* [OE-core][master][PATCH] vim: minor update to 9.2.0340 to fix CVEs
@ 2026-04-14 7:54 Adarsh Jagadish Kamini
2026-04-14 16:03 ` Mathieu Dubois-Briand
0 siblings, 1 reply; 3+ messages in thread
From: Adarsh Jagadish Kamini @ 2026-04-14 7:54 UTC (permalink / raw)
To: openembedded-core; +Cc: Adarsh Jagadish Kamini
From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
CVEs fixed: CVE-2026-34714 and CVE-2026-33412
Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 9a5ec9652f..6f9b31d868 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -18,8 +18,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https;tag=v${PV}
file://no-path-adjust.patch \
"
-PV .= ".0110"
-SRCREV = "7ba60f17c22ef81680f25f8c3225b4edb55ddd7c"
+PV .= ".0340"
+SRCREV = "6addd6c101117706bc9b3609d3a418e26e92618f"
# Do not consider .z in x.y.z, as that is updated with every commit
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [OE-core][master][PATCH] vim: minor update to 9.2.0340 to fix CVEs
2026-04-14 7:54 [OE-core][master][PATCH] vim: minor update to 9.2.0340 to fix CVEs Adarsh Jagadish Kamini
@ 2026-04-14 16:03 ` Mathieu Dubois-Briand
2026-04-15 8:15 ` Adarsh Jagadish Kamini
0 siblings, 1 reply; 3+ messages in thread
From: Mathieu Dubois-Briand @ 2026-04-14 16:03 UTC (permalink / raw)
To: Adarsh Jagadish Kamini, openembedded-core
On Tue Apr 14, 2026 at 9:54 AM CEST, Adarsh Jagadish Kamini wrote:
> From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
>
> CVEs fixed: CVE-2026-34714 and CVE-2026-33412
> Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
> ---
Hi Adarsh,
Thanks for your patch.
It looks like you will need to drop some vim patches, at least the
CVE-2026-33412.patch one. Right now, vim does not build with your
changes:
ERROR: vim-9.2.0340-r0 do_patch: Applying patch '/srv/pokybuild/yocto-worker/musl-qemux86/build/layers/openembedded-core/meta/recipes-support/vim/files/CVE-2026-33412.patch' on target directory '/srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/vim/9.2.0340/sources/vim-9.2.0340'
CmdError('quilt --quiltrc /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/vim/9.2.0340/recipe-sysroot-native/etc/quiltrc push', 0, 'stdout: Applying patch CVE-2026-33412.patch
patching file src/os_unix.c
Hunk #1 FAILED at 7106.
1 out of 1 hunk FAILED -- rejects in file src/os_unix.c
Patch CVE-2026-33412.patch can be reverse-applied
stderr: ')
https://autobuilder.yoctoproject.org/valkyrie/#/builders/6/builds/3620
Can you send a new version fixing this?
Thanks,
Mathieu
--
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [OE-core][master][PATCH] vim: minor update to 9.2.0340 to fix CVEs
2026-04-14 16:03 ` Mathieu Dubois-Briand
@ 2026-04-15 8:15 ` Adarsh Jagadish Kamini
0 siblings, 0 replies; 3+ messages in thread
From: Adarsh Jagadish Kamini @ 2026-04-15 8:15 UTC (permalink / raw)
To: Mathieu Dubois-Briand, openembedded-core@lists.openembedded.org
[-- Attachment #1: Type: text/plain, Size: 1829 bytes --]
Hi,
Thanks for pointing out, I will fix this.
/Adarsh
________________________________
From: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Sent: Tuesday, April 14, 2026 18:03
To: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>; openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core][master][PATCH] vim: minor update to 9.2.0340 to fix CVEs
On Tue Apr 14, 2026 at 9:54 AM CEST, Adarsh Jagadish Kamini wrote:
> From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
>
> CVEs fixed: CVE-2026-34714 and CVE-2026-33412
> Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
> ---
Hi Adarsh,
Thanks for your patch.
It looks like you will need to drop some vim patches, at least the
CVE-2026-33412.patch one. Right now, vim does not build with your
changes:
ERROR: vim-9.2.0340-r0 do_patch: Applying patch '/srv/pokybuild/yocto-worker/musl-qemux86/build/layers/openembedded-core/meta/recipes-support/vim/files/CVE-2026-33412.patch' on target directory '/srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/vim/9.2.0340/sources/vim-9.2.0340'
CmdError('quilt --quiltrc /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/vim/9.2.0340/recipe-sysroot-native/etc/quiltrc push', 0, 'stdout: Applying patch CVE-2026-33412.patch
patching file src/os_unix.c
Hunk #1 FAILED at 7106.
1 out of 1 hunk FAILED -- rejects in file src/os_unix.c
Patch CVE-2026-33412.patch can be reverse-applied
stderr: ')
https://autobuilder.yoctoproject.org/valkyrie/#/builders/6/builds/3620
Can you send a new version fixing this?
Thanks,
Mathieu
--
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
[-- Attachment #2: Type: text/html, Size: 3427 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-04-15 8:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-14 7:54 [OE-core][master][PATCH] vim: minor update to 9.2.0340 to fix CVEs Adarsh Jagadish Kamini
2026-04-14 16:03 ` Mathieu Dubois-Briand
2026-04-15 8:15 ` Adarsh Jagadish Kamini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox