import vim-8.0.1763-16.el8_5.2

2021-11-11 08:23:49 +00:00 · 2021-11-11 08:23:49 +00:00 · 9852850995
commit 9852850995
parent f6d9a3be34
2 changed files with 44 additions and 1 deletions
--- a/SOURCES/0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
+++ b/SOURCES/0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
@ -0,0 +1,35 @@
+diff -up vim80/src/screen.c.cve3872 vim80/src/screen.c
+--- vim80/src/screen.c.cve3872	2021-10-21 13:20:27.694921335 +0200
+++ vim80/src/screen.c	2021-10-21 13:22:42.221732996 +0200
+@@ -6911,13 +6911,13 @@ win_redr_status(win_T *wp)
+ 	    *(p + len++) = ' ';
+ 	if (bt_help(wp->w_buffer))
+ 	{
+-	    STRCPY(p + len, _("[Help]"));
+	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]"));
+ 	    len += (int)STRLEN(p + len);
+ 	}
+ #ifdef FEAT_QUICKFIX
+ 	if (wp->w_p_pvw)
+ 	{
+-	    STRCPY(p + len, _("[Preview]"));
+	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]"));
+ 	    len += (int)STRLEN(p + len);
+ 	}
+ #endif
+@@ -6927,12 +6927,12 @@ win_redr_status(win_T *wp)
+ #endif
+ 		)
+ 	{
+-	    STRCPY(p + len, "[+]");
+-	    len += 3;
+	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]");
+	    len += (int)STRLEN(p + len);
+ 	}
+ 	if (wp->w_buffer->b_p_ro)
+ 	{
+-	    STRCPY(p + len, _("[RO]"));
+	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]"));
+ 	    len += (int)STRLEN(p + len);
+ 	}
+ 
--- a/SPECS/vim.spec
+++ b/SPECS/vim.spec
@ -24,7 +24,7 @@ Summary: The VIM editor
 URL:     http://www.vim.org/
 Name: vim
 Version: %{baseversion}.%{patchlevel}
-Release: 16%{?dist}
+Release: 16%{?dist}.2
 License: Vim and MIT
 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
 Source1: vim.sh
@ -79,6 +79,7 @@ Patch3021: 0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch
 Patch3022: vim-cve3796.patch
 # 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]
 Patch3023: vim-cve3778-fix.patch
+Patch3024: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch

 # gcc is no longer in buildroot by default
 BuildRequires: gcc
@ -279,6 +280,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
 %patch3021 -p1 -b .rvim
 %patch3022 -p1 -b .cve3796
 %patch3023 -p1 -b .cve3778
+%patch3024 -p1 -b .cve3872

 %build
 %if 0%{?rhel} > 7
@ -797,6 +799,12 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %{_datadir}/icons/locolor/*/apps/*

 %changelog
+* Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.2
+- remove the upstream test - uses a feature which is not presented in RHEL 8
+
+* Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.1
+- CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0]
+
 * Mon Sep 20 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16
 - 2004974 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.5.0]
 - 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]