rpms
/
vim
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:cs10
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
..
compare: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'cs10' and 'c9' have entirely different histories.
cs10 ... c9

50 changed files with 2676 additions and 882 deletions
Show Stats

5
.gitignore vendored
Unescape View File

@ -1,5 +1,2 @@
SOURCES/gvim16.png
SOURCES/gvim32.png
SOURCES/gvim48.png
SOURCES/gvim64.png
SOURCES/vim-9.1-083.tar.bz2
SOURCES/vim-8.2-2637.tar.bz2

5
.vim.metadata
Unescape View File

@ -1,5 +1,2 @@
a7c81ffd40611b19c125c505699d8a6401f6e022 SOURCES/gvim16.png
2356345378a9f1ba3c9e9e6508b695611e8f2cfa SOURCES/gvim32.png
37ad682f67539da7f4d4b7316383115dfe43222d SOURCES/gvim48.png
c32bd520a1498b71ee9bbcddc7ad05df1565d085 SOURCES/gvim64.png
4e96020dcf38583ee23cd88eef077bc85ee2552d SOURCES/vim-9.1-083.tar.bz2
8405efdee1d83465651f90edc1173ff69f390aea SOURCES/vim-8.2-2637.tar.bz2

30
SOURCES/0001-patch-8.2.3115-Coverity-complains-about-free_wininfo.patch
Unescape View File

@ -0,0 +1,30 @@
From b5098060f4acae4dac3203130278c948d670a3d5 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 7 Jul 2021 19:26:19 +0200
Subject: [PATCH] patch 8.2.3115: Coverity complains about free_wininfo() use
Problem: Coverity complains about free_wininfo() use.
Solution: Add a condition that "wip2" is not equal to "wip". (Neovim #14996)
---
src/version.c | 2 ++
src/window.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/window.c b/src/window.c
index 09067b081..cc9c217b4 100644
--- a/src/window.c
+++ b/src/window.c
@@ -5057,8 +5057,9 @@ win_free(
// If there already is an entry with "wi_win" set to NULL it
// must be removed, it would never be used.
+ // Skip "wip" itself, otherwise Coverity complains.
for (wip2 = buf->b_wininfo; wip2 != NULL; wip2 = wip2->wi_next)
- if (wip2->wi_win == NULL)
+ if (wip2 != wip && wip2->wi_win == NULL)
{
if (wip2->wi_next != NULL)
wip2->wi_next->wi_prev = wip2->wi_prev;
--
2.31.1

102
SOURCES/0001-patch-8.2.3290-Vim9-compiling-dict-may-use-pointer-a.patch
Unescape View File

@ -0,0 +1,102 @@
diff --git a/src/vim9compile.c b/src/vim9compile.c
index 535de05..ae7b253 100644
--- a/src/vim9compile.c
+++ b/src/vim9compile.c
@@ -1073,21 +1073,26 @@ generate_PUSHF(cctx_T *cctx, float_T fnumber)
/*
* Generate an ISN_PUSHS instruction.
- * Consumes "str".
+ * Consumes "*str". When freed *str is set to NULL, unless "str" is NULL.
*/
static int
-generate_PUSHS(cctx_T *cctx, char_u *str)
+generate_PUSHS(cctx_T *cctx, char_u **str)
{
isn_T *isn;
if (cctx->ctx_skip == SKIP_YES)
{
- vim_free(str);
+ if (str != NULL)
+ VIM_CLEAR(*str);
return OK;
}
if ((isn = generate_instr_type(cctx, ISN_PUSHS, &t_string)) == NULL)
+ {
+ if (str != NULL)
+ VIM_CLEAR(*str);
return FAIL;
- isn->isn_arg.string = str;
+ }
+ isn->isn_arg.string = str == NULL ? NULL : *str;
return OK;
}
@@ -2547,7 +2552,7 @@ generate_tv_PUSH(cctx_T *cctx, typval_T *tv)
tv->vval.v_blob = NULL;
break;
case VAR_STRING:
- generate_PUSHS(cctx, tv->vval.v_string);
+ generate_PUSHS(cctx, &tv->vval.v_string);
tv->vval.v_string = NULL;
break;
default:
@@ -3301,7 +3306,7 @@ compile_dict(char_u **arg, cctx_T *cctx, ppconst_T *ppconst)
key = get_literal_key(arg);
if (key == NULL)
return FAIL;
- if (generate_PUSHS(cctx, key) == FAIL)
+ if (generate_PUSHS(cctx, &key) == FAIL)
return FAIL;
}
@@ -5978,7 +5983,7 @@ compile_assign_unlet(
char_u *key_end = to_name_end(p + 1, TRUE);
char_u *key = vim_strnsave(p + 1, key_end - p - 1);
- r = generate_PUSHS(cctx, key);
+ r = generate_PUSHS(cctx, &key);
}
if (r == FAIL)
return FAIL;
@@ -6149,7 +6154,7 @@ compile_assignment(char_u *arg, exarg_T *eap, cmdidx_T cmdidx, cctx_T *cctx)
// Push each line and the create the list.
FOR_ALL_LIST_ITEMS(l, li)
{
- generate_PUSHS(cctx, li->li_tv.vval.v_string);
+ generate_PUSHS(cctx, &li->li_tv.vval.v_string);
li->li_tv.vval.v_string = NULL;
}
generate_NEWLIST(cctx, l->lv_len);
@@ -7709,7 +7714,7 @@ compile_catch(char_u *arg, cctx_T *cctx UNUSED)
p += len + 2 + dropped;
if (pat == NULL)
return FAIL;
- if (generate_PUSHS(cctx, pat) == FAIL)
+ if (generate_PUSHS(cctx, &pat) == FAIL)
return FAIL;
if (generate_COMPARE(cctx, EXPR_MATCH, FALSE) == FAIL)
@@ -8080,7 +8085,9 @@ compile_exec(char_u *line, exarg_T *eap, cctx_T *cctx)
{
if (p > start)
{
- generate_PUSHS(cctx, vim_strnsave(start, p - start));
+ char_u *val = vim_strnsave(start, p - start);
+
+ generate_PUSHS(cctx, &val);
++count;
}
p += 2;
@@ -8101,7 +8108,9 @@ compile_exec(char_u *line, exarg_T *eap, cctx_T *cctx)
{
if (*skipwhite(start) != NUL)
{
- generate_PUSHS(cctx, vim_strsave(start));
+ char_u *val = vim_strsave(start);
+
+ generate_PUSHS(cctx, &val);
++count;
}
break;

49
SOURCES/0001-patch-8.2.3406-on-some-systems-tests-fail-without-_R.patch
Unescape View File

@ -0,0 +1,49 @@
From 3ae5fc9a6a881e0be381e4cc70080ac5908d7520 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Mon, 6 Sep 2021 18:57:30 +0200
Subject: [PATCH] patch 8.2.3406: on some systems tests fail without _REENTRANT
Problem: On some systems tests fail without _REENTRANT. (Elimar
Riesebieter)
Solution: Add -D_REENTRANT in configure. (closes #7402)
---
src/auto/configure | 4 ++++
src/configure.ac | 6 ++++++
src/version.c | 2 ++
3 files changed, 12 insertions(+)
diff --git a/src/auto/configure b/src/auto/configure
index fba6a19b5..4f4363224 100755
--- a/src/auto/configure
+++ b/src/auto/configure
@@ -14960,6 +14960,10 @@ $as_echo "no" >&6; }
fi
fi
+if `echo "$CFLAGS" | grep -v D_XEENTRANT >/dev/null`; then
+ CFLAGS="$CFLAGS -D_REENTRANT"
+fi
+
DEPEND_CFLAGS_FILTER=
if test "$GCC" = yes; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GCC 3 or later" >&5
diff --git a/src/configure.ac b/src/configure.ac
index 5ec955757..4cd6dea1f 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -4504,6 +4504,12 @@ if test "$MACOS_X" = "yes"; then
fi
fi
+dnl On some systems REENTRANT needs to be defined. It should not hurt to use
+dnl it everywhere.
+if `echo "$CFLAGS" | grep -v D_REENTRANT >/dev/null`; then
+ CFLAGS="$CFLAGS -D_REENTRANT"
+fi
+
dnl gcc 3.1 changed the meaning of -MM. The only solution appears to be to
dnl use "-isystem" instead of "-I" for all non-Vim include dirs.
dnl But only when making dependencies, cproto and lint don't take "-isystem".
--
2.31.1

48
SOURCES/0001-patch-8.2.3409-reading-beyond-end-of-line-with-inval.patch
Unescape View File

@ -0,0 +1,48 @@
From 65b605665997fad54ef39a93199e305af2fe4d7f Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 7 Sep 2021 19:26:53 +0200
Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8
character
Problem: Reading beyond end of line with invalid utf-8 character.
Solution: Check for NUL when advancing.
---
src/regexp_nfa.c | 3 ++-
src/testdir/test_regexp_utf8.vim | 8 ++++++++
src/version.c | 2 ++
3 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
index 9757d7c47..c7db98187 100644
--- a/src/regexp_nfa.c
+++ b/src/regexp_nfa.c
@@ -5664,7 +5664,8 @@ find_match_text(colnr_T startcol, int regstart, char_u *match_text)
match = FALSE;
break;
}
- len2 += MB_CHAR2LEN(c2);
+ len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2)
+ : MB_CHAR2LEN(c2);
}
if (match
// check that no composing char follows
diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim
index 9f0ffb9aa..044aeffb6 100644
--- a/src/testdir/test_regexp_utf8.vim
+++ b/src/testdir/test_regexp_utf8.vim
@@ -558,4 +558,12 @@ func Test_match_char_class_upper()
bwipe!
endfunc
+func Test_match_invalid_byte()
+ call writefile(0z630a.765d30aa0a.2e0a.790a.4030, 'Xinvalid')
+ new
+ source Xinvalid
+ bwipe!
+ call delete('Xinvalid')
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.31.1

50
SOURCES/0001-patch-8.2.3428-using-freed-memory-when-replacing.patch
Unescape View File

@ -0,0 +1,50 @@
diff -up vim82/src/normal.c.cve-3796 vim82/src/normal.c
--- vim82/src/normal.c.cve-3796 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/normal.c 2021-10-15 10:45:21.397258123 +0200
@@ -5076,19 +5076,23 @@ nv_replace(cmdarg_T *cap)
{
/*
* Get ptr again, because u_save and/or showmatch() will have
- * released the line. At the same time we let know that the
- * line will be changed.
+ * released the line. This may also happen in ins_copychar().
+ * At the same time we let know that the line will be changed.
*/
- ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y)
{
int c = ins_copychar(curwin->w_cursor.lnum
+ (cap->nchar == Ctrl_Y ? -1 : 1));
+
+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
if (c != NUL)
ptr[curwin->w_cursor.col] = c;
}
else
+ {
+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
ptr[curwin->w_cursor.col] = cap->nchar;
+ }
if (p_sm && msg_silent == 0)
showmatch(cap->nchar);
++curwin->w_cursor.col;
diff -up vim82/src/testdir/test_edit.vim.cve-3796 vim82/src/testdir/test_edit.vim
--- vim82/src/testdir/test_edit.vim.cve-3796 2021-10-15 10:45:21.398258115 +0200
+++ vim82/src/testdir/test_edit.vim 2021-10-15 10:46:22.892764135 +0200
@@ -1844,4 +1844,16 @@ func Test_read_invalid()
set encoding=utf-8
endfunc
+" Test for getting the character of the line below after "p"
+func Test_edit_put_CTRL_E()
+ set encoding=latin1
+ new
+ let @" = ''
+ sil! norm orggRx
+ sil! norm pr
+ call assert_equal(['r', 'r'], getline(1, 2))
+ bwipe!
+ set encoding=utf-8
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab

72
SOURCES/0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
Unescape View File

@ -0,0 +1,72 @@
From 826bfe4bbd7594188e3d74d2539d9707b1c6a14b Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Fri, 8 Oct 2021 18:39:28 +0100
Subject: [PATCH] patch 8.2.3487: illegal memory access if buffer name is very
long
Problem: Illegal memory access if buffer name is very long.
Solution: Make sure not to go over the end of the buffer.
---
src/drawscreen.c | 10 +++++-----
src/testdir/test_statusline.vim | 10 ++++++++++
src/version.c | 2 ++
3 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/drawscreen.c b/src/drawscreen.c
index 82e53753b..e38ca9586 100644
--- a/src/drawscreen.c
+++ b/src/drawscreen.c
@@ -464,13 +464,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED)
*(p + len++) = ' ';
if (bt_help(wp->w_buffer))
{
- STRCPY(p + len, _("[Help]"));
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]"));
len += (int)STRLEN(p + len);
}
#ifdef FEAT_QUICKFIX
if (wp->w_p_pvw)
{
- STRCPY(p + len, _("[Preview]"));
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]"));
len += (int)STRLEN(p + len);
}
#endif
@@ -480,12 +480,12 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED)
#endif
)
{
- STRCPY(p + len, "[+]");
- len += 3;
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]");
+ len += (int)STRLEN(p + len);
}
if (wp->w_buffer->b_p_ro)
{
- STRCPY(p + len, _("[RO]"));
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]"));
len += (int)STRLEN(p + len);
}
diff --git a/src/testdir/test_statusline.vim b/src/testdir/test_statusline.vim
index f3eea2e71..a952de69b 100644
--- a/src/testdir/test_statusline.vim
+++ b/src/testdir/test_statusline.vim
@@ -522,4 +522,14 @@ func Test_statusline_mbyte_fillchar()
%bw!
endfunc
+" Used to write beyond allocated memory. This assumes MAXPATHL is 4096 bytes.
+func Test_statusline_verylong_filename()
+ let fname = repeat('x', 4090)
+ exe "new " .. fname
+ set buftype=help
+ set previewwindow
+ redraw
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.31.1

34
SOURCES/0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
Unescape View File

@ -0,0 +1,34 @@
diff --git a/src/cindent.c b/src/cindent.c
index b2fac1a..ce513e3 100644
--- a/src/cindent.c
+++ b/src/cindent.c
@@ -1654,7 +1654,7 @@ find_start_brace(void) // XXX
&& (pos = ind_find_start_CORS(NULL)) == NULL) // XXX
break;
if (pos != NULL)
- curwin->w_cursor.lnum = pos->lnum;
+ curwin->w_cursor = *pos;
}
curwin->w_cursor = cursor_save;
return trypos;
diff --git a/src/testdir/test_cindent.vim b/src/testdir/test_cindent.vim
index 5926408..f668faa 100644
--- a/src/testdir/test_cindent.vim
+++ b/src/testdir/test_cindent.vim
@@ -5307,4 +5307,16 @@ func Test_cindent_pragma()
enew! | close
endfunc
+func Test_find_brace_backwards()
+ " this was looking beyond the end of the line
+ new
+ norm R/*
+ norm o0{
+ norm o//
+ norm V{=
+ call assert_equal(['/*', ' 0{', '//'], getline(1, 3))
+ bwipe!
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab

32
SOURCES/0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch
Unescape View File

@ -0,0 +1,32 @@
diff --git a/src/help.c b/src/help.c
index ee6ff18..67e4fb2 100644
--- a/src/help.c
+++ b/src/help.c
@@ -422,8 +422,7 @@ find_help_tags(
|| (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
&& arg[2] != NUL)))
{
- STRCPY(d, "/\\\\");
- STRCPY(d + 3, arg + 1);
+ vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
// Check for "/\\_$", should be "/\\_\$"
if (d[3] == '_' && d[4] == '$')
STRCPY(d + 4, "\\$");
diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim
index ff2bc41..c8ff5b8 100644
--- a/src/testdir/test_help.vim
+++ b/src/testdir/test_help.vim
@@ -123,5 +123,13 @@ func Test_helptag_cmd_readonly()
call delete('Xdir', 'rf')
endfunc
+func Test_help_long_argument()
+ try
+ exe 'help \%' .. repeat('0', 1021)
+ catch
+ call assert_match("E149:", v:exception)
+ endtry
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab

44
SOURCES/0001-patch-8.2.3949-using-freed-memory-with-V.patch
Unescape View File

@ -0,0 +1,44 @@
diff -up vim82/src/regexp.c.cve4192 vim82/src/regexp.c
--- vim82/src/regexp.c.cve4192 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/regexp.c 2022-01-13 10:54:17.629176807 +0100
@@ -1316,9 +1316,9 @@ reg_match_visual(void)
if (lnum < top.lnum || lnum > bot.lnum)
return FALSE;
+ col = (colnr_T)(rex.input - rex.line);
if (mode == 'v')
{
- col = (colnr_T)(rex.input - rex.line);
if ((lnum == top.lnum && col < top.col)
|| (lnum == bot.lnum && col >= bot.col + (*p_sel != 'e')))
return FALSE;
@@ -1333,7 +1333,12 @@ reg_match_visual(void)
end = end2;
if (top.col == MAXCOL || bot.col == MAXCOL)
end = MAXCOL;
- cols = win_linetabsize(wp, rex.line, (colnr_T)(rex.input - rex.line));
+
+ // getvvcol() flushes rex.line, need to get it again
+ rex.line = reg_getline(rex.lnum);
+ rex.input = rex.line + col;
+
+ cols = win_linetabsize(wp, rex.line, col);
if (cols < start || cols > end - (*p_sel == 'e'))
return FALSE;
}
diff -up vim82/src/testdir/test_regexp_latin.vim.cve4192 vim82/src/testdir/test_regexp_latin.vim
--- vim82/src/testdir/test_regexp_latin.vim.cve4192 2022-01-13 10:52:05.508789448 +0100
+++ vim82/src/testdir/test_regexp_latin.vim 2022-01-13 10:52:05.510789454 +0100
@@ -946,4 +946,12 @@ func Test_using_invalid_visual_position(
bwipe!
endfunc
+func Test_using_visual_position()
+ " this was using freed memory
+ new
+ exe "norm 0o\<Esc>\<C-V>k\<C-X>o0"
+ /\%V
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab

39
SOURCES/0001-patch-8.2.3950-going-beyond-the-end-of-the-line-with.patch
Unescape View File

@ -0,0 +1,39 @@
diff -up vim82/src/charset.c.cve4193 vim82/src/charset.c
--- vim82/src/charset.c.cve4193 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/charset.c 2022-01-13 10:14:55.634913386 +0100
@@ -1232,10 +1232,15 @@ getvcol(
posptr = NULL; // continue until the NUL
else
{
- // Special check for an empty line, which can happen on exit, when
- // ml_get_buf() always returns an empty string.
- if (*ptr == NUL)
- pos->col = 0;
+ colnr_T i;
+
+ // In a few cases the position can be beyond the end of the line.
+ for (i = 0; i < pos->col; ++i)
+ if (ptr[i] == NUL)
+ {
+ pos->col = i;
+ break;
+ }
posptr = ptr + pos->col;
if (has_mbyte)
// always start on the first byte
diff -up vim82/src/testdir/test_regexp_latin.vim.cve4193 vim82/src/testdir/test_regexp_latin.vim
--- vim82/src/testdir/test_regexp_latin.vim.cve4193 2022-01-13 10:14:55.634913386 +0100
+++ vim82/src/testdir/test_regexp_latin.vim 2022-01-13 10:17:01.905292715 +0100
@@ -938,4 +938,12 @@ func Test_regexp_last_subst_string()
close!
endfunc
+func Test_using_invalid_visual_position()
+ " this was going beyond the end of the line
+ new
+ exe "norm 0o000\<Esc>0\<C-V>$s0"
+ /\%V
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab

94
SOURCES/0001-patch-8.2.4120-block-insert-goes-over-the-end-of-the.patch
Unescape View File

@ -0,0 +1,94 @@
diff --git a/src/ops.c b/src/ops.c
index d8e96ff..88992b6 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -534,22 +534,27 @@ block_insert(
if (b_insert)
{
off = (*mb_head_off)(oldp, oldp + offset + spaces);
+ spaces -= off;
+ count -= off;
}
else
{
- off = (*mb_off_next)(oldp, oldp + offset);
- offset += off;
+ // spaces fill the gap, the character that's at the edge moves
+ // right
+ off = (*mb_head_off)(oldp, oldp + offset);
+ offset -= off;
}
- spaces -= off;
- count -= off;
}
- newp = alloc(STRLEN(oldp) + s_len + count + 1);
+ // Make sure the allocated size matches what is actually copied below.
+ newp = alloc(STRLEN(oldp) + spaces + s_len
+ + (spaces > 0 && !bdp->is_short ? ts_val - spaces : 0)
+ + count + 1);
if (newp == NULL)
continue;
// copy up to shifted part
- mch_memmove(newp, oldp, (size_t)(offset));
+ mch_memmove(newp, oldp, (size_t)offset);
oldp += offset;
// insert pre-padding
@@ -560,14 +565,21 @@ block_insert(
mch_memmove(newp + startcol, s, (size_t)s_len);
offset += s_len;
- if (spaces && !bdp->is_short)
+ if (spaces > 0 && !bdp->is_short)
{
- // insert post-padding
- vim_memset(newp + offset + spaces, ' ', (size_t)(ts_val - spaces));
- // We're splitting a TAB, don't copy it.
- oldp++;
- // We allowed for that TAB, remember this now
- count++;
+ if (*oldp == TAB)
+ {
+ // insert post-padding
+ vim_memset(newp + offset + spaces, ' ',
+ (size_t)(ts_val - spaces));
+ // we're splitting a TAB, don't copy it
+ oldp++;
+ // We allowed for that TAB, remember this now
+ count++;
+ }
+ else
+ // Not a TAB, no extra spaces
+ count = spaces;
}
if (spaces > 0)
@@ -1574,7 +1586,7 @@ op_insert(oparg_T *oap, long count1)
oap->start_vcol = t;
}
else if (oap->op_type == OP_APPEND
- && oap->end.col + oap->end.coladd
+ && oap->start.col + oap->start.coladd
>= curbuf->b_op_start_orig.col
+ curbuf->b_op_start_orig.coladd)
{
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index 7c5f973..dc8e376 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -967,4 +967,13 @@ func Test_visual_put_in_block()
bwipe!
endfunc
+func Test_visual_block_append_invalid_char()
+ " this was going over the end of the line
+ new
+ call setline(1, [' let xxx', 'xxxxxˆ', 'xxxxxxxxxxx'])
+ exe "normal 0\<C-V>jjA-\<Esc>"
+ call assert_equal([' - let xxx', 'xxxxx -ˆ', 'xxxxxxxx-xxx'], getline(1, 3))
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab

62
SOURCES/0001-patch-8.2.4151-reading-beyond-the-end-of-a-line.patch
Unescape View File

@ -0,0 +1,62 @@
diff --git a/src/ops.c b/src/ops.c
index 88992b6..80e0ea1 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -527,24 +527,8 @@ block_insert(
}
if (has_mbyte && spaces > 0)
- {
- int off;
-
- // Avoid starting halfway a multi-byte character.
- if (b_insert)
- {
- off = (*mb_head_off)(oldp, oldp + offset + spaces);
- spaces -= off;
- count -= off;
- }
- else
- {
- // spaces fill the gap, the character that's at the edge moves
- // right
- off = (*mb_head_off)(oldp, oldp + offset);
- offset -= off;
- }
- }
+ // avoid copying part of a multi-byte character
+ offset -= (*mb_head_off)(oldp, oldp + offset);
// Make sure the allocated size matches what is actually copied below.
newp = alloc(STRLEN(oldp) + spaces + s_len
diff --git a/src/testdir/test_utf8.vim b/src/testdir/test_utf8.vim
index 5454e43..bedec20 100644
--- a/src/testdir/test_utf8.vim
+++ b/src/testdir/test_utf8.vim
@@ -7,7 +7,7 @@ func Test_visual_block_insert()
new
call setline(1, ["aaa", "あああ", "bbb"])
exe ":norm! gg0l\<C-V>jjIx\<Esc>"
- call assert_equal(['axaa', 'xあああ', 'bxbb'], getline(1, '$'))
+ call assert_equal(['axaa', ' xあああ', 'bxbb'], getline(1, '$'))
bwipeout!
endfunc
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index dc8e376..8de9e3d 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -976,4 +976,13 @@ func Test_visual_block_append_invalid_char()
bwipe!
endfunc
+func Test_visual_block_insert_round_off()
+ new
+ " The number of characters are tuned to fill a 4096 byte allocated block,
+ " so that valgrind reports going over the end.
+ call setline(1, ['xxxxx', repeat('0', 1350), "\t", repeat('x', 60)])
+ exe "normal gg0\<C-V>GI" .. repeat('0', 1320) .. "\<Esc>"
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab

43
SOURCES/0001-patch-8.2.4154-ml_get-error-when-exchanging-windows-.patch
Unescape View File

@ -0,0 +1,43 @@
diff -up vim82/src/testdir/test_visual.vim.cve0319 vim82/src/testdir/test_visual.vim
--- vim82/src/testdir/test_visual.vim.cve0319 2022-02-08 13:24:54.170813231 +0100
+++ vim82/src/testdir/test_visual.vim 2022-02-08 13:26:21.313747976 +0100
@@ -985,4 +985,15 @@ func Test_visual_block_insert_round_off(
bwipe!
endfunc
+" this was causing an ml_get error
+func Test_visual_exchange_windows()
+ enew!
+ new
+ call setline(1, ['foo', 'bar'])
+ exe "normal G\<C-V>gg\<C-W>\<C-X>OO\<Esc>"
+ bwipe!
+ bwipe!
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab
diff -up vim82/src/window.c.cve0319 vim82/src/window.c
--- vim82/src/window.c.cve0319 2022-02-08 13:24:54.137813879 +0100
+++ vim82/src/window.c 2022-02-08 13:24:54.171813211 +0100
@@ -1697,6 +1697,11 @@ win_exchange(long Prenum)
(void)win_comp_pos(); // recompute window positions
+ if (wp->w_buffer != curbuf)
+ reset_VIsual_and_resel();
+ else if (VIsual_active)
+ wp->w_cursor = curwin->w_cursor;
+
win_enter(wp, TRUE);
redraw_all_later(NOT_VALID);
}
@@ -5261,7 +5266,7 @@ frame_remove(frame_T *frp)
win_alloc_lines(win_T *wp)
{
wp->w_lines_valid = 0;
- wp->w_lines = ALLOC_CLEAR_MULT(wline_T, Rows );
+ wp->w_lines = ALLOC_CLEAR_MULT(wline_T, Rows);
if (wp->w_lines == NULL)
return FAIL;
return OK;

