fix CVE-2022-0714 CVE-2022-0729

backport-CVE-2022-0714.patch

@@ -0,0 +1,51 @@
+From 4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Mon, 21 Feb 2022 19:36:12 +0000
+Subject: [PATCH] patch 8.2.4436: crash with weird 'vartabstop' value
+
+Problem:    Crash with weird 'vartabstop' value.
+Solution:   Check for running into the end of the line.
+
+---
+ src/indent.c                 |  2 ++
+ src/testdir/test_vartabs.vim | 14 ++++++++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/src/indent.c b/src/indent.c
+index 075802c..6b8900f 100644
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -1279,6 +1279,8 @@ change_indent(
+ 		new_cursor_col += (*mb_ptr2len)(ptr + new_cursor_col);
+ 	    else
+ 		++new_cursor_col;
++	    if (ptr[new_cursor_col] == NUL)
++		break;
+ 	    vcol += lbr_chartabsize(ptr, ptr + new_cursor_col, (colnr_T)vcol);
+ 	}
+ 	vcol = last_vcol;
+diff --git a/src/testdir/test_vartabs.vim b/src/testdir/test_vartabs.vim
+index 47844fb..c2919d8 100644
+--- a/src/testdir/test_vartabs.vim
++++ b/src/testdir/test_vartabs.vim
+@@ -378,3 +378,17 @@ func Test_vartabs_reset()
+   set all&
+   call assert_equal('', &vts)
+ endfunc
++
++func Test_vartabstop_latin1()
++  let save_encoding = &encoding
++  new
++  set encoding=iso8859
++  silent norm :se 

++  set vartabstop=400
++  norm i00	
++  bwipe!
++  let &encoding = save_encoding
++endfunc
++
++
++" vim: shiftwidth=2 sts=2 expandtab
+-- 
+2.27.0
+

backport-CVE-2022-0729.patch

@@ -0,0 +1,47 @@
+From 6456fae9ba8e72c74b2c0c499eaf09974604ff30 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Tue, 22 Feb 2022 13:37:31 +0000
+Subject: [PATCH] patch 8.2.4440: crash with specific regexp pattern and string
+
+Problem:    Crash with specific regexp pattern and string.
+Solution:   Stop at the start of the string.
+
+---
+ src/regexp_bt.c                  | 5 +++++
+ src/testdir/test_regexp_utf8.vim | 7 +++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/src/regexp_bt.c b/src/regexp_bt.c
+index b71b862..e017ba5 100644
+--- a/src/regexp_bt.c
++++ b/src/regexp_bt.c
+@@ -4431,6 +4431,11 @@ regmatch(
+ 			    if (rex.input == rex.line)
+ 			    {
+ 				// backup to last char of previous line
++				if (rex.lnum == 0)
++				{
++				    status = RA_NOMATCH;
++				    break;
++				}
+ 				--rex.lnum;
+ 				rex.line = reg_getline(rex.lnum);
+ 				// Just in case regrepeat() didn't count
+diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim
+index 6d0ce59..5d1bd47 100644
+--- a/src/testdir/test_regexp_utf8.vim
++++ b/src/testdir/test_regexp_utf8.vim
+@@ -223,3 +223,10 @@ func Test_match_invalid_byte()
+   call delete('Xinvalid')
+ endfunc
+ 
++func Test_match_too_complicated()
++  set regexpengine=1
++  exe "vsplit \xeb\xdb\x99"
++  silent! buf \&\zs*\zs*0
++  bwipe!
++  set regexpengine=0
++endfunc
+-- 
+2.27.0
+

vim.spec

@@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        8.2
-Release:        24
+Release:        25
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -85,6 +85,8 @@ Patch6048:      backport-invalid-argument-errmsg.patch
 Patch6049:      backport-CVE-2022-0417.patch
 Patch6050:      backport-crash-when-pasting-too-many-times.patch
 Patch6051:      backport-CVE-2022-0572.patch
+Patch6052:      backport-CVE-2022-0714.patch
+Patch6053:      backport-CVE-2022-0729.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
 
@@ -473,6 +475,12 @@ popd
 %{_mandir}/man1/evim.*
 
 %changelog
+* Sat Mar 05 2022 yuanxin <yuanxin24@h-partners.com> - 2:8.2-25
+- Type:CVE
+- ID:fix CVE-2022-0714 CVE-2022-0729
+- SUG:NA
+- DESC:fix CVE-2022-0714 CVE-2022-0729
+
 * Sat Feb 26 2022 huangduirong <huangduirong@huawei.com> - 2:8.2-24
 - Type:CVE
 - ID:CVE-2022-0572