mirror of
https://git.yoctoproject.org/poky
synced 2026-04-25 06:32:12 +02:00
vim: Fix CVE-2026-33412
Pick patch from [1] also mentioned in NVD report with [2]
[1] 645ed6597d
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-33412
(From OE-Core rev: 910667342b78fefa22214f6375b657e8b130a24a)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Hitendra Prajapati
committed by
Paul Barker
Paul Barker
parent
fc72adbf80
commit
866e6ed3b8
61
meta/recipes-support/vim/files/CVE-2026-33412.patch
Normal file
61
meta/recipes-support/vim/files/CVE-2026-33412.patch
Normal file
@@ -0,0 +1,61 @@
|
||||
From 645ed6597d1ea896c712cd7ddbb6edee79577e9a Mon Sep 17 00:00:00 2001
|
||||
From: pyllyukko <pyllyukko@maimed.org>
|
||||
Date: Thu, 19 Mar 2026 19:58:05 +0000
|
||||
Subject: [PATCH] patch 9.2.0202: [security]: command injection via newline in
|
||||
glob()
|
||||
|
||||
Problem: The glob() function on Unix-like systems does not escape
|
||||
newline characters when expanding wildcards. A maliciously
|
||||
crafted string containing '\n' can be used as a command
|
||||
separator to execute arbitrary shell commands via
|
||||
mch_expand_wildcards(). This depends on the user's 'shell'
|
||||
setting.
|
||||
Solution: Add the newline character ('\n') to the SHELL_SPECIAL
|
||||
definition to ensure it is properly escaped before being
|
||||
passed to the shell (pyllyukko).
|
||||
|
||||
closes: #19746
|
||||
|
||||
Github Advisory:
|
||||
https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
|
||||
|
||||
Signed-off-by: pyllyukko <pyllyukko@maimed.org>
|
||||
Signed-off-by: Christian Brabandt <cb@256bit.org>
|
||||
|
||||
CVE: CVE-2026-33412
|
||||
Upstream-Status: Backport [https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a]
|
||||
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
||||
---
|
||||
src/os_unix.c | 2 +-
|
||||
src/version.c | 2 ++
|
||||
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/os_unix.c b/src/os_unix.c
|
||||
index cf195e62e1..d767956b1a 100644
|
||||
--- a/src/os_unix.c
|
||||
+++ b/src/os_unix.c
|
||||
@@ -7106,7 +7106,7 @@ mch_expandpath(
|
||||
# define SEEK_END 2
|
||||
#endif
|
||||
|
||||
-#define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|"
|
||||
+# define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|\n"
|
||||
|
||||
int
|
||||
mch_expand_wildcards(
|
||||
diff --git a/src/version.c b/src/version.c
|
||||
index 4f3912aedd..712a3e637c 100644
|
||||
--- a/src/version.c
|
||||
+++ b/src/version.c
|
||||
@@ -724,6 +724,8 @@ static char *(features[]) =
|
||||
|
||||
static int included_patches[] =
|
||||
{ /* Add new patch number below this line */
|
||||
+/**/
|
||||
+ 1684,
|
||||
/**/
|
||||
1683,
|
||||
/**/
|
||||
--
|
||||
2.50.1
|
||||
|
||||
@@ -16,6 +16,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
|
||||
file://disable_acl_header_check.patch \
|
||||
file://0001-src-Makefile-improve-reproducibility.patch \
|
||||
file://no-path-adjust.patch \
|
||||
file://CVE-2026-33412.patch \
|
||||
"
|
||||
|
||||
PV .= ".1683"
|
||||
|
||||
Reference in New Issue
Block a user