49
SOURCES/0001-patch-8.2.4214-illegal-memory-access-with-large-tabs.patch
Unescape View File

@ -0,0 +1,49 @@
From 85b6747abc15a7a81086db31289cf1b8b17e6cb1 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 25 Jan 2022 11:55:02 +0000
Subject: [PATCH] patch 8.2.4214: illegal memory access with large 'tabstop' in
Ex mode
Problem: Illegal memory access with large 'tabstop' in Ex mode.
Solution: Allocate enough memory.
---
src/ex_getln.c | 2 +-
src/testdir/test_ex_mode.vim | 10 ++++++++++
src/version.c | 2 ++
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/ex_getln.c b/src/ex_getln.c
index 5dc43d845..097b97eeb 100644
--- a/src/ex_getln.c
+++ b/src/ex_getln.c
@@ -1513,7 +1513,7 @@ init_ccline(int firstc, int indent)
ccline.cmdindent = (firstc > 0 ? indent : 0);
// alloc initial ccline.cmdbuff
- alloc_cmdbuff(exmode_active ? 250 : indent + 1);
+ alloc_cmdbuff(indent + 50);
if (ccline.cmdbuff == NULL)
return FAIL;
ccline.cmdlen = ccline.cmdpos = 0;
diff --git a/src/testdir/test_ex_mode.vim b/src/testdir/test_ex_mode.vim
index 7031115fc..2642a16d2 100644
--- a/src/testdir/test_ex_mode.vim
+++ b/src/testdir/test_ex_mode.vim
@@ -241,4 +241,14 @@ func Test_ex_mode_count_overflow()
call delete('Xexmodescript')
endfunc
+func Test_ex_mode_large_indent()
+ new
+ set ts=500 ai
+ call setline(1, "\t")
+ exe "normal gQi\<CR>."
+ set ts=8 noai
+ bwipe!
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.34.1

51
SOURCES/0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
Unescape View File

@ -0,0 +1,51 @@
From dc5490e2cbc8c16022a23b449b48c1bd0083f366 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 25 Jan 2022 13:52:53 +0000
Subject: [PATCH] patch 8.2.4215: illegal memory access when copying lines in
Visual mode
Problem: Illegal memory access when copying lines in Visual mode.
Solution: Adjust the Visual position after copying lines.
---
src/ex_cmds.c | 2 ++
src/testdir/test_visual.vim | 11 +++++++++++
src/version.c | 2 ++
3 files changed, 15 insertions(+)
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
index 95209985e..f5d93e664 100644
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -866,6 +866,8 @@ ex_copy(linenr_T line1, linenr_T line2, linenr_T n)
}
appended_lines_mark(n, count);
+ if (VIsual_active)
+ check_pos(curbuf, &VIsual);
msgmore((long)count);
}
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index 72f5388b9..9b322fd21 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -1328,5 +1328,16 @@ func Test_visual_exchange_windows()
bwipe!
endfunc
+" this was leaving the end of the Visual area beyond the end of a line
+func Test_visual_ex_copy_line()
+ new
+ call setline(1, ["aaa", "bbbbbbbbbxbb"])
+ /x
+ exe "normal ggvjfxO"
+ t0
+ normal gNU
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.34.1

55
SOURCES/0001-patch-8.2.4217-illegal-memory-access-when-undo-makes.patch
Unescape View File

@ -0,0 +1,55 @@
From 8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 25 Jan 2022 18:24:00 +0000
Subject: [PATCH] patch 8.2.4217: illegal memory access when undo makes Visual
area invalid
Problem: Illegal memory access when undo makes Visual area invalid.
Solution: Correct the Visual area after undo.
---
src/testdir/test_visual.vim | 15 +++++++++++++++
src/undo.c | 2 ++
src/version.c | 2 ++
3 files changed, 19 insertions(+)
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index 9b322fd21..b2beda08d 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -1339,5 +1339,20 @@ func Test_visual_ex_copy_line()
bwipe!
endfunc
+" This was leaving the end of the Visual area beyond the end of a line.
+" Set 'undolevels' to start a new undo block.
+func Test_visual_undo_deletes_last_line()
+ new
+ call setline(1, ["aaa", "ccc", "dyd"])
+ set undolevels=100
+ exe "normal obbbbbbbbbxbb\<Esc>"
+ set undolevels=100
+ /y
+ exe "normal ggvjfxO"
+ undo
+ normal gNU
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/undo.c b/src/undo.c
index 4d186d453..636144aef 100644
--- a/src/undo.c
+++ b/src/undo.c
@@ -3029,6 +3029,8 @@ u_undo_end(
}
}
#endif
+ if (VIsual_active)
+ check_pos(curbuf, &VIsual);
smsg_attr_keep(0, _("%ld %s; %s #%ld %s"),
u_oldcount < 0 ? -u_oldcount : u_oldcount,
--
2.34.1

45
SOURCES/0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch
Unescape View File

@ -0,0 +1,45 @@
From 806d037671e133bd28a7864248763f643967973a Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 25 Jan 2022 20:45:16 +0000
Subject: [PATCH] patch 8.2.4218: illegal memory access with bracketed paste in
Ex mode
Problem: Illegal memory access with bracketed paste in Ex mode.
Solution: Reserve space for the trailing NUL.
---
src/edit.c | 3 ++-
src/testdir/test_paste.vim | 3 +++
src/version.c | 2 ++
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/edit.c b/src/edit.c
index ee3caf0da..2b5301100 100644
--- a/src/edit.c
+++ b/src/edit.c
@@ -4452,7 +4452,8 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
break;
case PASTE_EX:
- if (gap != NULL && ga_grow(gap, idx) == OK)
+ // add one for the NUL that is going to be appended
+ if (gap != NULL && ga_grow(gap, idx + 1) == OK)
{
mch_memmove((char *)gap->ga_data + gap->ga_len,
buf, (size_t)idx);
diff --git a/src/testdir/test_paste.vim b/src/testdir/test_paste.vim
index c94fe7c35..5b8d8a0e3 100644
--- a/src/testdir/test_paste.vim
+++ b/src/testdir/test_paste.vim
@@ -90,6 +90,9 @@ func Test_paste_ex_mode()
unlet! foo
call feedkeys("Qlet foo=\"\<Esc>[200~foo\<CR>bar\<Esc>[201~\"\<CR>vi\<CR>", 'xt')
call assert_equal("foo\rbar", foo)
+
+ " pasting more than 40 bytes
+ exe "norm Q\<PasteStart>0000000000000000000000000000000000000000000000000000000000000000000000\<C-C>"
endfunc
func Test_paste_onechar()
--
2.34.1

95
SOURCES/0001-patch-8.2.4245-retab-0-may-cause-illegal-memory-acce.patch
Unescape View File

@ -0,0 +1,95 @@
diff -up vim82/src/indent.c.cve0417 vim82/src/indent.c
--- vim82/src/indent.c.cve0417 2022-02-09 10:01:34.250009316 +0100
+++ vim82/src/indent.c 2022-02-09 10:02:54.802588536 +0100
@@ -71,7 +71,7 @@ tabstop_set(char_u *var, int **array)
int n = atoi((char *)cp);
// Catch negative values, overflow and ridiculous big values.
- if (n < 0 || n > 9999)
+ if (n < 0 || n > TABSTOP_MAX)
{
semsg(_(e_invarg2), cp);
vim_free(*array);
@@ -1595,7 +1595,7 @@ ex_retab(exarg_T *eap)
emsg(_(e_positive));
return;
}
- if (new_ts < 0 || new_ts > 9999)
+ if (new_ts < 0 || new_ts > TABSTOP_MAX)
{
semsg(_(e_invarg2), eap->arg);
return;
diff -up vim82/src/option.c.cve0417 vim82/src/option.c
--- vim82/src/option.c.cve0417 2022-02-09 10:01:34.196009598 +0100
+++ vim82/src/option.c 2022-02-09 10:28:10.398548161 +0100
@@ -3640,6 +3640,11 @@ set_num_option(
errmsg = e_positive;
curbuf->b_p_ts = 8;
}
+ else if (curbuf->b_p_ts > TABSTOP_MAX)
+ {
+ errmsg = e_invarg;
+ curbuf->b_p_ts = 8;
+ }
if (p_tm < 0)
{
errmsg = e_positive;
@@ -5830,7 +5835,7 @@ buf_copy_options(buf_T *buf, int flags)
if (p_vsts && p_vsts != empty_option)
(void)tabstop_set(p_vsts, &buf->b_p_vsts_array);
else
- buf->b_p_vsts_array = 0;
+ buf->b_p_vsts_array = NULL;
buf->b_p_vsts_nopaste = p_vsts_nopaste
? vim_strsave(p_vsts_nopaste) : NULL;
#endif
@@ -6649,9 +6654,7 @@ paste_option_changed(void)
if (buf->b_p_vsts)
free_string_option(buf->b_p_vsts);
buf->b_p_vsts = empty_option;
- if (buf->b_p_vsts_array)
- vim_free(buf->b_p_vsts_array);
- buf->b_p_vsts_array = 0;
+ VIM_CLEAR(buf->b_p_vsts_array);
#endif
}
@@ -6697,12 +6700,11 @@ paste_option_changed(void)
free_string_option(buf->b_p_vsts);
buf->b_p_vsts = buf->b_p_vsts_nopaste
? vim_strsave(buf->b_p_vsts_nopaste) : empty_option;
- if (buf->b_p_vsts_array)
- vim_free(buf->b_p_vsts_array);
+ vim_free(buf->b_p_vsts_array);
if (buf->b_p_vsts && buf->b_p_vsts != empty_option)
(void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
else
- buf->b_p_vsts_array = 0;
+ buf->b_p_vsts_array = NULL;
#endif
}
diff -up vim82/src/testdir/test_options.vim.cve0417 vim82/src/testdir/test_options.vim
--- vim82/src/testdir/test_options.vim.cve0417 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/testdir/test_options.vim 2022-02-09 10:01:34.251009311 +0100
@@ -362,6 +362,8 @@ func Test_set_errors()
call assert_fails('set shiftwidth=-1', 'E487:')
call assert_fails('set sidescroll=-1', 'E487:')
call assert_fails('set tabstop=-1', 'E487:')
+ call assert_fails('set tabstop=10000', 'E474:')
+ call assert_fails('set tabstop=5500000000', 'E474:')
call assert_fails('set textwidth=-1', 'E487:')
call assert_fails('set timeoutlen=-1', 'E487:')
call assert_fails('set updatecount=-1', 'E487:')
diff -up vim82/src/vim.h.cve0417 vim82/src/vim.h
--- vim82/src/vim.h.cve0417 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/vim.h 2022-02-09 10:01:34.252009306 +0100
@@ -2032,6 +2032,8 @@ typedef int sock_T;
#define DICT_MAXNEST 100 // maximum nesting of lists and dicts
+#define TABSTOP_MAX 9999
+
#ifdef FEAT_CLIPBOARD
// VIM_ATOM_NAME is the older Vim-specific selection type for X11. Still

75
SOURCES/0001-patch-8.2.4247-stack-corruption-when-looking-for-spe.patch
Unescape View File

@ -0,0 +1,75 @@
diff --git a/src/spellsuggest.c b/src/spellsuggest.c
index 3de9ff2..5462583 100644
--- a/src/spellsuggest.c
+++ b/src/spellsuggest.c
@@ -1200,7 +1200,7 @@ suggest_try_change(suginfo_T *su)
// Check the maximum score, if we go over it we won't try this change.
#define TRY_DEEPER(su, stack, depth, add) \
- (stack[depth].ts_score + (add) < su->su_maxscore)
+ (depth < MAXWLEN - 1 && stack[depth].ts_score + (add) < su->su_maxscore)
/*
* Try finding suggestions by adding/removing/swapping letters.
@@ -1272,6 +1272,9 @@ suggest_trie_walk(
char_u changename[MAXWLEN][80];
#endif
int breakcheckcount = 1000;
+#ifdef FEAT_RELTIME
+ proftime_T time_limit;
+#endif
int compound_ok;
// Go through the whole case-fold tree, try changes at each node.
@@ -1316,6 +1319,11 @@ suggest_trie_walk(
sp->ts_state = STATE_START;
}
}
+#ifdef FEAT_RELTIME
+ // The loop may take an indefinite amount of time. Break out after five
+ // sectonds. TODO: add an option for the time limit.
+ profile_setlimit(5000, &time_limit);
+#endif
// Loop to find all suggestions. At each round we either:
// - For the current state try one operation, advance "ts_curi",
@@ -1350,7 +1358,8 @@ suggest_trie_walk(
// At end of a prefix or at start of prefixtree: check for
// following word.
- if (byts[arridx] == 0 || n == (int)STATE_NOPREFIX)
+ if (depth < MAXWLEN - 1
+ && (byts[arridx] == 0 || n == (int)STATE_NOPREFIX))
{
// Set su->su_badflags to the caps type at this position.
// Use the caps type until here for the prefix itself.
@@ -2644,6 +2653,10 @@ suggest_trie_walk(
{
ui_breakcheck();
breakcheckcount = 1000;
+#ifdef FEAT_RELTIME
+ if (profile_passed_limit(&time_limit))
+ got_int = TRUE;
+#endif
}
}
}
diff --git a/src/testdir/test_spell.vim b/src/testdir/test_spell.vim
index a3a9621..35035a2 100644
--- a/src/testdir/test_spell.vim
+++ b/src/testdir/test_spell.vim
@@ -768,6 +768,14 @@ func Test_spell_long_word()
set nospell
endfunc
+func Test_spellsuggest_too_deep()
+ " This was incrementing "depth" over MAXWLEN.
+ new
+ norm s000G00ý000000000000
+ sil norm ..vzG................vvzG0 v z=
+ bwipe!
+endfunc
+
func LoadAffAndDic(aff_contents, dic_contents)
set enc=latin1
set spellfile=

