Hi Ashish, Thanks for helping with CVEs.
Due to the large number of CVE issues in vim we have adopted a policy of doing version bumps rather than individual CVE patches. So please submit a version bump patch similar to: https://git.openembedded.org/openembedded-core/commit/?id=160f459febc7fb36cc0fe85c63eb26780ace3bfd Also, please submit for the master branch, and I will cherry-pick to the other branches after it is accepted there. Thanks again! Steve On Tue, Jan 10, 2023 at 6:10 AM Ashish Sharma <[email protected]> wrote: > > Upstream-Status: Backport from > 'https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c' > CVE: CVE-2023-0049 > > Signed-off-by: Ashish Sharma <[email protected]> > --- > .../vim/files/CVE-2023-0049.patch | 62 +++++++++++++++++++ > meta/recipes-support/vim/vim.inc | 1 + > 2 files changed, 63 insertions(+) > create mode 100644 meta/recipes-support/vim/files/CVE-2023-0049.patch > > diff --git a/meta/recipes-support/vim/files/CVE-2023-0049.patch > b/meta/recipes-support/vim/files/CVE-2023-0049.patch > new file mode 100644 > index 00000000000..d8155f5fabb > --- /dev/null > +++ b/meta/recipes-support/vim/files/CVE-2023-0049.patch > @@ -0,0 +1,62 @@ > +From 7b17eb4b063a234376c1ec909ee293e42cff290c Mon Sep 17 00:00:00 2001 > +From: Bram Moolenaar <[email protected]> > +Date: Wed, 4 Jan 2023 14:31:49 +0000 > +Subject: [PATCH] patch 9.0.1143: invalid memory access with bad 'statusline' > + value > + > +Problem: Invalid memory access with bad 'statusline' value. > +Solution: Avoid going over the NUL at the end. > + > +Upstream-Status: Backport from > 'https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c' > +CVE: CVE-2023-0049 > +Signed-off-by: Ashish Sharma <[email protected]> > +--- > + src/buffer.c | 2 ++ > + src/testdir/test_statusline.vim | 7 +++++++ > + src/version.c | 2 ++ > + 3 files changed, 11 insertions(+) > + > +diff --git a/src/buffer.c b/src/buffer.c > +index 98568987894e..40168226160c 100644 > +--- a/src/buffer.c > ++++ b/src/buffer.c > +@@ -4617,6 +4617,8 @@ build_stl_str_hl( > + #endif > + if (vim_strchr(STL_ALL, *s) == NULL) > + { > ++ if (*s == NUL) // can happen with "%0" > ++ break; > + s++; > + continue; > + } > +diff --git a/src/testdir/test_statusline.vim > b/src/testdir/test_statusline.vim > +index a829597655bf..23613bfed37b 100644 > +--- a/src/testdir/test_statusline.vim > ++++ b/src/testdir/test_statusline.vim > +@@ -440,6 +440,13 @@ func Test_statusline() > + set splitbelow& > + endfunc > + > ++func Test_statusline_trailing_percent_zero() > ++ " this was causing illegal memory access > ++ set laststatus=2 stl=%!%0 > ++ call assert_fails('redraw', 'E15: Invalid expression: "%0"') > ++ set laststatus& stl& > ++endfunc > ++ > + func Test_statusline_visual() > + func CallWordcount() > + call wordcount() > +diff --git a/src/version.c b/src/version.c > +index df02bb87b87d..4ccbd537abe3 100644 > +--- a/src/version.c > ++++ b/src/version.c > +@@ -695,6 +695,8 @@ static char *(features[]) = > + > + static int included_patches[] = > + { /* Add new patch number below this line */ > ++/**/ > ++ 1143, > + /**/ > + 1142, > + /**/ > diff --git a/meta/recipes-support/vim/vim.inc > b/meta/recipes-support/vim/vim.inc > index d86841efaa8..81c07bfefa8 100644 > --- a/meta/recipes-support/vim/vim.inc > +++ b/meta/recipes-support/vim/vim.inc > @@ -18,6 +18,7 @@ SRC_URI = > "git://github.com/vim/vim.git;branch=master;protocol=https \ > file://vim-add-knob-whether-elf.h-are-checked.patch \ > file://0001-src-Makefile-improve-reproducibility.patch \ > file://no-path-adjust.patch \ > + file://CVE-2023-0049.patch \ > " > > PV .= ".0947" > -- > 2.35.5 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#175723): https://lists.openembedded.org/g/openembedded-core/message/175723 Mute This Topic: https://lists.openembedded.org/mt/96180104/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
