Re: [Buildroot] [PATCH] package/vim: security bump to v9.1.2148

From: Thomas Perale via buildroot <buildroot@buildroot.org>
To: Thomas Perale <thomas.perale@mind.be>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/vim: security bump to v9.1.2148
Date: Fri,  6 Mar 2026 20:53:28 +0100	[thread overview]
Message-ID: <20260306195328.8642-1-thomas.perale@mind.be> (raw)
In-Reply-To: <20260303110445.306426-1-thomas.perale@mind.be>

In reply of:
> For changes, see:
> 
>   - https://github.com/vim/vim/compare/v9.1.2017...v9.1.2148
> 
> Fixes the following vulnerabilities:
> 
> - CVE-2026-25749:
>     Vim is an open source, command line text editor. Prior to version
>     9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag
>     file resolution logic when processing the 'helpfile' option. The
>     vulnerability is located in the get_tagfname() function in src/tag.c.
>     When processing help file tags, Vim copies the user-controlled
>     'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1
>     bytes (typically 4097 bytes) using an unsafe STRCPY() operation
>     without any bounds checking. This issue has been patched in version
>     9.1.2132.
> 
> For more information, see:
>   - https://www.cve.org/CVERecord?id=CVE-2026-25749
>   - https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9
> 
> - CVE-2026-26269:
>     Vim is an open source, command line text editor. Prior to 9.1.2148, a
>     stack buffer overflow vulnerability exists in Vim's NetBeans
>     integration when processing the specialKeys command, affecting Vim
>     builds that enable and use the NetBeans feature. The Stack buffer
>     overflow exists in special_keys() (in src/netbeans.c). The while
>     (*tok) loop writes two bytes per iteration into a 64-byte stack buffer
>     (keybuf) with no bounds check. A malicious NetBeans server can
>     overflow keybuf with a single specialKeys command. The issue has been
>     fixed as of Vim patch v9.1.2148.
> 
> For more information, see:
>   - https://www.cve.org/CVERecord?id=CVE-2026-26269
>   - https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Applied to 2025.02.x & 2025.11.x. Thanks

> ---
>  ...src-Makefile-create-links-with-ln-sf.patch | 78 -------------------
>  package/vim/vim.hash                          |  2 +-
>  package/vim/vim.mk                            |  2 +-
>  3 files changed, 2 insertions(+), 80 deletions(-)
>  delete mode 100644 package/vim/0001-src-Makefile-create-links-with-ln-sf.patch
> 
> diff --git a/package/vim/0001-src-Makefile-create-links-with-ln-sf.patch b/package/vim/0001-src-Makefile-create-links-with-ln-sf.patch
> deleted file mode 100644
> index 54d423aacf..0000000000
> --- a/package/vim/0001-src-Makefile-create-links-with-ln-sf.patch
> +++ /dev/null
> @@ -1,78 +0,0 @@
> -From 5686ef63f81fcac2ca6ec6e7160829b295ad4e79 Mon Sep 17 00:00:00 2001
> -From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> -Date: Sun, 28 Dec 2025 15:01:38 +0100
> -Subject: [PATCH] src/Makefile: create links with ln -sf
> -
> -Running "make installlinks" twice towards the same destination
> -directory will fail, as symlink will already exist. This is not really
> -expected as "make install" is normally expected to work again and
> -again towards the same destination directory.
> -
> -Fix this by using ln -sf.
> -
> -Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> -Upstream: https://github.com/vim/vim/commit/6df5360691266b5eca49380e94f3e21fa48e5e0b
> ----
> - src/Makefile | 24 ++++++++++++------------
> - 1 file changed, 12 insertions(+), 12 deletions(-)
> -
> -diff --git a/src/Makefile b/src/Makefile
> -index 6fb1eb95e..39f798260 100644
> ---- a/src/Makefile
> -+++ b/src/Makefile
> -@@ -2746,40 +2746,40 @@ installvimdiff: $(DEST_BIN)/$(VIMDIFFTARGET)
> - installgvimdiff: $(DEST_BIN)/$(GVIMDIFFTARGET)
> - 
> - $(DEST_BIN)/$(EXTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(EXTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(EXTARGET)
> - 
> - $(DEST_BIN)/$(VIEWTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(VIEWTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(VIEWTARGET)
> - 
> - $(DEST_BIN)/$(GVIMTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(GVIMTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(GVIMTARGET)
> - 
> - $(DEST_BIN)/$(GVIEWTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(GVIEWTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(GVIEWTARGET)
> - 
> - $(DEST_BIN)/$(RVIMTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(RVIMTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(RVIMTARGET)
> - 
> - $(DEST_BIN)/$(RVIEWTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(RVIEWTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(RVIEWTARGET)
> - 
> - $(DEST_BIN)/$(RGVIMTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(RGVIMTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(RGVIMTARGET)
> - 
> - $(DEST_BIN)/$(RGVIEWTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(RGVIEWTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(RGVIEWTARGET)
> - 
> - $(DEST_BIN)/$(VIMDIFFTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(VIMDIFFTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(VIMDIFFTARGET)
> - 
> - $(DEST_BIN)/$(GVIMDIFFTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(GVIMDIFFTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(GVIMDIFFTARGET)
> - 
> - $(DEST_BIN)/$(EVIMTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(EVIMTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(EVIMTARGET)
> - 
> - $(DEST_BIN)/$(EVIEWTARGET): $(DEST_BIN)
> --	cd $(DEST_BIN); ln -s $(VIMTARGET) $(EVIEWTARGET)
> -+	cd $(DEST_BIN); ln -sf $(VIMTARGET) $(EVIEWTARGET)
> - 
> - # Create links for the manual pages with various names to vim.	This is only
> - # done when the links (or manpages with the same name) don't exist yet.
> --- 
> -2.52.0
> -
> diff --git a/package/vim/vim.hash b/package/vim/vim.hash
> index f7c883b929..ecc41be702 100644
> --- a/package/vim/vim.hash
> +++ b/package/vim/vim.hash
> @@ -1,4 +1,4 @@
>  # Locally computed
> -sha256  be1d60091d27bbdbc090e0bb19798baeea378aa29645fd47dc4c222dc14efcaf  vim-9.1.2017.tar.gz
> +sha256  f9ec31df8f1a78e130dd06c395e6626c2a8a8ec2705d8e7b7667bd3ecd499c6b  vim-9.1.2148.tar.gz
>  sha256  0b3f1f330cb1b179bb17c7c687d4cec601e0aa3462bc7f890ad4c3888d37d720  LICENSE
>  sha256  ee1d0885bbc4a95a24e49873a075391bdf26b69d13758e30f3d9271f8f42bd2d  README.txt
> diff --git a/package/vim/vim.mk b/package/vim/vim.mk
> index fa7d47d67d..9201587a8a 100644
> --- a/package/vim/vim.mk
> +++ b/package/vim/vim.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -VIM_VERSION = 9.1.2017
> +VIM_VERSION = 9.1.2148
>  VIM_SITE = $(call github,vim,vim,v$(VIM_VERSION))
>  VIM_DEPENDENCIES = ncurses $(TARGET_NLS_DEPENDENCIES)
>  VIM_SUBDIR = src
> -- 
> 2.53.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot