From 9852850995ad0971abef6d605f2d4299dfda6edf Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Thu, 11 Nov 2021 08:23:49 +0000 Subject: [PATCH] import vim-8.0.1763-16.el8_5.2 --- ...llegal-memory-access-if-buffer-name-.patch | 35 +++++++++++++++++++ SPECS/vim.spec | 10 +++++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch diff --git a/SOURCES/0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch b/SOURCES/0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch new file mode 100644 index 00000000..76018f9e --- /dev/null +++ b/SOURCES/0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch @@ -0,0 +1,35 @@ +diff -up vim80/src/screen.c.cve3872 vim80/src/screen.c +--- vim80/src/screen.c.cve3872 2021-10-21 13:20:27.694921335 +0200 ++++ vim80/src/screen.c 2021-10-21 13:22:42.221732996 +0200 +@@ -6911,13 +6911,13 @@ win_redr_status(win_T *wp) + *(p + len++) = ' '; + if (bt_help(wp->w_buffer)) + { +- STRCPY(p + len, _("[Help]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]")); + len += (int)STRLEN(p + len); + } + #ifdef FEAT_QUICKFIX + if (wp->w_p_pvw) + { +- STRCPY(p + len, _("[Preview]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]")); + len += (int)STRLEN(p + len); + } + #endif +@@ -6927,12 +6927,12 @@ win_redr_status(win_T *wp) + #endif + ) + { +- STRCPY(p + len, "[+]"); +- len += 3; ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]"); ++ len += (int)STRLEN(p + len); + } + if (wp->w_buffer->b_p_ro) + { +- STRCPY(p + len, _("[RO]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]")); + len += (int)STRLEN(p + len); + } + diff --git a/SPECS/vim.spec b/SPECS/vim.spec index 159811df..08748763 100644 --- a/SPECS/vim.spec +++ b/SPECS/vim.spec @@ -24,7 +24,7 @@ Summary: The VIM editor URL: http://www.vim.org/ Name: vim Version: %{baseversion}.%{patchlevel} -Release: 16%{?dist} +Release: 16%{?dist}.2 License: Vim and MIT Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2 Source1: vim.sh @@ -79,6 +79,7 @@ Patch3021: 0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch Patch3022: vim-cve3796.patch # 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0] Patch3023: vim-cve3778-fix.patch +Patch3024: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch # gcc is no longer in buildroot by default BuildRequires: gcc @@ -279,6 +280,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk %patch3021 -p1 -b .rvim %patch3022 -p1 -b .cve3796 %patch3023 -p1 -b .cve3778 +%patch3024 -p1 -b .cve3872 %build %if 0%{?rhel} > 7 @@ -797,6 +799,12 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags %{_datadir}/icons/locolor/*/apps/* %changelog +* Tue Oct 26 2021 Zdenek Dohnal - 2:8.0.1763-16.2 +- remove the upstream test - uses a feature which is not presented in RHEL 8 + +* Tue Oct 26 2021 Zdenek Dohnal - 2:8.0.1763-16.1 +- CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0] + * Mon Sep 20 2021 Zdenek Dohnal - 2:8.0.1763-16 - 2004974 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.5.0] - 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]