69
SOURCES/0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch
Unescape View File

@ -0,0 +1,69 @@
diff -up vim82/src/ex_cmds.c.cve0413 vim82/src/ex_cmds.c
--- vim82/src/ex_cmds.c.cve0413 2022-02-10 08:09:27.644493218 +0100
+++ vim82/src/ex_cmds.c 2022-02-10 08:09:27.653493168 +0100
@@ -3627,6 +3627,7 @@ ex_substitute(exarg_T *eap)
int save_do_all; // remember user specified 'g' flag
int save_do_ask; // remember user specified 'c' flag
char_u *pat = NULL, *sub = NULL; // init for GCC
+ char_u *sub_copy = NULL;
int delimiter;
int sublen;
int got_quit = FALSE;
@@ -3928,11 +3929,20 @@ ex_substitute(exarg_T *eap)
sub_firstline = NULL;
/*
- * ~ in the substitute pattern is replaced with the old pattern.
- * We do it here once to avoid it to be replaced over and over again.
- * But don't do it when it starts with "\=", then it's an expression.
+ * If the substitute pattern starts with "\=" then it's an expression.
+ * Make a copy, a recursive function may free it.
+ * Otherwise, '~' in the substitute pattern is replaced with the old
+ * pattern. We do it here once to avoid it to be replaced over and over
+ * again.
*/
- if (!(sub[0] == '\\' && sub[1] == '='))
+ if (sub[0] == '\\' && sub[1] == '=')
+ {
+ sub = vim_strsave(sub);
+ if (sub == NULL)
+ return;
+ sub_copy = sub;
+ }
+ else
sub = regtilde(sub, magic_isset());
/*
@@ -4737,6 +4747,7 @@ outofmem:
#endif
vim_regfree(regmatch.regprog);
+ vim_free(sub_copy);
// Restore the flag values, they can be used for ":&&".
subflags.do_all = save_do_all;
diff -up vim82/src/testdir/test_substitute.vim.cve0413 vim82/src/testdir/test_substitute.vim
--- vim82/src/testdir/test_substitute.vim.cve0413 2022-02-10 08:09:27.654493162 +0100
+++ vim82/src/testdir/test_substitute.vim 2022-02-10 08:10:14.392230843 +0100
@@ -926,4 +926,21 @@ func Test_substitute_multiline_submatch(
close!
endfunc
+" This was using "old_sub" after it was freed.
+func Test_using_old_sub()
+ set compatible maxfuncdepth=10
+ new
+ call setline(1, 'some text.')
+ func Repl()
+ ~
+ s/
+ endfunc
+ silent! s/\%')/\=Repl()
+
+ delfunc Repl
+ bwipe!
+ set nocompatible
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab

75
SOURCES/0001-patch-8.2.4281-using-freed-memory-with-lopen-and-bwi.patch
Unescape View File

@ -0,0 +1,75 @@
diff -up vim82/src/buffer.c.cve0443 vim82/src/buffer.c
--- vim82/src/buffer.c.cve0443 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/buffer.c 2022-02-10 08:33:19.159488384 +0100
@@ -1710,6 +1710,7 @@ set_curbuf(buf_T *buf, int action)
#endif
bufref_T newbufref;
bufref_T prevbufref;
+ int valid;
setpcmark();
if ((cmdmod.cmod_flags & CMOD_KEEPALT) == 0)
@@ -1763,13 +1764,19 @@ set_curbuf(buf_T *buf, int action)
// An autocommand may have deleted "buf", already entered it (e.g., when
// it did ":bunload") or aborted the script processing.
// If curwin->w_buffer is null, enter_buffer() will make it valid again
- if ((buf_valid(buf) && buf != curbuf
+ valid = buf_valid(buf);
+ if ((valid && buf != curbuf
#ifdef FEAT_EVAL
&& !aborting()
#endif
) || curwin->w_buffer == NULL)
{
- enter_buffer(buf);
+ // If the buffer is not valid but curwin->w_buffer is NULL we must
+ // enter some buffer. Using the last one is hopefully OK.
+ if (!valid)
+ enter_buffer(lastbuf);
+ else
+ enter_buffer(buf);
#ifdef FEAT_SYN_HL
if (old_tw != curbuf->b_p_tw)
check_colorcolumn(curwin);
@@ -2286,8 +2293,7 @@ free_buf_options(
clear_string_option(&buf->b_p_vsts);
vim_free(buf->b_p_vsts_nopaste);
buf->b_p_vsts_nopaste = NULL;
- vim_free(buf->b_p_vsts_array);
- buf->b_p_vsts_array = NULL;
+ VIM_CLEAR(buf->b_p_vsts_array);
clear_string_option(&buf->b_p_vts);
VIM_CLEAR(buf->b_p_vts_array);
#endif
diff -up vim82/src/testdir/test_quickfix.vim.cve0443 vim82/src/testdir/test_quickfix.vim
--- vim82/src/testdir/test_quickfix.vim.cve0443 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/testdir/test_quickfix.vim 2022-02-10 08:34:10.288204457 +0100
@@ -923,6 +923,7 @@ func Test_locationlist_curwin_was_closed
call assert_fails('lrewind', 'E924:')
augroup! testgroup
+ delfunc R
endfunc
func Test_locationlist_cross_tab_jump()
@@ -5372,4 +5373,20 @@ func Test_vimgrep_noswapfile()
set swapfile
endfunc
+" Weird sequence of commands that caused entering a wiped-out buffer
+func Test_lopen_bwipe()
+ func R()
+ silent! tab lopen
+ e x
+ silent! lfile
+ endfunc
+
+ cal R()
+ cal R()
+ cal R()
+ bw!
+ delfunc R
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab

110
SOURCES/0001-patch-8.2.4327-may-end-up-with-no-current-buffer.patch
Unescape View File

@ -0,0 +1,110 @@
From e3537aec2f8d6470010547af28dcbd83d41461b8 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 8 Feb 2022 15:05:20 +0000
Subject: [PATCH] patch 8.2.4327: may end up with no current buffer
Problem: May end up with no current buffer.
Solution: When deleting the current buffer to not pick a quickfix buffer as
the new current buffer.
---
src/buffer.c | 26 ++++++++++++++++++++++----
src/testdir/test_quickfix.vim | 25 +++++++++++++++++++++++++
src/version.c | 2 ++
3 files changed, 49 insertions(+), 4 deletions(-)
diff --git a/src/buffer.c b/src/buffer.c
index 81bdb31ca..b3e2bc3f9 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -1430,8 +1430,14 @@ do_buffer_ext(
buf = buflist_findnr(curwin->w_jumplist[jumpidx].fmark.fnum);
if (buf != NULL)
{
- if (buf == curbuf || !buf->b_p_bl)
- buf = NULL; // skip current and unlisted bufs
+ // Skip current and unlisted bufs. Also skip a quickfix
+ // buffer, it might be deleted soon.
+ if (buf == curbuf || !buf->b_p_bl
+#if defined(FEAT_QUICKFIX)
+ || bt_quickfix(buf)
+#endif
+ )
+ buf = NULL;
else if (buf->b_ml.ml_mfp == NULL)
{
// skip unloaded buf, but may keep it for later
@@ -1467,7 +1473,11 @@ do_buffer_ext(
continue;
}
// in non-help buffer, try to skip help buffers, and vv
- if (buf->b_help == curbuf->b_help && buf->b_p_bl)
+ if (buf->b_help == curbuf->b_help && buf->b_p_bl
+#if defined(FEAT_QUICKFIX)
+ && !bt_quickfix(buf)
+#endif
+ )
{
if (buf->b_ml.ml_mfp != NULL) // found loaded buffer
break;
@@ -1485,7 +1495,11 @@ do_buffer_ext(
if (buf == NULL) // No loaded buffer, find listed one
{
FOR_ALL_BUFFERS(buf)
- if (buf->b_p_bl && buf != curbuf)
+ if (buf->b_p_bl && buf != curbuf
+#if defined(FEAT_QUICKFIX)
+ && !bt_quickfix(buf)
+#endif
+ )
break;
}
if (buf == NULL) // Still no buffer, just take one
@@ -1494,6 +1508,10 @@ do_buffer_ext(
buf = curbuf->b_next;
else
buf = curbuf->b_prev;
+#if defined(FEAT_QUICKFIX)
+ if (bt_quickfix(buf))
+ buf = NULL;
+#endif
}
}
diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
index 07fdb9644..adb0ea4fd 100644
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -5851,5 +5851,30 @@ func Test_lopen_bwipe()
delfunc R
endfunc
+" Another sequence of commands that caused all buffers to be wiped out
+func Test_lopen_bwipe_all()
+ let lines =<< trim END
+ func R()
+ silent! tab lopen
+ e foo
+ silent! lfile
+ endfunc
+ cal R()
+ exe "norm \<C-W>\<C-V>0"
+ cal R()
+ bwipe
+
+ call writefile(['done'], 'Xresult')
+ qall!
+ END
+ call writefile(lines, 'Xscript')
+ if RunVim([], [], '-u NONE -n -X -Z -e -m -s -S Xscript')
+ call assert_equal(['done'], readfile('Xresult'))
+ endif
+
+ call delete('Xscript')
+ call delete('Xresult')
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.35.1

61
SOURCES/0001-patch-8.2.4359-crash-when-repeatedly-using-retab.patch
Unescape View File

@ -0,0 +1,61 @@
diff --git a/src/errors.h b/src/errors.h
index 3008020..3daf1a6 100644
--- a/src/errors.h
+++ b/src/errors.h
@@ -381,3 +381,5 @@ EXTERN char e_missing_end_block[]
INIT(= N_("E1171: Missing } after inline function"));
EXTERN char e_cannot_use_default_values_in_lambda[]
INIT(= N_("E1172: Cannot use default values in a lambda"));
+EXTERN char e_resulting_text_too_long[]
+ INIT(= N_("E1240: Resulting text too long"));
diff --git a/src/indent.c b/src/indent.c
index 4f909d0..77d8b0a 100644
--- a/src/indent.c
+++ b/src/indent.c
@@ -1696,6 +1696,11 @@ ex_retab(exarg_T *eap)
if (ptr[col] == NUL)
break;
vcol += chartabsize(ptr + col, (colnr_T)vcol);
+ if (vcol >= MAXCOL)
+ {
+ emsg(_(e_resulting_text_too_long));
+ break;
+ }
if (has_mbyte)
col += (*mb_ptr2len)(ptr + col);
else
diff --git a/src/testdir/test_retab.vim b/src/testdir/test_retab.vim
index c7190aa..6133e8f 100644
--- a/src/testdir/test_retab.vim
+++ b/src/testdir/test_retab.vim
@@ -70,6 +70,8 @@ func Test_retab()
call assert_equal(" a b c ", Retab('!', 3))
call assert_equal(" a b c ", Retab('', 5))
call assert_equal(" a b c ", Retab('!', 5))
+
+ set tabstop& expandtab&
endfunc
func Test_retab_error()
@@ -80,4 +82,21 @@ func Test_retab_error()
call assert_fails('ret 80000000000000000000', 'E475:')
endfunc
+func Test_retab_endless()
+ new
+ call setline(1, "\t0\t")
+ let caught = 'no'
+ try
+ while 1
+ set ts=4000
+ retab 4
+ endwhile
+ catch /E1240/
+ let caught = 'yes'
+ endtry
+ bwipe!
+ set tabstop&
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab

49
SOURCES/0001-patch-8.2.4397-crash-when-using-many-composing-chara.patch
Unescape View File

@ -0,0 +1,49 @@
From 34f8117dec685ace52cd9e578e2729db278163fc Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 16 Feb 2022 12:16:19 +0000
Subject: [PATCH] patch 8.2.4397: crash when using many composing characters in
error message
Problem: Crash when using many composing characters in error message.
Solution: Use mb_cptr2char_adv() instead of mb_ptr2char_adv().
---
src/testdir/test_assert.vim | 8 ++++++++
src/testing.c | 2 +-
src/version.c | 2 ++
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/testdir/test_assert.vim b/src/testdir/test_assert.vim
index 8987f3f8d..27b2d73fb 100644
--- a/src/testdir/test_assert.vim
+++ b/src/testdir/test_assert.vim
@@ -53,6 +53,14 @@ func Test_assert_equal()
call assert_equal("\b\e\f\n\t\r\\\x01\x7f", 'x')
call assert_match('Expected ''\\b\\e\\f\\n\\t\\r\\\\\\x01\\x7f'' but got ''x''', v:errors[0])
call remove(v:errors, 0)
+
+ " many composing characters are handled properly
+ call setline(1, ' ')
+ norm 100gr݀
+ call assert_equal(1, getline(1))
+ call assert_match("Expected 1 but got '.* occurs 100 times]'", v:errors[0])
+ call remove(v:errors, 0)
+ bwipe!
endfunc
func Test_assert_equal_dict()
diff --git a/src/testing.c b/src/testing.c
index 448c01c1e..48ba14d2c 100644
--- a/src/testing.c
+++ b/src/testing.c
@@ -101,7 +101,7 @@ ga_concat_shorten_esc(garray_T *gap, char_u *str)
{
same_len = 1;
s = p;
- c = mb_ptr2char_adv(&s);
+ c = mb_cptr2char_adv(&s);
clen = s - p;
while (*s != NUL && c == mb_ptr2char(s))
{
--
2.35.1

35
SOURCES/0001-patch-8.2.4436-crash-with-weird-vartabstop-value.patch
Unescape View File

@ -0,0 +1,35 @@
diff --git a/src/indent.c b/src/indent.c
index 77d8b0a..9830685 100644
--- a/src/indent.c
+++ b/src/indent.c
@@ -1284,6 +1284,8 @@ change_indent(
new_cursor_col += (*mb_ptr2len)(ptr + new_cursor_col);
else
++new_cursor_col;
+ if (ptr[new_cursor_col] == NUL)
+ break;
vcol += lbr_chartabsize(ptr, ptr + new_cursor_col, (colnr_T)vcol);
}
vcol = last_vcol;
diff --git a/src/testdir/test_vartabs.vim b/src/testdir/test_vartabs.vim
index 0ff1ea8..a613510 100644
--- a/src/testdir/test_vartabs.vim
+++ b/src/testdir/test_vartabs.vim
@@ -419,4 +419,17 @@ func Test_varsofttabstop()
close!
endfunc
+func Test_vartabstop_latin1()
+ let save_encoding = &encoding
+ new
+ set encoding=iso8859-1
+ set compatible linebreak list revins smarttab
+ set vartabstop=400
+ exe "norm i00\t\<C-D>"
+ bwipe!
+ let &encoding = save_encoding
+ set nocompatible linebreak& list& revins& smarttab& vartabstop&
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab

39
SOURCES/0001-patch-8.2.4563-z-in-Visual-mode-may-go-beyond-the-en.patch
Unescape View File

@ -0,0 +1,39 @@
diff -up vim82/src/spellsuggest.c.cve0943 vim82/src/spellsuggest.c
--- vim82/src/spellsuggest.c.cve0943 2022-03-28 20:48:07.079197805 +0200
+++ vim82/src/spellsuggest.c 2022-03-28 20:48:07.101197522 +0200
@@ -501,6 +501,10 @@ spell_suggest(int count)
curwin->w_cursor.col = VIsual.col;
++badlen;
end_visual_mode();
+ // make sure we don't include the NUL at the end of the line
+ line = ml_get_curline();
+ if (badlen > STRLEN(line) - curwin->w_cursor.col)
+ badlen = STRLEN(line) - curwin->w_cursor.col;
}
// Find the start of the badly spelled word.
else if (spell_move_to(curwin, FORWARD, TRUE, TRUE, NULL) == 0
diff -up vim82/src/testdir/test_spell.vim.cve0943 vim82/src/testdir/test_spell.vim
--- vim82/src/testdir/test_spell.vim.cve0943 2022-03-28 20:48:07.102197509 +0200
+++ vim82/src/testdir/test_spell.vim 2022-03-28 20:49:05.038452974 +0200
@@ -441,6 +441,21 @@ func Test_spellsuggest_expr_errors()
delfunc MySuggest3
endfunc
+func Test_spellsuggest_visual_end_of_line()
+ let enc_save = &encoding
+ set encoding=iso8859
+
+ " This was reading beyond the end of the line.
+ norm R00000000000
+ sil norm 0
+ sil! norm i00000)
+ sil! norm i00000)
+ call feedkeys("\<CR>")
+ norm z=
+
+ let &encoding = enc_save
+endfunc
+
func Test_spellinfo()
new
let runtime = substitute($VIMRUNTIME, '\\', '/', 'g')

44
SOURCES/0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
Unescape View File

@ -0,0 +1,44 @@
diff -up vim82/src/regexp_bt.c.cve1154 vim82/src/regexp_bt.c
--- vim82/src/regexp_bt.c.cve1154 2022-04-25 15:22:28.367621755 +0200
+++ vim82/src/regexp_bt.c 2022-04-25 15:25:13.726340728 +0200
@@ -3188,8 +3188,17 @@ regmatch(
int mark = OPERAND(scan)[0];
int cmp = OPERAND(scan)[1];
pos_T *pos;
+ size_t col = REG_MULTI ? rex.input - rex.line : 0;
pos = getmark_buf(rex.reg_buf, mark, FALSE);
+
+ // Line may have been freed, get it again.
+ if (REG_MULTI)
+ {
+ rex.line = reg_getline(rex.lnum);
+ rex.input = rex.line + col;
+ }
+
if (pos == NULL // mark doesn't exist
|| pos->lnum <= 0 // mark isn't set in reg_buf
|| (pos->lnum == rex.lnum + rex.reg_firstlnum
diff -up vim82/src/testdir/test_regexp_latin.vim.cve1154 vim82/src/testdir/test_regexp_latin.vim
--- vim82/src/testdir/test_regexp_latin.vim.cve1154 2022-04-25 15:22:28.368621752 +0200
+++ vim82/src/testdir/test_regexp_latin.vim 2022-04-25 15:26:57.515227712 +0200
@@ -954,4 +954,19 @@ func Test_using_visual_position()
bwipe!
endfunc
+func Test_using_mark_position()
+ " this was using freed memory
+ " new engine
+ new
+ norm O0
+ call assert_fails("s/\\%')", 'E486:')
+ bwipe!
+
+ " old engine
+ new
+ norm O0
+ call assert_fails("s/\\%#=1\\%')", 'E486:')
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab

51
SOURCES/0001-patch-8.2.4774-crash-when-using-a-number-for-lambda-.patch
Unescape View File

@ -0,0 +1,51 @@
diff -up vim82/src/errors.h.cve1420 vim82/src/errors.h
--- vim82/src/errors.h.cve1420 2022-04-25 16:01:03.559985019 +0200
+++ vim82/src/errors.h 2022-04-25 16:01:58.113332024 +0200
@@ -383,3 +383,7 @@ EXTERN char e_cannot_use_default_values_
INIT(= N_("E1172: Cannot use default values in a lambda"));
EXTERN char e_resulting_text_too_long[]
INIT(= N_("E1240: Resulting text too long"));
+#ifdef FEAT_EVAL
+EXTERN char e_string_or_function_required_for_arrow_parens_expr[]
+ INIT(= N_("E1275: String or function required for ->(expr)"));
+#endif
diff -up vim82/src/eval.c.cve1420 vim82/src/eval.c
--- vim82/src/eval.c.cve1420 2022-04-25 16:01:03.560985007 +0200
+++ vim82/src/eval.c 2022-04-25 16:14:11.746600369 +0200
@@ -3718,13 +3718,20 @@ eval_lambda(
if (**arg != ')')
{
emsg(_(e_missing_close));
- ret = FAIL;
+ return FAIL;
+ }
+ if (rettv->v_type != VAR_STRING && rettv->v_type != VAR_FUNC
+ && rettv->v_type != VAR_PARTIAL)
+ {
+ emsg(_(e_string_or_function_required_for_arrow_parens_expr));
+ return FAIL;
}
++*arg;
}
if (ret != OK)
return FAIL;
- else if (**arg != '(')
+
+ if (**arg != '(')
{
if (verbose)
{
diff -up vim82/src/testdir/test_lambda.vim.cve1420 vim82/src/testdir/test_lambda.vim
--- vim82/src/testdir/test_lambda.vim.cve1420 2022-04-25 16:01:03.560985007 +0200
+++ vim82/src/testdir/test_lambda.vim 2022-04-25 16:17:01.694886566 +0200
@@ -64,6 +64,10 @@ function Test_lambda_fails()
call assert_fails('echo {a, a -> a + a}(1, 2)', 'E853:')
call assert_fails('echo {a, b -> a + b)}(1, 2)', 'E451:')
echo assert_fails('echo 10->{a -> a + 2}', 'E107:')
+ call assert_fails('eval 0->(3)()', "E1275:")
+ call assert_fails('eval 0->([3])()', "E1275:")
+ call assert_fails('eval 0->({"a": 3})()', "E1275:")
+ call assert_fails('eval 0->(xxx)()', "E121:")
endfunc
func Test_not_lamda()

50
SOURCES/0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch
Unescape View File

@ -0,0 +1,50 @@
diff -up vim82/src/errors.h.cve1621 vim82/src/errors.h
--- vim82/src/errors.h.cve1621 2022-05-24 13:36:23.883370040 +0200
+++ vim82/src/errors.h 2022-05-24 13:36:47.665487703 +0200
@@ -387,3 +387,7 @@ EXTERN char e_resulting_text_too_long[]
EXTERN char e_string_or_function_required_for_arrow_parens_expr[]
INIT(= N_("E1275: String or function required for ->(expr)"));
#endif
+#ifdef FEAT_SPELL
+EXTERN char e_illegal_character_in_word[]
+ INIT(= N_("E1280: Illegal character in word"));
+#endif
diff -up vim82/src/mbyte.c.cve1621 vim82/src/mbyte.c
--- vim82/src/mbyte.c.cve1621 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/mbyte.c 2022-05-24 13:36:23.884370045 +0200
@@ -4181,7 +4181,7 @@ theend:
convert_setup(&vimconv, NULL, NULL);
}
-#if defined(FEAT_GUI_GTK) || defined(PROTO)
+#if defined(FEAT_GUI_GTK) || defined(FEAT_SPELL) || defined(PROTO)
/*
* Return TRUE if string "s" is a valid utf-8 string.
* When "end" is NULL stop at the first NUL.
diff -up vim82/src/spellfile.c.cve1621 vim82/src/spellfile.c
--- vim82/src/spellfile.c.cve1621 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/spellfile.c 2022-05-24 13:36:23.885370049 +0200
@@ -4391,6 +4391,10 @@ store_word(
int res = OK;
char_u *p;
+ // Avoid adding illegal bytes to the word tree.
+ if (enc_utf8 && !utf_valid_string(word, NULL))
+ return FAIL;
+
(void)spell_casefold(word, len, foldword, MAXWLEN);
for (p = pfxlist; res == OK; ++p)
{
@@ -6191,6 +6195,12 @@ spell_add_word(
int i;
char_u *spf;
+ if (enc_utf8 && !utf_valid_string(word, NULL))
+ {
+ emsg(_(e_illegal_character_in_word));
+ return;
+ }
+
if (idx == 0) // use internal wordlist
{
if (int_wordlist == NULL)

33
SOURCES/0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch
Unescape View File

@ -0,0 +1,33 @@
From 53a70289c2712808e6d4e88927e03cac01b470dd Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Mon, 9 May 2022 13:15:07 +0100
Subject: [PATCH] patch 8.2.4925: trailing backslash may cause reading past end
of line
Problem: Trailing backslash may cause reading past end of line.
Solution: Check for NUL after backslash.
---
src/testdir/test_textobjects.vim | 10 +++++++++-
src/textobject.c | 4 ++++
src/version.c | 2 ++
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/src/textobject.c b/src/textobject.c
index e4a7db38e..edaa64c51 100644
--- a/src/textobject.c
+++ b/src/textobject.c
@@ -1664,7 +1664,11 @@ find_next_quote(
if (c == NUL)
return -1;
else if (escape != NULL && vim_strchr(escape, c))
+ {
++col;
+ if (line[col] == NUL)
+ return -1;
+ }
else if (c == quotechar)
break;
if (has_mbyte)
--
2.36.1

