import vim-8.0.1763-16.el8_5.3

2021-12-08 05:28:29 +00:00 · 2021-12-08 05:28:29 +00:00 · fdc86bdaef
parent 9852850995
commit fdc86bdaef
3 changed files with 59 additions and 1 deletions
--- a/SOURCES/0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
+++ b/SOURCES/0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
@ -0,0 +1,34 @@
+diff --git a/src/misc1.c b/src/misc1.c
+index de79c8e..1c5867d 100644
+--- a/src/misc1.c
+++ b/src/misc1.c
+@@ -6792,7 +6792,7 @@ find_start_brace(void)	    /* XXX */
+ 		       && (pos = ind_find_start_CORS(NULL)) == NULL) /* XXX */
+ 	    break;
+ 	if (pos != NULL)
+-	    curwin->w_cursor.lnum = pos->lnum;
+	    curwin->w_cursor = *pos;
+     }
+     curwin->w_cursor = cursor_save;
+     return trypos;
+diff --git a/src/testdir/test_cindent.vim b/src/testdir/test_cindent.vim
+index 7c2c5e3..f8c7e57 100644
+--- a/src/testdir/test_cindent.vim
+++ b/src/testdir/test_cindent.vim
+@@ -102,4 +102,16 @@ func Test_cindent_expr()
+   bw!
+ endfunc
+ 
+func Test_find_brace_backwards()
+  " this was looking beyond the end of the line
+  new
+  norm R/*
+  norm o0{
+  norm o//
+  norm V{=
+  call assert_equal(['/*', '   0{', '//'], getline(1, 3))
+  bwipe!
+endfunc
+
+
+ " vim: shiftwidth=2 sts=2 expandtab
--- a/SOURCES/0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch
+++ b/SOURCES/0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch
@ -0,0 +1,14 @@
+diff --git a/src/ex_cmds.c b/src/ex_cmds.c
+index 1827fec..e69fbd3 100644
+--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
+@@ -6537,8 +6537,7 @@ find_help_tags(
+ 		    || (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
+ 							   && arg[2] != NUL)))
+ 	{
+-	    STRCPY(d, "/\\\\");
+-	    STRCPY(d + 3, arg + 1);
+	    vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
+ 	    /* Check for "/\\_$", should be "/\\_\$" */
+ 	    if (d[3] == '_' && d[4] == '$')
+ 		STRCPY(d + 4, "\\$");
--- a/SPECS/vim.spec
+++ b/SPECS/vim.spec
@ -24,7 +24,7 @@ Summary: The VIM editor
 URL:     http://www.vim.org/
 Name: vim
 Version: %{baseversion}.%{patchlevel}
-Release: 16%{?dist}.2
+Release: 16%{?dist}.3
 License: Vim and MIT
 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
 Source1: vim.sh
@ -80,6 +80,10 @@ Patch3022: vim-cve3796.patch
 # 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]
 Patch3023: vim-cve3778-fix.patch
 Patch3024: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
+# 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
+Patch3025: 0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
+# 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]
+Patch3026: 0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch

 # gcc is no longer in buildroot by default
 BuildRequires: gcc
@ -281,6 +285,8 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
 %patch3022 -p1 -b .cve3796
 %patch3023 -p1 -b .cve3778
 %patch3024 -p1 -b .cve3872
+%patch3025 -p1 -b .cve3984
+%patch3026 -p1 -b .cve4019

 %build
 %if 0%{?rhel} > 7
@ -799,6 +805,10 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %{_datadir}/icons/locolor/*/apps/*

 %changelog
+* Fri Dec 03 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.3
+- 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
+- 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]
+
 * Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.2
 - remove the upstream test - uses a feature which is not presented in RHEL 8