packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!184 fix CVE-2022-0319 CVE-2022-0554

Browse Source 
From: @xinyingchao 
Reviewed-by: @xiezhipeng1 
Signed-off-by: @xiezhipeng1
This commit is contained in:
openeuler-ci-bot 2022-03-21 08:07:27 +00:00 committed by Gitee
commit ddde29fdd9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 188 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
backport-CVE-2022-0319.patch Normal file
View File

@ -0,0 +1,65 @@
From 05b27615481e72e3b338bb12990fb3e0c2ecc2a9 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Thu, 20 Jan 2022 13:32:50 +0000
Subject: [PATCH] patch 8.2.4154: ml_get error when exchanging windows in
Visual mode
Problem: ml_get error when exchanging windows in Visual mode.
Solution: Correct end of Visual area when entering another buffer
Reference:https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9
Conflict:NA
---
src/testdir/test_visual.vim | 10 ++++++++++
src/window.c | 7 ++++++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index fcf6473..4f8f056 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -705,6 +705,16 @@ func Test_visual_undo_deletes_last_line()
bwipe!
endfunc
+" this was causing an ml_get error
+func Test_visual_exchange_windows()
+ enew!
+ new
+ call setline(1, ['foo', 'bar'])
+ exe "normal G\<C-V>gg\<C-W>\<C-X>OO\<Esc>"
+ bwipe!
+ bwipe!
+endfunc
+
func Test_visual_mode_put()
new
diff --git a/src/window.c b/src/window.c
index 5b407d5..bb17167 100644
--- a/src/window.c
+++ b/src/window.c
@@ -1661,6 +1661,11 @@ win_exchange(long Prenum)
(void)win_comp_pos(); // recompute window positions
+ if (wp->w_buffer != curbuf)
+ reset_VIsual_and_resel();
+ else if (VIsual_active)
+ wp->w_cursor = curwin->w_cursor;
+
win_enter(wp, TRUE);
redraw_all_later(NOT_VALID);
}
@@ -5114,7 +5119,7 @@ frame_remove(frame_T *frp)
win_alloc_lines(win_T *wp)
{
wp->w_lines_valid = 0;
- wp->w_lines = ALLOC_CLEAR_MULT(wline_T, Rows );
+ wp->w_lines = ALLOC_CLEAR_MULT(wline_T, Rows);
if (wp->w_lines == NULL)
return FAIL;
return OK;
--
2.27.0

113
backport-CVE-2022-0554.patch Normal file
View File

@ -0,0 +1,113 @@
From e3537aec2f8d6470010547af28dcbd83d41461b8 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 8 Feb 2022 15:05:20 +0000
Subject: [PATCH] patch 8.2.4327: may end up with no current buffer
Problem: May end up with no current buffer.
Solution: When deleting the current buffer to not pick a quickfix buffer as
the new current buffer
Reference:https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8
Conflict:NA
---
src/buffer.c | 26 ++++++++++++++++++++++----
src/testdir/test_quickfix.vim | 25 +++++++++++++++++++++++++
2 files changed, 47 insertions(+), 4 deletions(-)
diff --git a/src/buffer.c b/src/buffer.c
index e5f6a9b..3617c63 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -1520,8 +1520,14 @@ do_buffer(
buf = buflist_findnr(curwin->w_jumplist[jumpidx].fmark.fnum);
if (buf != NULL)
{
- if (buf == curbuf || !buf->b_p_bl)
- buf = NULL; // skip current and unlisted bufs
+ // Skip current and unlisted bufs. Also skip a quickfix
+ // buffer, it might be deleted soon.
+ if (buf == curbuf || !buf->b_p_bl
+#if defined(FEAT_QUICKFIX)
+ || bt_quickfix(buf)
+#endif
+ )
+ buf = NULL;
else if (buf->b_ml.ml_mfp == NULL)
{
// skip unloaded buf, but may keep it for later
@@ -1558,7 +1564,11 @@ do_buffer(
continue;
}
// in non-help buffer, try to skip help buffers, and vv
- if (buf->b_help == curbuf->b_help && buf->b_p_bl)
+ if (buf->b_help == curbuf->b_help && buf->b_p_bl
+#if defined(FEAT_QUICKFIX)
+ && !bt_quickfix(buf)
+#endif
+ )
{
if (buf->b_ml.ml_mfp != NULL) // found loaded buffer
break;
@@ -1576,7 +1586,11 @@ do_buffer(
if (buf == NULL) // No loaded buffer, find listed one
{
FOR_ALL_BUFFERS(buf)
- if (buf->b_p_bl && buf != curbuf)
+ if (buf->b_p_bl && buf != curbuf
+#if defined(FEAT_QUICKFIX)
+ && !bt_quickfix(buf)
+#endif
+ )
break;
}
if (buf == NULL) // Still no buffer, just take one
@@ -1585,6 +1599,10 @@ do_buffer(
buf = curbuf->b_next;
else
buf = curbuf->b_prev;
+#if defined(FEAT_QUICKFIX)
+ if (bt_quickfix(buf))
+ buf = NULL;
+#endif
}
}
diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
index 38a5236..72f3172 100644
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -325,6 +325,31 @@ func Test_copenHeight_tabline()
set tabline& showtabline&
endfunc
+" Another sequence of commands that caused all buffers to be wiped out
+func Test_lopen_bwipe_all()
+ let lines =<< trim END
+ func R()
+ silent! tab lopen
+ e foo
+ silent! lfile
+ endfunc
+ cal R()
+ exe "norm \<C-W>\<C-V>0"
+ cal R()
+ bwipe
+
+ call writefile(['done'], 'Xresult')
+ qall!
+ END
+ call writefile(lines, 'Xscript')
+ if RunVim([], [], '-u NONE -n -X -Z -e -m -s -S Xscript')
+ call assert_equal(['done'], readfile('Xresult'))
+ endif
+
+ call delete('Xscript')
+ call delete('Xresult')
+endfunc
+
" Tests for the :cfile, :lfile, :caddfile, :laddfile, :cgetfile and :lgetfile
" commands.
--
2.27.0

12
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim Name: vim
Epoch: 2 Epoch: 2
Version: 8.2 Version: 8.2
Release: 27 Release: 28
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT License: Vim and MIT
URL: http://www.vim.org URL: http://www.vim.org
@ -88,6 +88,8 @@ Patch6051: backport-CVE-2022-0572.patch
Patch6052: backport-CVE-2022-0714.patch Patch6052: backport-CVE-2022-0714.patch
Patch6053: backport-CVE-2022-0729.patch Patch6053: backport-CVE-2022-0729.patch
Patch6054: backport-CVE-2022-0685.patch Patch6054: backport-CVE-2022-0685.patch
Patch6055: backport-CVE-2022-0319.patch
Patch6056: backport-CVE-2022-0554.patch
Patch9000: bugfix-rm-modify-info-version.patch Patch9000: bugfix-rm-modify-info-version.patch
@ -476,6 +478,12 @@ popd
%{_mandir}/man1/evim.* %{_mandir}/man1/evim.*
%changelog %changelog
* Mon Mar 21 2022 yuanxin <yuanxin24@h-partners.com> - 2:8.2-28
- Type:CVE
- ID:CVE-2022-0319 CVE-2022-0554
- SUG:NA
- DESC:fix CVE-2022-0319 CVE-2022-0554
* Sat Mar 19 2022 yuanxin <yuanxin24@h-partners.com> - 2:8.2-27 * Sat Mar 19 2022 yuanxin <yuanxin24@h-partners.com> - 2:8.2-27
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA
@ -490,7 +498,7 @@ popd
* Sat Mar 05 2022 yuanxin <yuanxin24@h-partners.com> - 2:8.2-25 * Sat Mar 05 2022 yuanxin <yuanxin24@h-partners.com> - 2:8.2-25
- Type:CVE - Type:CVE
- ID:fix CVE-2022-0714 CVE-2022-0729 - ID:CVE-2022-0714 CVE-2022-0729
- SUG:NA - SUG:NA
- DESC:fix CVE-2022-0714 CVE-2022-0729 - DESC:fix CVE-2022-0714 CVE-2022-0729