59
SOURCES/0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch
Unescape View File

@ -0,0 +1,59 @@
diff -up vim82/src/ex_cmds.c.cve1785 vim82/src/ex_cmds.c
--- vim82/src/ex_cmds.c.cve1785 2022-06-10 10:26:16.883312704 +0200
+++ vim82/src/ex_cmds.c 2022-06-10 10:26:16.910312568 +0200
@@ -4356,12 +4356,17 @@ ex_substitute(exarg_T *eap)
// Save flags for recursion. They can change for e.g.
// :s/^/\=execute("s#^##gn")
subflags_save = subflags;
+
+ // Disallow changing text or switching window in an expression.
+ ++textwinlock;
#endif
// get length of substitution part
sublen = vim_regsub_multi(&regmatch,
sub_firstlnum - regmatch.startpos[0].lnum,
sub, sub_firstline, FALSE, magic_isset(), TRUE);
#ifdef FEAT_EVAL
+ --textwinlock;
+
// If getting the substitute string caused an error, don't do
// the replacement.
// Don't keep flags set by a recursive call.
@@ -4462,9 +4467,15 @@ ex_substitute(exarg_T *eap)
mch_memmove(new_end, sub_firstline + copycol, (size_t)copy_len);
new_end += copy_len;
+#ifdef FEAT_EVAL
+ ++textwinlock;
+#endif
(void)vim_regsub_multi(&regmatch,
sub_firstlnum - regmatch.startpos[0].lnum,
sub, new_end, TRUE, magic_isset(), TRUE);
+#ifdef FEAT_EVAL
+ --textwinlock;
+#endif
sub_nsubs++;
did_sub = TRUE;
diff -up vim82/src/testdir/test_substitute.vim.cve1785 vim82/src/testdir/test_substitute.vim
--- vim82/src/testdir/test_substitute.vim.cve1785 2022-06-10 10:26:16.910312568 +0200
+++ vim82/src/testdir/test_substitute.vim 2022-06-10 10:27:02.166084629 +0200
@@ -942,5 +942,18 @@ func Test_using_old_sub()
set nocompatible
endfunc
+" This was switching windows in between computing the length and using it.
+func Test_sub_change_window()
+ silent! lfile
+ sil! norm o0000000000000000000000000000000000000000000000000000
+ func Repl()
+ lopen
+ endfunc
+ silent! s/\%')/\=Repl()
+ bwipe!
+ bwipe!
+ delfunc Repl
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab

121
SOURCES/0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch
Unescape View File

@ -0,0 +1,121 @@
diff -up vim82/src/normal.c.cve1897 vim82/src/normal.c
--- vim82/src/normal.c.cve1897 2022-06-13 09:31:42.880768567 +0200
+++ vim82/src/normal.c 2022-06-13 09:35:38.560084927 +0200
@@ -479,6 +479,22 @@ find_command(int cmdchar)
}
/*
+ * If currently editing a cmdline or text is locked: beep and give an error
+ * message, return TRUE.
+ */
+ static int
+check_text_locked(oparg_T *oap)
+{
+ if (text_locked())
+ {
+ clearopbeep(oap);
+ text_locked_msg();
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/*
* Execute a command in Normal mode.
*/
void
@@ -742,14 +758,9 @@ getcount:
goto normal_end;
}
- if (text_locked() && (nv_cmds[idx].cmd_flags & NV_NCW))
- {
- // This command is not allowed while editing a cmdline: beep.
- clearopbeep(oap);
- text_locked_msg();
- goto normal_end;
- }
- if ((nv_cmds[idx].cmd_flags & NV_NCW) && curbuf_locked())
+ if ((nv_cmds[idx].cmd_flags & NV_NCW)
+ && (check_text_locked(oap) || curbuf_locked()))
+ // this command is not allowed now
goto normal_end;
/*
@@ -4212,12 +4223,8 @@ nv_gotofile(cmdarg_T *cap)
char_u *ptr;
linenr_T lnum = -1;
- if (text_locked())
- {
- clearopbeep(cap->oap);
- text_locked_msg();
+ if (check_text_locked(cap->oap))
return;
- }
if (curbuf_locked())
{
clearop(cap->oap);
@@ -6343,14 +6350,7 @@ nv_g_cmd(cmdarg_T *cap)
// "gQ": improved Ex mode
case 'Q':
- if (text_locked())
- {
- clearopbeep(cap->oap);
- text_locked_msg();
- break;
- }
-
- if (!checkclearopq(oap))
+ if (!check_text_locked(cap->oap) && !checkclearopq(oap))
do_exmode(TRUE);
break;
diff -up vim82/src/testdir/test_substitute.vim.cve1897 vim82/src/testdir/test_substitute.vim
--- vim82/src/testdir/test_substitute.vim.cve1897 2022-06-13 09:31:42.938768884 +0200
+++ vim82/src/testdir/test_substitute.vim 2022-06-13 09:36:39.013406036 +0200
@@ -955,5 +955,27 @@ func Test_sub_change_window()
delfunc Repl
endfunc
+" This was undoign a change in between computing the length and using it.
+func Do_Test_sub_undo_change()
+ new
+ norm o0000000000000000000000000000000000000000000000000000
+ silent! s/\%')/\=Repl()
+ bwipe!
+endfunc
+
+func Test_sub_undo_change()
+ func Repl()
+ silent! norm g-
+ endfunc
+ call Do_Test_sub_undo_change()
+
+ func! Repl()
+ silent earlier
+ endfunc
+ call Do_Test_sub_undo_change()
+
+ delfunc Repl
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff -up vim82/src/undo.c.cve1897 vim82/src/undo.c
--- vim82/src/undo.c.cve1897 2022-06-13 09:31:42.904768698 +0200
+++ vim82/src/undo.c 2022-06-13 09:31:42.938768884 +0200
@@ -2323,6 +2323,12 @@ undo_time(
int above = FALSE;
int did_undo = TRUE;
+ if (text_locked())
+ {
+ text_locked_msg();
+ return;
+ }
+
// First make sure the current undoable change is synced.
if (curbuf->b_u_synced == FALSE)
u_sync(TRUE);

106
SOURCES/0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch
Unescape View File

@ -0,0 +1,106 @@
diff -up vim82/src/ex_docmd.c.cve1927 vim82/src/ex_docmd.c
--- vim82/src/ex_docmd.c.cve1927 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/ex_docmd.c 2022-06-13 15:29:45.099472751 +0200
@@ -3081,6 +3081,8 @@ parse_cmd_address(exarg_T *eap, char **e
{
int address_count = 1;
linenr_T lnum;
+ int need_check_cursor = FALSE;
+ int ret = FAIL;
// Repeat for all ',' or ';' separated addresses.
for (;;)
@@ -3091,7 +3093,7 @@ parse_cmd_address(exarg_T *eap, char **e
lnum = get_address(eap, &eap->cmd, eap->addr_type, eap->skip, silent,
eap->addr_count == 0, address_count++);
if (eap->cmd == NULL) // error detected
- return FAIL;
+ goto theend;
if (lnum == MAXLNUM)
{
if (*eap->cmd == '%') // '%' - all lines
@@ -3136,14 +3138,14 @@ parse_cmd_address(exarg_T *eap, char **e
// there is no Vim command which uses '%' and
// ADDR_WINDOWS or ADDR_TABS
*errormsg = _(e_invrange);
- return FAIL;
+ goto theend;
}
break;
case ADDR_TABS_RELATIVE:
case ADDR_UNSIGNED:
case ADDR_QUICKFIX:
*errormsg = _(e_invrange);
- return FAIL;
+ goto theend;
case ADDR_ARGUMENTS:
if (ARGCOUNT == 0)
eap->line1 = eap->line2 = 0;
@@ -3175,7 +3177,7 @@ parse_cmd_address(exarg_T *eap, char **e
if (eap->addr_type != ADDR_LINES)
{
*errormsg = _(e_invrange);
- return FAIL;
+ goto theend;
}
++eap->cmd;
@@ -3183,11 +3185,11 @@ parse_cmd_address(exarg_T *eap, char **e
{
fp = getmark('<', FALSE);
if (check_mark(fp) == FAIL)
- return FAIL;
+ goto theend;
eap->line1 = fp->lnum;
fp = getmark('>', FALSE);
if (check_mark(fp) == FAIL)
- return FAIL;
+ goto theend;
eap->line2 = fp->lnum;
++eap->addr_count;
}
@@ -3202,10 +3204,13 @@ parse_cmd_address(exarg_T *eap, char **e
if (!eap->skip)
{
curwin->w_cursor.lnum = eap->line2;
+
// Don't leave the cursor on an illegal line or column, but do
// accept zero as address, so 0;/PATTERN/ works correctly.
+ // Check the cursor position before returning.
if (eap->line2 > 0)
check_cursor();
+ need_check_cursor = TRUE;
}
}
else if (*eap->cmd != ',')
@@ -3221,7 +3226,12 @@ parse_cmd_address(exarg_T *eap, char **e
if (lnum == MAXLNUM)
eap->addr_count = 0;
}
- return OK;
+ ret = OK;
+
+theend:
+ if (need_check_cursor)
+ check_cursor();
+ return ret;
}
/*
diff -up vim82/src/testdir/test_excmd.vim.cve1927 vim82/src/testdir/test_excmd.vim
--- vim82/src/testdir/test_excmd.vim.cve1927 2022-06-13 15:26:53.941517542 +0200
+++ vim82/src/testdir/test_excmd.vim 2022-06-13 15:30:53.972860361 +0200
@@ -536,4 +536,13 @@ func Test_sandbox()
sandbox call Sandbox_tests()
endfunc
+" This was leaving the cursor in line zero
+func Test_using_zero_in_range()
+ new
+ norm o00
+ silent! 0;s/\%')
+ bwipe!
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab

38
SOURCES/0001-patch-9.0.0339-no-check-if-the-return-value-of-XChan.patch
Unescape View File

@ -0,0 +1,38 @@
From a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 31 Aug 2022 12:01:54 +0100
Subject: [PATCH] patch 9.0.0339: no check if the return value of XChangeGC()
is NULL
Problem: No check if the return value of XChangeGC() is NULL.
Solution: Only use the return value when it is not NULL. (closes #11020)
---
src/gui_x11.c | 10 +++++++---
src/version.c | 2 ++
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/gui_x11.c b/src/gui_x11.c
index 6e3e903be..7293ac490 100644
--- a/src/gui_x11.c
+++ b/src/gui_x11.c
@@ -2231,10 +2231,14 @@ gui_x11_create_blank_mouse(void)
{
Pixmap blank_pixmap = XCreatePixmap(gui.dpy, gui.wid, 1, 1, 1);
GC gc = XCreateGC(gui.dpy, blank_pixmap, (unsigned long)0, (XGCValues*)0);
- XDrawPoint(gui.dpy, blank_pixmap, gc, 0, 0);
- XFreeGC(gui.dpy, gc);
+
+ if (gc != NULL)
+ {
+ XDrawPoint(gui.dpy, blank_pixmap, gc, 0, 0);
+ XFreeGC(gui.dpy, gc);
+ }
return XCreatePixmapCursor(gui.dpy, blank_pixmap, blank_pixmap,
- (XColor*)&gui.norm_pixel, (XColor*)&gui.norm_pixel, 0, 0);
+ (XColor*)&gui.norm_pixel, (XColor*)&gui.norm_pixel, 0, 0);
}
/*
--
2.39.1

BIN
SOURCES/gvim16.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 226 B

BIN
SOURCES/gvim32.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 347 B

BIN
SOURCES/gvim48.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 474 B

50
SOURCES/vim-7.0-fixkeys.patch
Unescape View File

@ -1,26 +1,26 @@
diff -up vim90/src/term.c.fixkeys vim90/src/term.c
--- vim90/src/term.c.fixkeys 2022-10-20 14:45:53.896659582 +0200
+++ vim90/src/term.c 2022-10-20 14:48:28.958697659 +0200
@@ -851,14 +851,14 @@ static struct builtin_term builtin_termc
{K_XRIGHT, "\033[@;*C"}, // Esc [ C or Esc [ 1 ; C
{K_XLEFT, "\033[@;*D"}, // Esc [ D or Esc [ 1 ; D
diff -up vim82/src/term.c.fixkeys vim82/src/term.c
--- vim82/src/term.c.fixkeys 2021-01-08 10:12:59.191309539 +0100
+++ vim82/src/term.c 2021-01-08 10:18:05.410470981 +0100
@@ -919,14 +919,14 @@ static struct builtin_term builtin_termc
{K_XRIGHT, IF_EB("\033[@;*C", ESC_STR "[@;*C")},
{K_XLEFT, IF_EB("\033[@;*D", ESC_STR "[@;*D")},
// An extra set of function keys for vt100 mode
- {K_XF1, "\033O*P"},
- {K_XF2, "\033O*Q"},
- {K_XF3, "\033O*R"},
- {K_XF4, "\033O*S"},
- {K_F1, "\033[11;*~"},
- {K_F2, "\033[12;*~"},
- {K_F3, "\033[13;*~"},
- {K_F4, "\033[14;*~"},
+ {K_XF1, "\033[11~"},
+ {K_XF2, "\033[12~"},
+ {K_XF3, "\033[13~"},
+ {K_XF4, "\033[14~"},
+ {K_F1, "\033OP"},
+ {K_F2, "\033OQ"},
+ {K_F3, "\033OR"},
+ {K_F4, "\033OS"},
{K_F5, "\033[15;*~"},
{K_F6, "\033[17;*~"},
{K_F7, "\033[18;*~"},
- {K_XF1, IF_EB("\033O*P", ESC_STR "O*P")},
- {K_XF2, IF_EB("\033O*Q", ESC_STR "O*Q")},
- {K_XF3, IF_EB("\033O*R", ESC_STR "O*R")},
- {K_XF4, IF_EB("\033O*S", ESC_STR "O*S")},
- {K_F1, IF_EB("\033[11;*~", ESC_STR "[11;*~")},
- {K_F2, IF_EB("\033[12;*~", ESC_STR "[12;*~")},
- {K_F3, IF_EB("\033[13;*~", ESC_STR "[13;*~")},
- {K_F4, IF_EB("\033[14;*~", ESC_STR "[14;*~")},
+ {K_XF1, IF_EB("\033[11~", ESC_STR "[11~")},
+ {K_XF2, IF_EB("\033[12~", ESC_STR "[12~")},
+ {K_XF3, IF_EB("\033[13~", ESC_STR "[13~")},
+ {K_XF4, IF_EB("\033[14~", ESC_STR "[14~")},
+ {K_F1, IF_EB("\033OP", ESC_STR "OP")},
+ {K_F2, IF_EB("\033OQ", ESC_STR "OQ")},
+ {K_F3, IF_EB("\033OR", ESC_STR "OR")},
+ {K_F4, IF_EB("\033OS", ESC_STR "OS")},
{K_F5, IF_EB("\033[15;*~", ESC_STR "[15;*~")},
{K_F6, IF_EB("\033[17;*~", ESC_STR "[17;*~")},
{K_F7, IF_EB("\033[18;*~", ESC_STR "[18;*~")},

