diff options
author | Mingli Yu <mingli.yu@windriver.com> | 2021-11-17 17:18:23 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-11-24 21:12:46 +0000 |
commit | 4c5d6076492cebd5d56403e2f74dd51d58555e53 (patch) | |
tree | 39b5a59415d87c030dfffa94bd2b2cad020d4461 /meta | |
parent | 097c86071eabaec9db55781ada99c3d011e6ff3f (diff) | |
download | poky-4c5d6076492cebd5d56403e2f74dd51d58555e53.tar.gz |
vim: fix CVE-2021-3872 and CVE-2021-3903
Backport 2 patches to fix below CVEs:
- CVE-2021-3872
- CVE-2021-3903
(From OE-Core rev: baa351293ed036e63d0e3253f58ad4f2e448852c)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-support/vim/files/CVE-2021-3872.patch | 57 | ||||
-rw-r--r-- | meta/recipes-support/vim/files/CVE-2021-3903.patch | 38 | ||||
-rw-r--r-- | meta/recipes-support/vim/vim.inc | 2 |
3 files changed, 97 insertions, 0 deletions
diff --git a/meta/recipes-support/vim/files/CVE-2021-3872.patch b/meta/recipes-support/vim/files/CVE-2021-3872.patch new file mode 100644 index 0000000000..f0f30933fa --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3872.patch | |||
@@ -0,0 +1,57 @@ | |||
1 | From 132d060ffbb9651f0d79bd0b6d80cab460235a99 Mon Sep 17 00:00:00 2001 | ||
2 | From: Bram Moolenaar <Bram@vim.org> | ||
3 | Date: Fri, 12 Nov 2021 02:56:51 +0000 | ||
4 | Subject: [PATCH] patch 8.2.3487: illegal memory access if buffer name is very | ||
5 | long | ||
6 | |||
7 | Problem: Illegal memory access if buffer name is very long. | ||
8 | Solution: Make sure not to go over the end of the buffer. | ||
9 | |||
10 | CVE: CVE-2021-3872 | ||
11 | |||
12 | Upstream-Status: Backport [https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b] | ||
13 | |||
14 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
15 | --- | ||
16 | src/drawscreen.c | 10 +++++----- | ||
17 | 1 file changed, 5 insertions(+), 5 deletions(-) | ||
18 | |||
19 | diff --git a/src/drawscreen.c b/src/drawscreen.c | ||
20 | index 3a88ee979..9acb70552 100644 | ||
21 | --- a/src/drawscreen.c | ||
22 | +++ b/src/drawscreen.c | ||
23 | @@ -446,13 +446,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) | ||
24 | *(p + len++) = ' '; | ||
25 | if (bt_help(wp->w_buffer)) | ||
26 | { | ||
27 | - STRCPY(p + len, _("[Help]")); | ||
28 | + vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]")); | ||
29 | len += (int)STRLEN(p + len); | ||
30 | } | ||
31 | #ifdef FEAT_QUICKFIX | ||
32 | if (wp->w_p_pvw) | ||
33 | { | ||
34 | - STRCPY(p + len, _("[Preview]")); | ||
35 | + vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]")); | ||
36 | len += (int)STRLEN(p + len); | ||
37 | } | ||
38 | #endif | ||
39 | @@ -462,12 +462,12 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) | ||
40 | #endif | ||
41 | ) | ||
42 | { | ||
43 | - STRCPY(p + len, "[+]"); | ||
44 | - len += 3; | ||
45 | + vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]"); | ||
46 | + len += (int)STRLEN(p + len); | ||
47 | } | ||
48 | if (wp->w_buffer->b_p_ro) | ||
49 | { | ||
50 | - STRCPY(p + len, _("[RO]")); | ||
51 | + vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]")); | ||
52 | len += (int)STRLEN(p + len); | ||
53 | } | ||
54 | |||
55 | -- | ||
56 | 2.31.1 | ||
57 | |||
diff --git a/meta/recipes-support/vim/files/CVE-2021-3903.patch b/meta/recipes-support/vim/files/CVE-2021-3903.patch new file mode 100644 index 0000000000..fb45857de8 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3903.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From a366598006f4d7bf9b4fbcd334a2e5078dcb6ad8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Bram Moolenaar <Bram@vim.org> | ||
3 | Date: Fri, 12 Nov 2021 02:23:38 +0000 | ||
4 | Subject: [PATCH] =?UTF-8?q?patch=208.2.3564:=20invalid=20memory=20access?= | ||
5 | =?UTF-8?q?=20when=20scrolling=20without=20valid=20sc=E2=80=A6?= | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | …reen | ||
11 | |||
12 | Problem: Invalid memory access when scrolling without a valid screen. | ||
13 | Solution: Do not set VALID_BOTLINE in w_valid. | ||
14 | |||
15 | CVE: CVE-2021-3903 | ||
16 | |||
17 | Upstream-Status: Backport [https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43] | ||
18 | |||
19 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
20 | --- | ||
21 | src/move.c | 1 - | ||
22 | 1 file changed, 1 deletion(-) | ||
23 | |||
24 | diff --git a/src/move.c b/src/move.c | ||
25 | index 8e53d8bcb..10165ef4d 100644 | ||
26 | --- a/src/move.c | ||
27 | +++ b/src/move.c | ||
28 | @@ -198,7 +198,6 @@ update_topline(void) | ||
29 | { | ||
30 | curwin->w_topline = curwin->w_cursor.lnum; | ||
31 | curwin->w_botline = curwin->w_topline; | ||
32 | - curwin->w_valid |= VALID_BOTLINE|VALID_BOTLINE_AP; | ||
33 | curwin->w_scbind_pos = 1; | ||
34 | return; | ||
35 | } | ||
36 | -- | ||
37 | 2.31.1 | ||
38 | |||
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index db4741ba4f..1841498b74 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc | |||
@@ -20,6 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ | |||
20 | file://CVE-2021-3778.patch \ | 20 | file://CVE-2021-3778.patch \ |
21 | file://CVE-2021-3796.patch \ | 21 | file://CVE-2021-3796.patch \ |
22 | file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \ | 22 | file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \ |
23 | file://CVE-2021-3903.patch \ | ||
24 | file://CVE-2021-3872.patch \ | ||
23 | " | 25 | " |
24 | 26 | ||
25 | SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" | 27 | SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" |