From 18adec6ac00fb4126d9275c7313955a4b0c94d61 Mon Sep 17 00:00:00 2001 From: weiwei_tiantian Date: Tue, 14 Jun 2022 11:14:48 +0800 Subject: [PATCH] fix CVE-2022-1851 --- backport-CVE-2022-1851.patch | 54 ++++++++++++++++++++++++++++++++++++ vim.spec | 11 ++++++-- 2 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 backport-CVE-2022-1851.patch diff --git a/backport-CVE-2022-1851.patch b/backport-CVE-2022-1851.patch new file mode 100644 index 0000000..bf4a9a2 --- /dev/null +++ b/backport-CVE-2022-1851.patch @@ -0,0 +1,54 @@ +From 78d52883e10d71f23ab72a3d8b9733b00da8c9ad Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Tue, 24 May 2022 13:57:54 +0100 +Subject: [PATCH] patch 8.2.5013: after text formatting cursor may be in an + invalid position + +Problem: After text formatting the cursor may be in an invalid position. +Solution: Correct the cursor position after formatting. + +Reference:https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad +Conflict: delete src/version.c and change src/ops.c file + +--- + src/ops.c | 3 +++ + src/testdir/test_textformat.vim | 12 ++++++++++++ + 2 files changed, 15 insertions(+) + +diff --git a/src/ops.c b/src/ops.c +index a79ef92..2a64db0 100644 +--- a/src/ops.c ++++ b/src/ops.c +@@ -2296,6 +2296,9 @@ op_format( + { + curwin->w_cursor = saved_cursor; + saved_cursor.lnum = 0; ++ ++ // formatting may have made the cursor position invalid ++ check_cursor(); + } + + if (oap->is_VIsual) +diff --git a/src/testdir/test_textformat.vim b/src/testdir/test_textformat.vim +index 3a0552b..5e1d335 100644 +--- a/src/testdir/test_textformat.vim ++++ b/src/testdir/test_textformat.vim +@@ -509,3 +509,15 @@ func Test_crash_github_issue_5095() + augroup END + augroup! testing + endfunc ++ ++" This was leaving the cursor after the end of a line. Complicated way to ++" have the problem show up with valgrind. ++func Test_correct_cursor_position() ++ set encoding=iso8859 ++ new ++ norm a000“0 ++ sil! norm gggg0i0gw0gg ++ ++ bwipe! ++ set encoding=utf8 ++endfunc +-- +2.27.0 + diff --git a/vim.spec b/vim.spec index 2f744ef..ae31974 100644 --- a/vim.spec +++ b/vim.spec @@ -12,7 +12,7 @@ Name: vim Epoch: 2 Version: 8.2 -Release: 37 +Release: 38 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -110,6 +110,7 @@ Patch6073: backport-CVE-2022-1796.patch Patch6074: backport-patch-8.2.0614-get-ml_get-error-when-deleting-a-line.patch Patch6075: backport-patch-8.2.0670-cannot-change-window-when-evaluating-.patch Patch6076: backport-CVE-2022-1785.patch +Patch6077: backport-CVE-2022-1851.patch Patch9000: bugfix-rm-modify-info-version.patch @@ -498,7 +499,13 @@ popd %{_mandir}/man1/evim.* %changelog -* Thu Jun 09 2022 renhongxun - 2:8.2-36 +* Tue Jun 14 2022 tianwei - 2:8.2-38 +- Type:CVE +- ID:CVE-2022-1851 +- SUG:NA +- DESC:fix CVE-2022-1851 + +* Thu Jun 09 2022 renhongxun - 2:8.2-37 - Type:CVE - ID:CVE-2022-1785 - SUG:NA -- Gitee