15
SOURCES/vim-7.0-rclocation.patch
Unescape View File

@ -0,0 +1,15 @@
--- vim62/src/os_unix.h.rcloc 2003-08-04 15:38:05.000000000 +0200
+++ vim62/src/os_unix.h 2003-08-04 15:39:25.000000000 +0200
@@ -230,10 +230,10 @@
* Unix system-dependent file names
*/
#ifndef SYS_VIMRC_FILE
-# define SYS_VIMRC_FILE "$VIM/vimrc"
+# define SYS_VIMRC_FILE "/etc/vimrc"
#endif
#ifndef SYS_GVIMRC_FILE
-# define SYS_GVIMRC_FILE "$VIM/gvimrc"
+# define SYS_GVIMRC_FILE "/etc/gvimrc"
#endif
#ifndef DFLT_HELPFILE
# define DFLT_HELPFILE "$VIMRUNTIME/doc/help.txt"

21
SOURCES/vim-7.4-fstabsyntax.patch
Unescape View File

@ -0,0 +1,21 @@
diff -up vim82/runtime/syntax/fstab.vim.fstabsyntax vim82/runtime/syntax/fstab.vim
--- vim82/runtime/syntax/fstab.vim.fstabsyntax 2020-08-10 12:08:01.000000000 +0200
+++ vim82/runtime/syntax/fstab.vim 2020-08-10 12:17:22.540855735 +0200
@@ -56,7 +56,7 @@ syn keyword fsMountPointKeyword containe
" Type
syn cluster fsTypeCluster contains=fsTypeKeyword,fsTypeUnknown
syn match fsTypeUnknown /\s\+\zs\w\+/ contained
-syn keyword fsTypeKeyword contained adfs ados affs anon_inodefs atfs audiofs auto autofs bdev befs bfs btrfs binfmt_misc cd9660 cfs cgroup cifs coda configfs cpuset cramfs devfs devpts devtmpfs e2compr efs ext2 ext2fs ext3 ext4 fdesc ffs filecore fuse fuseblk fusectl hfs hpfs hugetlbfs iso9660 jffs jffs2 jfs kernfs lfs linprocfs mfs minix mqueue msdos ncpfs nfs nfsd nilfs2 none ntfs null nwfs overlay ovlfs pipefs portal proc procfs pstore ptyfs qnx4 reiserfs ramfs romfs securityfs shm smbfs squashfs sockfs sshfs std subfs swap sysfs sysv tcfs tmpfs udf ufs umap umsdos union usbfs userfs vfat vs3fs vxfs wrapfs wvfs xenfs xfs zisofs
+syn keyword fsTypeKeyword contained adfs ados affs anon_inodefs atfs audiofs auto autofs bdev befs bfs btrfs binfmt_misc cd9660 cfs cgroup cifs coda configfs cpuset cramfs devfs devpts devtmpfs e2compr efs ext2 ext2fs ext3 ext4 fdesc ffs filecore fuse fuseblk fusectl hfs hpfs hugetlbfs iso9660 jffs jffs2 jfs kernfs lfs linprocfs mfs minix mqueue msdos ncpfs nfs nfsd nilfs2 none ntfs null nwfs overlay ovlfs pipefs portal proc procfs pstore ptyfs qnx4 reiserfs ramfs romfs rpc_pipefs securityfs shm smbfs squashfs sockfs sshfs std subfs swap sysfs sysv tcfs tmpfs udf ufs umap umsdos union usbfs userfs vfat vs3fs vxfs wrapfs wvfs xenfs xfs zisofs
" Options
" -------
@@ -68,7 +68,7 @@ syn match fsOptionsString /[a-zA-Z0-9_-]
syn keyword fsOptionsYesNo yes no
syn cluster fsOptionsCheckCluster contains=fsOptionsExt2Check,fsOptionsFatCheck
syn keyword fsOptionsSize 512 1024 2048
-syn keyword fsOptionsGeneral async atime auto bind current defaults dev devgid devmode devmtime devuid dirsync exec force fstab kudzu loop mand move noatime noauto noclusterr noclusterw nodev nodevmtime nodiratime noexec nomand norelatime nosuid nosymfollow nouser owner rbind rdonly relatime remount ro rq rw suid suiddir supermount sw sync union update user users wxallowed xx nofail failok
+syn keyword fsOptionsGeneral async atime auto bind current defaults dev devgid devmode devmtime devuid dirsync exec force fstab kudzu loop managed mand move noatime noauto noclusterr noclusterw nodev nodevmtime nodiratime noexec nomand norelatime nosuid nosymfollow nouser owner pamconsole rbind rdonly relatime remount ro rq rw suid suiddir supermount sw sync union update user users wxallowed xx nofail
syn match fsOptionsGeneral /_netdev/
" Options: adfs

14
SOURCES/vim-7.4-releasestring-1318991.patch
Unescape View File

@ -0,0 +1,14 @@
diff -up vim74/runtime/ftplugin/spec.vim.1318991 vim74/runtime/ftplugin/spec.vim
--- vim74/runtime/ftplugin/spec.vim.1318991 2016-08-04 15:29:42.423862424 +0200
+++ vim74/runtime/ftplugin/spec.vim 2016-08-04 15:31:08.797299188 +0200
@@ -41,8 +41,8 @@ else:
headers = spec.sourceHeader
version = headers["Version"]
release = headers["Release"]
- vim.command("let ver = " + version)
- vim.command("let rel = " + release)
+ vim.command("let ver = '" + version + "'")
+ vim.command("let rel = '" + release + "'")
PYEND
endif
endfunction

2
SOURCES/vim-7.4-specsyntax.patch
Unescape View File

@ -12,7 +12,7 @@ diff -up vim74/runtime/syntax/spec.vim.highlite vim74/runtime/syntax/spec.vim
syn keyword specMonth contained January February March April May June July August September October November December
@@ -61,9 +61,9 @@ syn cluster specListedFiles contains=spe
"specCommands
"specComands
syn match specConfigure contained '\./configure'
-syn match specTarCommand contained '\<tar\s\+[cxvpzIf]\{,5}\s*'
+syn match specTarCommand contained '\<tar\s\+[cxvpzIjf]\{,5}\s*'

43
SOURCES/vim-7.4-syntax.patch
Unescape View File

@ -0,0 +1,43 @@
From c669d497d34e4b57f40c19d58e3703401075a6d5 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Fri, 17 Sep 2021 07:54:56 +0200
Subject: [PATCH] runtime/filetype.vim: Register more httpd files as apache
filetype
Several files under /etc/httpd wasn't recognized as 'apache' filetype -
add them to filetype.vim and add tests for checking if recognizition
works.
---
runtime/filetype.vim | 2 +-
src/testdir/test_filetype.vim | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/runtime/filetype.vim b/runtime/filetype.vim
index d0d40539d..39a772740 100644
--- a/runtime/filetype.vim
+++ b/runtime/filetype.vim
@@ -2138,7 +2138,7 @@ au BufNewFile,BufRead proftpd.conf* call s:StarSetf('apachestyle')
" More Apache config files
au BufNewFile,BufRead access.conf*,apache.conf*,apache2.conf*,httpd.conf*,srm.conf* call s:StarSetf('apache')
-au BufNewFile,BufRead */etc/apache2/*.conf*,*/etc/apache2/conf.*/*,*/etc/apache2/mods-*/*,*/etc/apache2/sites-*/*,*/etc/httpd/conf.d/*.conf* call s:StarSetf('apache')
+au BufNewFile,BufRead */etc/apache2/*.conf*,*/etc/apache2/conf.*/*,*/etc/apache2/mods-*/*,*/etc/apache2/sites-*/*,*/etc/httpd/conf.*/*,*/etc/httpd/mods-*/*,*/etc/httpd/sites-*/*,*/etc/httpd/conf.d/*.conf* call s:StarSetf('apache')
" Asterisk config file
au BufNewFile,BufRead *asterisk/*.conf* call s:StarSetf('asterisk')
diff --git a/src/testdir/test_filetype.vim b/src/testdir/test_filetype.vim
index cd6e71d1b..f1404808f 100644
--- a/src/testdir/test_filetype.vim
+++ b/src/testdir/test_filetype.vim
@@ -59,7 +59,7 @@ let s:filename_checks = {
\ 'aml': ['file.aml'],
\ 'ampl': ['file.run'],
\ 'ant': ['build.xml'],
- \ 'apache': ['.htaccess', '/etc/httpd/file.conf', '/etc/apache2/sites-2/file.com', '/etc/apache2/some.config', '/etc/apache2/conf.file/conf', '/etc/apache2/mods-some/file', '/etc/apache2/sites-some/file', '/etc/httpd/conf.d/file.config', '/etc/apache2/conf.file/file', '/etc/apache2/file.conf', '/etc/apache2/file.conf-file', '/etc/apache2/mods-file/file', '/etc/apache2/sites-file/file', '/etc/apache2/sites-file/file.com', '/etc/httpd/conf.d/file.conf', '/etc/httpd/conf.d/file.conf-file', 'access.conf', 'access.conf-file', 'any/etc/apache2/conf.file/file', 'any/etc/apache2/file.conf', 'any/etc/apache2/file.conf-file', 'any/etc/apache2/mods-file/file', 'any/etc/apache2/sites-file/file', 'any/etc/apache2/sites-file/file.com', 'any/etc/httpd/conf.d/file.conf', 'any/etc/httpd/conf.d/file.conf-file', 'any/etc/httpd/file.conf', 'apache.conf', 'apache.conf-file', 'apache2.conf', 'apache2.conf-file', 'httpd.conf', 'httpd.conf-file', 'srm.conf', 'srm.conf-file'],
+ \ 'apache': ['.htaccess', '/etc/httpd/file.conf', '/etc/apache2/sites-2/file.com', '/etc/apache2/some.config', '/etc/apache2/conf.file/conf', '/etc/apache2/mods-some/file', '/etc/apache2/sites-some/file', '/etc/httpd/conf.d/file.config', '/etc/apache2/conf.file/file', '/etc/apache2/file.conf', '/etc/apache2/file.conf-file', '/etc/apache2/mods-file/file', '/etc/apache2/sites-file/file', '/etc/apache2/sites-file/file.com', '/etc/httpd/conf.d/file.conf', '/etc/httpd/conf.d/file.conf-file', 'access.conf', 'access.conf-file', 'any/etc/apache2/conf.file/file', 'any/etc/apache2/file.conf', 'any/etc/apache2/file.conf-file', 'any/etc/apache2/mods-file/file', 'any/etc/apache2/sites-file/file', 'any/etc/apache2/sites-file/file.com', 'any/etc/httpd/conf.d/file.conf', 'any/etc/httpd/conf.d/file.conf-file', 'any/etc/httpd/file.conf', 'apache.conf', 'apache.conf-file', 'apache2.conf', 'apache2.conf-file', 'httpd.conf', 'httpd.conf-file', 'srm.conf', 'srm.conf-file', '/etc/httpd/mods-some/file', '/etc/httpd/sites-some/file', '/etc/httpd/conf.file/conf'],
\ 'apachestyle': ['/etc/proftpd/file.config,/etc/proftpd/conf.file/file', '/etc/proftpd/conf.file/file', '/etc/proftpd/file.conf', '/etc/proftpd/file.conf-file', 'any/etc/proftpd/conf.file/file', 'any/etc/proftpd/file.conf', 'any/etc/proftpd/file.conf-file', 'proftpd.conf', 'proftpd.conf-file'],
\ 'applescript': ['file.scpt'],
\ 'aptconf': ['apt.conf', '/.aptitude/config', 'any/.aptitude/config'],
--
2.31.1

