Commit 0bc4ac1c authored by Rocky Automation's avatar Rocky Automation 📺
Browse files

import vim-8.2.2637-9.el9

parent d66a3acf
diff --git a/src/cindent.c b/src/cindent.c
index b2fac1a..ce513e3 100644
--- a/src/cindent.c
+++ b/src/cindent.c
@@ -1654,7 +1654,7 @@ find_start_brace(void) // XXX
&& (pos = ind_find_start_CORS(NULL)) == NULL) // XXX
break;
if (pos != NULL)
- curwin->w_cursor.lnum = pos->lnum;
+ curwin->w_cursor = *pos;
}
curwin->w_cursor = cursor_save;
return trypos;
diff --git a/src/testdir/test_cindent.vim b/src/testdir/test_cindent.vim
index 5926408..f668faa 100644
--- a/src/testdir/test_cindent.vim
+++ b/src/testdir/test_cindent.vim
@@ -5307,4 +5307,16 @@ func Test_cindent_pragma()
enew! | close
endfunc
+func Test_find_brace_backwards()
+ " this was looking beyond the end of the line
+ new
+ norm R/*
+ norm o0{
+ norm o//
+ norm V{=
+ call assert_equal(['/*', ' 0{', '//'], getline(1, 3))
+ bwipe!
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/help.c b/src/help.c
index ee6ff18..67e4fb2 100644
--- a/src/help.c
+++ b/src/help.c
@@ -422,8 +422,7 @@ find_help_tags(
|| (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
&& arg[2] != NUL)))
{
- STRCPY(d, "/\\\\");
- STRCPY(d + 3, arg + 1);
+ vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
// Check for "/\\_$", should be "/\\_\$"
if (d[3] == '_' && d[4] == '$')
STRCPY(d + 4, "\\$");
diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim
index ff2bc41..c8ff5b8 100644
--- a/src/testdir/test_help.vim
+++ b/src/testdir/test_help.vim
@@ -123,5 +123,13 @@ func Test_helptag_cmd_readonly()
call delete('Xdir', 'rf')
endfunc
+func Test_help_long_argument()
+ try
+ exe 'help \%' .. repeat('0', 1021)
+ catch
+ call assert_match("E149:", v:exception)
+ endtry
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
......@@ -27,7 +27,7 @@ Summary: The VIM editor
URL: http://www.vim.org/
Name: vim
Version: %{baseversion}.%{patchlevel}
Release: 8%{?dist}
Release: 9%{?dist}
License: Vim and MIT
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
Source1: virc
......@@ -80,6 +80,10 @@ Patch3023: 0001-patch-8.2.3428-using-freed-memory-when-replacing.patch
Patch3024: 0001-patch-8.2.3406-on-some-systems-tests-fail-without-_R.patch
# 2016202 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-9.0]
Patch3025: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
# 2028342 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-9.0]
Patch3026: 0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
# 2028431 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-9.0]
Patch3027: 0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch
# gcc is no longer in buildroot by default
BuildRequires: gcc
......@@ -292,6 +296,8 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
%patch3023 -p1 -b .cve-nv-replace
%patch3024 -p1 -b .reentrant
%patch3025 -p1 -b .cve-win-redr
%patch3026 -p1 -b .cve3984
%patch3027 -p1 -b .cve4019
%build
cd src
......@@ -849,6 +855,12 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
%endif
%changelog
* Mon Dec 02 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-9
- 2028431 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-9.0]
* Thu Dec 02 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-9
- 2028342 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-9.0]
* Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-8
- 2016202 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-9.0]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment