-20696
+- Remove unused patches
+
 * Tue Jun 25 2024 Neha Agarwal <[email protected]> - 3.7.1-2
 - Patch CVE-2024-26256 and CVE-2024-37407
 

SPECS/vim/CVE-2024-43802.patch

@@ -0,0 +1,49 @@
+From 322ba9108612bead5eb7731ccb66763dec69ef1b Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <[email protected]>
+Date: Sun, 25 Aug 2024 21:33:03 +0200
+Subject: [PATCH] patch 9.1.0697: [security]: heap-buffer-overflow in
+ ins_typebuf
+
+Problem:  heap-buffer-overflow in ins_typebuf
+          (SuyueGuo)
+Solution: When flushing the typeahead buffer, validate that there
+          is enough space left
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh
+
+Signed-off-by: Christian Brabandt <[email protected]>
+
+Removed binary test file and test only changes for security fix
+
+---
+ src/getchar.c                    |  15 ++++++++++++---
+ 1 files changed, 12 insertions(+), 3 deletions(-)
+ create mode 100644 src/testdir/crash/heap_overflow3
+
+diff --git a/src/getchar.c b/src/getchar.c
+index 29323fa328bd1..96e180f4ae1a9 100644
+--- a/src/getchar.c
++++ b/src/getchar.c
+@@ -446,9 +446,18 @@ flush_buffers(flush_buffers_T flush_typeahead)
+
+     if (flush_typeahead == FLUSH_MINIMAL)
+     {
+-	// remove mapped characters at the start only
+-	typebuf.tb_off += typebuf.tb_maplen;
+-	typebuf.tb_len -= typebuf.tb_maplen;
++	// remove mapped characters at the start only,
++	// but only when enough space left in typebuf
++	if (typebuf.tb_off + typebuf.tb_maplen >= typebuf.tb_buflen)
++	{
++	    typebuf.tb_off = MAXMAPLEN;
++	    typebuf.tb_len = 0;
++	}
++	else
++	{
++	    typebuf.tb_off += typebuf.tb_maplen;
++	    typebuf.tb_len -= typebuf.tb_maplen;
++	}
+ #if defined(FEAT_CLIENTSERVER) || defined(FEAT_EVAL)
+ 	if (typebuf.tb_len == 0)
+ 	    typebuf_was_filled = FALSE;

SPECS/vim/vim.spec

@@ -2,7 +2,7 @@
 Summary:        Text editor
 Name:           vim
 Version:        9.0.2190
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        Vim
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -14,7 +14,7 @@ Patch0:         CVE-2024-41957.patch
 Patch1:         fix_save_unnamed_buffer_correctly.patch
 Patch2:         CVE-2024-41965.patch
 Patch3:         CVE-2024-43374.patch
-
+Patch4:         CVE-2024-43802.patch
 BuildRequires:  ncurses-devel
 BuildRequires:  python3-devel
 Requires(post): sed
@@ -222,6 +222,9 @@ fi
 %{_rpmconfigdir}/macros.d/macros.vim
 
 %changelog
+* Tue Oct 08 2024 Sam Meluch <[email protected]> - 9.0.2190-6
+- Add patch to resolve CVE-2024-43802
+
 * Tue Aug 20 2024 Brian Fjeldstad <[email protected]> - 9.0.2190-5
 - Add patch to resolve CVE-2024-43374
 

cgmanifest.json

@@ -8601,8 +8601,8 @@
         "type": "other",
         "other": {
           "name": "libarchive",
-          "version": "3.7.1",
-          "downloadUrl": "https://github.com/libarchive/libarchive/releases/download/v3.7.1/libarchive-3.7.1.tar.gz"
+          "version": "3.7.7",
+          "downloadUrl": "https://github.com/libarchive/libarchive/releases/download/v3.7.7/libarchive-3.7.7.tar.gz"
         }
       }
     },

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -178,8 +178,8 @@ openssl-static-3.3.2-1.azl3.aarch64.rpm
 libcap-2.69-1.azl3.aarch64.rpm
 libcap-devel-2.69-1.azl3.aarch64.rpm
 debugedit-5.0-2.azl3.aarch64.rpm
-libarchive-3.7.1-2.azl3.aarch64.rpm
-libarchive-devel-3.7.1-2.azl3.aarch64.rpm
+libarchive-3.7.7-1.azl3.aarch64.rpm
+libarchive-devel-3.7.7-1.azl3.aarch64.rpm
 rpm-4.18.2-1.azl3.aarch64.rpm
 rpm-build-4.18.2-1.azl3.aarch64.rpm
 rpm-build-libs-4.18.2-1.azl3.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -178,8 +178,8 @@ openssl-static-3.3.2-1.azl3.x86_64.rpm
 libcap-2.69-1.azl3.x86_64.rpm
 libcap-devel-2.69-1.azl3.x86_64.rpm
 debugedit-5.0-2.azl3.x86_64.rpm
-libarchive-3.7.1-2.azl3.x86_64.rpm
-libarchive-devel-3.7.1-2.azl3.x86_64.rpm
+libarchive-3.7.7-1.azl3.x86_64.rpm
+libarchive-devel-3.7.7-1.azl3.x86_64.rpm
 rpm-4.18.2-1.azl3.x86_64.rpm
 rpm-build-4.18.2-1.azl3.x86_64.rpm
 rpm-build-libs-4.18.2-1.azl3.x86_64.rpm