[AUTO-CHERRYPICK] [Medium] patch vim to fix CVE-2025-24014 - branch 3.0-dev (#12083)

CBL-Mariner-Bot · jykanase · web-flow · commit fbb8161dbc19 · 2025-01-26T10:41:08.000-05:00
Co-authored-by: jykanase &lt;v-jykanase@microsoft.com&gt;
diff --git a/SPECS/vim/CVE-2025-24014.patch b/SPECS/vim/CVE-2025-24014.patch
@@ -0,0 +1,35 @@
+From a37c69c15cc3ea6b2e67336748a578d2c2c549db Mon Sep 17 00:00:00 2001
+From: jykanase <v-jykanase@microsoft.com>
+Date: Thu, 23 Jan 2025 09:19:12 +0000
+Subject: [PATCH] CVE-CVE-2025-24014
+
+Source Link : https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919
+---
+ src/gui.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/gui.c b/src/gui.c
+index 8e7b079..86c40de 100644
+--- a/src/gui.c
++++ b/src/gui.c
+@@ -4478,13 +4478,15 @@ gui_do_scroll(void)
+     /*
+      * Don't call updateWindow() when nothing has changed (it will overwrite
+      * the status line!).
++     *
++     * Check for ScreenLines, because in ex-mode, we don't have a valid display.
+      */
+-    if (old_topline != wp->w_topline
++    if (ScreenLines != NULL && (old_topline != wp->w_topline
+	    || wp->w_redr_type != 0
+ #ifdef FEAT_DIFF
+	    || old_topfill != wp->w_topfill
+ #endif
+-	    )
++	    ))
+     {
+	int type = UPD_VALID;
+
+--
+2.45.2
+
diff --git a/SPECS/vim/vim.spec b/SPECS/vim/vim.spec
@@ -2,7 +2,7 @@
 Summary:        Text editor
 Name:           vim
 Version:        9.1.0791
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        Vim
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -11,6 +11,7 @@ URL:            https://www.vim.org
 Source0:        https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        macros.vim
 Patch0:         CVE-2025-22134.patch
+Patch1:         CVE-2025-24014.patch
 BuildRequires:  ncurses-devel
 BuildRequires:  python3-devel
 Requires(post): sed
@@ -219,6 +220,9 @@ fi
 %{_rpmconfigdir}/macros.d/macros.vim
 
 %changelog
+* Thu Jan 23 2025 Jyoti Kanase <v-jykanase@microsoft.com> - 9.1.0791-3
+- Patch to fix CVE-2025-24014.
+
 * Wed Jan 15 2025 Bhagyashri Pathak <bhapathak@microsoft.com> - 9.1.0791-2
 - Add patch to fix CVE-2025-22134
 
