Compare commits
8 Commits
imports/c8
...
c8
Author | SHA1 | Date | |
---|---|---|---|
|
86dde19991 | ||
|
329a0f6996 | ||
|
eedc06f3b5 | ||
|
89a326fa02 | ||
|
1b77547944 | ||
|
1d937bdab7 | ||
|
bf4d6e3fac | ||
|
fd875ab0ac |
@ -0,0 +1,461 @@
|
||||
diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt
|
||||
index 8256152..8320039 100644
|
||||
--- a/runtime/doc/starting.txt
|
||||
+++ b/runtime/doc/starting.txt
|
||||
@@ -247,12 +247,18 @@ a slash. Thus "-R" means recovery and "-/R" readonly.
|
||||
changes and writing.
|
||||
{not in Vi}
|
||||
|
||||
- *-Z* *restricted-mode* *E145*
|
||||
+ *-Z* *restricted-mode* *E145* *E981*
|
||||
-Z Restricted mode. All commands that make use of an external
|
||||
shell are disabled. This includes suspending with CTRL-Z,
|
||||
- ":sh", filtering, the system() function, backtick expansion,
|
||||
- delete(), rename(), mkdir(), writefile(), libcall(),
|
||||
- job_start(), etc.
|
||||
+ ":sh", filtering, the system() function, backtick expansion
|
||||
+ and libcall().
|
||||
+ Also disallowed are delete(), rename(), mkdir(), job_start(),
|
||||
+ etc.
|
||||
+ Interfaces, such as Python, Ruby and Lua, are also disabled,
|
||||
+ since they could be used to execute shell commands. Perl uses
|
||||
+ the Safe module.
|
||||
+ Note that the user may still find a loophole to execute a
|
||||
+ shell command, it has only been made difficult.
|
||||
{not in Vi}
|
||||
|
||||
*-g*
|
||||
diff --git a/src/evalfunc.c b/src/evalfunc.c
|
||||
index dd4462d..3cc305a 100644
|
||||
--- a/src/evalfunc.c
|
||||
+++ b/src/evalfunc.c
|
||||
@@ -6446,7 +6446,7 @@ f_histadd(typval_T *argvars UNUSED, typval_T *rettv)
|
||||
#endif
|
||||
|
||||
rettv->vval.v_number = FALSE;
|
||||
- if (check_restricted() || check_secure())
|
||||
+ if (check_secure())
|
||||
return;
|
||||
#ifdef FEAT_CMDHIST
|
||||
str = get_tv_string_chk(&argvars[0]); /* NULL on type error */
|
||||
@@ -7456,6 +7456,9 @@ f_luaeval(typval_T *argvars, typval_T *rettv)
|
||||
char_u *str;
|
||||
char_u buf[NUMBUFLEN];
|
||||
|
||||
+ if (check_restricted() || check_secure())
|
||||
+ return;
|
||||
+
|
||||
str = get_tv_string_buf(&argvars[0], buf);
|
||||
do_luaeval(str, argvars + 1, rettv);
|
||||
}
|
||||
@@ -8188,6 +8191,8 @@ f_mzeval(typval_T *argvars, typval_T *rettv)
|
||||
char_u *str;
|
||||
char_u buf[NUMBUFLEN];
|
||||
|
||||
+ if (check_restricted() || check_secure())
|
||||
+ return;
|
||||
str = get_tv_string_buf(&argvars[0], buf);
|
||||
do_mzeval(str, rettv);
|
||||
}
|
||||
@@ -8398,6 +8403,9 @@ f_py3eval(typval_T *argvars, typval_T *rettv)
|
||||
char_u *str;
|
||||
char_u buf[NUMBUFLEN];
|
||||
|
||||
+ if (check_restricted() || check_secure())
|
||||
+ return;
|
||||
+
|
||||
if (p_pyx == 0)
|
||||
p_pyx = 3;
|
||||
|
||||
@@ -8416,6 +8424,9 @@ f_pyeval(typval_T *argvars, typval_T *rettv)
|
||||
char_u *str;
|
||||
char_u buf[NUMBUFLEN];
|
||||
|
||||
+ if (check_restricted() || check_secure())
|
||||
+ return;
|
||||
+
|
||||
if (p_pyx == 0)
|
||||
p_pyx = 2;
|
||||
|
||||
@@ -8431,6 +8442,9 @@ f_pyeval(typval_T *argvars, typval_T *rettv)
|
||||
static void
|
||||
f_pyxeval(typval_T *argvars, typval_T *rettv)
|
||||
{
|
||||
+ if (check_restricted() || check_secure())
|
||||
+ return;
|
||||
+
|
||||
# if defined(FEAT_PYTHON) && defined(FEAT_PYTHON3)
|
||||
init_pyxversion();
|
||||
if (p_pyx == 2)
|
||||
@@ -10272,7 +10286,7 @@ f_setbufvar(typval_T *argvars, typval_T *rettv UNUSED)
|
||||
typval_T *varp;
|
||||
char_u nbuf[NUMBUFLEN];
|
||||
|
||||
- if (check_restricted() || check_secure())
|
||||
+ if (check_secure())
|
||||
return;
|
||||
(void)get_tv_number(&argvars[0]); /* issue errmsg if type error */
|
||||
varname = get_tv_string_chk(&argvars[1]);
|
||||
@@ -10792,7 +10806,7 @@ f_settabvar(typval_T *argvars, typval_T *rettv)
|
||||
|
||||
rettv->vval.v_number = 0;
|
||||
|
||||
- if (check_restricted() || check_secure())
|
||||
+ if (check_secure())
|
||||
return;
|
||||
|
||||
tp = find_tabpage((int)get_tv_number_chk(&argvars[0], NULL));
|
||||
@@ -13674,7 +13688,7 @@ f_writefile(typval_T *argvars, typval_T *rettv)
|
||||
list_T *list;
|
||||
|
||||
rettv->vval.v_number = -1;
|
||||
- if (check_restricted() || check_secure())
|
||||
+ if (check_secure())
|
||||
return;
|
||||
|
||||
if (argvars[0].v_type != VAR_LIST)
|
||||
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
|
||||
index 111fe01..1827fec 100644
|
||||
--- a/src/ex_cmds.c
|
||||
+++ b/src/ex_cmds.c
|
||||
@@ -4693,7 +4693,7 @@ check_restricted(void)
|
||||
{
|
||||
if (restricted)
|
||||
{
|
||||
- EMSG(_("E145: Shell commands not allowed in rvim"));
|
||||
+ EMSG(_("E145: Shell commands and some functionality not allowed in rvim"));
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
diff --git a/src/ex_cmds.h b/src/ex_cmds.h
|
||||
index 48b0253..82d6e29 100644
|
||||
--- a/src/ex_cmds.h
|
||||
+++ b/src/ex_cmds.h
|
||||
@@ -56,6 +56,7 @@
|
||||
* curbuf_lock is set */
|
||||
#define MODIFY 0x200000L /* forbidden in non-'modifiable' buffer */
|
||||
#define EXFLAGS 0x400000L /* allow flags after count in argument */
|
||||
+#define RESTRICT 0x800000L /* forbidden in restricted mode */
|
||||
#define FILES (XFILE | EXTRA) /* multiple extra files allowed */
|
||||
#define WORD1 (EXTRA | NOSPC) /* one extra word allowed */
|
||||
#define FILE1 (FILES | NOSPC) /* 1 file allowed, defaults to current file */
|
||||
@@ -860,13 +861,13 @@ EX(CMD_lunmap, "lunmap", ex_unmap,
|
||||
EXTRA|TRLBAR|NOTRLCOM|USECTRLV|CMDWIN,
|
||||
ADDR_LINES),
|
||||
EX(CMD_lua, "lua", ex_lua,
|
||||
- RANGE|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_luado, "luado", ex_luado,
|
||||
- RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_luafile, "luafile", ex_luafile,
|
||||
- RANGE|FILE1|NEEDARG|CMDWIN,
|
||||
+ RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_lvimgrep, "lvimgrep", ex_vimgrep,
|
||||
RANGE|NOTADR|BANG|NEEDARG|EXTRA|NOTRLCOM|TRLBAR|XFILE,
|
||||
@@ -929,10 +930,10 @@ EX(CMD_mode, "mode", ex_mode,
|
||||
WORD1|TRLBAR|CMDWIN,
|
||||
ADDR_LINES),
|
||||
EX(CMD_mzscheme, "mzscheme", ex_mzscheme,
|
||||
- RANGE|EXTRA|DFLALL|NEEDARG|CMDWIN|SBOXOK,
|
||||
+ RANGE|EXTRA|DFLALL|NEEDARG|CMDWIN|SBOXOK|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_mzfile, "mzfile", ex_mzfile,
|
||||
- RANGE|FILE1|NEEDARG|CMDWIN,
|
||||
+ RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_next, "next", ex_next,
|
||||
RANGE|NOTADR|BANG|FILES|EDITCMD|ARGOPT|TRLBAR,
|
||||
@@ -1115,37 +1116,37 @@ EX(CMD_pwd, "pwd", ex_pwd,
|
||||
TRLBAR|CMDWIN,
|
||||
ADDR_LINES),
|
||||
EX(CMD_python, "python", ex_python,
|
||||
- RANGE|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_pydo, "pydo", ex_pydo,
|
||||
- RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_pyfile, "pyfile", ex_pyfile,
|
||||
- RANGE|FILE1|NEEDARG|CMDWIN,
|
||||
+ RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_py3, "py3", ex_py3,
|
||||
- RANGE|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_py3do, "py3do", ex_py3do,
|
||||
- RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_python3, "python3", ex_py3,
|
||||
- RANGE|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_py3file, "py3file", ex_py3file,
|
||||
- RANGE|FILE1|NEEDARG|CMDWIN,
|
||||
+ RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_pyx, "pyx", ex_pyx,
|
||||
- RANGE|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_pyxdo, "pyxdo", ex_pyxdo,
|
||||
- RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_pythonx, "pythonx", ex_pyx,
|
||||
- RANGE|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_pyxfile, "pyxfile", ex_pyxfile,
|
||||
- RANGE|FILE1|NEEDARG|CMDWIN,
|
||||
+ RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_quit, "quit", ex_quit,
|
||||
BANG|RANGE|COUNT|NOTADR|TRLBAR|CMDWIN,
|
||||
@@ -1199,13 +1200,13 @@ EX(CMD_runtime, "runtime", ex_runtime,
|
||||
BANG|NEEDARG|FILES|TRLBAR|SBOXOK|CMDWIN,
|
||||
ADDR_LINES),
|
||||
EX(CMD_ruby, "ruby", ex_ruby,
|
||||
- RANGE|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_rubydo, "rubydo", ex_rubydo,
|
||||
- RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_rubyfile, "rubyfile", ex_rubyfile,
|
||||
- RANGE|FILE1|NEEDARG|CMDWIN,
|
||||
+ RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_rundo, "rundo", ex_rundo,
|
||||
NEEDARG|FILE1,
|
||||
@@ -1472,13 +1473,13 @@ EX(CMD_tabs, "tabs", ex_tabs,
|
||||
TRLBAR|CMDWIN,
|
||||
ADDR_TABS),
|
||||
EX(CMD_tcl, "tcl", ex_tcl,
|
||||
- RANGE|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_tcldo, "tcldo", ex_tcldo,
|
||||
- RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
|
||||
+ RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_tclfile, "tclfile", ex_tclfile,
|
||||
- RANGE|FILE1|NEEDARG|CMDWIN,
|
||||
+ RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
|
||||
ADDR_LINES),
|
||||
EX(CMD_tearoff, "tearoff", ex_tearoff,
|
||||
NEEDARG|EXTRA|TRLBAR|NOTRLCOM|CMDWIN,
|
||||
diff --git a/src/ex_docmd.c b/src/ex_docmd.c
|
||||
index ef86fc8..aaf2f9d 100644
|
||||
--- a/src/ex_docmd.c
|
||||
+++ b/src/ex_docmd.c
|
||||
@@ -2372,11 +2372,16 @@ do_one_cmd(
|
||||
#ifdef HAVE_SANDBOX
|
||||
if (sandbox != 0 && !(ea.argt & SBOXOK))
|
||||
{
|
||||
- /* Command not allowed in sandbox. */
|
||||
+ // Command not allowed in sandbox.
