diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2022-08-26 04:02:20 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2022-08-27 13:30:28 +0200 |
| commit | 71a81b740897cf4e38ea73171f3d0aeb05c848e5 (patch) | |
| tree | 952e50d5e1a4d2175f9d5b4dc2a88301dbe3ab39 /patches | |
| parent | d96560a97701c7aef9bf4fd69bb2c47d2268d40b (diff) | |
| download | current-71a81b740897cf4e38ea73171f3d0aeb05c848e5.tar.gz current-71a81b740897cf4e38ea73171f3d0aeb05c848e5.tar.xz | |
Fri Aug 26 04:02:20 UTC 202220220826040220_15.0
patches/packages/linux-5.15.63/*: Upgraded.
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.39:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
Fixed in 5.15.40:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1943
Fixed in 5.15.41:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012
Fixed in 5.15.42:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499
Fixed in 5.15.44:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789
Fixed in 5.15.45:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503
Fixed in 5.15.46:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1973
Fixed in 5.15.47:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32981
Fixed in 5.15.48:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
Fixed in 5.15.53:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33744
Fixed in 5.15.54:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918
Fixed in 5.15.56:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36123
Fixed in 5.15.57:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901
Fixed in 5.15.58:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879
Fixed in 5.15.59:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946
Fixed in 5.15.60:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373
Fixed in 5.15.61:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588
(* Security fix *)
patches/packages/vim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded.
We're just going to move to vim-9 instead of continuing to backport patches
to the vim-8 branch. Most users will be better served by this.
Fixed use after free and null pointer dereference.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923
(* Security fix *)
patches/packages/vim-gvim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded.
Diffstat (limited to 'patches')
| -rw-r--r-- | patches/packages/linux-5.15.63/kernel-generic-5.15.63-x86_64-1.txt (renamed from patches/packages/linux-5.15.38/kernel-generic-5.15.38-x86_64-1.txt) | 0 | ||||
| -rw-r--r-- | patches/packages/linux-5.15.63/kernel-headers-5.15.63-x86-1.txt (renamed from patches/packages/linux-5.15.38/kernel-headers-5.15.38-x86-1.txt) | 0 | ||||
| -rw-r--r-- | patches/packages/linux-5.15.63/kernel-huge-5.15.63-x86_64-1.txt (renamed from patches/packages/linux-5.15.38/kernel-huge-5.15.38-x86_64-1.txt) | 0 | ||||
| -rw-r--r-- | patches/packages/linux-5.15.63/kernel-modules-5.15.63-x86_64-1.txt (renamed from patches/packages/linux-5.15.38/kernel-modules-5.15.38-x86_64-1.txt) | 0 | ||||
| -rw-r--r-- | patches/packages/linux-5.15.63/kernel-source-5.15.63-noarch-1.txt (renamed from patches/packages/linux-5.15.38/kernel-source-5.15.38-noarch-1.txt) | 0 | ||||
| -rw-r--r-- | patches/packages/vim-9.0.0270-x86_64-1_slack15.0.txt (renamed from patches/packages/vim-8.2.4649-x86_64-3_slack15.0.txt) | 0 | ||||
