From 40e77ea61df9f94c97d6ada4c7a61186ba390e13f7122eb016f709ab4dba8d2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20S=C3=BAkup?= Date: Mon, 19 Sep 2022 08:04:50 +0000 Subject: [PATCH 1/2] =?UTF-8?q?-=20Updated=20to=20version=209.0.0500,=20fi?= =?UTF-8?q?xes=20the=20following=20problems=20-=20boo#1203508=20-=20CVE-20?= =?UTF-8?q?22-3234=20=20=20*=20On=20an=20AZERTY=20keyboard=20digit=20keys?= =?UTF-8?q?=20get=20the=20shift=20modifier.=20=20=20*=20Incorrect=20color?= =?UTF-8?q?=20for=20modeless=20selection=20with=20GTK.=20=20=20*=20A=20few?= =?UTF-8?q?=20problems=20with=20'splitscroll'.=20=20=20*=20Function=20call?= =?UTF-8?q?ed=20at=20debug=20prompt=20is=20also=20debugged.=20=20=20*=20Su?= =?UTF-8?q?bstitute=20prompt=20does=20not=20highlight=20an=20empty=20match?= =?UTF-8?q?.=20=20=20*=20Splitting=20a=20line=20with=20a=20text=20prop=20"?= =?UTF-8?q?above"=20moves=20it=20to=20a=20new=20line=20below.=20=20=20*=20?= =?UTF-8?q?Vim9:=20block=20in=20for=20loop=20doesn't=20behave=20like=20a?= =?UTF-8?q?=20code=20block.=20=20=20*=20Loop=20variable=20can't=20be=20fou?= =?UTF-8?q?nd.=20=20=20*=20'scroll'=20is=20not=20always=20updated.=20=20?= =?UTF-8?q?=20*=20ASAN=20warning=20for=20integer=20overflow.=20=20=20*=20C?= =?UTF-8?q?ommand=20line=20test=20leaves=20directory=20behind.=20=20=20*?= =?UTF-8?q?=20With=20virtual=20text=20"above"=20indenting=20doesn't=20work?= =?UTF-8?q?=20well.=20=20=20*=20Cursor=20moves=20when=20cmdwin=20is=20clos?= =?UTF-8?q?ed=20when=20'splitscroll'=20is=20off.=20=20=20*=20Virtual=20tex?= =?UTF-8?q?t=20wrong=20after=20adding=20line=20break=20after=20line.=20=20?= =?UTF-8?q?=20*=20Build=20failure.=20=20=20*=20Exectution=20stack=20underf?= =?UTF-8?q?low=20without=20the=20+eval=20feature.=20(Dominique=20Pell?= =?UTF-8?q?=C3=A9)=20=20=20*=20Cursor=20moves=20if=20cmdwin=20is=20closed?= =?UTF-8?q?=20when=20'splitscroll'=20is=20off.=20=20=20*=20In=20a=20:def?= =?UTF-8?q?=20function=20all=20closures=20in=20a=20loop=20get=20the=20same?= =?UTF-8?q?=20variables.=20=20=20*=20No=20test=20for=20what=20patch=209.0.?= =?UTF-8?q?0469=20fixes.=20=20=20*=20Virtual=20text=20"below"=20doesn't=20?= =?UTF-8?q?show=20in=20list=20mode.=20=20=20*=20fullcommand()=20only=20wor?= =?UTF-8?q?ks=20for=20the=20current=20script=20version.=20=20=20*=20fullco?= =?UTF-8?q?mmand()=20test=20failure.=20=20=20*=20Not=20using=20deferred=20?= =?UTF-8?q?delete=20in=20tests.=20=20=20*=20Varargs=20does=20not=20work=20?= =?UTF-8?q?for=20replacement=20function=20of=20substitute().=20=20=20*=20M?= =?UTF-8?q?issing=20dependency=20may=20cause=20crashes=20on=20incomplete?= =?UTF-8?q?=20build.=20=20=20*=20Test=20for=20'splitscroll'=20takes=20too?= =?UTF-8?q?=20much=20time.=20=20=20*=20Valva=20Date=20Format=20files=20are?= =?UTF-8?q?=20not=20recognized.=20=20=20*=20Cannot=20use=20a=20:def=20vara?= =?UTF-8?q?rgs=20function=20with=20substitute().?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/editors/vim?expand=0&rev=749 --- vim-9.0.0453.tar.gz | 3 --- vim-9.0.0500.tar.gz | 3 +++ vim.changes | 54 +++++++++++++++++++++++++++++++++++++++++++++ vim.spec | 2 +- 4 files changed, 58 insertions(+), 4 deletions(-) delete mode 100644 vim-9.0.0453.tar.gz create mode 100644 vim-9.0.0500.tar.gz diff --git a/vim-9.0.0453.tar.gz b/vim-9.0.0453.tar.gz deleted file mode 100644 index d619762..0000000 --- a/vim-9.0.0453.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b90063706a2a9ee234275e0dd4b71a11e24867c33203c432fd6e9799fdc3bff9 -size 16847442 diff --git a/vim-9.0.0500.tar.gz b/vim-9.0.0500.tar.gz new file mode 100644 index 0000000..d590ad3 --- /dev/null +++ b/vim-9.0.0500.