|
||||
errormsg = (char_u *)_(e_sandbox);
|
||||
goto doend;
|
||||
}
|
||||
#endif
|
||||
+ if (restricted != 0 && (ea.argt & RESTRICT))
|
||||
+ {
|
||||
+ errormsg = (char_u *)_("E981: Command not allowed in rvim");
|
||||
+ goto doend;
|
||||
+ }
|
||||
if (!curbuf->b_p_ma && (ea.argt & MODIFY))
|
||||
{
|
||||
/* Command not allowed in non-'modifiable' buffer */
|
||||
diff --git a/src/if_perl.xs b/src/if_perl.xs
|
||||
index 7b45033..fc8d613 100644
|
||||
--- a/src/if_perl.xs
|
||||
+++ b/src/if_perl.xs
|
||||
@@ -930,6 +930,7 @@ VIM_init(void)
|
||||
#ifdef DYNAMIC_PERL
|
||||
static char *e_noperl = N_("Sorry, this command is disabled: the Perl library could not be loaded.");
|
||||
#endif
|
||||
+static char *e_perlsandbox = N_("E299: Perl evaluation forbidden in sandbox without the Safe module");
|
||||
|
||||
/*
|
||||
* ":perl"
|
||||
@@ -978,13 +979,12 @@ ex_perl(exarg_T *eap)
|
||||
vim_free(script);
|
||||
}
|
||||
|
||||
-#ifdef HAVE_SANDBOX
|
||||
- if (sandbox)
|
||||
+ if (sandbox || secure)
|
||||
{
|
||||
safe = perl_get_sv("VIM::safe", FALSE);
|
||||
# ifndef MAKE_TEST /* avoid a warning for unreachable code */
|
||||
if (safe == NULL || !SvTRUE(safe))
|
||||
- EMSG(_("E299: Perl evaluation forbidden in sandbox without the Safe module"));
|
||||
+ EMSG(_(e_perlsandbox));
|
||||
else
|
||||
# endif
|
||||
{
|
||||
@@ -996,7 +996,6 @@ ex_perl(exarg_T *eap)
|
||||
}
|
||||
}
|
||||
else
|
||||
-#endif
|
||||
perl_eval_sv(sv, G_DISCARD | G_NOARGS);
|
||||
|
||||
SvREFCNT_dec(sv);
|
||||
@@ -1259,13 +1258,12 @@ do_perleval(char_u *str, typval_T *rettv)
|
||||
ENTER;
|
||||
SAVETMPS;
|
||||
|
||||
-#ifdef HAVE_SANDBOX
|
||||
- if (sandbox)
|
||||
+ if (sandbox || secure)
|
||||
{
|
||||
safe = get_sv("VIM::safe", FALSE);
|
||||
# ifndef MAKE_TEST /* avoid a warning for unreachable code */
|
||||
if (safe == NULL || !SvTRUE(safe))
|
||||
- EMSG(_("E299: Perl evaluation forbidden in sandbox without the Safe module"));
|
||||
+ EMSG(_(e_perlsandbox));
|
||||
else
|
||||
# endif
|
||||
{
|
||||
@@ -1281,7 +1279,6 @@ do_perleval(char_u *str, typval_T *rettv)
|
||||
}
|
||||
}
|
||||
else
|
||||
-#endif /* HAVE_SANDBOX */
|
||||
sv = eval_pv((char *)str, 0);
|
||||
|
||||
if (sv) {
|
||||
diff --git a/src/testdir/Make_all.mak b/src/testdir/Make_all.mak
|
||||
index e36089a..5f1c38c 100644
|
||||
--- a/src/testdir/Make_all.mak
|
||||
+++ b/src/testdir/Make_all.mak
|
||||
@@ -156,6 +156,7 @@ NEW_TESTS = test_arabic.res \
|
||||
test_quotestar.res \
|
||||
test_regex_char_classes.res \
|
||||
test_registers.res \
|
||||
+ test_restricted.res \
|
||||
test_retab.res \
|
||||
test_ruby.res \
|
||||
test_scrollbind.res \
|
||||
diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
|
||||
new file mode 100644
|
||||
index 0000000..9dd937c
|
||||
--- /dev/null
|
||||
+++ b/src/testdir/test_restricted.vim
|
||||
@@ -0,0 +1,107 @@
|
||||
+" Test for "rvim" or "vim -Z"
|
||||
+
|
||||
+source shared.vim
|
||||
+
|
||||
+func Test_restricted()
|
||||
+ let cmd = GetVimCommand('Xrestricted')
|
||||
+ if cmd == ''
|
||||
+ return
|
||||
+ endif
|
||||
+
|
||||
+ call writefile([
|
||||
+ \ "silent !ls",
|
||||
+ \ "call writefile([v:errmsg], 'Xrestrout')",
|
||||
+ \ "qa!",
|
||||
+ \ ], 'Xrestricted')
|
||||
+ call system(cmd . ' -Z')
|
||||
+ call assert_match('E145:', join(readfile('Xrestrout')))
|
||||
+
|
||||
+ call delete('Xrestricted')
|
||||
+ call delete('Xrestrout')
|
||||
+endfunc
|
||||
+
|
||||
+func Run_restricted_test(ex_cmd, error)
|
||||
+ let cmd = GetVimCommand('Xrestricted')
|
||||
+ if cmd == ''
|
||||
+ return
|
||||
+ endif
|
||||
+
|
||||
+ call writefile([
|
||||
+ \ a:ex_cmd,
|
||||
+ \ "call writefile([v:errmsg], 'Xrestrout')",
|
||||
+ \ "qa!",
|
||||
+ \ ], 'Xrestricted')
|
||||
+ call system(cmd . ' -Z')
|
||||
+ call assert_match(a:error, join(readfile('Xrestrout')))
|
||||
+
|
||||
+ call delete('Xrestricted')
|
||||
+ call delete('Xrestrout')
|
||||
+endfunc
|
||||
+
|
||||
+func Test_restricted_lua()
|
||||
+ if !has('lua')
|
||||
+ throw 'Skipped: Lua is not supported'
|
||||
+ endif
|
||||
+ call Run_restricted_test('lua print("Hello, Vim!")', 'E981:')
|
||||
+ call Run_restricted_test('luado return "hello"', 'E981:')
|
||||
+ call Run_restricted_test('luafile somefile', 'E981:')
|
||||
+ call Run_restricted_test('call luaeval("expression")', 'E145:')
|
||||
+endfunc
|
||||
+
|
||||
+func Test_restricted_mzscheme()
|
||||
+ if !has('mzscheme')
|
||||
+ throw 'Skipped: MzScheme is not supported'
|
||||
+ endif
|
||||
+ call Run_restricted_test('mzscheme statement', 'E981:')
|
||||
+ call Run_restricted_test('mzfile somefile', 'E981:')
|
||||
+ call Run_restricted_test('call mzeval("expression")', 'E145:')
|
||||
+endfunc
|
||||
+
|
||||
+func Test_restricted_perl()
|
||||
+ if !has('perl')
|
||||
+ throw 'Skipped: Perl is not supported'
|
||||
+ endif
|
||||
+ " TODO: how to make Safe mode fail?