| -rw-r--r-- | patches/packages/vim-gvim-9.0.0270-x86_64-1_slack15.0.txt (renamed from patches/packages/vim-gvim-8.2.4649-x86_64-3_slack15.0.txt) | 0 | ||||
| -rw-r--r-- | patches/source/vim/CVE-2022-2816.patch | 26 | ||||
| -rw-r--r-- | patches/source/vim/CVE-2022-2817.patch | 69 | ||||
| -rw-r--r-- | patches/source/vim/CVE-2022-2819.patch | 40 | ||||
| -rw-r--r-- | patches/source/vim/CVE-2022-2889.patch | 236 | ||||
| -rwxr-xr-x | patches/source/vim/vim-gvim.SlackBuild | 10 | ||||
| -rwxr-xr-x | patches/source/vim/vim.SlackBuild | 10 |
13 files changed, 4 insertions, 387 deletions
diff --git a/patches/packages/linux-5.15.38/kernel-generic-5.15.38-x86_64-1.txt b/patches/packages/linux-5.15.63/kernel-generic-5.15.63-x86_64-1.txt index 975a5ba6d..975a5ba6d 100644 --- a/patches/packages/linux-5.15.38/kernel-generic-5.15.38-x86_64-1.txt +++ b/patches/packages/linux-5.15.63/kernel-generic-5.15.63-x86_64-1.txt diff --git a/patches/packages/linux-5.15.38/kernel-headers-5.15.38-x86-1.txt b/patches/packages/linux-5.15.63/kernel-headers-5.15.63-x86-1.txt index 27b46a0e6..27b46a0e6 100644 --- a/patches/packages/linux-5.15.38/kernel-headers-5.15.38-x86-1.txt +++ b/patches/packages/linux-5.15.63/kernel-headers-5.15.63-x86-1.txt diff --git a/patches/packages/linux-5.15.38/kernel-huge-5.15.38-x86_64-1.txt b/patches/packages/linux-5.15.63/kernel-huge-5.15.63-x86_64-1.txt index 2d6170611..2d6170611 100644 --- a/patches/packages/linux-5.15.38/kernel-huge-5.15.38-x86_64-1.txt +++ b/patches/packages/linux-5.15.63/kernel-huge-5.15.63-x86_64-1.txt diff --git a/patches/packages/linux-5.15.38/kernel-modules-5.15.38-x86_64-1.txt b/patches/packages/linux-5.15.63/kernel-modules-5.15.63-x86_64-1.txt index 9a9441043..9a9441043 100644 --- a/patches/packages/linux-5.15.38/kernel-modules-5.15.38-x86_64-1.txt +++ b/patches/packages/linux-5.15.63/kernel-modules-5.15.63-x86_64-1.txt diff --git a/patches/packages/linux-5.15.38/kernel-source-5.15.38-noarch-1.txt b/patches/packages/linux-5.15.63/kernel-source-5.15.63-noarch-1.txt index eb2b0a30c..eb2b0a30c 100644 --- a/patches/packages/linux-5.15.38/kernel-source-5.15.38-noarch-1.txt +++ b/patches/packages/linux-5.15.63/kernel-source-5.15.63-noarch-1.txt diff --git a/patches/packages/vim-8.2.4649-x86_64-3_slack15.0.txt b/patches/packages/vim-9.0.0270-x86_64-1_slack15.0.txt index 4a843388d..4a843388d 100644 --- a/patches/packages/vim-8.2.4649-x86_64-3_slack15.0.txt +++ b/patches/packages/vim-9.0.0270-x86_64-1_slack15.0.txt diff --git a/patches/packages/vim-gvim-8.2.4649-x86_64-3_slack15.0.txt b/patches/packages/vim-gvim-9.0.0270-x86_64-1_slack15.0.txt index 3b81553b1..3b81553b1 100644 --- a/patches/packages/vim-gvim-8.2.4649-x86_64-3_slack15.0.txt +++ b/patches/packages/vim-gvim-9.0.0270-x86_64-1_slack15.0.txt diff --git a/patches/source/vim/CVE-2022-2816.patch b/patches/source/vim/CVE-2022-2816.patch deleted file mode 100644 index da790fb6d..000000000 --- a/patches/source/vim/CVE-2022-2816.patch +++ /dev/null @@ -1,26 +0,0 @@ -From dbdd16b62560413abcc3c8e893cc3010ccf31666 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar <Bram@vim.org> -Date: Sun, 14 Aug 2022 21:46:07 +0100 -Subject: [PATCH] patch 9.0.0212: invalid memory access when compiling :unlet - -Problem: Invalid memory access when compiling :unlet. -Solution: Don't read past the end of the line. ---- - -diff --git a/src/vim9cmds.c b/src/vim9cmds.c -index 35a382138bf3..93032d6bf154 100644 ---- a/src/vim9cmds.c -+++ b/src/vim9cmds.c -@@ -92,6 +92,12 @@ free_locals(cctx_T *cctx) - int - check_vim9_unlet(char_u *name) - { -+ if (*name == NUL) -+ { -+ semsg(_(e_argument_required_for_str), "unlet"); -+ return FAIL; -+ } -+ - if (name[1] != ':' || vim_strchr((char_u *)"gwtb", *name) == NULL) - { - // "unlet s:var" is allowed in legacy script. diff --git a/patches/source/vim/CVE-2022-2817.patch b/patches/source/vim/CVE-2022-2817.patch deleted file mode 100644 index d9bfc1a66..000000000 --- a/patches/source/vim/CVE-2022-2817.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 249e1b903a9c0460d618f6dcc59aeb8c03b24b20 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar <Bram@vim.org> -Date: Sun, 14 Aug 2022 22:23:02 +0100 -Subject: [PATCH] patch 9.0.0213: using freed memory with error in assert - argument - -Problem: Using freed memory with error in assert argument. -Solution: Make a copy of the error. ---- - -diff --git a/src/testdir/test_assert.vim b/src/testdir/test_assert.vim -index 27b2d73fbfc8..7c9d090b39df 100644 ---- a/src/testdir/test_assert.vim -+++ b/src/testdir/test_assert.vim -@@ -291,6 +291,10 @@ func Test_assert_fail_fails() - let exp = v:exception - endtry - call assert_match("E1174: String required for argument 5", exp) -+ -+ call assert_equal(1, assert_fails('c0', ['', '\1'])) -+ call assert_match("Expected '\\\\\\\\1' but got 'E939: Positive count required: c0': c0", v:errors[0]) -+ call remove(v:errors, 0) - endfunc - - func Test_assert_fails_in_try_block() -diff --git a/src/testing.c b/src/testing.c -index f2355f5dac13..21eb9c18e6e2 100644 ---- a/src/testing.c -+++ b/src/testing.c -@@ -597,6 +597,7 @@ f_assert_fails(typval_T *argvars, typval_T *rettv) - int save_trylevel = trylevel; - int called_emsg_before = called_emsg; - char *wrong_arg_msg = NULL; -+ char_u *tofree = NULL; - - if (check_for_string_or_number_arg(argvars, 0) == FAIL - || check_for_opt_string_or_list_arg(argvars, 1) == FAIL -@@ -660,13 +661,17 @@ f_assert_fails(typval_T *argvars, typval_T *rettv) - } - else if (list->lv_len == 2) - { -- tv = &list->lv_u.mat.lv_last->li_tv; -- actual = get_vim_var_str(VV_ERRMSG); -- expected = tv_get_string_buf_chk(tv, buf); -- if (!pattern_match(expected, actual, FALSE)) -+ // make a copy, an error in pattern_match() may free it -+ tofree = actual = vim_strsave(get_vim_var_str(VV_ERRMSG)); -+ if (actual != NULL) - { -- error_found = TRUE; -- expected_str = expected; -+ tv = &list->lv_u.mat.lv_last->li_tv; -+ expected = tv_get_string_buf_chk(tv, buf); -+ if (!pattern_match(expected, actual, FALSE)) -+ { -+ error_found = TRUE; -+ expected_str = expected; -+ } - } - } - } -@@ -749,6 +754,7 @@ f_assert_fails(typval_T *argvars, typval_T *rettv) - msg_scrolled = 0; - lines_left = Rows; - VIM_CLEAR(emsg_assert_fails_msg); -+ vim_free(tofree); - set_vim_var_string(VV_ERRMSG, NULL, 0); - if (wrong_arg_msg != NULL) - emsg(_(wrong_arg_msg)); diff --git a/patches/source/vim/CVE-2022-2819.patch b/patches/source/vim/CVE-2022-2819.patch deleted file mode 100644 index 59c25d8c3..000000000 --- a/patches/source/vim/CVE-2022-2819.