import vim-8.0.1763-19.el8_6.4
This commit is contained in:
parent
972bc25d8f
commit
fa892fc438
|
@ -0,0 +1,22 @@
|
||||||
|
diff -up vim80/src/regexp.c.cve1154 vim80/src/regexp.c
|
||||||
|
--- vim80/src/regexp.c.cve1154 2022-04-09 12:01:30.054452927 +0200
|
||||||
|
+++ vim80/src/regexp.c 2022-04-09 12:02:48.987999877 +0200
|
||||||
|
@@ -4415,8 +4415,17 @@ regmatch(
|
||||||
|
int mark = OPERAND(scan)[0];
|
||||||
|
int cmp = OPERAND(scan)[1];
|
||||||
|
pos_T *pos;
|
||||||
|
+ size_t col = REG_MULTI ? reginput - regline : 0;
|
||||||
|
|
||||||
|
pos = getmark_buf(rex.reg_buf, mark, FALSE);
|
||||||
|
+
|
||||||
|
+ // Line may have been freed, get it again.
|
||||||
|
+ if (REG_MULTI)
|
||||||
|
+ {
|
||||||
|
+ regline = reg_getline(reglnum);
|
||||||
|
+ reginput = regline + col;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (pos == NULL /* mark doesn't exist */
|
||||||
|
|| pos->lnum <= 0 /* mark isn't set in reg_buf */
|
||||||
|
|| (pos->lnum == reglnum + rex.reg_firstlnum
|
||||||
|
diff -up vim80/src/testdir/test_regexp_latin.vim.cve1154 vim80/src/testdir/test_regexp_latin.vim
|
|
@ -0,0 +1,57 @@
|
||||||
|
diff --git a/src/globals.h b/src/globals.h
|
||||||
|
index d5320d7..968ba33 100644
|
||||||
|
--- a/src/globals.h
|
||||||
|
+++ b/src/globals.h
|
||||||
|
@@ -1657,6 +1657,11 @@ EXTERN int *eval_lavars_used INIT(= NULL);
|
||||||
|
EXTERN int ctrl_break_was_pressed INIT(= FALSE);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef FEAT_SPELL
|
||||||
|
+EXTERN char e_illegal_character_in_word[]
|
||||||
|
+ INIT(= N_("E1280: Illegal character in word"));
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Optional Farsi support. Include it here, so EXTERN and INIT are defined.
|
||||||
|
*/
|
||||||
|
diff --git a/src/mbyte.c b/src/mbyte.c
|
||||||
|
index 6d21f11..a7531f1 100644
|
||||||
|
--- a/src/mbyte.c
|
||||||
|
+++ b/src/mbyte.c
|
||||||
|
@@ -4034,7 +4034,7 @@ theend:
|
||||||
|
convert_setup(&vimconv, NULL, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
-#if defined(FEAT_GUI_GTK) || defined(PROTO)
|
||||||
|
+#if defined(FEAT_GUI_GTK) || defined(FEAT_SPELL) || defined(PROTO)
|
||||||
|
/*
|
||||||
|
* Return TRUE if string "s" is a valid utf-8 string.
|
||||||
|
* When "end" is NULL stop at the first NUL.
|
||||||
|
diff --git a/src/spellfile.c b/src/spellfile.c
|
||||||
|
index 496e07f..92997ef 100644
|
||||||
|
--- a/src/spellfile.c
|
||||||
|
+++ b/src/spellfile.c
|
||||||
|
@@ -4441,6 +4441,10 @@ store_word(
|
||||||
|
int res = OK;
|
||||||
|
char_u *p;
|
||||||
|
|
||||||
|
+ // Avoid adding illegal bytes to the word tree.
|
||||||
|
+ if (enc_utf8 && !utf_valid_string(word, NULL))
|
||||||
|
+ return FAIL;
|
||||||
|
+
|
||||||
|
(void)spell_casefold(word, len, foldword, MAXWLEN);
|
||||||
|
for (p = pfxlist; res == OK; ++p)
|
||||||
|
{
|
||||||
|
@@ -6251,6 +6255,12 @@ spell_add_word(
|
||||||
|
int i;
|
||||||
|
char_u *spf;
|
||||||
|
|
||||||
|
+ if (enc_utf8 && !utf_valid_string(word, NULL))
|
||||||
|
+ {
|
||||||
|
+ EMSG(_(e_illegal_character_in_word));
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (idx == 0) /* use internal wordlist */
|
||||||
|
{
|
||||||
|
if (int_wordlist == NULL)
|
|
@ -0,0 +1,15 @@
|
||||||
|
diff -up vim80/src/search.c.cve1629 vim80/src/search.c
|
||||||
|
--- vim80/src/search.c.cve1629 2022-05-24 13:55:06.789859865 +0200
|
||||||
|
+++ vim80/src/search.c 2022-05-24 13:56:31.889218958 +0200
|
||||||
|
@@ -4349,7 +4349,11 @@ find_next_quote(
|
||||||
|
if (c == NUL)
|
||||||
|
return -1;
|
||||||
|
else if (escape != NULL && vim_strchr(escape, c))
|
||||||
|
+ {
|
||||||
|
++col;
|
||||||
|
+ if (line[col] == NUL)
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
else if (c == quotechar)
|
||||||
|
break;
|
||||||
|
#ifdef FEAT_MBYTE
|
|
@ -0,0 +1,57 @@
|
||||||
|
diff -up vim80/src/ex_cmds.c.cve1785 vim80/src/ex_cmds.c
|
||||||
|
--- vim80/src/ex_cmds.c.cve1785 2022-06-10 10:46:33.818286626 +0200
|
||||||
|
+++ vim80/src/ex_cmds.c 2022-06-10 10:58:04.009515524 +0200
|
||||||
|
@@ -5486,12 +5486,17 @@ do_sub(exarg_T *eap)
|
||||||
|
/* Save flags for recursion. They can change for e.g.
|
||||||
|
* :s/^/\=execute("s#^##gn") */
|
||||||
|
subflags_save = subflags;
|
||||||
|
+
|
||||||
|
+ // Disallow changing text or switching window in an expression.
|
||||||
|
+ ++textlock;
|
||||||
|
#endif
|
||||||
|
/* get length of substitution part */
|
||||||
|
sublen = vim_regsub_multi(®match,
|
||||||
|
sub_firstlnum - regmatch.startpos[0].lnum,
|
||||||
|
sub, sub_firstline, FALSE, p_magic, TRUE);
|
||||||
|
#ifdef FEAT_EVAL
|
||||||
|
+ --textlock;
|
||||||
|
+
|
||||||
|
/* Don't keep flags set by a recursive call. */
|
||||||
|
subflags = subflags_save;
|
||||||
|
if (subflags.do_count)
|
||||||
|
@@ -5570,9 +5575,15 @@ do_sub(exarg_T *eap)
|
||||||
|
mch_memmove(new_end, sub_firstline + copycol, (size_t)copy_len);
|
||||||
|
new_end += copy_len;
|
||||||
|
|
||||||
|
+#ifdef FEAT_EVAL
|
||||||
|
+ ++textlock;
|
||||||
|
+#endif
|
||||||
|
(void)vim_regsub_multi(®match,
|
||||||
|
sub_firstlnum - regmatch.startpos[0].lnum,
|
||||||
|
sub, new_end, TRUE, p_magic, TRUE);
|
||||||
|
+#ifdef FEAT_EVAL
|
||||||
|
+ --textlock;
|
||||||
|
+#endif
|
||||||
|
sub_nsubs++;
|
||||||
|
did_sub = TRUE;
|
||||||
|
|
||||||
|
diff -up vim80/src/testdir/test_substitute.vim.cve1785 vim80/src/testdir/test_substitute.vim
|
||||||
|
--- vim80/src/testdir/test_substitute.vim.cve1785 2022-06-10 10:46:33.818286626 +0200
|
||||||
|
+++ vim80/src/testdir/test_substitute.vim 2022-06-10 10:59:17.168437630 +0200
|
||||||
|
@@ -500,3 +500,16 @@ func Test_sub_cmd_8()
|
||||||
|
enew!
|
||||||
|
set titlestring&
|
||||||
|
endfunc
|
||||||
|
+
|
||||||
|
+" This was switching windows in between computing the length and using it.
|
||||||
|
+func Test_sub_change_window()
|
||||||
|
+ silent! lfile
|
||||||
|
+ sil! norm o0000000000000000000000000000000000000000000000000000
|
||||||
|
+ func Repl()
|
||||||
|
+ lopen
|
||||||
|
+ endfunc
|
||||||
|
+ silent! s/\%')/\=Repl()
|
||||||
|
+ bwipe!
