diff mbox series

[dunfell,1/8] Revert "vim: fix CVE-2021-4069"

Message ID 519f30e697f14d6a3864a22ec2e12544a9d3a107.1645465376.git.steve@sakoman.com
State Accepted, archived
Commit 519f30e697f14d6a3864a22ec2e12544a9d3a107
Headers show
Series [dunfell,1/8] Revert "vim: fix CVE-2021-4069" | expand

Commit Message

Steve Sakoman Feb. 21, 2022, 7:34 p.m. UTC 
Prepare to cherry-pick CVE fixes from master

This reverts commit 9db3b4ac4018bcaedb995bc77a9e675c2bca468f.

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../vim/files/CVE-2021-4069.patch             | 43 -------------------
 meta/recipes-support/vim/vim.inc              |  1 -
 2 files changed, 44 deletions(-)
 delete mode 100644 meta/recipes-support/vim/files/CVE-2021-4069.patch
diff mbox series

Patch

diff --git a/meta/recipes-support/vim/files/CVE-2021-4069.patch b/meta/recipes-support/vim/files/CVE-2021-4069.patch
deleted file mode 100644
index 6a67281907..0000000000
--- a/meta/recipes-support/vim/files/CVE-2021-4069.patch
+++ /dev/null
@@ -1,43 +0,0 @@ 
-From cd2422ee2dab3f33b2dbd1271e17cdaf8762b6d1 Mon Sep 17 00:00:00 2001
-From: Minjae Kim <flowergom@gmail.com>
-Date: Fri, 17 Dec 2021 20:32:02 -0800
-Subject: [PATCH] using freed memory in open command
-
-Problem:    Using freed memory in open command.
-Solution:   Make a copy of the current line.
-
-Upstream-Status: Backported [https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9]
-CVE: CVE-2021-4069
-Signed-off-by: Minjae Kim <flowergom@gmail.com>
----
- src/ex_docmd.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/src/ex_docmd.c b/src/ex_docmd.c
-index 59e245bee..ccd9e8bed 100644
---- a/src/ex_docmd.c
-+++ b/src/ex_docmd.c
-@@ -6029,13 +6029,17 @@ ex_open(exarg_T *eap)
- 	regmatch.regprog = vim_regcomp(eap->arg, p_magic ? RE_MAGIC : 0);
- 	if (regmatch.regprog != NULL)
- 	{
-+            // make a copy of the line, when searching for a mark it might be
-+	    // flushed
-+	    char_u *line = vim_strsave(ml_get_curline());
-+
- 	    regmatch.rm_ic = p_ic;
--	    p = ml_get_curline();
--	    if (vim_regexec(&regmatch, p, (colnr_T)0))
--		curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - p);
-+	    if (vim_regexec(&regmatch, line, (colnr_T)0))
-+		curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - line);
- 	    else
- 		emsg(_(e_nomatch));
- 	    vim_regfree(regmatch.regprog);
-+	    vim_free(line);
- 	}
- 	// Move to the NUL, ignore any other arguments.
- 	eap->arg += STRLEN(eap->arg);
--- 
-2.25.1
-
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 51a6861325..11fed67527 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -26,7 +26,6 @@  SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://0001-patch-8.2.3581-reading-character-past-end-of-line.patch \
            file://0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch \
            file://0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch \
-	   file://CVE-2021-4069.patch \
            "
 
 SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"