Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1
On Sat, Dec 25, 2021 at 11:41:29AM +0000, Adam D. Barratt wrote:
> On Sat, 2021-12-04 at 17:36 +0000, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> >
> > On Mon, 2021-10-04 at 22:22 -0400, James McCoy wrote:
> > > Various "non DSA" CVEs have accumulated in Vim, and it seemed like
> > > a
> > > good idea to get a new upload addressing those.
> > >
> > > [ Impact ]
> > > * CVE-2019-20807 - Shell commands can be executed from rvim
> > > (restricted
> > > vim) via the bindings to other programming languages
> > > * CVE-2021-3770 / #994076 - Invalid memory access when a very large
> > > number is given to :retab command
> > > * CVE-2021-3778 / #994498 - Reading beyond end of line when invalid
> > > utf-8 character is encountered
> > > * CVE-2021-3796 / #994497 - Using freed memory in replace mode
> > >
> >
> > Please go ahead, thanks.
>
> Unfortunately the builds failed everywhere with a test suite issue:
My apologies. I uploaded with an additional patch for another issue
(#996593), which ended up not being relevant to the Buster version of
Vim. This wasn't part of the originally proposed changes, but I had the
source packge still present locally. I should have double checked the
changes before uploading.
Attached is a debdiff reverting that additional patch, back to what I
had originally prepared.
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
diffstat for vim-8.1.0875 vim-8.1.0875
changelog | 11 +
patches/series | 1
patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch | 62 ----------
3 files changed, 8 insertions(+), 66 deletions(-)
diff -Nru vim-8.1.0875/debian/changelog vim-8.1.0875/debian/changelog
--- vim-8.1.0875/debian/changelog 2021-10-19 21:56:40.000000000 -0400
+++ vim-8.1.0875/debian/changelog 2021-12-25 10:48:51.000000000 -0500
@@ -1,3 +1,10 @@
+vim (2:8.1.0875-5+deb10u2) buster; urgency=medium
+
+ * Revert unintentional inclusion of v8.2.3489, which is only relevant to Vim
+ 8.2.3110 and later.
+
+ -- James McCoy <jamessan@debian.org> Sat, 25 Dec 2021 10:48:51 -0500
+
vim (2:8.1.0875-5+deb10u1) buster; urgency=medium
* Change gbp.conf and salsa config to use buster
@@ -13,10 +20,8 @@
+ 8.2.3409: reading beyond end of line with invalid utf-8 character
* Backport v8.2.3428 to fix CVE-2021-3796 (Closes: #994497)
+ 8.2.3428: using freed memory when replacing
- * Backport v8.2.3489 to fix CVE-2021-3875 (Closes: #996593)
- + 8.2.3489: ml_get error after search with range
- -- James McCoy <jamessan@debian.org> Tue, 19 Oct 2021 21:56:40 -0400
+ -- James McCoy <jamessan@debian.org> Sun, 26 Sep 2021 09:29:21 -0400
vim (2:8.1.0875-5) unstable; urgency=medium
diff -Nru vim-8.1.0875/debian/patches/series vim-8.1.0875/debian/patches/series
--- vim-8.1.0875/debian/patches/series 2021-10-19 21:56:40.000000000 -0400
+++ vim-8.1.0875/debian/patches/series 2021-12-25 10:48:51.000000000 -0500
@@ -21,4 +21,3 @@
upstream/patch-8.2.3403-memory-leak-for-retab-with-invalid-argumen.patch
upstream/patch-8.2.3409-reading-beyond-end-of-line-with-invalid-ut.patch
upstream/patch-8.2.3428-using-freed-memory-when-replacing.patch
-upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
diff -Nru vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
--- vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch 2021-10-19 21:56:40.000000000 -0400
+++ vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch 1969-12-31 19:00:00.000000000 -0500
@@ -1,62 +0,0 @@
-From: Bram Moolenaar <Bram@vim.org>
-Date: Sat, 9 Oct 2021 13:58:55 +0100
-Subject: patch 8.2.3489: ml_get error after search with range
-
-Problem: ml_get error after search with range.
-Solution: Limit the line number to the buffer line count.
-(cherry picked from commit 35a319b77f897744eec1155b736e9372c9c5575f)
----
- src/ex_docmd.c | 6 ++++--
- src/testdir/test_search.vim | 12 ++++++++++++
- src/version.c | 1 +
- 3 files changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/src/ex_docmd.c b/src/ex_docmd.c
-index ccca2f9..b550af6 100644
---- a/src/ex_docmd.c
-+++ b/src/ex_docmd.c
-@@ -4589,8 +4589,10 @@ get_address(
-
- // When '/' or '?' follows another address, start from
- // there.
-- if (lnum != MAXLNUM)
-- curwin->w_cursor.lnum = lnum;
-+ if (lnum > 0 && lnum != MAXLNUM)
-+ curwin->w_cursor.lnum =
-+ lnum > curbuf->b_ml.ml_line_count
-+ ? curbuf->b_ml.ml_line_count : lnum;
-
- // Start a forward search at the end of the line (unless
- // before the first line).
-diff --git a/src/testdir/test_search.vim b/src/testdir/test_search.vim
-index 0dfea49..c47fcfe 100644
---- a/src/testdir/test_search.vim
-+++ b/src/testdir/test_search.vim
-@@ -1187,3 +1187,15 @@ func Test_search_Ctrl_L_combining()
- call assert_equal(bufcontent[1], @/)
- call Incsearch_cleanup()
- endfunc
-+
-+func Test_search_with_invalid_range()
-+ new
-+ call writefile(['/\%.v', '5/', 'c'], 'Xrangesearch')
-+ source Xrangesearch
-+
-+ bwipe!
-+ call delete('Xrangesearch')
-+endfunc
-+
-+
-+" vim: shiftwidth=2 sts=2 expandtab
-diff --git a/src/version.c b/src/version.c
-index c4a502f..00469a2 100644
---- a/src/version.c
-+++ b/src/version.c
-@@ -2584,6 +2584,7 @@ static char *(extra_patches[]) =
- "8.2.3403",
- "8.2.3409",
- "8.2.3428",
-+ "8.2.3489",
- /**/
- NULL
- };
Reply to: