diff --git a/backport-CVE-2021-4069.patch b/backport-CVE-2021-4069.patch new file mode 100644 index 0000000000000000000000000000000000000000..cefd77889663569f977b42c094419ef316a236d7 --- /dev/null +++ b/backport-CVE-2021-4069.patch @@ -0,0 +1,56 @@ +From e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Sun, 5 Dec 2021 12:06:24 +0000 +Subject: [PATCH] patch 8.2.3741: using freed memory in open command + +Problem: Using freed memory in open command. +Solution: Make a copy of the current line. + +Reference:https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 +Conflict:src/testdir/test_ex_mode.vim, The current version does not exist and therefore does not fit into this test case +--- + src/ex_docmd.c | 10 +++++++--- + src/version.c | 2 ++ + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index 203174a..cb6b64a 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -6030,13 +6030,17 @@ ex_open(exarg_T *eap) + regmatch.regprog = vim_regcomp(eap->arg, p_magic ? RE_MAGIC : 0); + if (regmatch.regprog != NULL) + { ++ // make a copy of the line, when searching for a mark it might be ++ // flushed ++ char_u *line = vim_strsave(ml_get_curline()); ++ + regmatch.rm_ic = p_ic; +- p = ml_get_curline(); +- if (vim_regexec(®match, p, (colnr_T)0)) +- curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - p); ++ if (vim_regexec(®match, line, (colnr_T)0)) ++ curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - line); + else + emsg(_(e_nomatch)); + vim_regfree(regmatch.regprog); ++ vim_free(line); + } + // Move to the NUL, ignore any other arguments. + eap->arg += STRLEN(eap->arg); +diff --git a/src/version.c b/src/version.c +index 035c46f..bd45631 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3741, + /**/ + 3403, + /**/ +-- +2.27.0 + diff --git a/vim.spec b/vim.spec index eb2cfaf4c2cbcb89f0ab909d7a8525c610ce9842..3b7276fb9d30f1e52311565794184fc5170320bf 100644 --- a/vim.spec +++ b/vim.spec @@ -11,7 +11,7 @@ Name: vim Epoch: 2 Version: 8.2 -Release: 9 +Release: 10 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -46,6 +46,7 @@ Patch6012: backport-find-test-fails.patch Patch6013: backport-no-early-check-if-find-and-sfind-have-an-argument.patch Patch6014: backport-CVE-2021-3984.patch Patch6015: backport-CVE-2021-4019.patch +Patch6016: backport-CVE-2021-4069.patch Patch9000: bugfix-rm-modify-info-version.patch @@ -434,6 +435,12 @@ popd %{_mandir}/man1/evim.* %changelog +* Sat Dec 11 2021 yuanxin - 2:8.2-10 +- Type:CVE +- ID:CVE-2021-4069 +- SUG:NA +- DESC:fix CVE-2021-4069 + * Tue Dec 07 2021 shixuantong - 2:8.2-9 - Type:CVE - ID:CVE-2021-4019