|
||||
+ " call Run_restricted_test('perl system("ls")', 'E981:')
|
||||
+ " call Run_restricted_test('perldo system("hello")', 'E981:')
|
||||
+ " call Run_restricted_test('perlfile somefile', 'E981:')
|
||||
+ " call Run_restricted_test('call perleval("system(\"ls\")")', 'E145:')
|
||||
+endfunc
|
||||
+
|
||||
+func Test_restricted_python()
|
||||
+ if !has('python')
|
||||
+ throw 'Skipped: Python is not supported'
|
||||
+ endif
|
||||
+ call Run_restricted_test('python print "hello"', 'E981:')
|
||||
+ call Run_restricted_test('pydo return "hello"', 'E981:')
|
||||
+ call Run_restricted_test('pyfile somefile', 'E981:')
|
||||
+ call Run_restricted_test('call pyeval("expression")', 'E145:')
|
||||
+endfunc
|
||||
+
|
||||
+func Test_restricted_python3()
|
||||
+ if !has('python3')
|
||||
+ throw 'Skipped: Python3 is not supported'
|
||||
+ endif
|
||||
+ call Run_restricted_test('py3 print "hello"', 'E981:')
|
||||
+ call Run_restricted_test('py3do return "hello"', 'E981:')
|
||||
+ call Run_restricted_test('py3file somefile', 'E981:')
|
||||
+ call Run_restricted_test('call py3eval("expression")', 'E145:')
|
||||
+endfunc
|
||||
+
|
||||
+func Test_restricted_ruby()
|
||||
+ if !has('ruby')
|
||||
+ throw 'Skipped: Ruby is not supported'
|
||||
+ endif
|
||||
+ call Run_restricted_test('ruby print "Hello"', 'E981:')
|
||||
+ call Run_restricted_test('rubydo print "Hello"', 'E981:')
|
||||
+ call Run_restricted_test('rubyfile somefile', 'E981:')
|
||||
+endfunc
|
||||
+
|
||||
+func Test_restricted_tcl()
|
||||
+ if !has('tcl')
|
||||
+ throw 'Skipped: Tcl is not supported'
|
||||
+ endif
|
||||
+ call Run_restricted_test('tcl puts "Hello"', 'E981:')
|
||||
+ call Run_restricted_test('tcldo puts "Hello"', 'E981:')
|
||||
+ call Run_restricted_test('tclfile somefile', 'E981:')
|
||||
+endfunc
|
@ -0,0 +1,35 @@
|
||||
diff -up vim80/src/screen.c.cve3872 vim80/src/screen.c
|
||||
--- vim80/src/screen.c.cve3872 2021-10-21 13:20:27.694921335 +0200
|
||||
+++ vim80/src/screen.c 2021-10-21 13:22:42.221732996 +0200
|
||||
@@ -6911,13 +6911,13 @@ win_redr_status(win_T *wp)
|
||||
*(p + len++) = ' ';
|
||||
if (bt_help(wp->w_buffer))
|
||||
{
|
||||
- STRCPY(p + len, _("[Help]"));
|
||||
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]"));
|
||||
len += (int)STRLEN(p + len);
|
||||
}
|
||||
#ifdef FEAT_QUICKFIX
|
||||
if (wp->w_p_pvw)
|
||||
{
|
||||
- STRCPY(p + len, _("[Preview]"));
|
||||
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]"));
|
||||
len += (int)STRLEN(p + len);
|
||||
}
|
||||
#endif
|
||||
@@ -6927,12 +6927,12 @@ win_redr_status(win_T *wp)
|
||||
#endif
|
||||
)
|
||||
{
|
||||
- STRCPY(p + len, "[+]");
|
||||
- len += 3;
|
||||
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]");
|
||||
+ len += (int)STRLEN(p + len);
|
||||
}
|
||||
if (wp->w_buffer->b_p_ro)
|
||||
{
|
||||
- STRCPY(p + len, _("[RO]"));
|
||||
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]"));
|
||||
len += (int)STRLEN(p + len);
|
||||
}
|
||||
|
@ -0,0 +1,34 @@
|
||||
diff --git a/src/misc1.c b/src/misc1.c
|
||||
index de79c8e..1c5867d 100644
|
||||
--- a/src/misc1.c
|
||||
+++ b/src/misc1.c
|
||||
@@ -6792,7 +6792,7 @@ find_start_brace(void) /* XXX */
|
||||
&& (pos = ind_find_start_CORS(NULL)) == NULL) /* XXX */
|
||||
break;
|
||||
if (pos != NULL)
|
||||
- curwin->w_cursor.lnum = pos->lnum;
|
||||
+ curwin->w_cursor = *pos;
|
||||
}
|
||||
curwin->w_cursor = cursor_save;
|
||||
return trypos;
|
||||
diff --git a/src/testdir/test_cindent.vim b/src/testdir/test_cindent.vim
|
||||
index 7c2c5e3..f8c7e57 100644
|
||||
--- a/src/testdir/test_cindent.vim
|
||||
+++ b/src/testdir/test_cindent.vim
|
||||
@@ -102,4 +102,16 @@ func Test_cindent_expr()
|
||||
bw!
|
||||
endfunc
|
||||
|
||||
+func Test_find_brace_backwards()
|
||||
+ " this was looking beyond the end of the line
|
||||
+ new
|
||||
+ norm R/*
|
||||
+ norm o0{
|
||||
+ norm o//
|
||||
+ norm V{=
|
||||
+ call assert_equal(['/*', ' 0{', '//'], getline(1, 3))
|
||||
+ bwipe!
|
||||
+endfunc
|
||||
+
|
||||
+
|
||||
" vim: shiftwidth=2 sts=2 expandtab
|
@ -0,0 +1,14 @@
|
||||
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
|
||||
index 1827fec..e69fbd3 100644
|
||||
--- a/src/ex_cmds.c
|
||||
+++ b/src/ex_cmds.c
|
||||
@@ -6537,8 +6537,7 @@ find_help_tags(
|
||||
|| (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
|
||||
&& arg[2] != NUL)))
|
||||
{
|
||||
- STRCPY(d, "/\\\\");
|
||||
- STRCPY(d + 3, arg + 1);
|
||||
+ vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
|
||||
/* Check for "/\\_$", should be "/\\_\$" */
|
||||
if (d[3] == '_' && d[4] == '$')
|
||||
STRCPY(d + 4, "\\$");
|
45
SOURCES/0001-patch-8.2.3949-using-freed-memory-with-V.patch
Normal file
45
SOURCES/0001-patch-8.2.3949-using-freed-memory-with-V.patch
Normal file
@ -0,0 +1,45 @@
|
||||
diff -up vim80/src/regexp.c.cve4192 vim80/src/regexp.c
|
||||
--- vim80/src/regexp.c.cve4192 2022-01-12 15:21:44.792239040 +0100
|
||||
+++ vim80/src/regexp.c 2022-01-12 15:34:35.190425880 +0100
|
||||
@@ -4203,9 +4203,9 @@ reg_match_visual(void)
|
||||
if (lnum < top.lnum || lnum > bot.lnum)
|
||||
return FALSE;
|
||||
|
||||
+ col = (colnr_T)(reginput - regline);
|
||||
if (mode == 'v')
|
||||
{
|
||||
- col = (colnr_T)(reginput - regline);
|
||||
if ((lnum == top.lnum && col < top.col)
|
||||
|| (lnum == bot.lnum && col >= bot.col + (*p_sel != 'e')))
|
||||
return FALSE;
|
||||
@@ -4220,7 +4220,12 @@ reg_match_visual(void)
|
||||
end = end2;
|
||||
if (top.col == MAXCOL || bot.col == MAXCOL)
|
||||
end = MAXCOL;
|
||||
- cols = win_linetabsize(wp, regline, (colnr_T)(reginput - regline));
|
||||
+
|
||||
+ // getvvcol() flushes rex.line, need to get it again
|
||||
+ regline = reg_getline(reglnum);
|
||||
+ reginput = regline + col;
|
||||
+
|
||||
+ cols = win_linetabsize(wp, regline, col);
|
||||
if (cols < start || cols > end - (*p_sel == 'e'))
|
||||
return FALSE;
|
||||
}
|
||||
diff -up vim80/src/testdir/test_regexp_latin.vim.cve4192 vim80/src/testdir/test_regexp_latin.vim
|
||||
--- vim80/src/testdir/test_regexp_latin.vim.cve4192 2022-01-12 15:21:44.792239040 +0100
|
||||
+++ vim80/src/testdir/test_regexp_latin.vim 2022-01-12 15:36:12.499693099 +0100
|
||||
@@ -80,3 +80,13 @@ func Test_using_invalid_visual_position(
|
||||
/\%V
|
||||
bwipe!
|
||||
endfunc
|
||||
+
|
||||
+func Test_using_visual_position()
|
||||
+ " this was using freed memory
|
||||
+ new
|
||||
+ exe "norm 0o\<Esc>\<C-V>k\<C-X>o0"
|
||||
+ /\%V
|
||||
+ bwipe!
|
||||
+endfunc
|
||||
+
|
||||
+" vim: shiftwidth=2 sts=2 expandtab
|
@ -0,0 +1,38 @@
|
||||
diff -up vim80/src/charset.c.cve4193 vim80/src/charset.c
|
||||
--- vim80/src/charset.c.cve4193 2022-01-12 14:49:08.710592947 +0100
|
||||
+++ vim80/src/charset.c 2022-01-12 14:49:47.594705863 +0100
|
||||
@@ -1291,10 +1291,15 @@ getvcol(
|
||||
posptr = NULL; /* continue until the NUL */
|
||||
else
|
||||
{
|
||||
- /* Special check for an empty line, which can happen on exit, when
|
||||
- * ml_get_buf() always returns an empty string. */
|
||||
- if (*ptr == NUL)
|
||||
- pos->col = 0;
|
||||
+ colnr_T i;
|
||||
+
|
||||
+ // In a few cases the position can be beyond the end of the line.
|
||||
+ for (i = 0; i < pos->col; ++i)
|
||||
+ if (ptr[i] == NUL)
|
||||
+ {
|
||||
+ pos->col = i;
|
||||
+ break;
|
||||
+ }
|
||||
posptr = ptr + pos->col;
|
||||
#ifdef FEAT_MBYTE
|
||||
if (has_mbyte)
|
||||
diff -up vim80/src/testdir/test_regexp_latin.vim.cve4193 vim80/src/testdir/test_regexp_latin.vim
|
||||
--- vim80/src/testdir/test_regexp_latin.vim.cve4193 2022-01-12 14:49:08.710592947 +0100
|
||||
+++ vim80/src/testdir/test_regexp_latin.vim 2022-01-12 14:50:45.186873107 +0100
|
||||
@@ -72,3 +72,11 @@ func Test_backref()
|
||||
call assert_fails('call search("\\%#=2\\(e\\1\\)")', 'E65:')
|
||||
bwipe!
|
||||
endfunc
|
||||
+
|
||||
+func Test_using_invalid_visual_position()
|
||||
+ " this was going beyond the end of the line
|
||||
+ new
|
||||
+ exe "norm 0o000\<Esc>0\<C-V>$s0"
|
||||
+ /\%V
|
||||
+ bwipe!
|
||||
+endfunc
|
@ -0,0 +1,95 @@
|
||||
diff -up vim80/src/ops.c.cve0261 vim80/src/ops.c
|
||||
--- vim80/src/ops.c.cve0261 2022-01-26 14:30:27.475308323 +0100
|
||||
+++ vim80/src/ops.c 2022-01-26 14:34:16.650933713 +0100
|
||||
@@ -636,23 +636,30 @@ block_insert(
|
||||
if (b_insert)
|
||||
{
|
||||
off = (*mb_head_off)(oldp, oldp + offset + spaces);
|
||||
+ spaces -= off;
|
||||
+ count -= off;
|
||||
}
|
||||
else
|
||||
{
|
||||
- off = (*mb_off_next)(oldp, oldp + offset);
|
||||
- offset += off;
|
||||
+ // spaces fill the gap, the character that's at the edge moves
|
||||
+ // right
|
||||
+ off = (*mb_head_off)(oldp, oldp + offset);
|
||||
+ offset -= off;
|
||||
}
|
||||
spaces -= off;
|
||||
count -= off;
|
||||
}
|
||||
#endif
|
||||
|
||||
- newp = alloc_check((unsigned)(STRLEN(oldp)) + s_len + count + 1);
|
||||
+ // Make sure the allocated size matches what is actually copied below.
|
||||
+ newp = alloc(STRLEN(oldp) + spaces + s_len
|
||||
+ + (spaces > 0 && !bdp->is_short ? p_ts - spaces : 0)
|
||||
+ + count + 1);
|
||||
if (newp == NULL)
|
||||
continue;
|
||||
|
||||
/* copy up to shifted part */
|
||||
- mch_memmove(newp, oldp, (size_t)(offset));
|
||||
+ mch_memmove(newp, oldp, (size_t)offset);
|
||||
oldp += offset;
|
||||
|
||||
/* insert pre-padding */
|
||||
@@ -662,14 +669,21 @@ block_insert(
|
||||
mch_memmove(newp + offset + spaces, s, (size_t)s_len);
|
||||
offset += s_len;
|
||||
|
||||
- if (spaces && !bdp->is_short)
|
||||
+ if (spaces > 0 && !bdp->is_short)
|
||||
{
|
||||
- /* insert post-padding */
|
||||
- vim_memset(newp + offset + spaces, ' ', (size_t)(p_ts - spaces));
|
||||
- /* We're splitting a TAB, don't copy it. */
|
||||
- oldp++;
|
||||
- /* We allowed for that TAB, remember this now */
|
||||
- count++;
|
||||
+ if (*oldp == TAB)
|
||||
+ {
|
||||
+ // insert post-padding
|
||||
+ vim_memset(newp + offset + spaces, ' ',
|
||||
+ (size_t)(p_ts - spaces));
|
||||
+ // we're splitting a TAB, don't copy it
|
||||
+ oldp++;
|
||||
+ // We allowed for that TAB, remember this now
|
||||
+ count++;
|
||||
+ }
|
||||
+ else
|
||||
+ // Not a TAB, no extra spaces
|
||||
+ count = spaces;
|
||||
}
|
||||
|
||||
if (spaces > 0)
|
||||
@@ -2738,9 +2752,9 @@ op_insert(oparg_T *oap, long count1)
|
||||
oap->start_vcol = t;
|
||||
}
|
||||
else if (oap->op_type == OP_APPEND
|
||||
- && oap->end.col
|
||||
+ && oap->start.col
|
||||
#ifdef FEAT_VIRTUALEDIT
|
||||
- + oap->end.coladd
|
||||
+ + oap->start.coladd
|
||||
#endif
|
||||
>= curbuf->b_op_start_orig.col
|
||||
#ifdef FEAT_VIRTUALEDIT
|
||||
diff -up vim80/src/testdir/test_visual.vim.cve0261 vim80/src/testdir/test_visual.vim
|
||||
--- vim80/src/testdir/test_visual.vim.cve0261 2022-01-26 14:30:27.476308325 +0100
|
||||
+++ vim80/src/testdir/test_visual.vim 2022-01-26 14:36:03.482225225 +0100
|
||||
@@ -254,3 +254,12 @@ func Test_virtual_replace2()
|
||||
%d_
|
||||
set bs&vim
|
||||
endfunc
|
||||
+
|
||||
+func Test_visual_block_append_invalid_char()
|
||||
+ " this was going over the end of the line
|
||||
+ new
|
||||
+ call setline(1, [' let xxx', 'xxxxx', 'xxxxxxxxxxx'])
|
||||
+ exe "normal 0\<C-V>jjA-\<Esc>"
|
||||
+ call assert_equal([' - let xxx', 'xxxxx -', 'xxxxxxxx-xxx'], getline(1, 3))
|
||||
+ bwipe!
|
||||
+endfunc
|
@ -0,0 +1,46 @@
|
||||
diff --git a/src/ops.c b/src/ops.c
|
||||
index e9cfb1d..e35b033 100644
|
||||
--- a/src/ops.c
|
||||
+++ b/src/ops.c
|
||||
@@ -629,26 +629,9 @@ block_insert(
|
||||
|
||||
#ifdef FEAT_MBYTE
|
||||
if (has_mbyte && spaces > 0)
|
||||
- {
|
||||
- int off;
|
||||
+ // avoid copying part of a multi-byte character
|
||||
+ offset -= (*mb_head_off)(oldp, oldp + offset);
|
||||
|
||||
- /* Avoid starting halfway a multi-byte character. */
|
||||
- if (b_insert)
|
||||
- {
|
||||
- off = (*mb_head_off)(oldp, oldp + offset + spaces);
|
||||
- spaces -= off;
|
||||
- count -= off;
|
||||
- }
|
||||
- else
|
||||
- {
|
||||
- // spaces fill the gap, the character that's at the edge moves
|
||||
- // right
|
||||
- off = (*mb_head_off)(oldp, oldp + offset);
|
||||
- offset -= off;
|
||||
- }
|
||||
- spaces -= off;
|
||||
- count -= off;
|
||||
- }
|
||||
#endif
|
||||
|
||||
// Make sure the allocated size matches what is actually copied below.
|
||||
diff --git a/src/testdir/test_utf8.vim b/src/testdir/test_utf8.vim
|
||||
index 24e3db8..1042720 100644
|
||||
--- a/src/testdir/test_utf8.vim
|
||||
+++ b/src/testdir/test_utf8.vim
|
||||
@@ -9,7 +9,7 @@ func Test_visual_block_insert()
|
||||
new
|
||||
call setline(1, ["aaa", "あああ", "bbb"])
|
||||
exe ":norm! gg0l\<C-V>jjIx\<Esc>"
|
||||
- call assert_equal(['axaa', 'xあああ', 'bxbb'], getline(1, '$'))
|
||||
+ call assert_equal(['axaa', ' xあああ', 'bxbb'], getline(1, '$'))
|
||||
bwipeout!
|
||||
endfunc
|
||||
|
@ -0,0 +1,12 @@
|
||||
diff -up vim80/src/ex_getln.c.cve0359 vim80/src/ex_getln.c
|
||||
--- vim80/src/ex_getln.c.cve0359 2022-01-27 16:55:41.386213891 +0100
|
||||
+++ vim80/src/ex_getln.c 2022-01-27 17:00:20.330960544 +0100
|
||||
@@ -300,7 +300,7 @@ getcmdline(
|
||||
ccline.cmdindent = (firstc > 0 ? indent : 0);
|
||||
|
||||
/* alloc initial ccline.cmdbuff */
|
||||
- alloc_cmdbuff(exmode_active ? 250 : indent + 1);
|
||||
+ alloc_cmdbuff(indent + 50);
|
||||
if (ccline.cmdbuff == NULL)
|
||||
return NULL; /* out of memory */
|
||||
ccline.cmdlen = ccline.cmdpos = 0;
|
@ -0,0 +1,33 @@
|
||||
diff -up vim80/src/ex_cmds.c.cve0361 vim80/src/ex_cmds.c
|
||||
--- vim80/src/ex_cmds.c.cve0361 2022-02-08 12:20:51.277666290 +0100
|
||||
+++ vim80/src/ex_cmds.c 2022-02-08 12:20:51.280666209 +0100
|
||||
@@ -983,6 +983,8 @@ ex_copy(linenr_T line1, linenr_T line2,
|
||||
}
|
||||
|
||||
appended_lines_mark(n, count);
|
||||
+ if (VIsual_active)
|
||||
+ check_pos(curbuf, &VIsual);
|
||||
|
||||
msgmore((long)count);
|
||||
}
|
||||
diff -up vim80/src/testdir/test_visual.vim.cve0361 vim80/src/testdir/test_visual.vim
|
||||
--- vim80/src/testdir/test_visual.vim.cve0361 2022-02-08 12:20:51.280666209 +0100
|
||||
+++ vim80/src/testdir/test_visual.vim 2022-02-08 12:21:44.530356814 +0100
|
||||
@@ -263,3 +263,17 @@ func Test_visual_block_append_invalid_ch
|
||||
call assert_equal([' - let xxx', 'xxxxx -', 'xxxxxxxx-xxx'], getline(1, 3))
|
||||
bwipe!
|
||||
endfunc
|
||||
+
|
||||
+" this was leaving the end of the Visual area beyond the end of a line
|
||||
+func Test_visual_ex_copy_line()
|
||||
+ new
|
||||
+ call setline(1, ["aaa", "bbbbbbbbbxbb"])
|
||||
+ /x
|
||||
+ exe "normal ggvjfxO"
|
||||
+ t0
|
||||
+ normal gNU
|
||||
+ bwipe!
|
||||
+endfunc
|
||||
+
|
||||
+
|
||||
+" vim: shiftwidth=2 sts=2 expandtab
|
@ -0,0 +1,85 @@
|
||||
commit ec45bc7682fd698d8d39f43732129c4d092355f3
|
||||
Author: Tomas Korbar <tkorbar@redhat.com>
|
||||
Date: Wed Feb 2 16:30:11 2022 +0100
|
||||
|
||||
Fix illegal memory access with bracketed paste in Ex mode
|
||||
|
||||
diff --git a/src/edit.c b/src/edit.c
|
||||
index f29fbc7..57b8dce 100644
|
||||
--- a/src/edit.c
|
||||
+++ b/src/edit.c
|
||||
@@ -9519,27 +9519,33 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
|
||||
int ret_char = -1;
|
||||
int save_allow_keys = allow_keys;
|
||||
int save_paste = p_paste;
|
||||
- int save_ai = curbuf->b_p_ai;
|
||||
|
||||
- /* If the end code is too long we can't detect it, read everything. */
|
||||
- if (STRLEN(end) >= NUMBUFLEN)
|
||||
+ // If the end code is too long we can't detect it, read everything.
|
||||
+ if (end != NULL && STRLEN(end) >= NUMBUFLEN)
|
||||
end = NULL;
|
||||
++no_mapping;
|
||||
allow_keys = 0;
|
||||
- p_paste = TRUE;
|
||||
- curbuf->b_p_ai = FALSE;
|
||||
+ if (!p_paste)
|
||||
+ // Also have the side effects of setting 'paste' to make it work much
|
||||
+ // faster.
|
||||
+ set_option_value((char_u *)"paste", TRUE, NULL, 0);
|
||||
|
||||
for (;;)
|
||||
{
|
||||
/* When the end is not defined read everything. */
|
||||
if (end == NULL && vpeekc() == NUL)
|
||||
break;
|
||||
- c = plain_vgetc();
|
||||
-#ifdef FEAT_MBYTE
|
||||
+ do
|
||||
+ c = vgetc();
|
||||
+ while (c == K_IGNORE || c == K_VER_SCROLLBAR || c == K_HOR_SCROLLBAR);
|
||||
+ if (c == NUL || got_int || (ex_normal_busy > 0 && c == Ctrl_C))
|
||||
+ // When CTRL-C was encountered the typeahead will be flushed and we
|
||||
+ // won't get the end sequence. Except when using ":normal".
|
||||
+ break;
|
||||
+
|
||||
if (has_mbyte)
|
||||
idx += (*mb_char2bytes)(c, buf + idx);
|
||||
else
|
||||
-#endif
|
||||
buf[idx++] = c;
|
||||
buf[idx] = NUL;
|
||||
if (end != NULL && STRNCMP(buf, end, idx) == 0)
|
||||
@@ -9557,7 +9563,8 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
|
||||
break;
|
||||
|
||||
case PASTE_EX:
|
||||
- if (gap != NULL && ga_grow(gap, idx) == OK)
|
||||
+ // add one for the NUL that is going to be appended
|
||||
+ if (gap != NULL && ga_grow(gap, idx + 1) == OK)
|
||||
{
|
||||
mch_memmove((char *)gap->ga_data + gap->ga_len,
|
||||
buf, (size_t)idx);
|
||||
@@ -9582,11 +9589,9 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
|
||||
case PASTE_ONE_CHAR:
|
||||
if (ret_char == -1)
|
||||
{
|
||||
-#ifdef FEAT_MBYTE
|
||||
if (has_mbyte)
|
||||
ret_char = (*mb_ptr2char)(buf);
|
||||
else
|
||||
-#endif
|
||||
ret_char = buf[0];
|
||||
}
|
||||
break;
|
||||
@@ -9597,8 +9602,8 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
|
||||
|
||||
--no_mapping;
|
||||
allow_keys = save_allow_keys;
|
||||
- p_paste = save_paste;
|
||||
- curbuf->b_p_ai = save_ai;
|
||||
+ if (!save_paste)
|
||||
+ set_option_value((char_u *)"paste", FALSE, NULL, 0);
|
||||
|
||||
return ret_char;
|
||||
}
|
@ -0,0 +1,51 @@
|
||||
commit c604f3ad4782fde770617ff688e1ceac0dc1bd7c
|
||||
Author: Tomas Korbar <tkorbar@redhat.com>
|
||||
Date: Thu Feb 3 10:14:42 2022 +0100
|
||||
|
||||
Fix using freed memory when substitute with function call
|
||||
|
||||
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
|
||||
index e69fbd3..0788573 100644
|
||||
--- a/src/ex_cmds.c
|
||||
+++ b/src/ex_cmds.c
|
||||
@@ -4767,6 +4767,7 @@ do_sub(exarg_T *eap)
|
||||
int save_do_all; /* remember user specified 'g' flag */
|
||||
int save_do_ask; /* remember user specified 'c' flag */
|
||||
char_u *pat = NULL, *sub = NULL; /* init for GCC */
|
||||
+ char_u *sub_copy = NULL;
|
||||
int delimiter;
|
||||
int sublen;
|
||||
int got_quit = FALSE;
|
||||
@@ -5062,11 +5063,20 @@ do_sub(exarg_T *eap)
|
||||
sub_firstline = NULL;
|
||||
|
||||
/*
|
||||
- * ~ in the substitute pattern is replaced with the old pattern.
|
||||
- * We do it here once to avoid it to be replaced over and over again.
|
||||
- * But don't do it when it starts with "\=", then it's an expression.
|
||||
+ * If the substitute pattern starts with "\=" then it's an expression.
|
||||
+ * Make a copy, a recursive function may free it.
|
||||
+ * Otherwise, '~' in the substitute pattern is replaced with the old
|
||||
+ * pattern. We do it here once to avoid it to be replaced over and over
|
||||
+ * again.
|
||||
*/
|
||||
- if (!(sub[0] == '\\' && sub[1] == '='))
|
||||
+ if (sub[0] == '\\' && sub[1] == '=')
|
||||
+ {
|
||||
+ sub = vim_strsave(sub);
|
||||
+ if (sub == NULL)
|
||||
+ return;
|
||||
+ sub_copy = sub;
|
||||
+ }
|
||||
+ else
|
||||
sub = regtilde(sub, p_magic);
|
||||
|
||||
/*
|
||||
@@ -5825,6 +5835,7 @@ outofmem:
|
||||
#endif
|
||||
|
||||
vim_regfree(regmatch.regprog);
|
||||
+ vim_free(sub_copy);
|
||||
|
||||
/* Restore the flag values, they can be used for ":&&". */
|
||||
subflags.do_all = save_do_all;
|
@ -0,0 +1,22 @@
|
||||
diff -up vim80/src/regexp.c.cve1154 vim80/src/regexp.c
|
||||
--- vim80/src/regexp.c.cve1154 2022-04-09 12:01:30.054452927 +0200
|
||||
+++ vim80/src/regexp.c 2022-04-09 12:02:48.987999877 +0200
|
||||
@@ -4415,8 +4415,17 @@ regmatch(
|
||||
int mark = OPERAND(scan)[0];
|
||||
int cmp = OPERAND(scan)[1];
|
||||
pos_T *pos;
|
||||
+ size_t col = REG_MULTI ? reginput - regline : 0;
|
||||
|
||||
pos = getmark_buf(rex.reg_buf, mark, FALSE);
|
||||
+
|
||||
+ // Line may have been freed, get it again.
|
||||
+ if (REG_MULTI)
|
||||
+ {
|
||||
+ regline = reg_getline(reglnum);
|
||||
+ reginput = regline + col;
|
||||
+ }
|
||||
+
|
||||
if (pos == NULL /* mark doesn't exist */
|
||||
|| pos->lnum <= 0 /* mark isn't set in reg_buf */
|
||||
|| (pos->lnum == reglnum + rex.reg_firstlnum
|
||||
diff -up vim80/src/testdir/test_regexp_latin.vim.cve1154 vim80/src/testdir/test_regexp_latin.vim
|
@ -0,0 +1,57 @@
|
||||
diff --git a/src/globals.h b/src/globals.h
|
||||
index d5320d7..968ba33 100644
|
||||
--- a/src/globals.h
|
||||
+++ b/src/globals.h
|
||||
@@ -1657,6 +1657,11 @@ EXTERN int *eval_lavars_used INIT(= NULL);
|
||||
EXTERN int ctrl_break_was_pressed INIT(= FALSE);
|
||||
#endif
|
||||
|
||||
+#ifdef FEAT_SPELL
|
||||
+EXTERN char e_illegal_character_in_word[]
|
||||
+ INIT(= N_("E1280: Illegal character in word"));
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Optional Farsi support. Include it here, so EXTERN and INIT are defined.
|
||||
*/
|
||||
diff --git a/src/mbyte.c b/src/mbyte.c
|
||||
index 6d21f11..a7531f1 100644
|
||||
--- a/src/mbyte.c
|
||||
+++ b/src/mbyte.c
|
||||
@@ -4034,7 +4034,7 @@ theend:
|
||||
convert_setup(&vimconv, NULL, NULL);
|
||||
}
|
||||
|
||||
-#if defined(FEAT_GUI_GTK) || defined(PROTO)
|
||||
+#if defined(FEAT_GUI_GTK) || defined(FEAT_SPELL) || defined(PROTO)
|
||||
/*
|
||||
* Return TRUE if string "s" is a valid utf-8 string.
|
||||
* When "end" is NULL stop at the first NUL.
|
||||
diff --git a/src/spellfile.c b/src/spellfile.c
|
||||
index 496e07f..92997ef 100644
|
||||
--- a/src/spellfile.c
|
||||
+++ b/src/spellfile.c
|
||||
@@ -4441,6 +4441,10 @@ store_word(
|
||||
int res = OK;
|
||||
char_u *p;
|
||||
|
||||
+ // Avoid adding illegal bytes to the word tree.
|
||||
+ if (enc_utf8 && !utf_valid_string(word, NULL))
|
||||
+ return FAIL;
|
||||
+
|
||||
(void)spell_casefold(word, len, foldword, MAXWLEN);
|
||||
for (p = pfxlist; res == OK; ++p)
|
||||
{
|
||||
@@ -6251,6 +6255,12 @@ spell_add_word(
|
||||
int i;
|
||||
char_u *spf;
|
||||
|
||||
+ if (enc_utf8 && !utf_valid_string(word, NULL))
|
||||
+ {
|
||||
+ EMSG(_(e_illegal_character_in_word));
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
if (idx == 0) /* use internal wordlist */
|
||||
{
|
||||
if (int_wordlist == NULL)
|
@ -0,0 +1,15 @@
|
||||
diff -up vim80/src/search.c.cve1629 vim80/src/search.c
|
||||
--- vim80/src/search.c.cve1629 2022-05-24 13:55:06.789859865 +0200
|
||||
+++ vim80/src/search.c 2022-05-24 13:56:31.889218958 +0200
|
||||
@@ -4349,7 +4349,11 @@ find_next_quote(
|
||||
if (c == NUL)
|
||||
return -1;
|
||||
else if (escape != NULL && vim_strchr(escape, c))
|
||||
+ {
|
||||
++col;
|
||||
+ if (line[col] == NUL)
|
||||
+ return -1;
|
||||
+ }
|
||||
else if (c == quotechar)
|
||||
break;
|
||||
#ifdef FEAT_MBYTE
|
@ -0,0 +1,57 @@
|
||||
diff -up vim80/src/ex_cmds.c.cve1785 vim80/src/ex_cmds.c
|
||||
--- vim80/src/ex_cmds.c.cve1785 2022-06-10 10:46:33.818286626 +0200
|
||||
+++ vim80/src/ex_cmds.c 2022-06-10 10:58:04.009515524 +0200
|
||||
@@ -5486,12 +5486,17 @@ do_sub(exarg_T *eap)
|
||||
/* Save flags for recursion. They can change for e.g.
|
||||
* :s/^/\=execute("s#^##gn") */
|
||||
subflags_save = subflags;
|
||||
+
|
||||
+ // Disallow changing text or switching window in an expression.
|
||||
+ ++textlock;
|
||||
#endif
|
||||
/* get length of substitution part */
|
||||
sublen = vim_regsub_multi(®match,
|
||||
sub_firstlnum - regmatch.startpos[0].lnum,
|
||||
sub, sub_firstline, FALSE, p_magic, TRUE);
|
||||
#ifdef FEAT_EVAL
|
||||
+ --textlock;
|
||||
+
|
||||
/* Don't keep flags set by a recursive call. */
|
||||
subflags = subflags_save;
|
||||
if (subflags.do_count)
|
||||
@@ -5570,9 +5575,15 @@ do_sub(exarg_T *eap)
|
||||
mch_memmove(new_end, sub_firstline + copycol, (size_t)copy_len);
|
||||
new_end += copy_len;
|
||||
|
||||
+#ifdef FEAT_EVAL
|
||||
+ ++textlock;
|
||||
+#endif
|
||||
(void)vim_regsub_multi(®match,
|
||||
sub_firstlnum - regmatch.startpos[0].lnum,
|
||||
sub, new_end, TRUE, p_magic, TRUE);
|
||||
+#ifdef FEAT_EVAL
|
||||
+ --textlock;
|
||||
+#endif
|
||||
sub_nsubs++;
|
||||
did_sub = TRUE;
|
||||
|
||||
diff -up vim80/src/testdir/test_substitute.vim.cve1785 vim80/src/testdir/test_substitute.vim
|
||||
--- vim80/src/testdir/test_substitute.vim.cve1785 2022-06-10 10:46:33.818286626 +0200
|
||||
+++ vim80/src/testdir/test_substitute.vim 2022-06-10 10:59:17.168437630 +0200
|
||||
@@ -500,3 +500,16 @@ func Test_sub_cmd_8()
|
||||
enew!
|
||||
set titlestring&
|
||||
endfunc
|
||||
+
|
||||
+" This was switching windows in between computing the length and using it.
|
||||
+func Test_sub_change_window()
|
||||
+ silent! lfile
|
||||
+ sil! norm o0000000000000000000000000000000000000000000000000000
|
||||
+ func Repl()
|
||||
+ lopen
|
||||
+ endfunc
|
||||
+ silent! s/\%')/\=Repl()
|
||||
+ bwipe!
|
||||
+ bwipe!
|
||||
+ delfunc Repl
|
||||
+endfunc
|
@ -0,0 +1,120 @@
|
||||
diff -up vim80/src/normal.c.cve1897 vim80/src/normal.c
|
||||
--- vim80/src/normal.c.cve1897 2022-06-13 14:50:22.800290132 +0200
|
||||
+++ vim80/src/normal.c 2022-06-13 14:55:06.082861349 +0200
|
||||
@@ -532,6 +532,22 @@ find_command(int cmdchar)
|
||||
}
|
||||
|
||||
/*
|
||||
+ * If currently editing a cmdline or text is locked: beep and give an error
|
||||
+ * message, return TRUE.
|
||||
+ */
|
||||
+ static int
|
||||
+check_text_locked(oparg_T *oap)
|
||||
+{
|
||||
+ if (text_locked())
|
||||
+ {
|
||||
+ clearopbeep(oap);
|
||||
+ text_locked_msg();
|
||||
+ return TRUE;
|
||||
+ }
|
||||
+ return FALSE;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
* Execute a command in Normal mode.
|
||||
*/
|
||||
void
|
||||
@@ -792,14 +808,9 @@ getcount:
|
||||
goto normal_end;
|
||||
}
|
||||
|
||||
- if (text_locked() && (nv_cmds[idx].cmd_flags & NV_NCW))
|
||||
- {
|
||||
- /* This command is not allowed while editing a cmdline: beep. */
|
||||
- clearopbeep(oap);
|
||||
- text_locked_msg();
|
||||
- goto normal_end;
|
||||
- }
|
||||
- if ((nv_cmds[idx].cmd_flags & NV_NCW) && curbuf_locked())
|
||||
+ if ((nv_cmds[idx].cmd_flags & NV_NCW)
|
||||
+ && (check_text_locked(oap) || curbuf_locked()))
|
||||
+ // this command is not allowed now
|
||||
goto normal_end;
|
||||
|
||||
/*
|
||||
@@ -6234,12 +6245,8 @@ nv_gotofile(cmdarg_T *cap)
|
||||
char_u *ptr;
|
||||
linenr_T lnum = -1;
|
||||
|
||||
- if (text_locked())
|
||||
- {
|
||||
- clearopbeep(cap->oap);
|
||||
- text_locked_msg();
|
||||
+ if (check_text_locked(cap->oap))
|
||||
return;
|
||||
- }
|
||||
if (curbuf_locked())
|
||||
{
|
||||
clearop(cap->oap);
|
||||
@@ -8420,14 +8427,7 @@ nv_g_cmd(cmdarg_T *cap)
|
||||
|
||||
/* "gQ": improved Ex mode */
|
||||
case 'Q':
|
||||
- if (text_locked())
|
||||
- {
|
||||
- clearopbeep(cap->oap);
|
||||
- text_locked_msg();
|
||||
- break;
|
||||
- }
|
||||
-
|
||||
- if (!checkclearopq(oap))
|
||||
+ if (!check_text_locked(cap->oap) && !checkclearopq(oap))
|
||||
do_exmode(TRUE);
|
||||
break;
|
||||
|
||||
diff -up vim80/src/testdir/test_substitute.vim.cve1897 vim80/src/testdir/test_substitute.vim
|
||||
--- vim80/src/testdir/test_substitute.vim.cve1897 2022-06-13 14:50:22.849290402 +0200
|
||||
+++ vim80/src/testdir/test_substitute.vim 2022-06-13 14:55:50.370111134 +0200
|
||||
@@ -513,3 +513,26 @@ func Test_sub_change_window()
|
||||
bwipe!
|
||||
delfunc Repl
|
||||
endfunc
|
||||
+
|
||||
+" This was undoign a change in between computing the length and using it.
|
||||
+func Do_Test_sub_undo_change()
|
||||
+ new
|
||||
+ norm o0000000000000000000000000000000000000000000000000000
|
||||
+ silent! s/\%')/\=Repl()
|
||||
+ bwipe!