|
||||||
|
+ bwipe!
|
||||||
|
+ delfunc Repl
|
||||||
|
+endfunc
|
|
@ -0,0 +1,120 @@
|
||||||
|
diff -up vim80/src/normal.c.cve1897 vim80/src/normal.c
|
||||||
|
--- vim80/src/normal.c.cve1897 2022-06-13 14:50:22.800290132 +0200
|
||||||
|
+++ vim80/src/normal.c 2022-06-13 14:55:06.082861349 +0200
|
||||||
|
@@ -532,6 +532,22 @@ find_command(int cmdchar)
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
+ * If currently editing a cmdline or text is locked: beep and give an error
|
||||||
|
+ * message, return TRUE.
|
||||||
|
+ */
|
||||||
|
+ static int
|
||||||
|
+check_text_locked(oparg_T *oap)
|
||||||
|
+{
|
||||||
|
+ if (text_locked())
|
||||||
|
+ {
|
||||||
|
+ clearopbeep(oap);
|
||||||
|
+ text_locked_msg();
|
||||||
|
+ return TRUE;
|
||||||
|
+ }
|
||||||
|
+ return FALSE;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
* Execute a command in Normal mode.
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
@@ -792,14 +808,9 @@ getcount:
|
||||||
|
goto normal_end;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (text_locked() && (nv_cmds[idx].cmd_flags & NV_NCW))
|
||||||
|
- {
|
||||||
|
- /* This command is not allowed while editing a cmdline: beep. */
|
||||||
|
- clearopbeep(oap);
|
||||||
|
- text_locked_msg();
|
||||||
|
- goto normal_end;
|
||||||
|
- }
|
||||||
|
- if ((nv_cmds[idx].cmd_flags & NV_NCW) && curbuf_locked())
|
||||||
|
+ if ((nv_cmds[idx].cmd_flags & NV_NCW)
|
||||||
|
+ && (check_text_locked(oap) || curbuf_locked()))
|
||||||
|
+ // this command is not allowed now
|
||||||
|
goto normal_end;
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -6234,12 +6245,8 @@ nv_gotofile(cmdarg_T *cap)
|
||||||
|
char_u *ptr;
|
||||||
|
linenr_T lnum = -1;
|
||||||
|
|
||||||
|
- if (text_locked())
|
||||||
|
- {
|
||||||
|
- clearopbeep(cap->oap);
|
||||||
|
- text_locked_msg();
|
||||||
|
+ if (check_text_locked(cap->oap))
|
||||||
|
return;
|
||||||
|
- }
|
||||||
|
if (curbuf_locked())
|
||||||
|
{
|
||||||
|
clearop(cap->oap);
|
||||||
|
@@ -8420,14 +8427,7 @@ nv_g_cmd(cmdarg_T *cap)
|
||||||
|
|
||||||
|
/* "gQ": improved Ex mode */
|
||||||
|
case 'Q':
|
||||||
|
- if (text_locked())
|
||||||
|
- {
|
||||||
|
- clearopbeep(cap->oap);
|
||||||
|
- text_locked_msg();
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (!checkclearopq(oap))
|
||||||
|
+ if (!check_text_locked(cap->oap) && !checkclearopq(oap))
|
||||||
|
do_exmode(TRUE);
|
||||||
|
break;
|
||||||
|
|
||||||
|
diff -up vim80/src/testdir/test_substitute.vim.cve1897 vim80/src/testdir/test_substitute.vim
|
||||||
|
--- vim80/src/testdir/test_substitute.vim.cve1897 2022-06-13 14:50:22.849290402 +0200
|
||||||
|
+++ vim80/src/testdir/test_substitute.vim 2022-06-13 14:55:50.370111134 +0200
|
||||||
|
@@ -513,3 +513,26 @@ func Test_sub_change_window()
|
||||||
|
bwipe!
|
||||||
|
delfunc Repl
|
||||||
|
endfunc
|
||||||
|
+
|
||||||
|
+" This was undoign a change in between computing the length and using it.
|
||||||
|
+func Do_Test_sub_undo_change()
|
||||||
|
+ new
|
||||||
|
+ norm o0000000000000000000000000000000000000000000000000000
|
||||||
|
+ silent! s/\%')/\=Repl()
|
||||||
|
+ bwipe!
|
||||||
|
+endfunc
|
||||||
|
+
|
||||||
|
+func Test_sub_undo_change()
|
||||||
|
+ func Repl()
|
||||||
|
+ silent! norm g-
|
||||||
|
+ endfunc
|
||||||
|
+ call Do_Test_sub_undo_change()
|
||||||
|
+
|
||||||
|
+ func! Repl()
|
||||||
|
+ silent earlier
|
||||||
|
+ endfunc
|
||||||
|
+ call Do_Test_sub_undo_change()
|
||||||
|
+
|
||||||
|
+ delfunc Repl
|
||||||
|
+endfunc
|
||||||
|
+
|
||||||
|
diff -up vim80/src/undo.c.cve1897 vim80/src/undo.c
|
||||||
|
--- vim80/src/undo.c.cve1897 2022-06-13 14:50:22.849290402 +0200
|
||||||
|
+++ vim80/src/undo.c 2022-06-13 14:56:57.916492090 +0200
|
||||||
|
@@ -2283,6 +2283,12 @@ undo_time(
|
||||||
|
if (curbuf->b_u_synced == FALSE)
|
||||||
|
u_sync(TRUE);
|
||||||
|
|
||||||
|
+ if (text_locked())
|
||||||
|
+ {
|
||||||
|
+ text_locked_msg();
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
u_newcount = 0;
|
||||||
|
u_oldcount = 0;
|
||||||
|
if (curbuf->b_ml.ml_flags & ML_EMPTY)
|
|
@ -0,0 +1,85 @@
|
||||||
|
diff -up vim80/src/ex_docmd.c.cve1927 vim80/src/ex_docmd.c
|
||||||
|
--- vim80/src/ex_docmd.c.cve1927 2022-06-13 16:31:41.841068554 +0200
|
||||||
|
+++ vim80/src/ex_docmd.c 2022-06-13 16:37:02.789876973 +0200
|
||||||
|
@@ -1720,6 +1720,8 @@ do_one_cmd(
|
||||||
|
int ni; /* set when Not Implemented */
|
||||||
|
char_u *cmd;
|
||||||
|
int address_count = 1;
|
||||||
|
+ int need_check_cursor = FALSE;
|
||||||
|
+ int ret_addr = FAIL;
|
||||||
|
|
||||||
|
vim_memset(&ea, 0, sizeof(ea));
|
||||||
|
ea.line1 = 1;
|
||||||
|
@@ -2084,7 +2086,7 @@ do_one_cmd(
|
||||||
|
lnum = get_address(&ea, &ea.cmd, ea.addr_type, ea.skip,
|
||||||
|
ea.addr_count == 0, address_count++);
|
||||||
|
if (ea.cmd == NULL) /* error detected */
|
||||||
|
- goto doend;
|
||||||
|
+ goto addr_end;
|
||||||
|
if (lnum == MAXLNUM)
|
||||||
|
{
|
||||||
|
if (*ea.cmd == '%') /* '%' - all lines */
|
||||||
|
@@ -2128,12 +2130,12 @@ do_one_cmd(
|
||||||
|
/* there is no Vim command which uses '%' and
|
||||||
|
* ADDR_WINDOWS or ADDR_TABS */
|
||||||
|
errormsg = (char_u *)_(e_invrange);
|
||||||
|
- goto doend;
|
||||||
|
+ goto addr_end;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case ADDR_TABS_RELATIVE:
|
||||||
|
errormsg = (char_u *)_(e_invrange);
|
||||||
|
- goto doend;
|
||||||
|
+ goto addr_end;
|
||||||
|
break;
|
||||||
|
case ADDR_ARGUMENTS:
|
||||||
|
if (ARGCOUNT == 0)
|
||||||
|
@@ -2163,7 +2165,7 @@ do_one_cmd(
|
||||||
|
if (ea.addr_type != ADDR_LINES)
|
||||||
|
{
|
||||||
|
errormsg = (char_u *)_(e_invrange);
|
||||||
|
- goto doend;
|
||||||
|
+ goto addr_end;
|
||||||
|
}
|
||||||
|
|
||||||
|
++ea.cmd;
|
||||||
|
@@ -2171,11 +2173,11 @@ do_one_cmd(
|
||||||
|
{
|
||||||
|
fp = getmark('<', FALSE);
|
||||||
|
if (check_mark(fp) == FAIL)
|
||||||
|
- goto doend;
|
||||||
|
+ goto addr_end;
|
||||||
|
ea.line1 = fp->lnum;
|
||||||
|
fp = getmark('>', FALSE);
|
||||||
|
if (check_mark(fp) == FAIL)
|
||||||
|
- goto doend;
|
||||||
|
+ goto addr_end;
|
||||||
|
ea.line2 = fp->lnum;
|
||||||
|
++ea.addr_count;
|
||||||
|
}
|
||||||
|
@@ -2190,8 +2192,11 @@ do_one_cmd(
|
||||||
|
if (!ea.skip)
|
||||||
|
{
|
||||||
|
curwin->w_cursor.lnum = ea.line2;
|
||||||
|
+
|
||||||
|
/* don't leave the cursor on an illegal line or column */
|
||||||
|
+ // Check the cursor position before returning.
