Re: [OE-core] [Whinlatter] [PATCH 1/2] vim v9.1.1683: Fix CVE-2026-25749

Tue, 10 Mar 2026 16:56:15 -0700 

Hello,

Thank for the patches, they both looks right but the form need
improvment (review should apply to both patches)

The subject should just say "vim: Fix CVE-2026-25749" (no version
before ":")

On Mon Mar 9, 2026 at 8:02 AM CET, Anil Dongare -X (adongare - E INFOCHIPS 
PRIVATE LIMITED at Cisco) via lists.openembedded.org wrote:
> From: Anil Dongare <[email protected]>
>
> Upstream Repository: https://github.com/vim/vim.git
> 
> Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25749
> Type: Security Fix
> CVE: CVE-2026-25749
> Score: 6.6
> Patch: https://github.com/vim/vim/commit/0714b15940b2

There is a lot of useless/redundant information in this commit message.
The thing I look for in a commit message for a CVE fix like this, is
"how do you go from the CVE to the patch you apply". Here, this is quite
simple, you apply the fix cited in the CVE NVD page (the URL to the NVD
page is appreciated).

> Signed-off-by: Anil Dongare <[email protected]>


> ---
>  .../vim/files/CVE-2026-25749.patch            | 57 +++++++++++++++++++
>  meta/recipes-support/vim/vim.inc              |  1 +
>  2 files changed, 58 insertions(+)
>  create mode 100644 meta/recipes-support/vim/files/CVE-2026-25749.patch
>
> diff --git a/meta/recipes-support/vim/files/CVE-2026-25749.patch 
> b/meta/recipes-support/vim/files/CVE-2026-25749.patch
> new file mode 100644
> index 0000000000..1e3779d3c4
> --- /dev/null
> +++ b/meta/recipes-support/vim/files/CVE-2026-25749.patch
> @@ -0,0 +1,57 @@
> +From 04c5e03c2c638e6c82c250f7b612eab29fe7d9ba Mon Sep 17 00:00:00 2001
> +From: Christian Brabandt <[email protected]>
> +Date: Thu, 5 Feb 2026 18:51:54 +0000
> +Subject: [PATCH] patch 9.1.2132: [security]: buffer-overflow in 'helpfile'
> + option handling
> +
> +Problem:  [security]: buffer-overflow in 'helpfile' option handling by
> +          using strcpy without bound checks (Rahul Hoysala)
> +Solution: Limit strncpy to the length of the buffer (MAXPATHL)
> +
> +Github Advisory:
> +https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43
> +
> +CVE: CVE-2026-25749
> +Upstream-Status: Backport [https://github.com/vim/vim/commit/0714b15940b2]

Please use the full hash instead.

> +
> +Signed-off-by: Christian Brabandt <[email protected]>
> +(cherry picked from commit 0714b15940b245108e6e9d7aa2260dd849a26fa9)
> +Signed-off-by: Anil Dongare <[email protected]>
> +---
> + src/tag.c                 | 2 +-
> + src/testdir/test_help.vim | 9 +++++++++
> + 2 files changed, 10 insertions(+), 1 deletion(-)
> +
> +diff --git a/src/tag.c b/src/tag.c
> +index 6912e8743..a32bbb245 100644
> +--- a/src/tag.c
> ++++ b/src/tag.c
> +@@ -3348,7 +3348,7 @@ get_tagfname(
> +         if (tnp->tn_hf_idx > tag_fnames.ga_len || *p_hf == NUL)
> +             return FAIL;
> +         ++tnp->tn_hf_idx;
> +-        STRCPY(buf, p_hf);
> ++        vim_strncpy(buf, p_hf, MAXPATHL - 1);
> +         STRCPY(gettail(buf), "tags");
> + #ifdef BACKSLASH_IN_FILENAME
> +         slash_adjust(buf);
> +diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim
> +index dac153d86..f9e4686bb 100644
> +--- a/src/testdir/test_help.vim
> ++++ b/src/testdir/test_help.vim
> +@@ -222,4 +222,13 @@ func Test_helptag_navigation()
> + endfunc
> +
> +
> ++" This caused a buffer overflow
> ++func Test_helpfile_overflow()
> ++  let _helpfile = &helpfile
> ++  let &helpfile = repeat('A', 5000)
> ++  help
> ++  helpclose
> ++  let &helpfile = _helpfile
> ++endfunc
> ++
> + " vim: shiftwidth=2 sts=2 expandtab
> +--
> +2.43.7
> diff --git a/meta/recipes-support/vim/vim.inc 
> b/meta/recipes-support/vim/vim.inc
> index c730f1d0cf..044117a57f 100644
> --- a/meta/recipes-support/vim/vim.inc
> +++ b/meta/recipes-support/vim/vim.inc
> @@ -16,6 +16,7 @@ SRC_URI = 
> "git://github.com/vim/vim.git;branch=master;protocol=https;tag=v${PV}
>             file://disable_acl_header_check.patch \
>             file://0001-src-Makefile-improve-reproducibility.patch \
>             file://no-path-adjust.patch \
> +           file://CVE-2026-25749.patch \
>             "
>  
>  PV .= ".1683"

-- 
Yoann Congal
Smile ECS


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#232831): 
https://lists.openembedded.org/g/openembedded-core/message/232831
Mute This Topic: https://lists.openembedded.org/mt/118217294/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
  • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
    • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
    • ... Yoann Congal via lists.openembedded.org
      • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
        • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
          • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
        • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
          • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
            • ... Yoann Congal via lists.openembedded.org
              • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
                • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org

Reply via email to