From: Adarsh Jagadish Kamini Date: Wed, 15 Apr 2026 08:54:42 +0000 (+0200) Subject: vim: update to 9.2.0340 to fix CVEs X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git vim: update to 9.2.0340 to fix CVEs CVEs fixed: CVE-2026-34714 and CVE-2026-33412 Signed-off-by: Adarsh Jagadish Kamini Signed-off-by: Mathieu Dubois-Briand --- diff --git a/meta/recipes-support/vim/files/CVE-2026-33412.patch b/meta/recipes-support/vim/files/CVE-2026-33412.patch deleted file mode 100644 index 44d7ae6d24..0000000000 --- a/meta/recipes-support/vim/files/CVE-2026-33412.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 645ed6597d1ea896c712cd7ddbb6edee79577e9a Mon Sep 17 00:00:00 2001 -From: pyllyukko -Date: Thu, 19 Mar 2026 19:58:05 +0000 -Subject: [PATCH] patch 9.2.0202: [security]: command injection via newline in - glob() - -Problem: The glob() function on Unix-like systems does not escape - newline characters when expanding wildcards. A maliciously - crafted string containing '\n' can be used as a command - separator to execute arbitrary shell commands via - mch_expand_wildcards(). This depends on the user's 'shell' - setting. -Solution: Add the newline character ('\n') to the SHELL_SPECIAL - definition to ensure it is properly escaped before being - passed to the shell (pyllyukko). - -closes: #19746 - -Github Advisory: -https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c - -Signed-off-by: pyllyukko -Signed-off-by: Christian Brabandt - -CVE: CVE-2026-33412 -Upstream-Status: Backport [https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a] - -Backport Changes: -- Excluded changes to src/version.c from this backport. The recipe tracks Vim - tag v9.2.0110, so upstream patchlevel bookkeeping updates are not needed for - the security fix. - -Signed-off-by: Ashish Sharma ---- - src/os_unix.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/os_unix.c b/src/os_unix.c -index cf195e62e1..d767956b1a 100644 ---- a/src/os_unix.c -+++ b/src/os_unix.c -@@ -7106,7 +7106,7 @@ mch_expandpath( - # define SEEK_END 2 - # endif - --# define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|" -+# define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|\n" - - int - mch_expand_wildcards( --- -2.50.1 diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 7a3c65b5c2..6f9b31d868 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -16,11 +16,10 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https;tag=v${PV} file://disable_acl_header_check.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ - file://CVE-2026-33412.patch \ " -PV .= ".0110" -SRCREV = "7ba60f17c22ef81680f25f8c3225b4edb55ddd7c" +PV .= ".0340" +SRCREV = "6addd6c101117706bc9b3609d3a418e26e92618f" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+)\.0"