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5ff6f245b6d1499e109f6c6fcb66b1d7a0c7693d76a2487e0c8af5e720de7c2e +size 16858528 diff --git a/vim.changes b/vim.changes index a0f29d7..54c6381 100644 --- a/vim.changes +++ b/vim.changes @@ -1,3 +1,57 @@ +------------------------------------------------------------------- +Mon Sep 19 07:48:28 UTC 2022 - Ondřej Súkup + +- Updated to version 9.0.0500, fixes the following problems +- boo#1203508 - CVE-2022-3234 + * On an AZERTY keyboard digit keys get the shift modifier. + * Incorrect color for modeless selection with GTK. + * A few problems with 'splitscroll'. + * Function called at debug prompt is also debugged. + * Substitute prompt does not highlight an empty match. + * Splitting a line with a text prop "above" moves it to a new line below. + * Vim9: block in for loop doesn't behave like a code block. + * Loop variable can't be found. + * 'scroll' is not always updated. + * ASAN warning for integer overflow. + * Command line test leaves directory behind. + * With virtual text "above" indenting doesn't work well. + * Cursor moves when cmdwin is closed when 'splitscroll' is off. + * Virtual text wrong after adding line break after line. + * Build failure. + * Exectution stack underflow without the +eval feature. (Dominique Pellé) + * Cursor moves if cmdwin is closed when 'splitscroll' is off. + * In a :def function all closures in a loop get the same variables. + * No test for what patch 9.0.0469 fixes. + * Virtual text "below" doesn't show in list mode. + * fullcommand() only works for the current script version. + * fullcommand() test failure. + * Not using deferred delete in tests. + * Varargs does not work for replacement function of substitute(). + * Missing dependency may cause crashes on incomplete build. + * Test for 'splitscroll' takes too much time. + * Valva Date Format files are not recognized. + * Cannot use a :def varargs function with substitute(). + * In a :def function all closures in a loop get the same variables. + * "g0" moves to wrong location with virtual text "above". + * Illegal memory access when replacing in virtualedit mode. + * In a :def function all closures in a loop get the same variables. + * Text scrolled with 'nosplitscroll', autocmd win opened and help window + closed. + * Using freed memory with combination of closures. + * Cursor in wrong position with virtual text "above" and 'showbreak'. + * Using "end_lnum" with virtual text causes problems. + * Using freed memory with cmdwin and BufEnter autocmd. + * No good reason to build without the float feature. + * Cmdwin test fails on MS-Windows. + * Perl test fails. + * Small build misses float function declaraitons. + * Closure doesn't work properly in nested loop. + * No good reason to keep supporting Windows-XP. + * LyRiCs files are not recognized. + * Various small issues. + * In :def function list created after const is locked. + * When quitting the cmdline window with CTRL-C it remains visible. + ------------------------------------------------------------------- Tue Sep 13 07:41:04 UTC 2022 - Ondřej Súkup diff --git a/vim.spec b/vim.spec index e5bc194..85a6512 100644 --- a/vim.spec +++ b/vim.spec @@ -17,7 +17,7 @@ %define pkg_version 9.0 -%define patchlevel 0453 +%define patchlevel 0500 %define patchlevel_compact %{patchlevel} %define VIM_SUBDIR vim90 %define site_runtimepath %{_datadir}/vim/site From 611c4875c61ad4e9e2cdcd158881f5b2957ae3068e5d36ef6470e7a947743a79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20S=C3=BAkup?= Date: Mon, 19 Sep 2022 08:16:28 +0000 Subject: [PATCH 2/2] - boo#1203509 - CVE-2022-3235 OBS-URL: https://build.opensuse.org/package/show/editors/vim?expand=0&rev=750 --- vim.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/vim.changes b/vim.changes index 54c6381..95961a4 100644 --- a/vim.changes +++ b/vim.changes @@ -3,6 +3,7 @@ Mon Sep 19 07:48:28 UTC 2022 - Ondřej Súkup - Updated to version 9.0.0500, fixes the following problems - boo#1203508 - CVE-2022-3234 +- boo#1203509 - CVE-2022-3235 * On an AZERTY keyboard digit keys get the shift modifier. * Incorrect color for modeless selection with GTK. * A few problems with 'splitscroll'.