Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only

  • 1.  vim security vulnerability fix

    Posted Tue January 11, 2022 12:56 PM
    vim-enhanced-8.2.4000-1.aix6.1.ppc.rpm  is now available on AIX Toolbox.

    This version of vim has fixes for the following security vulnerabilities.

    CVE-2021-3770
    CVE-2021-3778
    CVE-2021-3796
    CVE-2021-3875
    CVE-2021-3872
    CVE-2021-3903
    CVE-2021-3928
    CVE-2021-3927
    CVE-2021-3974
    CVE-2021-3973
    CVE-2021-3968
    CVE-2021-3984
    CVE-2021-4019
    CVE-2021-4069
    CVE-2021-4136
    CVE-2021-4166

    You can use YUM/DNF to update to this version of package from the AIX Toolbox repository.

    ------------------------------
    SANGAMESH
    ------------------------------

    #AIXOpenSource


  • 2.  RE: vim security vulnerability fix

    Posted Thu January 20, 2022 02:45 AM

    Thank you for the update - everything works well with the new package! Is it possible to share some details when the rpm build process includes changes, because the new rpm includes no symlinks from /usr/bin/vim to /opt/freeware/bin/vim?

    rpm -ql /yum/IBM_AIXTB_ppc/vim/vim-enhanced-8.1.2424-1.aix6.1.ppc.rpm

    /opt/freeware/bin/rvim

    /opt/freeware/bin/rvim_32

    /opt/freeware/bin/rvim_64

    /opt/freeware/bin/vim

    /opt/freeware/bin/vim_32

    /opt/freeware/bin/vim_64

    /opt/freeware/bin/vimdiff

    /opt/freeware/bin/vimdiff_32

    /opt/freeware/bin/vimdiff_64

    /opt/freeware/bin/vimtutor

    /opt/freeware/bin/vimtutor_32

    /opt/freeware/bin/vimtutor_64

    /opt/freeware/etc/profile.d/vim.csh

    /opt/freeware/etc/profile.d/vim.sh

    /opt/freeware/man/man1/rvim.1

    /opt/freeware/man/man1/vimdiff.1

    /opt/freeware/man/man1/vimtutor.1

    /usr/bin/rvim

    /usr/bin/rvim_32

    /usr/bin/rvim_64

    /usr/bin/vim

    /usr/bin/vim_32

    /usr/bin/vim_64

    /usr/bin/vimdiff

    /usr/bin/vimdiff_32

    /usr/bin/vimdiff_64

    /usr/bin/vimtutor

    /usr/bin/vimtutor_32

    /usr/bin/vimtutor_64


    rpm -ql /yum/IBM_AIXTB_ppc/vim/vim-enhanced-8.2.4000-1.aix6.1.ppc.rpm

    /opt/freeware/bin/rvim

    /opt/freeware/bin/rvim_32

    /opt/freeware/bin/rvim_64

    /opt/freeware/bin/vim

    /opt/freeware/bin/vim_32

    /opt/freeware/bin/vim_64

    /opt/freeware/bin/vimdiff

    /opt/freeware/bin/vimdiff_32

    /opt/freeware/bin/vimdiff_64

    /opt/freeware/bin/vimtutor

    /opt/freeware/bin/vimtutor_32

    /opt/freeware/bin/vimtutor_64

    /opt/freeware/etc/profile.d/vim.csh

    /opt/freeware/etc/profile.d/vim.sh

    /opt/freeware/man/man1/rvim.1

    /opt/freeware/man/man1/vimdiff.1

    /opt/freeware/man/man1/vimtutor.1



    ------------------------------
    Niklas
    System Engineer UNIX and Linux on Power
    ------------------------------

    Original Message


  • 3.  RE: vim security vulnerability fix

    Posted Thu January 20, 2022 06:51 AM

    We made it clear sometime back that Toolbox packages will not create symlinks in /usr  (except bash ).

    As we update the packages, this change will be carried into it.



    ------------------------------
    Ayappan P
    ------------------------------

    Original Message


  • 4.  RE: vim security vulnerability fix

    Posted Thu January 20, 2022 07:08 AM
    This is also good and was one of our requirements, but now this came as a surprise and we had not expected the change. My question was just about communication and something like release notes. You do a good job and help us a lot with opensource!

    ------------------------------
    Niklas
    System Engineer UNIX and Linux on Power
    ------------------------------

    Original Message


  • 5.  RE: vim security vulnerability fix

    Posted Thu January 20, 2022 10:40 AM
    Hi Niklas, 
    We had announced this while back that we are going to remove /usr links for AIX toolbox packages as we update packages to newer level.
    We recommend users to rely only on /opt/freeware path and should not use /usr path for open source tools from AIX toolbox.
    Here is the link where we announced that
    https://community.ibm.com/community/user/power/communities/community-home/digestviewer/viewthread?GroupId=6211&MessageKey=396d1fc1-ecb6-45f4-ad80-22ffe3e4c88c&CommunityKey=10c1d831-47ee-4d92-a138-b03f7896f7c9&tab=digestviewer&ReturnUrl=%2fcommunity%2fuser%2fpower%2fcommunities%2fcommunity-home%2fdigestviewer%3fcommunitykey%3d10c1d831-47ee-4d92-a138-b03f7896f7c9%26tab%3ddigestviewer

    ------------------------------
    SANKET RATHI
    ------------------------------

    Original Message


Related Content