diff --git a/backport-CVE-2025-24014.patch b/backport-CVE-2025-24014.patch new file mode 100644 index 0000000000000000000000000000000000000000..815b6cb7941b1744d2d92c1492ab8c74eab01275 --- /dev/null +++ b/backport-CVE-2025-24014.patch @@ -0,0 +1,67 @@ +From 9d1bed5eccdbb46a26b8a484f5e9163c40e63919 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Mon, 20 Jan 2025 22:55:57 +0100 +Subject: [PATCH] patch 9.1.1043: [security]: segfault in win_line() + +Problem: [security]: segfault in win_line() + (fizz-is-on-the-way) +Solution: Check that ScreenLines is not NULL + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 + +Signed-off-by: Christian Brabandt +--- + src/gui.c | 6 ++++-- + src/testdir/crash/ex_redraw_crash | 1 + + src/testdir/test_crash.vim | 6 ++++++ + 3 files changed, 11 insertions(+), 2 deletions(-) + create mode 100644 src/testdir/crash/ex_redraw_crash + +diff --git a/src/gui.c b/src/gui.c +index 8e7b079a5a4ea4..86c40de632aa1e 100644 +--- a/src/gui.c ++++ b/src/gui.c +@@ -4478,13 +4478,15 @@ gui_do_scroll(void) + /* + * Don't call updateWindow() when nothing has changed (it will overwrite + * the status line!). ++ * ++ * Check for ScreenLines, because in ex-mode, we don't have a valid display. + */ +- if (old_topline != wp->w_topline ++ if (ScreenLines != NULL && (old_topline != wp->w_topline + || wp->w_redr_type != 0 + #ifdef FEAT_DIFF + || old_topfill != wp->w_topfill + #endif +- ) ++ )) + { + int type = UPD_VALID; + +diff --git a/src/testdir/crash/ex_redraw_crash b/src/testdir/crash/ex_redraw_crash +new file mode 100644 +index 00000000000000..eda294cae12745 +--- /dev/null ++++ b/src/testdir/crash/ex_redraw_crash +@@ -0,0 +1 @@ ++vdivvi|gIv|÷�X��\��,X��X��\��# +X��\��<��\��,X��X +diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim +index bfd04ff10f9a1b..c83ddf29ea1ca6 100644 +--- a/src/testdir/test_crash.vim ++++ b/src/testdir/test_crash.vim +@@ -234,6 +234,12 @@ func Test_crash1_3() + call term_sendkeys(buf, args) + call TermWait(buf, 50) + ++ let file = 'crash/ex_redraw_crash' ++ let cmn_args = "%s -u NONE -i NONE -n -m -X -Z -e -s -S %s -c ':qa!'" ++ let args = printf(cmn_args, vim, file) ++ call term_sendkeys(buf, args) ++ call TermWait(buf, 150) ++ + " clean up + exe buf .. "bw!" + bw! diff --git a/vim.spec b/vim.spec index 47235774dfced865cc4e92d3d16c053b3d6e9b5a..f9432dd97080c3c095714c2f589643df6f2acdf7 100644 --- a/vim.spec +++ b/vim.spec @@ -10,7 +10,7 @@ Name: vim Epoch: 2 Version: %{baseversion}.%{patchlevel} -Release: 1 +Release: 2 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim AND LGPL-2.1-or-later AND MIT AND GPL-1.0-only AND (GPL-2.0-only OR Vim) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND GPL-2.0-or-later AND GPL-3.0-or-later AND OPUBL-1.0 AND Apache-2.0 WITH Swift-exception URL: https://www.vim.org @@ -24,6 +24,8 @@ Patch0002: vim-8.0-copy-paste.patch Patch0003: vim-python3-tests.patch Patch0005: bugfix-rm-modify-info-version.patch +Patch6000: backport-CVE-2025-24014.patch + BuildRequires: autoconf python3-devel ncurses-devel gettext perl-devel perl-generators gcc BuildRequires: perl(ExtUtils::Embed) perl(ExtUtils::ParseXS) libacl-devel gpm-devel file BuildRequires: pkgconfig(libsodium) @@ -414,6 +416,9 @@ popd %{_mandir}/man1/evim.* %changelog +* Mon Jan 20 2025 wangjiang - 2:9.1.1019-2 +- fix CVE-2025-24014 + * Thu Jan 16 2025 Funda Wang - 2:9.1.1019-1 - update to 9.1 patchlevel 1019 - disable check section as it hangs too long