Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vim: 8.1.1234 -> 8.1.1467 [security] #62723

Closed
wants to merge 2 commits into from
Closed

vim: 8.1.1234 -> 8.1.1467 [security] #62723

wants to merge 2 commits into from

Conversation

tokudan
Copy link
Contributor

@tokudan tokudan commented Jun 5, 2019
edited

Motivation for this change

fixes a security issue (details: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md)

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@ofborg ofborg bot added the 6.topic: vim label Jun 5, 2019
@ofborg ofborg bot requested a review from lovek323 June 5, 2019 11:41
@fpletz fpletz added 1.severity: security 9.needs: port to stable A PR needs a backport to the stable release. labels Jun 5, 2019
@herrwiese
Copy link
Contributor

Why not update all the way through to v1.8.1467?

@tokudan
Copy link
Contributor Author

tokudan commented Jun 5, 2019

Intended to use this as s stepping point for backporting into release-19.03, but the patch already seems to be included there.
So may as well skip it. I'll update the PR.

@tokudan
Copy link
Contributor Author

tokudan commented Jun 5, 2019

@fpletz No backport to 19.03 needed, the patch is already included there (43264b1)

@tokudan tokudan changed the title vim: 8.1.1234 -> 8.1.1365 [security] vim: 8.1.1234 -> 8.1.1467 [security] Jun 5, 2019
@c0bw3b c0bw3b removed the 9.needs: port to stable A PR needs a backport to the stable release. label Jun 5, 2019
@Ma27
Copy link
Member

Ma27 commented Jun 5, 2019

FYI the patched VIM is already in staging: #62590 (r-ryantm automatically targets bumps against staging with >100 rebuilds).

If this patch is security relevant we could also cherry-pick the bump from staging to master, right?

@vcunat
Copy link
Member

vcunat commented Jun 5, 2019

Right, picked in a654985; 19.03 has #62713 and e95bbcf. Feel free to do further updates, etc.

@vcunat
Copy link
Member

vcunat commented Jun 5, 2019
edited

Actually, that will probably be better in a separate PR, as the discussion here is focused on that vulnerability.

@vcunat vcunat closed this Jun 5, 2019
@tokudan tokudan deleted the vim811365 branch June 5, 2019 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lovek323 lovek323 Awaiting requested review from lovek323

Assignees
No one assigned
Labels
6.topic: vim 10.rebuild-darwin: 1-10 10.rebuild-linux: 101-500
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@tokudan @herrwiese @Ma27 @vcunat @fpletz @c0bw3b