|
||||
+endfunc
|
||||
+
|
||||
+func Test_sub_undo_change()
|
||||
+ func Repl()
|
||||
+ silent! norm g-
|
||||
+ endfunc
|
||||
+ call Do_Test_sub_undo_change()
|
||||
+
|
||||
+ func! Repl()
|
||||
+ silent earlier
|
||||
+ endfunc
|
||||
+ call Do_Test_sub_undo_change()
|
||||
+
|
||||
+ delfunc Repl
|
||||
+endfunc
|
||||
+
|
||||
diff -up vim80/src/undo.c.cve1897 vim80/src/undo.c
|
||||
--- vim80/src/undo.c.cve1897 2022-06-13 14:50:22.849290402 +0200
|
||||
+++ vim80/src/undo.c 2022-06-13 14:56:57.916492090 +0200
|
||||
@@ -2283,6 +2283,12 @@ undo_time(
|
||||
if (curbuf->b_u_synced == FALSE)
|
||||
u_sync(TRUE);
|
||||
|
||||
+ if (text_locked())
|
||||
+ {
|
||||
+ text_locked_msg();
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
u_newcount = 0;
|
||||
u_oldcount = 0;
|
||||
if (curbuf->b_ml.ml_flags & ML_EMPTY)
|
@ -0,0 +1,85 @@
|
||||
diff -up vim80/src/ex_docmd.c.cve1927 vim80/src/ex_docmd.c
|
||||
--- vim80/src/ex_docmd.c.cve1927 2022-06-13 16:31:41.841068554 +0200
|
||||
+++ vim80/src/ex_docmd.c 2022-06-13 16:37:02.789876973 +0200
|
||||
@@ -1720,6 +1720,8 @@ do_one_cmd(
|
||||
int ni; /* set when Not Implemented */
|
||||
char_u *cmd;
|
||||
int address_count = 1;
|
||||
+ int need_check_cursor = FALSE;
|
||||
+ int ret_addr = FAIL;
|
||||
|
||||
vim_memset(&ea, 0, sizeof(ea));
|
||||
ea.line1 = 1;
|
||||
@@ -2084,7 +2086,7 @@ do_one_cmd(
|
||||
lnum = get_address(&ea, &ea.cmd, ea.addr_type, ea.skip,
|
||||
ea.addr_count == 0, address_count++);
|
||||
if (ea.cmd == NULL) /* error detected */
|
||||
- goto doend;
|
||||
+ goto addr_end;
|
||||
if (lnum == MAXLNUM)
|
||||
{
|
||||
if (*ea.cmd == '%') /* '%' - all lines */
|
||||
@@ -2128,12 +2130,12 @@ do_one_cmd(
|
||||
/* there is no Vim command which uses '%' and
|
||||
* ADDR_WINDOWS or ADDR_TABS */
|
||||
errormsg = (char_u *)_(e_invrange);
|
||||
- goto doend;
|
||||
+ goto addr_end;
|
||||
}
|
||||
break;
|
||||
case ADDR_TABS_RELATIVE:
|
||||
errormsg = (char_u *)_(e_invrange);
|
||||
- goto doend;
|
||||
+ goto addr_end;
|
||||
break;
|
||||
case ADDR_ARGUMENTS:
|
||||
if (ARGCOUNT == 0)
|
||||
@@ -2163,7 +2165,7 @@ do_one_cmd(
|
||||
if (ea.addr_type != ADDR_LINES)
|
||||
{
|
||||
errormsg = (char_u *)_(e_invrange);
|
||||
- goto doend;
|
||||
+ goto addr_end;
|
||||
}
|
||||
|
||||
++ea.cmd;
|
||||
@@ -2171,11 +2173,11 @@ do_one_cmd(
|
||||
{
|
||||
fp = getmark('<', FALSE);
|
||||
if (check_mark(fp) == FAIL)
|
||||
- goto doend;
|
||||
+ goto addr_end;
|
||||
ea.line1 = fp->lnum;
|
||||
fp = getmark('>', FALSE);
|
||||
if (check_mark(fp) == FAIL)
|
||||
- goto doend;
|
||||
+ goto addr_end;
|
||||
ea.line2 = fp->lnum;
|
||||
++ea.addr_count;
|
||||
}
|
||||
@@ -2190,8 +2192,11 @@ do_one_cmd(
|
||||
if (!ea.skip)
|
||||
{
|
||||
curwin->w_cursor.lnum = ea.line2;
|
||||
+
|
||||
/* don't leave the cursor on an illegal line or column */
|
||||
+ // Check the cursor position before returning.
|
||||
check_cursor();
|
||||
+ need_check_cursor = TRUE;
|
||||
}
|
||||
}
|
||||
else if (*ea.cmd != ',')
|
||||
@@ -2208,6 +2213,13 @@ do_one_cmd(
|
||||
ea.addr_count = 0;
|
||||
}
|
||||
|
||||
+ ret_addr = OK;
|
||||
+
|
||||
+addr_end:
|
||||
+ if (need_check_cursor)
|
||||
+ check_cursor();
|
||||
+ if (ret_addr == FAIL)
|
||||
+ goto doend;
|
||||
/*
|
||||
* 5. Parse the command.
|
||||
*/
|
86
SOURCES/vim-crypto-warning.patch
Normal file
86
SOURCES/vim-crypto-warning.patch
Normal file
@ -0,0 +1,86 @@
|
||||
diff --git a/src/config.h.in b/src/config.h.in
|
||||
index 7d61220..ca0b1a8 100644
|
||||
--- a/src/config.h.in
|
||||
+++ b/src/config.h.in
|
||||
@@ -478,3 +478,12 @@
|
||||
|
||||
/* Define to inline symbol or empty */
|
||||
#undef inline
|
||||
+
|
||||
+/* Do we need FIPS warning? */
|
||||
+#undef HAVE_FIPS_WARNING
|
||||
+
|
||||
+/* Link to system-fips file */
|
||||
+#undef SYSTEM_FIPS_FILE_LINK
|
||||
+
|
||||
+/* Link to fips_enabled file */
|
||||
+#undef FIPS_ENABLED_FILE_LINK
|
||||
diff --git a/src/configure.ac b/src/configure.ac
|
||||
index 1e7d444..5e45762 100644
|
||||
--- a/src/configure.ac
|
||||
+++ b/src/configure.ac
|
||||
@@ -525,6 +525,38 @@ else
|
||||
AC_MSG_RESULT(yes)
|
||||
fi
|
||||
|
||||
+dnl Checking if we want FIPS warning
|
||||
+
|
||||
+AC_MSG_CHECKING(--enable-fips-warning)
|
||||
+AC_ARG_ENABLE([fips-warning],
|
||||
+ AS_HELP_STRING([--enable-fips-warning], [Enable FIPS warning]),
|
||||
+ ,[enable_fips_warning="no"])
|
||||
+
|
||||
+if test "$enable_fips_warning" = "yes"; then
|
||||
+ AC_MSG_RESULT(yes)
|
||||
+ AC_DEFINE([HAVE_FIPS_WARNING])
|
||||
+
|
||||
+ dnl Setting path for system-fips file
|
||||
+
|
||||
+ AC_MSG_CHECKING(--with-system-fips-file argument)
|
||||
+ AC_ARG_WITH([system-fips-file], [ --with-system-fips-file=PATH Link to system-fips file (default: /etc/system-fips)],
|
||||
+ with_system_fips_file=$withval,
|
||||
+ with_system_fips_file="/etc/system-fips")
|
||||
+ AC_MSG_RESULT([$with_system_fips_file])
|
||||
+ AC_DEFINE_UNQUOTED([SYSTEM_FIPS_FILE_LINK], ["$with_system_fips_file"])
|
||||
+
|
||||
+ dnl Setting link to fips_enabled file
|
||||
+
|
||||
+ AC_MSG_CHECKING(--with-fips-enabled-file argument)
|
||||
+ AC_ARG_WITH([fips-enabled-file], [ --with-fips-enabled-file=PATH Link to fibs_enabled file (default: /proc/sys/crypto/fips_enabled)],
|
||||
+ with_fips_enabled_file=$withval,
|
||||
+ with_fips_enabled_file="/proc/sys/crypto/fips_enabled")
|
||||
+ AC_MSG_RESULT([$with_fips_enabled_file])
|
||||
+ AC_DEFINE_UNQUOTED([FIPS_ENABLED_FILE_LINK], ["$with_fips_enabled_file"])
|
||||
+else
|
||||
+ AC_MSG_RESULT(no)
|
||||
+fi
|
||||
+
|
||||
dnl Check for Lua feature.
|
||||
AC_MSG_CHECKING(--enable-luainterp argument)
|
||||
AC_ARG_ENABLE(luainterp,
|
||||
diff --git a/src/crypt.c b/src/crypt.c
|
||||
index dfbf02c..c935bc0 100644
|
||||
--- a/src/crypt.c
|
||||
+++ b/src/crypt.c
|
||||
@@ -501,6 +501,21 @@ crypt_check_method(int method)
|
||||
msg_scroll = TRUE;
|
||||
MSG(_("Warning: Using a weak encryption method; see :help 'cm'"));
|
||||
}
|
||||
+#ifdef HAVE_FIPS_WARNING
|
||||
+ FILE *fips_enable_fd = fopen(FIPS_ENABLED_FILE_LINK, "r");
|
||||
+ if (fips_enable_fd == NULL)
|
||||
+ return;
|
||||
+
|
||||
+ int enabled = fgetc(fips_enable_fd);
|
||||
+
|
||||
+ if ( access(SYSTEM_FIPS_FILE_LINK, F_OK) != -1 && enabled == '1')
|
||||
+ {
|
||||
+ msg_scroll = TRUE;
|
||||
+ MSG(_("Warning: This cryptography is not FIPS 140-2 compliant."));
|
||||
+ }
|
||||
+
|
||||
+ fclose(fips_enable_fd);
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
13
SOURCES/vim-cve3778-fix.patch
Normal file
13
SOURCES/vim-cve3778-fix.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff -up vim80/src/regexp_nfa.c.cve3796-fix vim80/src/regexp_nfa.c
|
||||
--- vim80/src/regexp_nfa.c.cve3796-fix 2021-09-20 08:27:13.752604505 +0200
|
||||
+++ vim80/src/regexp_nfa.c 2021-09-20 08:29:10.206546910 +0200
|
||||
@@ -5493,7 +5493,8 @@ find_match_text(colnr_T startcol, int re
|
||||
match = FALSE;
|
||||
break;
|
||||
}
|
||||
- len2 += MB_CHAR2LEN(c2);
|
||||
+ len2 += enc_utf8 ? utf_ptr2len(regline + col + len2)
|
||||
+ : MB_CHAR2LEN(c2);
|
||||
}
|
||||
if (match
|
||||
#ifdef FEAT_MBYTE
|
51
SOURCES/vim-cve3796.patch
Normal file
51
SOURCES/vim-cve3796.patch
Normal file
@ -0,0 +1,51 @@
|
||||
diff --git a/src/normal.c b/src/normal.c
|
||||
index be0e75e..7d62e20 100644
|
||||
--- a/src/normal.c
|
||||
+++ b/src/normal.c
|
||||
@@ -7147,19 +7147,23 @@ nv_replace(cmdarg_T *cap)
|
||||
{
|
||||
/*
|
||||
* Get ptr again, because u_save and/or showmatch() will have
|
||||
- * released the line. At the same time we let know that the
|
||||
- * line will be changed.
|
||||
+ * released the line. This may also happen in ins_copychar().
|
||||
+ * At the same time we let know that the line will be changed.