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d1d8f6bacb489036d0fd479c9dd3c0102c988889 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar <Bram@vim.org> -Date: Sun, 14 Aug 2022 21:28:32 +0100 -Subject: [PATCH] patch 9.0.0211: invalid memory access when compiling :lockvar - -Problem: Invalid memory access when compiling :lockvar. -Solution: Don't read past the end of the line. ---- - -diff --git a/src/vim9cmds.c b/src/vim9cmds.c -index ad32c32ff7cb..35a382138bf3 100644 ---- a/src/vim9cmds.c -+++ b/src/vim9cmds.c -@@ -188,10 +188,17 @@ compile_lock_unlock( - size_t len; - char_u *buf; - isntype_T isn = ISN_EXEC; -+ char *cmd = eap->cmdidx == CMD_lockvar ? "lockvar" : "unlockvar"; - - if (cctx->ctx_skip == SKIP_YES) - return OK; - -+ if (*p == NUL) -+ { -+ semsg(_(e_argument_required_for_str), cmd); -+ return FAIL; -+ } -+ - // Cannot use :lockvar and :unlockvar on local variables. - if (p[1] != ':') - { -@@ -223,8 +230,6 @@ compile_lock_unlock( - ret = FAIL; - else - { -- char *cmd = eap->cmdidx == CMD_lockvar ? "lockvar" : "unlockvar"; -- - if (deep < 0) - vim_snprintf((char *)buf, len, "%s! %s", cmd, p); - else diff --git a/patches/source/vim/CVE-2022-2889.patch b/patches/source/vim/CVE-2022-2889.patch deleted file mode 100644 index a5153eaa2..000000000 --- a/patches/source/vim/CVE-2022-2889.patch +++ /dev/null @@ -1,236 +0,0 @@ -From 91c7cbfe31bbef57d5fcf7d76989fc159f73ef15 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar <Bram@vim.org> -Date: Thu, 18 Aug 2022 13:28:31 +0100 -Subject: [PATCH] patch 9.0.0225: using freed memory with multiple line breaks - in expression - -Problem: Using freed memory with multiple line breaks in expression. -Solution: Free eval_tofree later. - -diff --git a/src/eval.c b/src/eval.c -index 42b883e9b00b..60daca51ce9d 100644 ---- a/src/eval.c -+++ b/src/eval.c -@@ -353,6 +353,63 @@ eval_to_string_skip( - return retval; - } - -+/* -+ * Initialize "evalarg" for use. -+ */ -+ void -+init_evalarg(evalarg_T *evalarg) -+{ -+ CLEAR_POINTER(evalarg); -+ ga_init2(&evalarg->eval_tofree_ga, sizeof(char_u *), 20); -+} -+ -+/* -+ * If "evalarg->eval_tofree" is not NULL free it later. -+ * Caller is expected to overwrite "evalarg->eval_tofree" next. -+ */ -+ static void -+free_eval_tofree_later(evalarg_T *evalarg) -+{ -+ if (evalarg->eval_tofree != NULL) -+ { -+ if (ga_grow(&evalarg->eval_tofree_ga, 1) == OK) -+ ((char_u **)evalarg->eval_tofree_ga.ga_data) -+ [evalarg->eval_tofree_ga.ga_len++] -+ = evalarg->eval_tofree; -+ else -+ vim_free(evalarg->eval_tofree); -+ } -+} -+ -+/* -+ * After using "evalarg" filled from "eap": free the memory. -+ */ -+ void -+clear_evalarg(evalarg_T *evalarg, exarg_T *eap) -+{ -+ if (evalarg != NULL) -+ { -+ if (evalarg->eval_tofree != NULL) -+ { -+ if (eap != NULL) -+ { -+ // We may need to keep the original command line, e.g. for -+ // ":let" it has the variable names. But we may also need the -+ // new one, "nextcmd" points into it. Keep both. -+ vim_free(eap->cmdline_tofree); -+ eap->cmdline_tofree = *eap->cmdlinep; -+ *eap->cmdlinep = evalarg->eval_tofree; -+ } -+ else -+ vim_free(evalarg->eval_tofree); -+ evalarg->eval_tofree = NULL; -+ } -+ -+ ga_clear_strings(&evalarg->eval_tofree_ga); -+ VIM_CLEAR(evalarg->eval_tofree_lambda); -+ } -+} -+ - /* - * Skip over an expression at "*pp". - * Return FAIL for an error, OK otherwise. -@@ -435,8 +492,8 @@ skip_expr_concatenate( - // Do not free the first line, the caller can still use it. - *((char_u **)gap->ga_data) = NULL; - // Do not free the last line, "arg" points into it, free it -- // later. -- vim_free(evalarg->eval_tofree); -+ // later. Also free "eval_tofree" later if needed. -+ free_eval_tofree_later(evalarg); - evalarg->eval_tofree = - ((char_u **)gap->ga_data)[gap->ga_len - 1]; - ((char_u **)gap->ga_data)[gap->ga_len - 1] = NULL; -@@ -2274,7 +2331,7 @@ eval_next_line(char_u *arg, evalarg_T *evalarg) - } - else if (evalarg->eval_cookie != NULL) - { -- vim_free(evalarg->eval_tofree); -+ free_eval_tofree_later(evalarg); - evalarg->eval_tofree = line; - } - -@@ -2301,45 +2358,6 @@ skipwhite_and_linebreak(char_u *arg, evalarg_T *evalarg) - return p; - } - --/* -- * Initialize "evalarg" for use. -- */ -- void --init_evalarg(evalarg_T *evalarg) --{ -- CLEAR_POINTER(evalarg); -- ga_init2(&evalarg->eval_tofree_ga, sizeof(char_u *), 20); --} -- --/* -- * After using "evalarg" filled from "eap": free the memory. -- */ -- void --clear_evalarg(evalarg_T *evalarg, exarg_T *eap) --{ -- if (evalarg != NULL) -- { -- if (evalarg->eval_tofree != NULL) -- { -- if (eap != NULL) -- { -- // We may need to keep the original command line, e.g. for -- // ":let" it has the variable names. But we may also need the -- // new one, "nextcmd" points into it. Keep both. -- vim_free(eap->cmdline_tofree); -- eap->cmdline_tofree = *eap->cmdlinep; -- *eap->cmdlinep = evalarg->eval_tofree; -- } -- else -- vim_free(evalarg->eval_tofree); -- evalarg->eval_tofree = NULL; -- } -- -- ga_clear_strings(&evalarg->eval_tofree_ga); -- VIM_CLEAR(evalarg->eval_tofree_lambda); -- } --} -- - /* - * The "evaluate" argument: When FALSE, the argument is only parsed but not - * executed. The function may return OK, but the rettv will be of type -diff --git a/src/proto/eval.pro b/src/proto/eval.pro -index e6cd8928d19c..27a13c9498ba 100644 ---- a/src/proto/eval.pro -+++ b/src/proto/eval.pro -@@ -9,6 +9,8 @@ int eval_expr_valid_arg(typval_T *tv); - int eval_expr_typval(typval_T *expr, typval_T *argv, int argc, typval_T *rettv); - int eval_expr_to_bool(typval_T *expr, int *error); - char_u *eval_to_string_skip(char_u *arg, exarg_T *eap, int skip); -+void init_evalarg(evalarg_T *evalarg); -+void clear_evalarg(evalarg_T *evalarg, exarg_T *eap); - int skip_expr(char_u **pp, evalarg_T *evalarg); - int skip_expr_concatenate(char_u **arg, char_u **start, char_u **end, evalarg_T *evalarg); - char_u *typval2string(typval_T *tv, int convert); -@@ -34,8 +36,6 @@ int pattern_match(char_u *pat, char_u *text, int ic); - char_u *eval_next_non_blank(char_u *arg, evalarg_T *evalarg, int *getnext); - char_u *eval_next_line(char_u *arg, evalarg_T *evalarg); - char_u *skipwhite_and_linebreak(char_u *arg, evalarg_T *evalarg); --void init_evalarg(evalarg_T *evalarg); --void clear_evalarg(evalarg_T *evalarg, exarg_T *eap); - int eval0(char_u *arg, typval_T *rettv, exarg_T *eap, evalarg_T *evalarg); - int eval0_retarg(char_u *arg, typval_T *rettv, exarg_T *eap, evalarg_T *evalarg, char_u **retarg); - int eval1(char_u **arg, typval_T *rettv, evalarg_T *evalarg); -diff --git a/src/testdir/test_vim9_script.vim b/src/testdir/test_vim9_script.vim -index 56a39efcf79b..597e31ec1c26 100644 ---- a/src/testdir/test_vim9_script.vim -+++ b/src/testdir/test_vim9_script.vim -@@ -1560,6 +1560,19 @@ def Test_func_redefine_fails() - v9.CheckScriptFailure(lines, 'E1073:') - enddef - -+def Test_lambda_split() -+ # this was using freed memory, because of the split expression -+ var lines =<< trim END -+ vim9script -+ try -+ 0 -+ 0->(0 -+ ->a.0( -+ ->u -+ END -+ v9.CheckScriptFailure(lines, 'E1050:') -+enddef -+ - def Test_fixed_size_list() - # will be allocated as one piece of memory, check that changes work - var l = [1, 2, 3, 4] -diff --git a/src/userfunc.c b/src/userfunc.c -index f612160fc872..e0bdc3fda911 100644 ---- a/src/userfunc.c -+++ b/src/userfunc.c -@@ -1372,7 +1372,6 @@ get_lambda_tv( - char_u *start, *end; - int *old_eval_lavars = eval_lavars_used; - int eval_lavars = FALSE; -- char_u *tofree1 = NULL; - char_u *tofree2 = NULL; - int equal_arrow = **arg == '('; - int white_error = FALSE; -@@ -1457,12 +1456,6 @@ get_lambda_tv( - ret = skip_expr_concatenate(arg, &start, &end, evalarg); - if (ret == FAIL) - goto errret; -- if (evalarg != NULL) -- { -- // avoid that the expression gets freed when another line break follows -- tofree1 = evalarg->eval_tofree; -- evalarg->eval_tofree = NULL; -- } - - if (!equal_arrow) - { -@@ -1585,10 +1578,6 @@ get_lambda_tv( - - theend: - eval_lavars_used = old_eval_lavars; -- if (evalarg != NULL && evalarg->eval_tofree == NULL) -- evalarg->eval_tofree = tofree1; -- else -- vim_free(tofree1); - vim_free(tofree2); - if (types_optional) - ga_clear_strings(&argtypes); -@@ -1607,10 +1596,6 @@ get_lambda_tv( - } - vim_free(fp); - vim_free(pt); -- if (evalarg != NULL && evalarg->eval_tofree == NULL) -- evalarg->eval_tofree = tofree1; -- else -- vim_free(tofree1); - vim_free(tofree2); - eval_lavars_used = old_eval_lavars; - return FAIL; diff --git a/patches/source/vim/vim-gvim.SlackBuild b/patches/source/vim/vim-gvim.SlackBuild index 53f2686f3..a24a0ada1 100755 --- a/patches/source/vim/vim-gvim.SlackBuild +++ b/patches/source/vim/vim-gvim.SlackBuild @@ -30,9 +30,9 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=vim-gvim -VIMBRANCH=8.2 +VIMBRANCH=9.0 VERSION=$(echo vim-${VIMBRANCH}*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev) -BUILD=${BUILD:-3_slack15.0} +BUILD=${BUILD:-1_slack15.0} # The possible settings for this are yes/no/dynamic. PERLINTERP=${PERLINTERP:-dynamic} @@ -111,12 +111,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -# Fix security issues: -zcat $CWD/CVE-2022-2816.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/CVE-2022-2817.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/CVE-2022-2819.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/CVE-2022-2889.patch.gz | patch -p1 --verbose || exit 1 - config_vim --with-x --enable-gui=gtk3 || exit 1 make $NUMJOBS || make || exit 1 make install DESTDIR=$PKG || exit 1 diff --git a/patches/source/vim/vim.SlackBuild b/patches/source/vim/vim.SlackBuild index b628315ce..2d2cbe5b3 100755 --- a/patches/source/vim/vim.SlackBuild +++ b/patches/source/vim/vim.SlackBuild @@ -23,9 +23,9 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=vim -VIMBRANCH=8.2 +VIMBRANCH=9.0 CTAGSVER=5.8 -BUILD=${BUILD:-3_slack15.0} +BUILD=${BUILD:-1_slack15.0} # The possible settings for this are yes/no/dynamic. PERLINTERP=${PERLINTERP:-dynamic} @@ -152,12 +152,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -# Fix security issues: -zcat $CWD/CVE-2022-2816.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/CVE-2022-2817.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/CVE-2022-2819.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/CVE-2022-2889.patch.gz | patch -p1 --verbose || exit 1 - config_vim --without-x --disable-gui || exit 1 make $NUMJOBS || make || exit 1 make install DESTDIR=$PKG || exit 1 |