packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!272 [sync] PR-268: fix CVE-2022-2125,CVE-2022-2206

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @lvying6 
Signed-off-by: @lvying6
This commit is contained in:
openeuler-ci-bot 2022-07-05 07:10:29 +00:00 committed by Gitee
commit 4c51b4276d
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 396 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
backport-CVE-2022-2125.patch Normal file
View File

@ -0,0 +1,48 @@
From 0e8e938d497260dd57be67b4966cb27a5f72376f Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sat, 18 Jun 2022 12:51:11 +0100
Subject: [PATCH] patch 8.2.5122: lisp indenting my run over the end of the
line
Problem: Lisp indenting my run over the end of the line.
Solution: Check for NUL earlier.
---
src/indent.c | 2 ++
src/testdir/test_indent.vim | 10 ++++++++++
2 files changed, 12 insertions(+)
diff --git a/src/indent.c b/src/indent.c
index 4677d29..2d07e2e 100644
--- a/src/indent.c
+++ b/src/indent.c
@@ -1920,6 +1920,8 @@ get_lisp_indent(void)
}
}
}
+ if (*that == NUL)
+ break;
}
if (*that == '(' || *that == '[')
++parencount;
diff --git a/src/testdir/test_indent.vim b/src/testdir/test_indent.vim
index 91e801a..f3b8b6b 100644
--- a/src/testdir/test_indent.vim
+++ b/src/testdir/test_indent.vim
@@ -98,4 +98,14 @@ func Test_copyindent()
close!
endfunc
+func Test_lisp_indent_quoted()
+ " This was going past the end of the line
+ new
+ setlocal lisp autoindent
+ call setline(1, ['"[', '='])
+ normal Gvk=
+
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
--
1.8.3.1

32
backport-CVE-2022-2206.patch Normal file
View File

@ -0,0 +1,32 @@
From e178af5a586ea023622d460779fdcabbbfac0908 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sat, 25 Jun 2022 19:54:09 +0100
Subject: [PATCH] patch 8.2.5160: accessing invalid memory after changing
terminal size
Problem: Accessing invalid memory after changing terminal size.
Solution: Adjust cmdline_row and msg_row to the value of Rows.
---
src/term.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/term.c b/src/term.c
index 77cfa7d..307e3bf 100644
--- a/src/term.c
+++ b/src/term.c
@@ -3223,6 +3223,12 @@ check_shellsize(void)
if (Rows < min_rows()) // need room for one window and command line
Rows = min_rows();
limit_screen_size();
+
+ // make sure these values are not invalid
+ if (cmdline_row >= Rows)
+ cmdline_row = Rows - 1;
+ if (msg_row >= Rows)
+ msg_row = Rows - 1;
}
/*
--
1.8.3.1

275
backport-patch-8.2.0358-insufficient-testing-for-indent.c.patch Normal file
View File

@ -0,0 +1,275 @@
From bd7206e02c957f0619e68e1628e2a3e91dd41e06 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Fri, 6 Mar 2020 20:36:04 +0100
Subject: [PATCH] patch 8.2.0358: insufficient testing for indent.c
Problem: Insufficient testing for indent.c.
Solution: Add indent tests. (Yegappan Lakshmanan, closes #5736)
---
src/testdir/Make_all.mak | 2 +
src/testdir/test_expand_func.vim | 14 ++++++
src/testdir/test_indent.vim | 101 +++++++++++++++++++++++++++++++++++++++
src/testdir/test_lispwords.vim | 3 ++
src/testdir/test_smartindent.vim | 23 +++++++++
src/testdir/test_vartabs.vim | 39 +++++++++++++++
6 files changed, 182 insertions(+)
create mode 100644 src/testdir/test_indent.vim
diff --git a/src/testdir/Make_all.mak b/src/testdir/Make_all.mak
index 2a3c4ab..4ecb606 100644
--- a/src/testdir/Make_all.mak
+++ b/src/testdir/Make_all.mak
@@ -150,6 +150,7 @@ NEW_TESTS = \
test_iminsert \
test_increment \
test_increment_dbcs \
+ test_indent \
test_ins_complete \
test_interrupt \
test_job_fails \
@@ -361,6 +362,7 @@ NEW_TESTS_RES = \
test_iminsert.res \
test_increment.res \
test_increment_dbcs.res \
+ test_indent.res \
test_ins_complete.res \
test_interrupt.res \
test_job_fails.res \
diff --git a/src/testdir/test_expand_func.vim b/src/testdir/test_expand_func.vim
index f9c5b5f..c408dea 100644
--- a/src/testdir/test_expand_func.vim
+++ b/src/testdir/test_expand_func.vim
@@ -73,3 +73,17 @@ func Test_expand()
" Don't add any line above this, otherwise <slnum> will change.
quit
endfunc
+
+" Test for 'wildignore' with expand()
+func Test_expand_wildignore()
+ set wildignore=*.vim
+ call assert_equal('', expand('test_expand_func.vim'))
+ call assert_equal('', expand('test_expand_func.vim', 0))
+ call assert_equal([], expand('test_expand_func.vim', 0, 1))
+ call assert_equal('test_expand_func.vim', expand('test_expand_func.vim', 1))
+ call assert_equal(['test_expand_func.vim'],
+ \ expand('test_expand_func.vim', 1, 1))
+ set wildignore&
+endfunc
+
+" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/testdir/test_indent.vim b/src/testdir/test_indent.vim
new file mode 100644
index 0000000..91e801a
--- /dev/null
+++ b/src/testdir/test_indent.vim
@@ -0,0 +1,101 @@
+" Test for various indent options
+
+func Test_preserveindent()
+ new
+ " Test for autoindent copying indent from the previous line
+ setlocal autoindent
+ call setline(1, [repeat(' ', 16) .. 'line1'])
+ call feedkeys("A\nline2", 'xt')
+ call assert_equal("\t\tline2", getline(2))
+ setlocal autoindent&
+
+ " Test for using CTRL-T with and without 'preserveindent'
+ set shiftwidth=4
+ call cursor(1, 1)
+ call setline(1, " \t ")
+ call feedkeys("Al\<C-T>", 'xt')
+ call assert_equal("\t\tl", getline(1))
+ set preserveindent
+ call setline(1, " \t ")
+ call feedkeys("Al\<C-T>", 'xt')
+ call assert_equal(" \t \tl", getline(1))
+ set pi& sw&
+
+ " Test for using CTRL-T with 'expandtab' and 'preserveindent'
+ call cursor(1, 1)
+ call setline(1, "\t \t")
+ set shiftwidth=4 expandtab preserveindent
+ call feedkeys("Al\<C-T>", 'xt')
+ call assert_equal("\t \t l", getline(1))
+ set sw& et& pi&
+
+ close!
+endfunc
+
+" Test for indent()
+func Test_indent_func()
+ call assert_equal(-1, indent(-1))
+ new
+ call setline(1, "\tabc")
+ call assert_equal(8, indent(1))
+ call setline(1, " abc")
+ call assert_equal(4, indent(1))
+ call setline(1, " \t abc")
+ call assert_equal(12, indent(1))
+ close!
+endfunc
+
+" Test for reindenting a line using the '=' operator
+func Test_reindent()
+ new
+ call setline(1, 'abc')
+ set nomodifiable
+ call assert_fails('normal ==', 'E21:')
+ set modifiable
+
+ call setline(1, ['foo', 'bar'])
+ call feedkeys('ggVG=', 'xt')
+ call assert_equal(['foo', 'bar'], getline(1, 2))
+ close!
+endfunc
+
+" Test for shifting a line with a preprocessor directive ('#')
+func Test_preproc_indent()
+ new
+ set sw=4
+ call setline(1, '#define FOO 1')
+ normal >>
+ call assert_equal(' #define FOO 1', getline(1))
+
+ " with 'smartindent'
+ call setline(1, '#define FOO 1')
+ set smartindent
+ normal >>
+ call assert_equal('#define FOO 1', getline(1))
+ set smartindent&
+
+ " with 'cindent'
+ set cindent
+ normal >>
+ call assert_equal('#define FOO 1', getline(1))
+ set cindent&
+
+ close!
+endfunc
+
+" Test for 'copyindent'
+func Test_copyindent()
+ new
+ set shiftwidth=4 autoindent expandtab copyindent
+ call setline(1, " \t abc")
+ call feedkeys("ol", 'xt')
+ call assert_equal(" \t l", getline(2))
+ set noexpandtab
+ call setline(1, " \t abc")
+ call feedkeys("ol", 'xt')
+ call assert_equal(" \t l", getline(2))
+ set sw& ai& et& ci&
+ close!
+endfunc
+
+" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/testdir/test_lispwords.vim b/src/testdir/test_lispwords.vim
index aa5a738..ff710b2 100644
--- a/src/testdir/test_lispwords.vim
+++ b/src/testdir/test_lispwords.vim
@@ -45,6 +45,7 @@ func Test_lisp_indent()
\ ])
call assert_equal(7, lispindent(2))
call assert_equal(5, 6->lispindent())
+ call assert_equal(-1, lispindent(-1))
set lisp
set lispwords&
@@ -83,3 +84,5 @@ func Test_lisp_indent()
let &cpoptions=save_copt
set nolisp
endfunc
+
+" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/testdir/test_smartindent.vim b/src/testdir/test_smartindent.vim
index e89ad19..dc0f99e 100644
--- a/src/testdir/test_smartindent.vim
+++ b/src/testdir/test_smartindent.vim
@@ -38,4 +38,27 @@ func Test_smartindent_has_no_effect()
bwipe!
endfunc
+" Test for inserting '{' and '} with smartindent
+func Test_smartindent_braces()
+ new
+ set smartindent shiftwidth=4
+ call setline(1, [' if (a)', "\tif (b)", "\t return 1"])
+ normal 2ggO{
+ normal 3ggA {
+ normal 4ggo}
+ normal o}
+ normal 4ggO#define FOO 1
+ call assert_equal([
+ \ ' if (a)',
+ \ ' {',
+ \ "\tif (b) {",
+ \ '#define FOO 1',
+ \ "\t return 1",
+ \ "\t}",
+ \ ' }'
+ \ ], getline(1, '$'))
+ set si& sw& ai&
+ close!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/testdir/test_vartabs.vim b/src/testdir/test_vartabs.vim
index c2919d8..0ac6ad2 100644
--- a/src/testdir/test_vartabs.vim
+++ b/src/testdir/test_vartabs.vim
@@ -91,6 +91,18 @@ func Test_vartabs()
let expect = "l\<tab> l\<tab>l l\<tab> l\<tab> l"
call assert_equal(expect, getline(1))
+ " Test for 'retab' with vts
+ set ts=8 sts=0 vts=5,3,6,2 vsts=
+ exe "norm! S l"
+ .retab!
+ call assert_equal("\t\t\t\tl", getline(1))
+
+ " Test for 'retab' with same vlaues as vts
+ set ts=8 sts=0 vts=5,3,6,2 vsts=
+ exe "norm! S l"
+ .retab! 5,3,6,2
+ call assert_equal("\t\t\t\tl", getline(1))
+
" Check that global and local values are set.
set ts=4 vts=6 sts=8 vsts=10
call assert_equal(&ts, 4)
@@ -390,5 +402,32 @@ func Test_vartabstop_latin1()
let &encoding = save_encoding
endfunc
+func s:SaveCol(l)
+ call add(a:l, [col('.'), virtcol('.')])
+ return ''
+endfunc
+
+" Test for 'varsofttabstop'
+func Test_varsofttabstop()
+ new
+ inoremap <expr> <F2> s:SaveCol(g:cols)
+
+ set backspace=indent,eol,start
+ set varsofttabstop=6,2,5,3
+ let g:cols = []
+ call feedkeys("a\t\<F2>\t\<F2>\t\<F2>\t\<F2> ", 'xt')
+ call assert_equal("\t\t ", getline(1))
+ call assert_equal([[7, 7], [2, 9], [7, 14], [3, 17]], g:cols)
+
+ let g:cols = []
+ call feedkeys("a\<bs>\<F2>\<bs>\<F2>\<bs>\<F2>\<bs>\<F2>\<bs>\<F2>", 'xt')
+ call assert_equal('', getline(1))
+ call assert_equal([[3, 17], [7, 14], [2, 9], [7, 7], [1, 1]], g:cols)
+
+ set varsofttabstop&
+ set backspace&
+ iunmap <F2>
+ close!
+endfunc
" vim: shiftwidth=2 sts=2 expandtab
--
1.8.3.1