30
SOURCES/vim-8.0-copy-paste.patch
Unescape View File

@ -1,8 +1,8 @@
diff --git a/runtime/defaults.vim b/runtime/defaults.vim
index f1d5cd1..b08de8e 100644
index f3c639b..20637e2 100644
--- a/runtime/defaults.vim
+++ b/runtime/defaults.vim
@@ -74,18 +74,6 @@ sunmap Q
@@ -73,18 +73,6 @@ map Q gq
" Revert with ":iunmap <C-U>".
inoremap <C-U> <C-G>u<C-U>
@ -22,7 +22,7 @@ index f1d5cd1..b08de8e 100644
if 1
diff --git a/src/testdir/test_balloon.vim b/src/testdir/test_balloon.vim
index ed0c6c1..90c8c40 100644
index 319e546..8fcf63c 100644
--- a/src/testdir/test_balloon.vim
+++ b/src/testdir/test_balloon.vim
@@ -9,6 +9,7 @@ source screendump.vim
@ -31,10 +31,10 @@ index ed0c6c1..90c8c40 100644
let s:common_script =<< trim [CODE]
+ set mouse=a
call setline(1, ["one one one", "two tXo two", "three three three"])
set balloonevalterm balloonexpr=MyBalloonExpr()..s:trailing balloondelay=100
let s:trailing = '<' " check that script context is set
set balloonevalterm balloonexpr=MyBalloonExpr() balloondelay=100
func MyBalloonExpr()
diff --git a/src/testdir/test_popupwin.vim b/src/testdir/test_popupwin.vim
index b91689e..c6b70d1 100644
index f13252b..ec755a4 100644
--- a/src/testdir/test_popupwin.vim
+++ b/src/testdir/test_popupwin.vim
@@ -553,6 +553,7 @@ func Test_popup_drag()
@ -45,23 +45,15 @@ index b91689e..c6b70d1 100644
split
vsplit
$wincmd w
@@ -621,6 +622,7 @@ func Test_popup_drag_minwidth()
" create a popup that does not fit
let lines =<< trim END
+ set mouse=a
call range(40)
\ ->map({_,i -> string(i)})
\ ->popup_create({
@@ -669,6 +671,7 @@ func Test_popup_drag_termwin()
@@ -599,6 +600,7 @@ func Test_popup_drag_termwin()
let lines =<< trim END
set foldmethod=marker
call setline(1, range(100))
+ set mouse=a
+ set mouse=a
for nr in range(7)
call setline(nr * 12 + 1, "fold {{{")
call setline(nr * 12 + 11, "end }}}")
@@ -722,6 +725,7 @@ func Test_popup_close_with_mouse()
@@ -652,6 +654,7 @@ func Test_popup_close_with_mouse()
let lines =<< trim END
call setline(1, range(1, 20))
@ -69,7 +61,7 @@ index b91689e..c6b70d1 100644
" With border, can click on X
let winid = popup_create('foobar', #{
\ close: 'button',
@@ -1557,6 +1561,7 @@ func Test_popup_beval()
@@ -1479,6 +1482,7 @@ func Test_popup_beval()
let lines =<< trim END
call setline(1, range(1, 20))
call setline(5, 'here is some text to hover over')
@ -77,7 +69,7 @@ index b91689e..c6b70d1 100644
set balloonevalterm
set balloonexpr=BalloonExpr()
set balloondelay=100
@@ -2262,6 +2267,7 @@ func Test_popup_scrollbar()
@@ -2170,6 +2174,7 @@ func Test_popup_scrollbar()
let lines =<< trim END
call setline(1, range(1, 20))

36
SOURCES/vim-crypto-warning.patch
Unescape View File

@ -1,10 +1,11 @@
diff -up vim90/src/config.h.in.fips-warning vim90/src/config.h.in
--- vim90/src/config.h.in.fips-warning 2023-05-29 09:30:59.000000000 +0200
+++ vim90/src/config.h.in 2023-05-29 09:34:47.261645612 +0200
@@ -498,5 +498,14 @@
diff -up vim82/src/config.h.in.fips-warning vim82/src/config.h.in
--- vim82/src/config.h.in.fips-warning 2021-03-01 12:20:20.887162181 +0100
+++ vim82/src/config.h.in 2021-03-01 12:20:42.520977438 +0100
@@ -499,3 +499,12 @@
/* Define if _SC_SIGSTKSZ is available via sysconf() */
#undef HAVE_SYSCONF_SIGSTKSZ
+
+/* Do we need FIPS warning? */
+#undef HAVE_FIPS_WARNING
+
@ -13,14 +14,11 @@ diff -up vim90/src/config.h.in.fips-warning vim90/src/config.h.in
+
+/* Link to fips_enabled file */
+#undef FIPS_ENABLED_FILE_LINK
+
/* Define if you want to load libgpm dynamically */
#undef DYNAMIC_GPM
diff -up vim90/src/configure.ac.fips-warning vim90/src/configure.ac
--- vim90/src/configure.ac.fips-warning 2023-05-29 09:34:47.257645645 +0200
+++ vim90/src/configure.ac 2023-05-29 09:34:47.262645604 +0200
@@ -589,6 +589,38 @@ else
AC_SUBST(XDIFF_OBJS_USED)
diff -up vim82/src/configure.ac.fips-warning vim82/src/configure.ac
--- vim82/src/configure.ac.fips-warning 2021-03-01 12:20:20.885162198 +0100
+++ vim82/src/configure.ac 2021-03-01 12:20:20.888162173 +0100
@@ -541,6 +541,38 @@ else
AC_MSG_RESULT(yes)
fi
+dnl Checking if we want FIPS warning
@ -58,17 +56,17 @@ diff -up vim90/src/configure.ac.fips-warning vim90/src/configure.ac
dnl Check for Lua feature.
AC_MSG_CHECKING(--enable-luainterp argument)
AC_ARG_ENABLE(luainterp,
diff -up vim90/src/crypt.c.fips-warning vim90/src/crypt.c
--- vim90/src/crypt.c.fips-warning 2023-05-29 09:34:47.263645596 +0200
+++ vim90/src/crypt.c 2023-05-29 09:51:23.209779115 +0200
@@ -795,6 +795,21 @@ crypt_check_method(int method)
diff -up vim82/src/crypt.c.fips-warning vim82/src/crypt.c
--- vim82/src/crypt.c.fips-warning 2021-03-01 12:13:11.000000000 +0100
+++ vim82/src/crypt.c 2021-03-01 12:20:20.888162173 +0100
@@ -523,6 +523,21 @@ crypt_check_method(int method)
msg_scroll = TRUE;
msg(_("Warning: Using a weak encryption method; see :help 'cm'"));
}
+#ifdef HAVE_FIPS_WARNING
+ FILE *fips_enable_fd = fopen(FIPS_ENABLED_FILE_LINK, "r");
+ if (fips_enable_fd == NULL)
+ return;
+ return;
+
+ int enabled = fgetc(fips_enable_fd);
+
@ -82,4 +80,4 @@ diff -up vim90/src/crypt.c.fips-warning vim90/src/crypt.c
+#endif
}
/*
void

200
SOURCES/vim-cve-var-retab.patch
Unescape View File

@ -0,0 +1,200 @@
diff --git a/src/indent.c b/src/indent.c
index e1c6f52..a002b4b 100644
--- a/src/indent.c
+++ b/src/indent.c
@@ -18,18 +18,19 @@
/*
* Set the integer values corresponding to the string setting of 'vartabstop'.
* "array" will be set, caller must free it if needed.
+ * Return FAIL for an error.
*/
int
tabstop_set(char_u *var, int **array)
{
- int valcount = 1;
- int t;
- char_u *cp;
+ int valcount = 1;
+ int t;
+ char_u *cp;
if (var[0] == NUL || (var[0] == '0' && var[1] == NUL))
{
*array = NULL;
- return TRUE;
+ return OK;
}
for (cp = var; *cp != NUL; ++cp)
@@ -43,8 +44,8 @@ tabstop_set(char_u *var, int **array)
if (cp != end)
emsg(_(e_positive));
else
- emsg(_(e_invarg));
- return FALSE;
+ semsg(_(e_invarg2), cp);
+ return FAIL;
}
}
@@ -55,26 +56,36 @@ tabstop_set(char_u *var, int **array)
++valcount;
continue;
}
- emsg(_(e_invarg));
- return FALSE;
+ semsg(_(e_invarg2), var);
+ return FAIL;
}
*array = ALLOC_MULT(int, valcount + 1);
if (*array == NULL)
- return FALSE;
+ return FAIL;
(*array)[0] = valcount;
t = 1;
for (cp = var; *cp != NUL;)
{
- (*array)[t++] = atoi((char *)cp);
- while (*cp != NUL && *cp != ',')
+ int n = atoi((char *)cp);
+
+ // Catch negative values, overflow and ridiculous big values.
+ if (n < 0 || n > 9999)
+ {
+ semsg(_(e_invarg2), cp);
+ vim_free(*array);
+ *array = NULL;
+ return FAIL;
+ }
+ (*array)[t++] = n;
+ while (*cp != NUL && *cp != ',')
++cp;
if (*cp != NUL)
++cp;
}
- return TRUE;
+ return OK;
}
/*
@@ -1561,7 +1572,7 @@ ex_retab(exarg_T *eap)
#ifdef FEAT_VARTABS
new_ts_str = eap->arg;
- if (!tabstop_set(eap->arg, &new_vts_array))
+ if (tabstop_set(eap->arg, &new_vts_array) == FAIL)
return;
while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',')
++(eap->arg);
@@ -1577,12 +1588,18 @@ ex_retab(exarg_T *eap)
else
new_ts_str = vim_strnsave(new_ts_str, eap->arg - new_ts_str);
#else
- new_ts = getdigits(&(eap->arg));
- if (new_ts < 0)
+ ptr = eap->arg;
+ new_ts = getdigits(&ptr);
+ if (new_ts < 0 && *eap->arg == '-')
{
emsg(_(e_positive));
return;
}
+ if (new_ts < 0 || new_ts > 9999)
+ {
+ semsg(_(e_invarg2), eap->arg);
+ return;
+ }
if (new_ts == 0)
new_ts = curbuf->b_p_ts;
#endif
diff --git a/src/option.c b/src/option.c
index b9d7edb..9a3b71e 100644
--- a/src/option.c
+++ b/src/option.c
@@ -2349,9 +2349,9 @@ didset_options2(void)
#endif
#ifdef FEAT_VARTABS
vim_free(curbuf->b_p_vsts_array);
- tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
+ (void)tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
vim_free(curbuf->b_p_vts_array);
- tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array);
+ (void)tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array);
#endif
}
@@ -5828,7 +5828,7 @@ buf_copy_options(buf_T *buf, int flags)
buf->b_p_vsts = vim_strsave(p_vsts);
COPY_OPT_SCTX(buf, BV_VSTS);
if (p_vsts && p_vsts != empty_option)
- tabstop_set(p_vsts, &buf->b_p_vsts_array);
+ (void)tabstop_set(p_vsts, &buf->b_p_vsts_array);
else
buf->b_p_vsts_array = 0;
buf->b_p_vsts_nopaste = p_vsts_nopaste
@@ -5988,7 +5988,7 @@ buf_copy_options(buf_T *buf, int flags)
buf->b_p_isk = save_p_isk;
#ifdef FEAT_VARTABS
if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
- tabstop_set(p_vts, &buf->b_p_vts_array);
+ (void)tabstop_set(p_vts, &buf->b_p_vts_array);
else
buf->b_p_vts_array = NULL;
#endif
@@ -6003,7 +6003,7 @@ buf_copy_options(buf_T *buf, int flags)
buf->b_p_vts = vim_strsave(p_vts);
COPY_OPT_SCTX(buf, BV_VTS);
if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
- tabstop_set(p_vts, &buf->b_p_vts_array);
+ (void)tabstop_set(p_vts, &buf->b_p_vts_array);
else
buf->b_p_vts_array = NULL;
#endif
@@ -6700,7 +6700,7 @@ paste_option_changed(void)
if (buf->b_p_vsts_array)
vim_free(buf->b_p_vsts_array);
if (buf->b_p_vsts && buf->b_p_vsts != empty_option)
- tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
+ (void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
else
buf->b_p_vsts_array = 0;
#endif
diff --git a/src/optionstr.c b/src/optionstr.c
index 521242d..db015e8 100644
--- a/src/optionstr.c
+++ b/src/optionstr.c
@@ -2215,7 +2215,7 @@ ambw_end:
if (errmsg == NULL)
{
int *oldarray = curbuf->b_p_vsts_array;
- if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)))
+ if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)) == OK)
{
if (oldarray)
vim_free(oldarray);
@@ -2254,7 +2254,7 @@ ambw_end:
{
int *oldarray = curbuf->b_p_vts_array;
- if (tabstop_set(*varp, &(curbuf->b_p_vts_array)))
+ if (tabstop_set(*varp, &(curbuf->b_p_vts_array)) == OK)
{
vim_free(oldarray);
#ifdef FEAT_FOLDING
diff --git a/src/testdir/test_retab.vim b/src/testdir/test_retab.vim
index b792da5..c7190aa 100644
--- a/src/testdir/test_retab.vim
+++ b/src/testdir/test_retab.vim
@@ -75,6 +75,9 @@ endfunc
func Test_retab_error()
call assert_fails('retab -1', 'E487:')
call assert_fails('retab! -1', 'E487:')
+ call assert_fails('ret -1000', 'E487:')
+ call assert_fails('ret 10000', 'E475:')
+ call assert_fails('ret 80000000000000000000', 'E475:')
endfunc
" vim: shiftwidth=2 sts=2 expandtab

1
SOURCES/virc
Unescape View File

@ -27,6 +27,7 @@ if has("autocmd")
augroup END
endif
if &term=="xterm"
set t_Co=8
set t_Sb=[4%dm

1127
SPECS/vim.spec
View File

File diff suppressed because it is too large Load Diff
Write Preview
Loading…
Cancel
Save