Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1

Sat, 25 Dec 2021 07:57:12 -0800 

On Sat, Dec 25, 2021 at 11:41:29AM +0000, Adam D. Barratt wrote:
> On Sat, 2021-12-04 at 17:36 +0000, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Mon, 2021-10-04 at 22:22 -0400, James McCoy wrote:
> > > Various "non DSA" CVEs have accumulated in Vim, and it seemed like
> > > a
> > > good idea to get a new upload addressing those.
> > > 
> > > [ Impact ]
> > > * CVE-2019-20807 - Shell commands can be executed from rvim
> > > (restricted
> > >   vim) via the bindings to other programming languages
> > > * CVE-2021-3770 / #994076 - Invalid memory access when a very large
> > >   number is given to :retab command
> > > * CVE-2021-3778 / #994498 - Reading beyond end of line when invalid
> > >   utf-8 character is encountered
> > > * CVE-2021-3796 / #994497 - Using freed memory in replace mode
> > > 
> > 
> > Please go ahead, thanks.
> 
> Unfortunately the builds failed everywhere with a test suite issue:

My apologies.  I uploaded with an additional patch for another issue
(#996593), which ended up not being relevant to the Buster version of
Vim.  This wasn't part of the originally proposed changes, but I had the
source packge still present locally.  I should have double checked the
changes before uploading.

Attached is a debdiff reverting that additional patch, back to what I
had originally prepared.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

diffstat for vim-8.1.0875 vim-8.1.0875

 changelog                                                                  |   
11 +
 patches/series                                                             |   
 1 
 patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch |   
62 ----------
 3 files changed, 8 insertions(+), 66 deletions(-)

diff -Nru vim-8.1.0875/debian/changelog vim-8.1.0875/debian/changelog
--- vim-8.1.0875/debian/changelog       2021-10-19 21:56:40.000000000 -0400
+++ vim-8.1.0875/debian/changelog       2021-12-25 10:48:51.000000000 -0500
@@ -1,3 +1,10 @@
+vim (2:8.1.0875-5+deb10u2) buster; urgency=medium
+
+  * Revert unintentional inclusion of v8.2.3489, which is only relevant to Vim
+    8.2.3110 and later.
+
+ -- James McCoy <james...@debian.org>  Sat, 25 Dec 2021 10:48:51 -0500
+
 vim (2:8.1.0875-5+deb10u1) buster; urgency=medium
 
   * Change gbp.conf and salsa config to use buster
@@ -13,10 +20,8 @@
     + 8.2.3409: reading beyond end of line with invalid utf-8 character
   * Backport v8.2.3428 to fix CVE-2021-3796 (Closes: #994497)
     + 8.2.3428: using freed memory when replacing
-  * Backport v8.2.3489 to fix CVE-2021-3875 (Closes: #996593)
-    + 8.2.3489: ml_get error after search with range
 
- -- James McCoy <james...@debian.org>  Tue, 19 Oct 2021 21:56:40 -0400
+ -- James McCoy <james...@debian.org>  Sun, 26 Sep 2021 09:29:21 -0400
 
 vim (2:8.1.0875-5) unstable; urgency=medium
 
diff -Nru vim-8.1.0875/debian/patches/series vim-8.1.0875/debian/patches/series
--- vim-8.1.0875/debian/patches/series  2021-10-19 21:56:40.000000000 -0400
+++ vim-8.1.0875/debian/patches/series  2021-12-25 10:48:51.000000000 -0500
@@ -21,4 +21,3 @@
 upstream/patch-8.2.3403-memory-leak-for-retab-with-invalid-argumen.patch
 upstream/patch-8.2.3409-reading-beyond-end-of-line-with-invalid-ut.patch
 upstream/patch-8.2.3428-using-freed-memory-when-replacing.patch
-upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
diff -Nru 
vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
 
vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
--- 
vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
      2021-10-19 21:56:40.000000000 -0400
+++ 
vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
      1969-12-31 19:00:00.000000000 -0500
@@ -1,62 +0,0 @@
-From: Bram Moolenaar <b...@vim.org>
-Date: Sat, 9 Oct 2021 13:58:55 +0100
-Subject: patch 8.2.3489: ml_get error after search with range
-
-Problem:    ml_get error after search with range.
-Solution:   Limit the line number to the buffer line count.
-(cherry picked from commit 35a319b77f897744eec1155b736e9372c9c5575f)
----
- src/ex_docmd.c              |  6 ++++--
- src/testdir/test_search.vim | 12 ++++++++++++
- src/version.c               |  1 +
- 3 files changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/src/ex_docmd.c b/src/ex_docmd.c
-index ccca2f9..b550af6 100644
---- a/src/ex_docmd.c
-+++ b/src/ex_docmd.c
-@@ -4589,8 +4589,10 @@ get_address(
- 
-                   // When '/' or '?' follows another address, start from
-                   // there.
--                  if (lnum != MAXLNUM)
--                      curwin->w_cursor.lnum = lnum;
-+                  if (lnum > 0 && lnum != MAXLNUM)
-+                      curwin->w_cursor.lnum =
-+                              lnum > curbuf->b_ml.ml_line_count
-+                                         ? curbuf->b_ml.ml_line_count : lnum;
- 
-                   // Start a forward search at the end of the line (unless
-                   // before the first line).
-diff --git a/src/testdir/test_search.vim b/src/testdir/test_search.vim
-index 0dfea49..c47fcfe 100644
---- a/src/testdir/test_search.vim
-+++ b/src/testdir/test_search.vim
-@@ -1187,3 +1187,15 @@ func Test_search_Ctrl_L_combining()
-   call assert_equal(bufcontent[1], @/)
-   call Incsearch_cleanup()
- endfunc
-+
-+func Test_search_with_invalid_range()
-+  new
-+  call writefile(['/\%.v', '5/', 'c'], 'Xrangesearch')
-+  source Xrangesearch
-+
-+  bwipe!
-+  call delete('Xrangesearch')
-+endfunc
-+
-+
-+" vim: shiftwidth=2 sts=2 expandtab
-diff --git a/src/version.c b/src/version.c
-index c4a502f..00469a2 100644
---- a/src/version.c
-+++ b/src/version.c
-@@ -2584,6 +2584,7 @@ static char *(extra_patches[]) =
-     "8.2.3403",
-     "8.2.3409",
-     "8.2.3428",
-+    "8.2.3489",
- /**/
-     NULL
- };

Reply via email to