30
backport-patch-8.2.5161-might-still-access-invalid-memory.patch Normal file
View File

@ -0,0 +1,30 @@
From 0fbc9260a75dfc4d86f20e7c0eb76878f513a212 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 26 Jun 2022 11:17:10 +0100
Subject: [PATCH] patch 8.2.5161: might still access invalid memory
Problem: Might still access invalid memory.
Solution: Add extra check for negative value.
---
src/message.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/message.c b/src/message.c
index 0b690bb..eae6e61 100644
--- a/src/message.c
+++ b/src/message.c
@@ -876,8 +876,10 @@ msg_may_trunc(int force, char_u *s)
int n;
int room;
+ // If something unexpected happened "room" may be negative, check for that
+ // just in case.
room = (int)(Rows - cmdline_row - 1) * Columns + sc_col - 1;
- if ((force || (shortmess(SHM_TRUNC) && !exmode_active))
+ if (room > 0 && (force || (shortmess(SHM_TRUNC) && !exmode_active))
&& (n = (int)STRLEN(s) - room) > 0)
{
if (has_mbyte)
--
1.8.3.1

12
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim
Epoch: 2
Version: 8.2
Release: 46
Release: 47
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT
URL: http://www.vim.org
@ -129,6 +129,10 @@ Patch6092: backport-patch-8.2.1354-test-59-is-old-style.patch
Patch6093: backport-patch-8.2.3484-crash-when-going-through-spell-sugges.patch
Patch6094: backport-patch-8.2.5007-spell-suggestion-may-use-uninitialize.patch
Patch6095: backport-CVE-2022-2126.patch
Patch6096: backport-patch-8.2.0358-insufficient-testing-for-indent.c.patch
Patch6097: backport-CVE-2022-2125.patch
Patch6098: backport-CVE-2022-2206.patch
Patch6099: backport-patch-8.2.5161-might-still-access-invalid-memory.patch
Patch9000: bugfix-rm-modify-info-version.patch
@ -517,6 +521,12 @@ popd
%{_mandir}/man1/evim.*
%changelog
* Tue Jul 05 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-47
- Type:CVE
- ID:CVE-2022-2125,CVE-2022-2206
- SUG:NA
- DESC:fix CVE-2022-2125,CVE-2022-2206
* Wed Jun 29 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-46
- Type:CVE
- ID:CVE-2022-2126