diff --git a/1003-fix-cve-2025-24014.patch b/1003-fix-cve-2025-24014.patch new file mode 100644 index 0000000000000000000000000000000000000000..1ab408a30e7f9ef2d3ef1bb05ffa5cdb8869148a --- /dev/null +++ b/1003-fix-cve-2025-24014.patch @@ -0,0 +1,51 @@ +From 9d1bed5eccdbb46a26b8a484f5e9163c40e63919 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Mon, 20 Jan 2025 22:55:57 +0100 +Subject: [PATCH] patch 9.1.1043: [security]: segfault in win_line() + +Problem: [security]: segfault in win_line() + (fizz-is-on-the-way) +Solution: Check that ScreenLines is not NULL + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 + +Signed-off-by: Christian Brabandt +--- + src/gui.c | 6 ++++-- + src/testdir/crash/ex_redraw_crash | 1 + + src/testdir/test_crash.vim | 6 ++++++ + src/version.c | 2 ++ + 4 files changed, 13 insertions(+), 2 deletions(-) + create mode 100644 src/testdir/crash/ex_redraw_crash + +diff --git a/src/gui.c b/src/gui.c +index 8e7b079a5a4ea4..86c40de632aa1e 100644 +--- a/src/gui.c ++++ b/src/gui.c +@@ -4478,13 +4478,15 @@ gui_do_scroll(void) + /* + * Don't call updateWindow() when nothing has changed (it will overwrite + * the status line!). ++ * ++ * Check for ScreenLines, because in ex-mode, we don't have a valid display. + */ +- if (old_topline != wp->w_topline ++ if (ScreenLines != NULL && (old_topline != wp->w_topline + || wp->w_redr_type != 0 + #ifdef FEAT_DIFF + || old_topfill != wp->w_topfill + #endif +- ) ++ )) + { + int type = UPD_VALID; + +diff --git a/src/testdir/crash/ex_redraw_crash b/src/testdir/crash/ex_redraw_crash +new file mode 100644 +index 00000000000000..eda294cae12745 +--- /dev/null ++++ b/src/testdir/crash/ex_redraw_crash +@@ -0,0 +1 @@ ++vdivvi|gIv|÷³X€ý\€ý,X€ýX€ý\€ý# +X€ý\„ý<€ý\€ý,X€ùX diff --git a/vim.spec b/vim.spec index 7ac15f525645e0dd46609859119be87eb8c91658..eedfe1fa625b8e0970e98365bc69409cee564bb5 100644 --- a/vim.spec +++ b/vim.spec @@ -1,4 +1,4 @@ -%define anolis_release 3 +%define anolis_release 4 %bcond_without gui %bcond_with default_editor @@ -60,6 +60,8 @@ Patch0001: 1001-vim-8.0-copy-paste.patch #CVE-2024-22667 #https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 Patch0002: 1002-stack-buffer-overflow-in-option-callback-functions.patch +#https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919 +Patch0003: 1003-fix-cve-2025-24014.patch BuildRequires: autoconf gcc glibc-gconv-extra make BuildRequires: gettext gpm-devel libacl-devel @@ -804,6 +806,9 @@ touch %{buildroot}/%{data_dir}/vimfiles/doc/tags %endif %changelog +* Fri Feb 28 2025 yangxinyu - 3:9.0.2092-4 +- fix fix CVE-2025-24014 + * Thu Aug 29 2024 wangce - 3:9.0.2092-3 - fix fix CVE-2024-22667