|
||||
*/
|
||||
- ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
|
||||
if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y)
|
||||
{
|
||||
int c = ins_copychar(curwin->w_cursor.lnum
|
||||
+ (cap->nchar == Ctrl_Y ? -1 : 1));
|
||||
+
|
||||
+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
|
||||
if (c != NUL)
|
||||
ptr[curwin->w_cursor.col] = c;
|
||||
}
|
||||
else
|
||||
+ {
|
||||
+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
|
||||
ptr[curwin->w_cursor.col] = cap->nchar;
|
||||
+ }
|
||||
if (p_sm && msg_silent == 0)
|
||||
showmatch(cap->nchar);
|
||||
++curwin->w_cursor.col;
|
||||
diff --git a/src/testdir/test_edit.vim b/src/testdir/test_edit.vim
|
||||
index 7278bcd..8818805 100644
|
||||
--- a/src/testdir/test_edit.vim
|
||||
+++ b/src/testdir/test_edit.vim
|
||||
@@ -1387,3 +1387,15 @@ func Test_edit_quit()
|
||||
only
|
||||
endfunc
|
||||
|
||||
+" Test for getting the character of the line below after "p"
|
||||
+func Test_edit_put_CTRL_E()
|
||||
+ set encoding=latin1
|
||||
+ new
|
||||
+ let @" = ''
|
||||
+ sil! norm orggRx
|
||||
+ sil! norm pr
|
||||
+ call assert_equal(['r', 'r'], getline(1, 2))
|
||||
+ bwipe!
|
||||
+ set encoding=utf-8
|
||||
+endfunc
|
||||
+
|
134
SPECS/vim.spec
134
SPECS/vim.spec
@ -24,7 +24,7 @@ Summary: The VIM editor
|
||||
URL: http://www.vim.org/
|
||||
Name: vim
|
||||
Version: %{baseversion}.%{patchlevel}
|
||||
Release: 11%{?dist}
|
||||
Release: 19%{?dist}.4
|
||||
License: Vim and MIT
|
||||
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
||||
Source1: vim.sh
|
||||
@ -71,6 +71,47 @@ Patch3017: vim-python3-tests.patch
|
||||
Patch3018: vim-covscan.patch
|
||||
# 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
|
||||
Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
|
||||
# 1605095 - vim: should not re-implement crypto
|
||||
Patch3020: vim-crypto-warning.patch
|
||||
# 1842755 - CVE-2019-20807
|
||||
Patch3021: 0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch
|
||||
# 2004975 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.6.0]
|
||||
Patch3022: vim-cve3796.patch
|
||||
# 2004892 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.6.0]
|
||||
Patch3023: vim-cve3778-fix.patch
|
||||
Patch3024: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
|
||||
# 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
|
||||
Patch3025: 0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
|
||||
# 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]
|
||||
Patch3026: 0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch
|
||||
# CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
|
||||
Patch3027: 0001-patch-8.2.3950-going-beyond-the-end-of-the-line-with.patch
|
||||
# CVE-2021-4192 vim: vulnerable to Use After Free
|
||||
Patch3028: 0001-patch-8.2.3949-using-freed-memory-with-V.patch
|
||||
# CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
|
||||
Patch3029: 0001-patch-8.2.4120-block-insert-goes-over-the-end-of-the.patch
|
||||
# CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c
|
||||
Patch3030: 0001-patch-8.2.4151-reading-beyond-the-end-of-a-line.patch
|
||||
# CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c
|
||||
Patch3031: 0001-patch-8.2.4214-illegal-memory-access-with-large-tabs.patch
|
||||
# CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
|
||||
Patch3032: 0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch
|
||||
# CVE-2022-0413 vim: use after free in src/ex_cmds.c
|
||||
Patch3033: 0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch
|
||||
# CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
||||
Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
|
||||
# CVE-2022-1154 vim: use after free in utf_ptr2char
|
||||
Patch3035: 0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
|
||||
# CVE-2022-1621 vim: heap buffer overflow
|
||||
Patch3036: 0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch
|
||||
# CVE-2022-1629 vim: buffer over-read
|
||||
Patch3037: 0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch
|
||||
# CVE-2022-1785 vim: Out-of-bounds Write
|
||||
Patch3038: 0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch
|
||||
# CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c
|
||||
Patch3039: 0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch
|
||||
# CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
|
||||
Patch3040: 0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch
|
||||
|
||||
# gcc is no longer in buildroot by default
|
||||
BuildRequires: gcc
|
||||
@ -267,6 +308,27 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
||||
%patch3017 -p1
|
||||
%patch3018 -p1
|
||||
%patch3019 -p1 -b .cve
|
||||
%patch3020 -p1 -b .crypto-warning
|
||||
%patch3021 -p1 -b .rvim
|
||||
%patch3022 -p1 -b .cve3796
|
||||
%patch3023 -p1 -b .cve3778
|
||||
%patch3024 -p1 -b .cve3872
|
||||
%patch3025 -p1 -b .cve3984
|
||||
%patch3026 -p1 -b .cve4019
|
||||
%patch3027 -p1 -b .cve4193
|
||||
%patch3028 -p1 -b .cve4192
|
||||
%patch3029 -p1 -b .cve0261
|
||||
%patch3030 -p1 -b .cve0318
|
||||
%patch3031 -p1 -b .cve0359
|
||||
%patch3032 -p1 -b .cve0392
|
||||
%patch3033 -p1 -b .cve0413
|
||||
%patch3034 -p1 -b .cve0361
|
||||
%patch3035 -p1 -b .cve1154
|
||||
%patch3036 -p1 -b .cve1621
|
||||
%patch3037 -p1 -b .cve1629
|
||||
%patch3038 -p1 -b .cve1785
|
||||
%patch3039 -p1 -b .cve1897
|
||||
%patch3040 -p1 -b .cve1927
|
||||
|
||||
%build
|
||||
%if 0%{?rhel} > 7
|
||||
@ -296,6 +358,7 @@ perl -pi -e "s/vimrc/virc/" os_unix.h
|
||||
%endif
|
||||
--disable-pythoninterp --disable-perlinterp --disable-tclinterp \
|
||||
--with-tlib=ncurses --enable-gui=no --disable-gpm --exec-prefix=/ \
|
||||
--enable-fips-warning \
|
||||
--with-compiledby="<bugzilla@redhat.com>" \
|
||||
--with-modified-by="<bugzilla@redhat.com>"
|
||||
|
||||
@ -314,6 +377,7 @@ mv -f ex_cmds.c.save ex_cmds.c
|
||||
--enable-xim --enable-multibyte \
|
||||
--with-tlib=ncurses \
|
||||
--enable-gtk3-check --enable-gui=gtk3 \
|
||||
--enable-fips-warning \
|
||||
--with-compiledby="<bugzilla@redhat.com>" --enable-cscope \
|
||||
--with-modified-by="<bugzilla@redhat.com>" \
|
||||
%if "%{withnetbeans}" == "1"
|
||||
@ -351,6 +415,7 @@ make clean
|
||||
--enable-gui=no --exec-prefix=%{_prefix} --enable-multibyte \
|
||||
--enable-cscope --with-modified-by="<bugzilla@redhat.com>" \
|
||||
--with-tlib=ncurses \
|
||||
--enable-fips-warning \
|
||||
--with-compiledby="<bugzilla@redhat.com>" \
|
||||
%if "%{withnetbeans}" == "1"
|
||||
--enable-netbeans \
|
||||
@ -543,16 +608,6 @@ rm -f %{buildroot}/%{_datadir}/vim/%{vimdir}/macros/maze/maze*.c
|
||||
rm -rf %{buildroot}/%{_datadir}/vim/%{vimdir}/tools
|
||||
rm -rf %{buildroot}/%{_datadir}/vim/%{vimdir}/doc/vim2html.pl
|
||||
rm -f %{buildroot}/%{_datadir}/vim/%{vimdir}/tutor/tutor.gr.utf-8~
|
||||
( cd %{buildroot}/%{_mandir}
|
||||
for i in `find ??/ -type f`; do
|
||||
if [[ "`file $i`" == *UTF-8\ Unicode\ text* ]]; then
|
||||
continue
|
||||
fi
|
||||
bi=`basename $i`
|
||||
iconv -f latin1 -t UTF8 $i > %{buildroot}/$bi
|
||||
mv -f %{buildroot}/$bi $i
|
||||
done
|
||||
)
|
||||
|
||||
# Remove not UTF-8 manpages
|
||||
for i in pl.ISO8859-2 it.ISO8859-1 ru.KOI8-R fr.ISO8859-1; do
|
||||
@ -792,6 +847,63 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
||||
%{_datadir}/icons/locolor/*/apps/*
|
||||
|
||||
%changelog
|
||||
* Tue Jun 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.4
|
||||
- fix issue reported by covscan
|
||||
|
||||
* Mon Jun 13 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.3
|
||||
- CVE-2022-1785 vim: Out-of-bounds Write
|
||||
- CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c
|
||||
- CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
|
||||
|
||||
* Wed May 25 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.2
|
||||
- CVE-2022-1621 vim: heap buffer overflow
|
||||
- CVE-2022-1629 vim: buffer over-read
|
||||
|
||||
* Sat Apr 09 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.1
|
||||
- CVE-2022-1154 vim: use after free in utf_ptr2char
|
||||
|
||||
* Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19
|
||||
- CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
||||
|
||||
* Mon Feb 07 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
|
||||
- CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
|
||||
- CVE-2022-0413 vim: use after free in src/ex_cmds.c
|
||||
|
||||
* Thu Jan 27 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
|
||||
- fix test suite after fix for CVE-2022-0318
|
||||
- CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c
|
||||
|
||||
* Wed Jan 12 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
|
||||
- CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
|
||||
- CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c
|
||||
|
||||
* Wed Jan 12 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
|
||||
- CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
|
||||
- CVE-2021-4192 vim: vulnerable to Use After Free
|
||||
|
||||
* Fri Dec 03 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
|
||||
- 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
|
||||
- 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]
|
||||
|
||||
* Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-17
|
||||
- 2016201 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0]
|
||||
|
||||
* Thu Sep 23 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16
|
||||
- 2004975 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.6.0]
|
||||
- 2004892 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.6.0]
|
||||
|
||||
* Tue Jun 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-15
|
||||
- 1842755 - CVE-2019-20807
|
||||
|
||||
* Mon Feb 10 2020 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-14
|
||||
- 1745476 - manpage of vim is garbled in Japanese locale
|
||||
|
||||
* Tue Jul 23 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-13
|
||||
- fixing covscan issues raised by previous commit
|
||||
|
||||
* Tue Jul 23 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-12
|
||||
- 1605095 - vim: should not re-implement crypto
|
||||
|
||||
* Fri Jun 14 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-11
|
||||
- 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user