Re: [OE-core][PATCH] vim: upgrade 9.1.2144 -> 9.2.0

Thu, 26 Feb 2026 14:45:04 -0800 

On Tue Feb 24, 2026 at 5:45 PM CET, Peter Marko wrote:
> I would have a question on future of vim upgrades, CVE patches and LTS 
> backports.
>
> With new LTS branch maintenance, I assume that vim upgrades are no longer 
> accepted as they introduce new features.

Yes, I would have to reject those :-/

> I think that's positive change in general but it also triggers discussions on 
> items which were accepted in the past.
> This is one of things needing the discussion.
>
> When the upgrade is now allowed anymore, I think we should stop updating the 
> intermediate versions also on master and do CVE patches instead (like we 
> switched also for ncurses some time ago).
> That is also reason why I updated ot .0 instead of .0045.
> They release approx. every two years and some dates from the past show that 
> it can happen that upgrade is done after out LTS release making us to use a 
> random intermediate tag in future LTS releases.
>
> Alternatively, we could also continue updating vim in LTS like we did in the 
> past.

The Yocto Project TSC would have to carve out an exception for vim to
allow me to accept the upgrades. But, since vim ought to be a leaf in
the dependency tree, I think the case can be made.

> For now, there are two active CVEs in LTS releases.
> Please let me know if I need to backport patches now or if vim upgrade would 
> be accepted.

As of now, only the backports are acceptable from my point of view.

> Any thoughts from the maintainers?

The number of CVE applicable to vim has decrease a lot since 2022:
https://nvd.nist.gov/vuln/search#/nvd/home?keyword=vim&resultType=statistics
>From 114 in 2022 to 27 in 2025.
So, maybe the usual CVE patches backports is back to being a possible
strategy?

If we decide that we can't keep vim stable (without enhancements) and
free of CVEs in OE-Core, then its replacement by nano sound like a good
idea to me.

Regards,

>   Peter
>
>> -----Original Message-----
>> From: [email protected] <openembedded-
>> [email protected]> On Behalf Of Peter Marko via
>> lists.openembedded.org
>> Sent: Tuesday, February 24, 2026 17:27
>> To: [email protected]
>> Cc: Marko, Peter (FT D EU SK BFS1) <[email protected]>
>> Subject: [OE-core][PATCH] vim: upgrade 9.1.2144 -> 9.2.0
>> 
>> From: Peter Marko <[email protected]>
>> 
>> Solves 9.1.2148 (in 9.1.2148), see [1].
>> Drop patch merged upstream.
>> 
>> Release notes for 9.2, see [2].
>> Note that almost all changes were already present in our 9.1 updates.
>> 
>> [1] https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68
>> [2] https://www.vim.org/vim-9.2-released.php
>> 
>> Signed-off-by: Peter Marko <[email protected]>
>> ---
>>  ...001-translation-sv-add-missing-mkdir.patch | 52 -------------------
>>  .../vim/{vim-tiny_9.1.bb => vim-tiny_9.2.bb}  |  0
>>  meta/recipes-support/vim/vim.inc              |  5 +-
>>  .../vim/{vim_9.1.bb => vim_9.2.bb}            |  0
>>  4 files changed, 2 insertions(+), 55 deletions(-)
>>  delete mode 100644 meta/recipes-support/vim/files/0001-translation-sv-add-
>> missing-mkdir.patch
>>  rename meta/recipes-support/vim/{vim-tiny_9.1.bb => vim-tiny_9.2.bb} (100%)
>>  rename meta/recipes-support/vim/{vim_9.1.bb => vim_9.2.bb} (100%)
>> 
>> diff --git a/meta/recipes-support/vim/files/0001-translation-sv-add-missing-
>> mkdir.patch b/meta/recipes-support/vim/files/0001-translation-sv-add-missing-
>> mkdir.patch
>> deleted file mode 100644
>> index 37337c3d9d..0000000000
>> --- 
>> a/meta/recipes-support/vim/files/0001-translation-sv-add-missing-mkdir.patch
>> +++ /dev/null
>> @@ -1,52 +0,0 @@
>> -From 2dd7e39942f4f7740c3a645148521d3b6b443c41 Mon Sep 17 00:00:00 2001
>> -From: Ross Burton <[email protected]>
>> -Date: Wed, 11 Feb 2026 14:39:06 +0000
>> -Subject: [PATCH] translation(sv): add missing mkdir
>> -
>> -The installtutor target doesn't explicitly create the Swedish directory
>> -that it is going to put files into:
>> -
>> -  make[1]: Entering directory 'vim-9.1.2128/src'
>> -  /bin/sh install-sh -c -d DESTDIR/usr/share/vim/vim91
>> -  chmod 755 DESTDIR/usr/share/vim/vim91
>> -  /bin/sh install-sh -c -d DESTDIR/usr/share/vim/vim91/tutor/en
>> -  chmod 755 DESTDIR/usr/share/vim/vim91/tutor/en
>> -  /bin/sh install-sh -c -d DESTDIR/usr/share/vim/vim91/tutor/sr
>> -  chmod 755 DESTDIR/usr/share/vim/vim91/tutor/sr
>> -  /bin/sh install-sh -c -d DESTDIR/usr/share/vim/vim91/tutor/it
>> -  chmod 755 DESTDIR/usr/share/vim/vim91/tutor/it
>> -  /bin/sh install-sh -c -d DESTDIR/usr/share/vim/vim91/tutor/ru
>> -  chmod 755 DESTDIR/usr/share/vim/vim91/tutor/ru
>> -  cp ../runtime/tutor/README* ../runtime/tutor/tutor*
>> DESTDIR/usr/share/vim/vim91/tutor
>> -  cp ../runtime/tutor/en/* DESTDIR/usr/share/vim/vim91/tutor/en/
>> -  cp ../runtime/tutor/it/* DESTDIR/usr/share/vim/vim91/tutor/it/
>> -  cp ../runtime/tutor/ru/* DESTDIR/usr/share/vim/vim91/tutor/ru/
>> -  cp ../runtime/tutor/sr/* DESTDIR/usr/share/vim/vim91/tutor/sr/
>> -  cp ../runtime/tutor/sv/* DESTDIR/usr/share/vim/vim91/tutor/sv/
>> -  cp: target 'DESTDIR/usr/share/vim/vim91/tutor/sv/': No such file or 
>> directory
>> -
>> -Add the missing dependency on $(DEST_TUTOR)/sv to ensure this directory
>> -is created.
>> -
>> -Upstream-Status: Submitted [https://github.com/vim/vim/pull/19385]
>> -Signed-off-by: Ross Burton <[email protected]>
>> ----
>> - src/Makefile | 2 +-
>> - 1 file changed, 1 insertion(+), 1 deletion(-)
>> -
>> -diff --git a/src/Makefile b/src/Makefile
>> -index 75d8ff6c1c..b4c31bed60 100644
>> ---- a/src/Makefile
>> -+++ b/src/Makefile
>> -@@ -2487,7 +2487,7 @@ installgtutorbin: $(DEST_BIN)
>> -    $(INSTALL_DATA) gvimtutor $(DEST_BIN)/$(GVIMNAME)tutor
>> -    chmod $(SCRIPTMOD) $(DEST_BIN)/$(GVIMNAME)tutor
>> -
>> --installtutor: $(DEST_RT) $(DEST_TUTOR)/en $(DEST_TUTOR)/it
>> $(DEST_TUTOR)/sr $(DEST_TUTOR)/ru
>> -+installtutor: $(DEST_RT) $(DEST_TUTOR)/en $(DEST_TUTOR)/it
>> $(DEST_TUTOR)/sr $(DEST_TUTOR)/sv $(DEST_TUTOR)/ru
>> -    -$(INSTALL_DATA) $(TUTORSOURCE)/README*
>> $(TUTORSOURCE)/tutor* $(DEST_TUTOR)
>> -    -$(INSTALL_DATA) $(TUTORSOURCE)/en/* $(DEST_TUTOR)/en/
>> -    -$(INSTALL_DATA) $(TUTORSOURCE)/it/* $(DEST_TUTOR)/it/
>> ---
>> -2.43.0
>> -
>> diff --git a/meta/recipes-support/vim/vim-tiny_9.1.bb b/meta/recipes-
>> support/vim/vim-tiny_9.2.bb
>> similarity index 100%
>> rename from meta/recipes-support/vim/vim-tiny_9.1.bb
>> rename to meta/recipes-support/vim/vim-tiny_9.2.bb
>> diff --git a/meta/recipes-support/vim/vim.inc 
>> b/meta/recipes-support/vim/vim.inc
>> index 7cc122fe4a..73991ef2a8 100644
>> --- a/meta/recipes-support/vim/vim.inc
>> +++ b/meta/recipes-support/vim/vim.inc
>> @@ -16,11 +16,10 @@ SRC_URI =
>> "git://github.com/vim/vim.git;branch=master;protocol=https;tag=v${PV}
>>             file://disable_acl_header_check.patch \
>>             file://0001-src-Makefile-improve-reproducibility.patch \
>>             file://no-path-adjust.patch \
>> -           file://0001-translation-sv-add-missing-mkdir.patch \
>>             "
>> 
>> -PV .= ".2144"
>> -SRCREV = "55c12373f073bacfc97d757e8f4da3daf472e4ac"
>> +PV .= ".0"
>> +SRCREV = "e7e21018fc0b60c153c8e668f696d95e574cc5a4"
>> 
>>  # Do not consider .z in x.y.z, as that is updated with every commit
>>  UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"
>> diff --git a/meta/recipes-support/vim/vim_9.1.bb b/meta/recipes-
>> support/vim/vim_9.2.bb
>> similarity index 100%
>> rename from meta/recipes-support/vim/vim_9.1.bb
>> rename to meta/recipes-support/vim/vim_9.2.bb


-- 
Yoann Congal
Smile ECS


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#232065): 
https://lists.openembedded.org/g/openembedded-core/message/232065
Mute This Topic: https://lists.openembedded.org/mt/117978611/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to