From: "Yoann Congal" <yoann.congal@smile.fr>
To: <adongare@cisco.com>, <openembedded-core@lists.openembedded.org>
Cc: <xe-linux-external@cisco.com>, <to@cisco.com>
Subject: Re: [OE-core] [Whinlatter] [PATCH 1/2] vim v9.1.1683: Fix CVE-2026-25749
Date: Wed, 11 Mar 2026 00:56:06 +0100 [thread overview]
Message-ID: <DGZIBJ142RL4.2CIC58YV2ALPG@smile.fr> (raw)
In-Reply-To: <20260309070233.4148849-1-adongare@cisco.com>
Hello,
Thank for the patches, they both looks right but the form need
improvment (review should apply to both patches)
The subject should just say "vim: Fix CVE-2026-25749" (no version
before ":")
On Mon Mar 9, 2026 at 8:02 AM CET, Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org wrote:
> From: Anil Dongare <adongare@cisco.com>
>
> Upstream Repository: https://github.com/vim/vim.git
>
> Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25749
> Type: Security Fix
> CVE: CVE-2026-25749
> Score: 6.6
> Patch: https://github.com/vim/vim/commit/0714b15940b2
There is a lot of useless/redundant information in this commit message.
The thing I look for in a commit message for a CVE fix like this, is
"how do you go from the CVE to the patch you apply". Here, this is quite
simple, you apply the fix cited in the CVE NVD page (the URL to the NVD
page is appreciated).
> Signed-off-by: Anil Dongare <adongare@cisco.com>
> ---
> .../vim/files/CVE-2026-25749.patch | 57 +++++++++++++++++++
> meta/recipes-support/vim/vim.inc | 1 +
> 2 files changed, 58 insertions(+)
> create mode 100644 meta/recipes-support/vim/files/CVE-2026-25749.patch
>
> diff --git a/meta/recipes-support/vim/files/CVE-2026-25749.patch b/meta/recipes-support/vim/files/CVE-2026-25749.patch
> new file mode 100644
> index 0000000000..1e3779d3c4
> --- /dev/null
> +++ b/meta/recipes-support/vim/files/CVE-2026-25749.patch
> @@ -0,0 +1,57 @@
> +From 04c5e03c2c638e6c82c250f7b612eab29fe7d9ba Mon Sep 17 00:00:00 2001
> +From: Christian Brabandt <cb@256bit.org>
> +Date: Thu, 5 Feb 2026 18:51:54 +0000
> +Subject: [PATCH] patch 9.1.2132: [security]: buffer-overflow in 'helpfile'
> + option handling
> +
> +Problem: [security]: buffer-overflow in 'helpfile' option handling by
> + using strcpy without bound checks (Rahul Hoysala)
> +Solution: Limit strncpy to the length of the buffer (MAXPATHL)
> +
> +Github Advisory:
> +https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43
> +
> +CVE: CVE-2026-25749
> +Upstream-Status: Backport [https://github.com/vim/vim/commit/0714b15940b2]
Please use the full hash instead.
> +
> +Signed-off-by: Christian Brabandt <cb@256bit.org>
> +(cherry picked from commit 0714b15940b245108e6e9d7aa2260dd849a26fa9)
> +Signed-off-by: Anil Dongare <adongare@cisco.com>
> +---
> + src/tag.c | 2 +-
> + src/testdir/test_help.vim | 9 +++++++++
> + 2 files changed, 10 insertions(+), 1 deletion(-)
> +
> +diff --git a/src/tag.c b/src/tag.c
> +index 6912e8743..a32bbb245 100644
> +--- a/src/tag.c
> ++++ b/src/tag.c
> +@@ -3348,7 +3348,7 @@ get_tagfname(
> + if (tnp->tn_hf_idx > tag_fnames.ga_len || *p_hf == NUL)
> + return FAIL;
> + ++tnp->tn_hf_idx;
> +- STRCPY(buf, p_hf);
> ++ vim_strncpy(buf, p_hf, MAXPATHL - 1);
> + STRCPY(gettail(buf), "tags");
> + #ifdef BACKSLASH_IN_FILENAME
> + slash_adjust(buf);
> +diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim
> +index dac153d86..f9e4686bb 100644
> +--- a/src/testdir/test_help.vim
> ++++ b/src/testdir/test_help.vim
> +@@ -222,4 +222,13 @@ func Test_helptag_navigation()
> + endfunc
> +
> +
> ++" This caused a buffer overflow
> ++func Test_helpfile_overflow()
> ++ let _helpfile = &helpfile
> ++ let &helpfile = repeat('A', 5000)
> ++ help
> ++ helpclose
> ++ let &helpfile = _helpfile
> ++endfunc
> ++
> + " vim: shiftwidth=2 sts=2 expandtab
> +--
> +2.43.7
> diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
> index c730f1d0cf..044117a57f 100644
> --- a/meta/recipes-support/vim/vim.inc
> +++ b/meta/recipes-support/vim/vim.inc
> @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https;tag=v${PV}
> file://disable_acl_header_check.patch \
> file://0001-src-Makefile-improve-reproducibility.patch \
> file://no-path-adjust.patch \
> + file://CVE-2026-25749.patch \
> "
>
> PV .= ".1683"
--
Yoann Congal
Smile ECS
next prev parent reply other threads:[~2026-03-10 23:56 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-09 7:02 [OE-core] [Whinlatter] [PATCH 1/2] vim v9.1.1683: Fix CVE-2026-25749 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-09 7:02 ` [OE-core] [Whinlatter] [PATCH 2/2] vim v9.1.1683: Fix CVE-2026-26269 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-10 23:56 ` Yoann Congal [this message]
2026-03-11 9:13 ` [Whinlatter] [PATCH 1/2] vim v9.1.1683: Fix CVE-2026-25749 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-11 9:45 ` [OE-core] [scarthgap] [PATCH V2 1/2] vim: " Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-11 9:45 ` [OE-core] [scarthgap] [PATCH V2 2/2] vim: Fix CVE-2026-26269 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-19 23:52 ` [OE-core] [scarthgap] [PATCH V2 1/2] vim: Fix CVE-2026-25749 Yoann Congal
2026-03-30 18:21 ` Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-30 20:52 ` [OE-core] " Yoann Congal
2026-03-31 8:54 ` Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-31 11:18 ` [OE-core] " Yoann Congal
2026-03-11 9:51 ` [OE-core] [Whinlatter] " Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-11 9:51 ` [OE-core] [Whinlatter] [PATCH V2 2/2] vim: Fix CVE-2026-26269 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-11 11:24 ` Yoann Congal
2026-03-16 12:35 ` Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-16 13:59 ` [OE-core] [Whinlatter] [PATCH V3] " Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-19 23:54 ` Yoann Congal
2026-03-30 18:28 ` Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-30 20:54 ` [OE-core] " Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DGZIBJ142RL4.2CIC58YV2ALPG@smile.fr \
--to=yoann.congal@smile.fr \
--cc=adongare@cisco.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=to@cisco.com \
--cc=xe-linux-external@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox