import vim-8.0.1763-16.el8
This commit is contained in:
parent
38904d8116
commit
f6d9a3be34
13
SOURCES/vim-cve3778-fix.patch
Normal file
13
SOURCES/vim-cve3778-fix.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -up vim80/src/regexp_nfa.c.cve3796-fix vim80/src/regexp_nfa.c
|
||||||
|
--- vim80/src/regexp_nfa.c.cve3796-fix 2021-09-20 08:27:13.752604505 +0200
|
||||||
|
+++ vim80/src/regexp_nfa.c 2021-09-20 08:29:10.206546910 +0200
|
||||||
|
@@ -5493,7 +5493,8 @@ find_match_text(colnr_T startcol, int re
|
||||||
|
match = FALSE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- len2 += MB_CHAR2LEN(c2);
|
||||||
|
+ len2 += enc_utf8 ? utf_ptr2len(regline + col + len2)
|
||||||
|
+ : MB_CHAR2LEN(c2);
|
||||||
|
}
|
||||||
|
if (match
|
||||||
|
#ifdef FEAT_MBYTE
|
51
SOURCES/vim-cve3796.patch
Normal file
51
SOURCES/vim-cve3796.patch
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
diff --git a/src/normal.c b/src/normal.c
|
||||||
|
index be0e75e..7d62e20 100644
|
||||||
|
--- a/src/normal.c
|
||||||
|
+++ b/src/normal.c
|
||||||
|
@@ -7147,19 +7147,23 @@ nv_replace(cmdarg_T *cap)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Get ptr again, because u_save and/or showmatch() will have
|
||||||
|
- * released the line. At the same time we let know that the
|
||||||
|
- * line will be changed.
|
||||||
|
+ * released the line. This may also happen in ins_copychar().
|
||||||
|
+ * At the same time we let know that the line will be changed.
|
||||||
|
*/
|
||||||
|
- ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
|
||||||
|
if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y)
|
||||||
|
{
|
||||||
|
int c = ins_copychar(curwin->w_cursor.lnum
|
||||||
|
+ (cap->nchar == Ctrl_Y ? -1 : 1));
|
||||||
|
+
|
||||||
|
+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
|
||||||
|
if (c != NUL)
|
||||||
|
ptr[curwin->w_cursor.col] = c;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
+ {
|
||||||
|
+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
|
||||||
|
ptr[curwin->w_cursor.col] = cap->nchar;
|
||||||
|
+ }
|
||||||
|
if (p_sm && msg_silent == 0)
|
||||||
|
showmatch(cap->nchar);
|
||||||
|
++curwin->w_cursor.col;
|
||||||
|
diff --git a/src/testdir/test_edit.vim b/src/testdir/test_edit.vim
|
||||||
|
index 7278bcd..8818805 100644
|
||||||
|
--- a/src/testdir/test_edit.vim
|
||||||
|
+++ b/src/testdir/test_edit.vim
|
||||||
|
@@ -1387,3 +1387,15 @@ func Test_edit_quit()
|
||||||
|
only
|
||||||
|
endfunc
|
||||||
|
|
||||||
|
+" Test for getting the character of the line below after "p"
|
||||||
|
+func Test_edit_put_CTRL_E()
|
||||||
|
+ set encoding=latin1
|
||||||
|
+ new
|
||||||
|
+ let @" = ''
|
||||||
|
+ sil! norm orggRx
|
||||||
|
+ sil! norm pr
|
||||||
|
+ call assert_equal(['r', 'r'], getline(1, 2))
|
||||||
|
+ bwipe!
|
||||||
|
+ set encoding=utf-8
|
||||||
|
+endfunc
|
||||||
|
+
|
@ -24,7 +24,7 @@ Summary: The VIM editor
|
|||||||
URL: http://www.vim.org/
|
URL: http://www.vim.org/
|
||||||
Name: vim
|
Name: vim
|
||||||
Version: %{baseversion}.%{patchlevel}
|
Version: %{baseversion}.%{patchlevel}
|
||||||
Release: 15%{?dist}
|
Release: 16%{?dist}
|
||||||
License: Vim and MIT
|
License: Vim and MIT
|
||||||
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
||||||
Source1: vim.sh
|
Source1: vim.sh
|
||||||
@ -75,6 +75,10 @@ Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
|
|||||||
Patch3020: vim-crypto-warning.patch
|
Patch3020: vim-crypto-warning.patch
|
||||||
# 1842755 - CVE-2019-20807
|
# 1842755 - CVE-2019-20807
|
||||||
Patch3021: 0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch
|
Patch3021: 0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch
|
||||||
|
# 2004974 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.5.0]
|
||||||
|
Patch3022: vim-cve3796.patch
|
||||||
|
# 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]
|
||||||
|
Patch3023: vim-cve3778-fix.patch
|
||||||
|
|
||||||
# gcc is no longer in buildroot by default
|
# gcc is no longer in buildroot by default
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -273,6 +277,8 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
|||||||
%patch3019 -p1 -b .cve
|
%patch3019 -p1 -b .cve
|
||||||
%patch3020 -p1 -b .crypto-warning
|
%patch3020 -p1 -b .crypto-warning
|
||||||
%patch3021 -p1 -b .rvim
|
%patch3021 -p1 -b .rvim
|
||||||
|
%patch3022 -p1 -b .cve3796
|
||||||
|
%patch3023 -p1 -b .cve3778
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?rhel} > 7
|
%if 0%{?rhel} > 7
|
||||||
@ -791,6 +797,10 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
|||||||
%{_datadir}/icons/locolor/*/apps/*
|
%{_datadir}/icons/locolor/*/apps/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Sep 20 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16
|
||||||
|
- 2004974 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.5.0]
|
||||||
|
- 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]
|
||||||
|
|
||||||
* Tue Jun 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-15
|
* Tue Jun 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-15
|
||||||
- 1842755 - CVE-2019-20807
|
- 1842755 - CVE-2019-20807
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user