[PATCH] vim: Upgrade 9.0.0242 -> 9.0.0341

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

* [PATCH] vim: Upgrade 9.0.0242 -> 9.0.0341
@ 2022-08-31 16:07 Richard Purdie
  2022-08-31 16:17 ` [OE-core] " Alexander Kanavin
  0 siblings, 1 reply; 6+ messages in thread
From: Richard Purdie @ 2022-08-31 16:07 UTC (permalink / raw)
  To: openembedded-core

Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 5b95ab2625c..33a82992433 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://no-path-adjust.patch \
            "
 
-PV .= ".0242"
-SRCREV = "171c683237149262665135c7d5841a89bb156f53"
+PV .= ".0341"
+SRCREV = "92a3d20682d46359bb50a452b4f831659e799155"
 
 # Remove when 8.3 is out
 UPSTREAM_VERSION_UNKNOWN = "1"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [OE-core] [PATCH] vim: Upgrade 9.0.0242 -> 9.0.0341
  2022-08-31 16:07 [PATCH] vim: Upgrade 9.0.0242 -> 9.0.0341 Richard Purdie
@ 2022-08-31 16:17 ` Alexander Kanavin
  2022-08-31 16:20   ` Pavel Zhukov
  2022-08-31 16:21   ` Richard Purdie
  0 siblings, 2 replies; 6+ messages in thread
From: Alexander Kanavin @ 2022-08-31 16:17 UTC (permalink / raw)
  To: Richard Purdie; +Cc: OE-core

I have to wonder, what is really going on there? :-) This never ending
stream of CVEs makes vim formally the most insecure item in core. Does
anyone know?

Alex

On Wed, 31 Aug 2022 at 18:07, Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982.
>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> ---
>  meta/recipes-support/vim/vim.inc | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
> index 5b95ab2625c..33a82992433 100644
> --- a/meta/recipes-support/vim/vim.inc
> +++ b/meta/recipes-support/vim/vim.inc
> @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
>             file://no-path-adjust.patch \
>             "
>
> -PV .= ".0242"
> -SRCREV = "171c683237149262665135c7d5841a89bb156f53"
> +PV .= ".0341"
> +SRCREV = "92a3d20682d46359bb50a452b4f831659e799155"
>
>  # Remove when 8.3 is out
>  UPSTREAM_VERSION_UNKNOWN = "1"
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#170134): https://lists.openembedded.org/g/openembedded-core/message/170134
> Mute This Topic: https://lists.openembedded.org/mt/93374420/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [OE-core] [PATCH] vim: Upgrade 9.0.0242 -> 9.0.0341
  2022-08-31 16:17 ` [OE-core] " Alexander Kanavin
@ 2022-08-31 16:20   ` Pavel Zhukov
  2022-08-31 16:21   ` Richard Purdie
  1 sibling, 0 replies; 6+ messages in thread
From: Pavel Zhukov @ 2022-08-31 16:20 UTC (permalink / raw)
  To: Alexander Kanavin; +Cc: Richard Purdie, openembedded-core


"Alexander Kanavin" <alex.kanavin@gmail.com> writes:

> I have to wonder, what is really going on there? :-) This never ending
> stream of CVEs makes vim formally the most insecure item in core. Does
> anyone know?
Is it rhetorical question? :)
Vim has very old codebase and nobody carried about security at that
time.
There were few attemps to rewrite vim recently (neovim for example) but
I don't know the outcome.
>
> Alex
>
> On Wed, 31 Aug 2022 at 18:07, Richard Purdie
> <richard.purdie@linuxfoundation.org> wrote:
>>
>> Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982.
>>
>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>> ---
>>  meta/recipes-support/vim/vim.inc | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
>> index 5b95ab2625c..33a82992433 100644
>> --- a/meta/recipes-support/vim/vim.inc
>> +++ b/meta/recipes-support/vim/vim.inc
>> @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
>>             file://no-path-adjust.patch \
>>             "
>>
>> -PV .= ".0242"
>> -SRCREV = "171c683237149262665135c7d5841a89bb156f53"
>> +PV .= ".0341"
>> +SRCREV = "92a3d20682d46359bb50a452b4f831659e799155"
>>
>>  # Remove when 8.3 is out
>>  UPSTREAM_VERSION_UNKNOWN = "1"
>> --
>> 2.34.1
>>
>>
>> 
>>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#170135): https://lists.openembedded.org/g/openembedded-core/message/170135
> Mute This Topic: https://lists.openembedded.org/mt/93374420/6390638
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [pavel@zhukoff.net]
> -=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [OE-core] [PATCH] vim: Upgrade 9.0.0242 -> 9.0.0341
  2022-08-31 16:17 ` [OE-core] " Alexander Kanavin
  2022-08-31 16:20   ` Pavel Zhukov
@ 2022-08-31 16:21   ` Richard Purdie
  2022-08-31 16:30     ` Alexander Kanavin
  2022-08-31 16:40     ` Khem Raj
  1 sibling, 2 replies; 6+ messages in thread
From: Richard Purdie @ 2022-08-31 16:21 UTC (permalink / raw)
  To: Alexander Kanavin; +Cc: OE-core

On Wed, 2022-08-31 at 18:17 +0200, Alexander Kanavin wrote:
> I have to wonder, what is really going on there? :-) This never ending
> stream of CVEs makes vim formally the most insecure item in core. Does
> anyone know?

Personally I suspect some kind of bug bounty system may be influencing
things. I have wondered about removing vim from core.

Cheers,

Richard


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [OE-core] [PATCH] vim: Upgrade 9.0.0242 -> 9.0.0341
  2022-08-31 16:21   ` Richard Purdie
@ 2022-08-31 16:30     ` Alexander Kanavin
  2022-08-31 16:40     ` Khem Raj
  1 sibling, 0 replies; 6+ messages in thread
From: Alexander Kanavin @ 2022-08-31 16:30 UTC (permalink / raw)
  To: Richard Purdie; +Cc: OE-core

On Wed, 31 Aug 2022 at 18:21, Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
> > I have to wonder, what is really going on there? :-) This never ending
> > stream of CVEs makes vim formally the most insecure item in core. Does
> > anyone know?
>
> Personally I suspect some kind of bug bounty system may be influencing
> things. I have wondered about removing vim from core.

As someone who writes all his code with nano, can I vote for that please? :-)

Alex


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [OE-core] [PATCH] vim: Upgrade 9.0.0242 -> 9.0.0341
  2022-08-31 16:21   ` Richard Purdie
  2022-08-31 16:30     ` Alexander Kanavin
@ 2022-08-31 16:40     ` Khem Raj
  1 sibling, 0 replies; 6+ messages in thread
From: Khem Raj @ 2022-08-31 16:40 UTC (permalink / raw)
  To: Richard Purdie, Alexander Kanavin; +Cc: OE-core


[-- Attachment #1.1.1: Type: text/plain, Size: 974 bytes --]

On 8/31/22 9:21 AM, Richard Purdie wrote:
> On Wed, 2022-08-31 at 18:17 +0200, Alexander Kanavin wrote:
>> I have to wonder, what is really going on there? :-) This never ending
>> stream of CVEs makes vim formally the most insecure item in core. Does
>> anyone know?
> 
> Personally I suspect some kind of bug bounty system may be influencing
> things. I have wondered about removing vim from core.

+1, do we have a non-busybox editor perhaps move nano from meta-oe into 
core.

> 
> Cheers,
> 
> Richard
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#170136): https://lists.openembedded.org/g/openembedded-core/message/170136
> Mute This Topic: https://lists.openembedded.org/mt/93374420/1997914
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 2613 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 203 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-08-31 16:40 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-31 16:07 [PATCH] vim: Upgrade 9.0.0242 -> 9.0.0341 Richard Purdie
2022-08-31 16:17 ` [OE-core] " Alexander Kanavin
2022-08-31 16:20   ` Pavel Zhukov
2022-08-31 16:21   ` Richard Purdie
2022-08-31 16:30     ` Alexander Kanavin
2022-08-31 16:40     ` Khem Raj

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox