import vim-8.0.1763-16.el8_5.13

This commit is contained in:
CentOS Sources 2022-04-13 02:12:03 +00:00 committed by Stepan Oksanichenko
parent f2d6eb89c1
commit c30f6cd9cc
2 changed files with 29 additions and 1 deletions

View File

@ -0,0 +1,22 @@
diff -up vim80/src/regexp.c.cve1154 vim80/src/regexp.c
--- vim80/src/regexp.c.cve1154 2022-04-09 12:01:30.054452927 +0200
+++ vim80/src/regexp.c 2022-04-09 12:02:48.987999877 +0200
@@ -4415,8 +4415,17 @@ regmatch(
int mark = OPERAND(scan)[0];
int cmp = OPERAND(scan)[1];
pos_T *pos;
+ size_t col = REG_MULTI ? reginput - regline : 0;
pos = getmark_buf(rex.reg_buf, mark, FALSE);
+
+ // Line may have been freed, get it again.
+ if (REG_MULTI)
+ {
+ regline = reg_getline(reglnum);
+ reginput = regline + col;
+ }
+
if (pos == NULL /* mark doesn't exist */
|| pos->lnum <= 0 /* mark isn't set in reg_buf */
|| (pos->lnum == reglnum + rex.reg_firstlnum
diff -up vim80/src/testdir/test_regexp_latin.vim.cve1154 vim80/src/testdir/test_regexp_latin.vim

View File

@ -24,7 +24,7 @@ Summary: The VIM editor
URL: http://www.vim.org/
Name: vim
Version: %{baseversion}.%{patchlevel}
Release: 16%{?dist}.12
Release: 16%{?dist}.13
License: Vim and MIT
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
Source1: vim.sh
@ -100,6 +100,8 @@ Patch3032: 0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch
Patch3033: 0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch
# CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
# CVE-2022-1154 vim: use after free in utf_ptr2char
Patch3035: 0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
# gcc is no longer in buildroot by default
BuildRequires: gcc
@ -311,6 +313,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
%patch3032 -p1 -b .cve0392
%patch3033 -p1 -b .cve0413
%patch3034 -p1 -b .cve0361
%patch3035 -p1 -b .cve1154
%build
%if 0%{?rhel} > 7
@ -829,6 +832,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
%{_datadir}/icons/locolor/*/apps/*
%changelog
* Sat Apr 09 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.13
- CVE-2022-1154 vim: use after free in utf_ptr2char
* Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.12
- CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository