[Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.3582

[Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.3582

[Fabrice Fontaine]

- Fix CVE-2021-3928: vim is vulnerable to Stack-based Buffer Overflow
- Drop patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 ...for-nanosecond-resolution-timestamps.patch | 56 -------------------
 package/vim/vim.hash                          |  2 +-
 package/vim/vim.mk                            |  2 +-
 3 files changed, 2 insertions(+), 58 deletions(-)
 delete mode 100644 package/vim/0001-Fix-config-of-old-systems-for-nanosecond-resolution-timestamps.patch

diff --git a/package/vim/0001-Fix-config-of-old-systems-for-nanosecond-resolution-timestamps.patch b/package/vim/0001-Fix-config-of-old-systems-for-nanosecond-resolution-timestamps.patch
deleted file mode 100644
index 2e78a8d594..0000000000
--- a/package/vim/0001-Fix-config-of-old-systems-for-nanosecond-resolution-timestamps.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From b5db1ebf06d2904522ebf246f9c6a8bbf8fca398 Mon Sep 17 00:00:00 2001
-From: Gary Johnson <garyjohn@spocom.com>
-Date: Tue, 26 Oct 2021 13:50:19 -0700
-Subject: [PATCH] Fix config of old systems for nanosecond-resolution
- timestamps
-
-On old systems (e.g. 32-bit systems running Ubuntu 10.4), defining
-_XOPEN_SOURCE causes _BSD_SOURCE and _SVID_SOURCE not to be defined,
-which causes nanosecond-resolution timestamps not to be included in
-struct stat, which causes the build of fileio.c to fail.
-
-_XOPEN_SOURCE is defined for some systems in vim.h.
-
-A solution is to define _BSD_SOURCE and _SVID_SOURCE whenever
-_XOPEN_SOURCE is defined.
-
-On new systems, defining either _BSD_SOURCE or _SVID_SOURCE causes
-/usr/include/features.h to issue a warning message about _BSD_SOURCE and
-_SVID_SOURCE being deprecated and to use _DEFAULT_SOURCE instead.
-
-A solution for that is to also define _DEFAULT_SOURCE when _BSD_SOURCE
-and _SVID_SOURCE are defined.
-
-[Retrieved from:
-https://github.com/vim/vim/pull/9054/commits/b5db1ebf06d2904522ebf246f9c6a8bbf8fca398]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- src/vim.h | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/src/vim.h b/src/vim.h
-index 31d4bdefe87..f62ad88c7a1 100644
---- a/src/vim.h
-+++ b/src/vim.h
-@@ -43,6 +43,21 @@
- // 700 is needed for mkdtemp().
- #  ifndef _XOPEN_SOURCE
- #   define _XOPEN_SOURCE    700
-+
-+// On old systems, defining _XOPEN_SOURCE causes _BSD_SOURCE and/or
-+// _SVID_SOURCE not to be defined, so do that here.  Those are needed to
-+// include nanosecond-resolution timestamps in struct stat.  On new systems,
-+// _DEFAULT_SOURCE is needed to avoid warning messages about using deprecated
-+// _BSD_SOURCE or _SVID_SOURCE.
-+#   ifndef _BSD_SOURCE
-+#    define _BSD_SOURCE 1
-+#   endif
-+#   ifndef _SVID_SOURCE
-+#    define _SVID_SOURCE 1
-+#   endif
-+#   ifndef _DEFAULT_SOURCE
-+#    define _DEFAULT_SOURCE 1
-+#   endif
- #  endif
- # endif
- 
diff --git a/package/vim/vim.hash b/package/vim/vim.hash
index bbe65c4dda..e07e48c68f 100644
--- a/package/vim/vim.hash
+++ b/package/vim/vim.hash
@@ -1,4 +1,4 @@
 # Locally computed
-sha256  ac2264c45684218232ec49a6ae8b88b9a68312b664b93b811868d24c39d8dc11  vim-8.2.3565.tar.gz
+sha256  363a90e45eb93c73340a711223c7ce5e564432f9eb34624e1a545f4fd57dd49d  vim-8.2.3582.tar.gz
 sha256  0bcab3b635dd39208c42b496568d1e8171dad247cf3da5bab3d750c9d5883499  LICENSE
 sha256  96970b67f9cb38b0e759946cff22562a3c4b11ce78f62f2117d5e7ecded9ab4d  README.txt
diff --git a/package/vim/vim.mk b/package/vim/vim.mk
index 960759aab4..0eb96dc835 100644
--- a/package/vim/vim.mk
+++ b/package/vim/vim.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-VIM_VERSION = 8.2.3565
+VIM_VERSION = 8.2.3582
 VIM_SITE = $(call github,vim,vim,v$(VIM_VERSION))
 VIM_DEPENDENCIES = ncurses $(TARGET_NLS_DEPENDENCIES)
 VIM_SUBDIR = src
-- 
2.33.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.3582

[Peter Korsgaard]

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fix CVE-2021-3928: vim is vulnerable to Stack-based Buffer Overflow
 > - Drop patch (already in version)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.3582

[Peter Korsgaard]

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fix CVE-2021-3928: vim is vulnerable to Stack-based Buffer Overflow
 > - Drop patch (already in version)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2021.02.x and 2021.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot