import vim-8.0.1763-16.el8

This commit is contained in:
CentOS Sources 2021-09-22 10:22:14 +00:00 committed by root
parent 38904d8116
commit f6d9a3be34
3 changed files with 75 additions and 1 deletions

View File

@ -0,0 +1,13 @@
diff -up vim80/src/regexp_nfa.c.cve3796-fix vim80/src/regexp_nfa.c
--- vim80/src/regexp_nfa.c.cve3796-fix 2021-09-20 08:27:13.752604505 +0200
+++ vim80/src/regexp_nfa.c 2021-09-20 08:29:10.206546910 +0200
@@ -5493,7 +5493,8 @@ find_match_text(colnr_T startcol, int re
match = FALSE;
break;
}
- len2 += MB_CHAR2LEN(c2);
+ len2 += enc_utf8 ? utf_ptr2len(regline + col + len2)
+ : MB_CHAR2LEN(c2);
}
if (match
#ifdef FEAT_MBYTE

51
SOURCES/vim-cve3796.patch Normal file
View File

@ -0,0 +1,51 @@
diff --git a/src/normal.c b/src/normal.c
index be0e75e..7d62e20 100644
--- a/src/normal.c
+++ b/src/normal.c
@@ -7147,19 +7147,23 @@ nv_replace(cmdarg_T *cap)
{
/*
* Get ptr again, because u_save and/or showmatch() will have
- * released the line. At the same time we let know that the
- * line will be changed.
+ * released the line. This may also happen in ins_copychar().
+ * At the same time we let know that the line will be changed.
*/
- ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y)
{
int c = ins_copychar(curwin->w_cursor.lnum
+ (cap->nchar == Ctrl_Y ? -1 : 1));
+
+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
if (c != NUL)
ptr[curwin->w_cursor.col] = c;
}
else
+ {
+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
ptr[curwin->w_cursor.col] = cap->nchar;
+ }
if (p_sm && msg_silent == 0)
showmatch(cap->nchar);
++curwin->w_cursor.col;
diff --git a/src/testdir/test_edit.vim b/src/testdir/test_edit.vim
index 7278bcd..8818805 100644
--- a/src/testdir/test_edit.vim
+++ b/src/testdir/test_edit.vim
@@ -1387,3 +1387,15 @@ func Test_edit_quit()
only
endfunc
+" Test for getting the character of the line below after "p"
+func Test_edit_put_CTRL_E()
+ set encoding=latin1
+ new
+ let @" = ''
+ sil! norm orggRx
+ sil! norm pr
+ call assert_equal(['r', 'r'], getline(1, 2))
+ bwipe!
+ set encoding=utf-8
+endfunc
+

View File

@ -24,7 +24,7 @@ Summary: The VIM editor
URL: http://www.vim.org/
Name: vim
Version: %{baseversion}.%{patchlevel}
Release: 15%{?dist}
Release: 16%{?dist}
License: Vim and MIT
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
Source1: vim.sh
@ -75,6 +75,10 @@ Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
Patch3020: vim-crypto-warning.patch
# 1842755 - CVE-2019-20807
Patch3021: 0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch
# 2004974 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.5.0]
Patch3022: vim-cve3796.patch
# 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]
Patch3023: vim-cve3778-fix.patch
# gcc is no longer in buildroot by default
BuildRequires: gcc
@ -273,6 +277,8 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
%patch3019 -p1 -b .cve
%patch3020 -p1 -b .crypto-warning
%patch3021 -p1 -b .rvim
%patch3022 -p1 -b .cve3796
%patch3023 -p1 -b .cve3778
%build
%if 0%{?rhel} > 7
@ -791,6 +797,10 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
%{_datadir}/icons/locolor/*/apps/*
%changelog
* Mon Sep 20 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16
- 2004974 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.5.0]
- 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]
* Tue Jun 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-15
- 1842755 - CVE-2019-20807