|
||||||
|
check_cursor();
|
||||||
|
+ need_check_cursor = TRUE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (*ea.cmd != ',')
|
||||||
|
@@ -2208,6 +2213,13 @@ do_one_cmd(
|
||||||
|
ea.addr_count = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ ret_addr = OK;
|
||||||
|
+
|
||||||
|
+addr_end:
|
||||||
|
+ if (need_check_cursor)
|
||||||
|
+ check_cursor();
|
||||||
|
+ if (ret_addr == FAIL)
|
||||||
|
+ goto doend;
|
||||||
|
/*
|
||||||
|
* 5. Parse the command.
|
||||||
|
*/
|
|
@ -24,7 +24,7 @@ Summary: The VIM editor
|
||||||
URL: http://www.vim.org/
|
URL: http://www.vim.org/
|
||||||
Name: vim
|
Name: vim
|
||||||
Version: %{baseversion}.%{patchlevel}
|
Version: %{baseversion}.%{patchlevel}
|
||||||
Release: 16%{?dist}.12
|
Release: 19%{?dist}.4
|
||||||
License: Vim and MIT
|
License: Vim and MIT
|
||||||
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
||||||
Source1: vim.sh
|
Source1: vim.sh
|
||||||
|
@ -75,9 +75,9 @@ Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
|
||||||
Patch3020: vim-crypto-warning.patch
|
Patch3020: vim-crypto-warning.patch
|
||||||
# 1842755 - CVE-2019-20807
|
# 1842755 - CVE-2019-20807
|
||||||
Patch3021: 0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch
|
Patch3021: 0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch
|
||||||
# 2004974 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.5.0]
|
# 2004975 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.6.0]
|
||||||
Patch3022: vim-cve3796.patch
|
Patch3022: vim-cve3796.patch
|
||||||
# 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]
|
# 2004892 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.6.0]
|
||||||
Patch3023: vim-cve3778-fix.patch
|
Patch3023: vim-cve3778-fix.patch
|
||||||
Patch3024: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
|
Patch3024: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
|
||||||
# 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
|
# 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
|
||||||
|
@ -100,6 +100,18 @@ Patch3032: 0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch
|
||||||
Patch3033: 0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch
|
Patch3033: 0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch
|
||||||
# CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
# CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
||||||
Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
|
Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
|
||||||
|
# CVE-2022-1154 vim: use after free in utf_ptr2char
|
||||||
|
Patch3035: 0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
|
||||||
|
# CVE-2022-1621 vim: heap buffer overflow
|
||||||
|
Patch3036: 0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch
|
||||||
|
# CVE-2022-1629 vim: buffer over-read
|
||||||
|
Patch3037: 0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch
|
||||||
|
# CVE-2022-1785 vim: Out-of-bounds Write
|
||||||
|
Patch3038: 0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch
|
||||||
|
# CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c
|
||||||
|
Patch3039: 0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch
|
||||||
|
# CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
|
||||||
|
Patch3040: 0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch
|
||||||
|
|
||||||
# gcc is no longer in buildroot by default
|
# gcc is no longer in buildroot by default
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
|
@ -311,6 +323,12 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
||||||
%patch3032 -p1 -b .cve0392
|
%patch3032 -p1 -b .cve0392
|
||||||
%patch3033 -p1 -b .cve0413
|
%patch3033 -p1 -b .cve0413
|
||||||
%patch3034 -p1 -b .cve0361
|
%patch3034 -p1 -b .cve0361
|
||||||
|
%patch3035 -p1 -b .cve1154
|
||||||
|
%patch3036 -p1 -b .cve1621
|
||||||
|
%patch3037 -p1 -b .cve1629
|
||||||
|
%patch3038 -p1 -b .cve1785
|
||||||
|
%patch3039 -p1 -b .cve1897
|
||||||
|
%patch3040 -p1 -b .cve1927
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?rhel} > 7
|
%if 0%{?rhel} > 7
|
||||||
|
@ -829,54 +847,50 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
||||||
%{_datadir}/icons/locolor/*/apps/*
|
%{_datadir}/icons/locolor/*/apps/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.12
|
* Tue Jun 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.4
|
||||||
|
- fix issue reported by covscan
|
||||||
|
|
||||||
|
* Mon Jun 13 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.3
|
||||||
|
- CVE-2022-1785 vim: Out-of-bounds Write
|
||||||
|
- CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c
|
||||||
|
- CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
|
||||||
|
|
||||||
|
* Wed May 25 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.2
|
||||||
|
- CVE-2022-1621 vim: heap buffer overflow
|
||||||
|
- CVE-2022-1629 vim: buffer over-read
|
||||||
|
|
||||||
|
* Sat Apr 09 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.1
|
||||||
|
- CVE-2022-1154 vim: use after free in utf_ptr2char
|
||||||
|
|
||||||
|
* Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19
|
||||||
- CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
- CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
||||||
|
|
||||||
* Fri Feb 04 2022 Tomas Korbar <tkorbar@redhat.com> - 2:8.0.1763-16.11
|
* Mon Feb 07 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
|
||||||
- CVE-2022-0413 vim: use after free in src/ex_cmds.c
|
|
||||||
- Fix specfile problems
|
|
||||||
- Resolves: rhbz#2048525
|
|
||||||
|
|
||||||
* Thu Feb 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2:8.0.1763-16.10
|
|
||||||
- CVE-2022-0413 vim: use after free in src/ex_cmds.c
|
|
||||||
- Resolves: rhbz#2048525
|
|
||||||
|
|
||||||
* Wed Feb 02 2022 Tomas Korbar <tkorbar@redhat.com> - 2:8.0.1763-16.9
|
|
||||||
- CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
|
- CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
|
||||||
- Improve fix
|
- CVE-2022-0413 vim: use after free in src/ex_cmds.c
|
||||||
- Resolves: rhbz#2049403
|
|
||||||
|
|
||||||
* Wed Feb 02 2022 Tomas Korbar <tkorbar@redhat.com> - 2:8.0.1763-16.8
|
* Thu Jan 27 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
|
||||||
- CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
|
- fix test suite after fix for CVE-2022-0318
|
||||||
- Resolves: rhbz#2049403
|
|
||||||
|
|
||||||
* Thu Jan 27 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.7
|
|
||||||
- CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c
|
- CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c
|
||||||
|
|
||||||
* Thu Jan 27 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.6
|
* Wed Jan 12 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
|
||||||
- fix test suite after fix for CVE-2022-0318
|
|
||||||
|
|
||||||
* Wed Jan 26 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.5
|
|
||||||
- CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
|
- CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
|
||||||
- CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c
|
- CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c
|
||||||
|
|
||||||
* Wed Jan 12 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.4
|
* Wed Jan 12 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
|
||||||
- CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
|
- CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
|
||||||
- CVE-2021-4192 vim: vulnerable to Use After Free
|
- CVE-2021-4192 vim: vulnerable to Use After Free
|
||||||
|
|
||||||
* Fri Dec 03 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.3
|
* Fri Dec 03 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
|
||||||
- 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
|
- 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
|
||||||
- 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]
|
- 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]
|
||||||
|
|
||||||
* Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.2
|
* Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-17
|
||||||
- remove the upstream test - uses a feature which is not presented in RHEL 8
|
- 2016201 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0]
|
||||||
|
|
||||||
* Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.1
|
* Thu Sep 23 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16
|
||||||
- CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0]
|
- 2004975 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.6.0]
|
||||||
|
- 2004892 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.6.0]
|
||||||
* Mon Sep 20 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16
|
|
||||||
- 2004974 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.5.0]
|
|
||||||
- 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]
|
|
||||||
|
|
||||||
* Tue Jun 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-15
|
* Tue Jun 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-15
|
||||||
- 1842755 - CVE-2019-20807
|
- 1842755 - CVE-2019-20807
|
||||||
|
|
Loading…
Reference in New Issue