From: Thomas Perale via buildroot <buildroot@buildroot.org>
To: buildroot@buildroot.org
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Subject: [Buildroot] [PATCH] package/vim: security bump to v9.1.2148
Date: Tue, 3 Mar 2026 12:04:45 +0100 [thread overview]
Message-ID: <20260303110445.306426-1-thomas.perale@mind.be> (raw)
For changes, see:
- https://github.com/vim/vim/compare/v9.1.2017...v9.1.2148
Fixes the following vulnerabilities:
- CVE-2026-25749:
Vim is an open source, command line text editor. Prior to version
9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag
file resolution logic when processing the 'helpfile' option. The
vulnerability is located in the get_tagfname() function in src/tag.c.
When processing help file tags, Vim copies the user-controlled
'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1
bytes (typically 4097 bytes) using an unsafe STRCPY() operation
without any bounds checking. This issue has been patched in version
9.1.2132.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2026-25749
- https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9
- CVE-2026-26269:
Vim is an open source, command line text editor. Prior to 9.1.2148, a
stack buffer overflow vulnerability exists in Vim's NetBeans
integration when processing the specialKeys command, affecting Vim
builds that enable and use the NetBeans feature. The Stack buffer
overflow exists in special_keys() (in src/netbeans.c). The while
(*tok) loop writes two bytes per iteration into a 64-byte stack buffer
(keybuf) with no bounds check. A malicious NetBeans server can
overflow keybuf with a single specialKeys command. The issue has been
fixed as of Vim patch v9.1.2148.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2026-26269
- https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
...src-Makefile-create-links-with-ln-sf.patch | 78 -------------------
package/vim/vim.hash | 2 +-
package/vim/vim.mk | 2 +-
3 files changed, 2 insertions(+), 80 deletions(-)
delete mode 100644 package/vim/0001-src-Makefile-create-links-with-ln-sf.patch
diff --git a/package/vim/0001-src-Makefile-create-links-with-ln-sf.patch b/package/vim/0001-src-Makefile-create-links-with-ln-sf.patch
deleted file mode 100644
index 54d423aacf..0000000000
--- a/package/vim/0001-src-Makefile-create-links-with-ln-sf.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 5686ef63f81fcac2ca6ec6e7160829b295ad4e79 Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Date: Sun, 28 Dec 2025 15:01:38 +0100
-Subject: [PATCH] src/Makefile: create links with ln -sf
-
-Running "make installlinks" twice towards the same destination
-directory will fail, as symlink will already exist. This is not really
-expected as "make install" is normally expected to work again and
-again towards the same destination directory.
-
-Fix this by using ln -sf.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Upstream: https://github.com/vim/vim/commit/6df5360691266b5eca49380e94f3e21fa48e5e0b
----
- src/Makefile | 24 ++++++++++++------------
- 1 file changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index 6fb1eb95e..39f798260 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -2746,40 +2746,40 @@ installvimdiff: $(DEST_BIN)/$(VIMDIFFTARGET)
- installgvimdiff: $(DEST_BIN)/$(GVIMDIFFTARGET)
-
- $(DEST_BIN)/$(EXTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(EXTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(EXTARGET)
-
- $(DEST_BIN)/$(VIEWTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(VIEWTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(VIEWTARGET)
-
- $(DEST_BIN)/$(GVIMTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(GVIMTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(GVIMTARGET)
-
- $(DEST_BIN)/$(GVIEWTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(GVIEWTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(GVIEWTARGET)
-
- $(DEST_BIN)/$(RVIMTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(RVIMTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(RVIMTARGET)
-
- $(DEST_BIN)/$(RVIEWTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(RVIEWTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(RVIEWTARGET)
-
- $(DEST_BIN)/$(RGVIMTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(RGVIMTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(RGVIMTARGET)
-
- $(DEST_BIN)/$(RGVIEWTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(RGVIEWTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(RGVIEWTARGET)
-
- $(DEST_BIN)/$(VIMDIFFTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(VIMDIFFTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(VIMDIFFTARGET)
-
- $(DEST_BIN)/$(GVIMDIFFTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(GVIMDIFFTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(GVIMDIFFTARGET)
-
- $(DEST_BIN)/$(EVIMTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(EVIMTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(EVIMTARGET)
-
- $(DEST_BIN)/$(EVIEWTARGET): $(DEST_BIN)
-- cd $(DEST_BIN); ln -s $(VIMTARGET) $(EVIEWTARGET)
-+ cd $(DEST_BIN); ln -sf $(VIMTARGET) $(EVIEWTARGET)
-
- # Create links for the manual pages with various names to vim. This is only
- # done when the links (or manpages with the same name) don't exist yet.
---
-2.52.0
-
diff --git a/package/vim/vim.hash b/package/vim/vim.hash
index f7c883b929..ecc41be702 100644
--- a/package/vim/vim.hash
+++ b/package/vim/vim.hash
@@ -1,4 +1,4 @@
# Locally computed
-sha256 be1d60091d27bbdbc090e0bb19798baeea378aa29645fd47dc4c222dc14efcaf vim-9.1.2017.tar.gz
+sha256 f9ec31df8f1a78e130dd06c395e6626c2a8a8ec2705d8e7b7667bd3ecd499c6b vim-9.1.2148.tar.gz
sha256 0b3f1f330cb1b179bb17c7c687d4cec601e0aa3462bc7f890ad4c3888d37d720 LICENSE
sha256 ee1d0885bbc4a95a24e49873a075391bdf26b69d13758e30f3d9271f8f42bd2d README.txt
diff --git a/package/vim/vim.mk b/package/vim/vim.mk
index fa7d47d67d..9201587a8a 100644
--- a/package/vim/vim.mk
+++ b/package/vim/vim.mk
@@ -4,7 +4,7 @@
#
################################################################################
-VIM_VERSION = 9.1.2017
+VIM_VERSION = 9.1.2148
VIM_SITE = $(call github,vim,vim,v$(VIM_VERSION))
VIM_DEPENDENCIES = ncurses $(TARGET_NLS_DEPENDENCIES)
VIM_SUBDIR = src
--
2.53.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next reply other threads:[~2026-03-03 11:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-03 11:04 Thomas Perale via buildroot [this message]
2026-03-03 17:22 ` [Buildroot] [PATCH] package/vim: security bump to v9.1.2148 Julien Olivain via buildroot
2026-03-06 19:53 ` Thomas Perale via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260303110445.306426-1-thomas.perale@mind.be \
--to=buildroot@buildroot.org \
--cc=giulio.benetti@benettiengineering.com \
--cc=thomas.perale@mind.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox