poky/meta/recipes-support/vim/files/CVE-2026-33412.patch

From 645ed6597d1ea896c712cd7ddbb6edee79577e9a Mon Sep 17 00:00:00 2001
From: pyllyukko <pyllyukko@maimed.org>
Date: Thu, 19 Mar 2026 19:58:05 +0000
Subject: [PATCH] patch 9.2.0202: [security]: command injection via newline in
 glob()

Problem:  The glob() function on Unix-like systems does not escape
          newline characters when expanding wildcards. A maliciously
          crafted string containing '\n' can be used as a command
          separator to execute arbitrary shell commands via
          mch_expand_wildcards(). This depends on the user's 'shell'
          setting.
Solution: Add the newline character ('\n') to the SHELL_SPECIAL
          definition to ensure it is properly escaped before being
          passed to the shell (pyllyukko).

closes: #19746

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c

Signed-off-by: pyllyukko <pyllyukko@maimed.org>
Signed-off-by: Christian Brabandt <cb@256bit.org>

CVE: CVE-2026-33412
Upstream-Status: Backport [https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 src/os_unix.c | 2 +-
 src/version.c | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/os_unix.c b/src/os_unix.c
index cf195e62e1..d767956b1a 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -7106,7 +7106,7 @@ mch_expandpath(
 # define SEEK_END 2
 #endif
 
-#define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|"
+# define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|\n"
 
     int
 mch_expand_wildcards(
diff --git a/src/version.c b/src/version.c
index 4f3912aedd..712a3e637c 100644
--- a/src/version.c
+++ b/src/version.c
@@ -724,6 +724,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1684,
 /**/
     1683,
 /**/
-- 
2.50.1