packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-47024 CVE-2023-0288

Browse Source
This commit is contained in:
wangjiang 2023-01-29 11:42:47 +08:00
parent 4622b19d35
commit 0d2977390a
3 changed files with 87 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
backport-CVE-2022-47024.patch Normal file
View File

@ -0,0 +1,34 @@
From a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 31 Aug 2022 12:01:54 +0100
Subject: [PATCH] patch 9.0.0339: no check if the return value of XChangeGC()
is NULL
Problem: No check if the return value of XChangeGC() is NULL.
Solution: Only use the return value when it is not NULL. (closes #11020)
---
src/gui_x11.c | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/gui_x11.c b/src/gui_x11.c
index 6e3e903be462..7293ac4900a6 100644
--- a/src/gui_x11.c
+++ b/src/gui_x11.c
@@ -2231,10 +2231,14 @@ gui_x11_create_blank_mouse(void)
{
Pixmap blank_pixmap = XCreatePixmap(gui.dpy, gui.wid, 1, 1, 1);
GC gc = XCreateGC(gui.dpy, blank_pixmap, (unsigned long)0, (XGCValues*)0);
- XDrawPoint(gui.dpy, blank_pixmap, gc, 0, 0);
- XFreeGC(gui.dpy, gc);
+
+ if (gc != NULL)
+ {
+ XDrawPoint(gui.dpy, blank_pixmap, gc, 0, 0);
+ XFreeGC(gui.dpy, gc);
+ }
return XCreatePixmapCursor(gui.dpy, blank_pixmap, blank_pixmap,
- (XColor*)&gui.norm_pixel, (XColor*)&gui.norm_pixel, 0, 0);
+ (XColor*)&gui.norm_pixel, (XColor*)&gui.norm_pixel, 0, 0);
}
/*

44
backport-CVE-2023-0288.patch Normal file
View File

@ -0,0 +1,44 @@
From 232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Fri, 13 Jan 2023 14:17:58 +0000
Subject: [PATCH] patch 9.0.1189: invalid memory access with folding and using
"L"
Problem: Invalid memory access with folding and using "L".
Solution: Prevent the cursor from moving to line zero.
---
src/normal.c | 3 ++-
src/testdir/test_fold.vim | 8 ++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/normal.c b/src/normal.c
index c319be599ad7..3d9f74dec558 100644
--- a/src/normal.c
+++ b/src/normal.c
@@ -3757,7 +3757,8 @@ nv_scroll(cmdarg_T *cap)
{
(void)hasFolding(curwin->w_cursor.lnum,
&curwin->w_cursor.lnum, NULL);
- --curwin->w_cursor.lnum;
+ if (curwin->w_cursor.lnum > curwin->w_topline)
+ --curwin->w_cursor.lnum;
}
}
else
diff --git a/src/testdir/test_fold.vim b/src/testdir/test_fold.vim
index adf9e5207838..f915a661336b 100644
--- a/src/testdir/test_fold.vim
+++ b/src/testdir/test_fold.vim
@@ -1547,4 +1547,12 @@ func Test_sort_closed_fold()
bw!
endfunc
+func Test_indent_with_L_command()
+ " The "L" command moved the cursor to line zero, causing the text saved for
+ " undo to use line number -1, which caused trouble for undo later.
+ new
+ sil! norm 8R V{zf8=Lu
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab

10
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim
Epoch: 2
Version: 9.0
Release: 7
Release: 8
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT
URL: http://www.vim.org
@ -84,6 +84,8 @@ Patch6054: backport-CVE-2022-4293.patch
Patch6055: backport-CVE-2023-0049.patch
Patch6056: backport-CVE-2023-0051.patch
Patch6057: backport-CVE-2023-0054.patch
Patch6058: backport-CVE-2022-47024.patch
Patch6059: backport-CVE-2023-0288.patch
Patch9000: bugfix-rm-modify-info-version.patch
Patch9001: vim-Add-sw64-architecture.patch
@ -492,6 +494,12 @@ LC_ALL=en_US.UTF-8 make -j1 test
%{_mandir}/man1/evim.*
%changelog
* Sun Jan 29 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-8
- Type:CVE
- ID:CVE-2022-47024 CVE-2023-0288
- SUG:NA
- DESC:CVE-2022-47024 CVE-2023-0288
* Mon Jan 09 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-7
- Type:CVE
- ID:CVE-2023-0049 CVE-2023-0051 CVE-2023-0054