From d0e067d837eff638a2af450d92ea48d54a3e5e48 Mon Sep 17 00:00:00 2001
From: AlmaLinux RelEng Bot <eabdullin@almalinux.org>
Date: Tue, 19 May 2026 20:30:56 -0400
Subject: [PATCH] import UBI vim-8.2.2637-26.el9_8.4

---
 SOURCES/vi_wrapper   | 23 -----------------
 SOURCES/view_wrapper |  2 +-
 SPECS/vim.spec       | 59 ++++++++++++++++++++++++--------------------
 3 files changed, 33 insertions(+), 51 deletions(-)
 delete mode 100644 SOURCES/vi_wrapper

diff --git a/SOURCES/vi_wrapper b/SOURCES/vi_wrapper
deleted file mode 100644
index 1bb1aece..00000000
--- a/SOURCES/vi_wrapper
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/sh
-
-# run vim if:
-# - 'vi' command is used and 'vim' binary is available
-# - 'vim' command is used
-# NOTE: Set up a local alias if you want vim -> vi functionality. We will not
-# do it globally, because it messes up with available startup options (see 
-# ':help starting', 'vi' is not capable of '-d'). The introducing an environment
-# variable, which an user must set to get the feature, will do the same trick
-# as setting an alias (needs user input, does not work with sudo), so it is left
-# on user whether he decides to use an alias:
-#
-# alias vim=vi
-#
-# in bashrc file.
-
-if test -f /usr/bin/vim
-then
-  exec /usr/bin/vim "$@"
-fi
-
-# run vi otherwise
-exec /usr/libexec/vi "$@"
diff --git a/SOURCES/view_wrapper b/SOURCES/view_wrapper
index 9e8d7207..a0b24c9d 100644
--- a/SOURCES/view_wrapper
+++ b/SOURCES/view_wrapper
@@ -7,4 +7,4 @@ then
 fi
 
 # run vi otherwise
-exec /usr/libexec/vi -R "$@"
+exec /usr/bin/vi -R "$@"
diff --git a/SPECS/vim.spec b/SPECS/vim.spec
index b267fe66..921b170c 100644
--- a/SPECS/vim.spec
+++ b/SPECS/vim.spec
@@ -27,7 +27,7 @@ Summary: The VIM editor
 URL:     http://www.vim.org/
 Name: vim
 Version: %{baseversion}.%{patchlevel}
-Release: 23%{?dist}.3
+Release: 26%{?dist}.4
 License: Vim and MIT
 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
 Source1: virc
@@ -42,7 +42,6 @@ Source9: vim-default-editor.sh
 Source10: vim-default-editor.csh
 Source11: vim-default-editor.fish
 Source12: view_wrapper
-Source13: vi_wrapper
 
 %if %{withvimspell}
 Source100: vim-spell-files.tar.bz2
@@ -151,12 +150,12 @@ Patch3055: vim-CVE-2023-4752.patch
 Patch3056: 0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch
 # RHEL-112009 CVE-2025-53906 vim: Vim path traversal
 Patch3057: 0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch
-# RHEL-147940 CVE-2026-25749 vim: Heap Overflow in Vim
+# RHEL-147941 CVE-2026-25749 vim: Heap Overflow in Vim
 # 0001-patch-9.1.2132-security-buffer-overflow-in-helpfile-.patch
 # 0001-patch-9.1.2133-Another-case-of-buffer-overflow-with-.patch
 Patch3058: 0001-patch-9.1.2132-security-buffer-overflow-in-helpfile-.patch
 Patch3059: 0001-patch-9.1.2133-Another-case-of-buffer-overflow-with-.patch
-# RHEL-155437 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
+# RHEL-155438 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
 # 3 patches:
 # 0001-runtime-netrw-upstream-snapshot-of-v179.patch - introduces NetrwValidateHostname
 # 0001-patch-9.2.0073-security-possible-command-injection-u.patch - CVE patch which sanitizes hostnames
@@ -165,17 +164,17 @@ Patch3059: 0001-patch-9.1.2133-Another-case-of-buffer-overflow-with-.patch
 Patch3060: 0001-runtime-netrw-upstream-snapshot-of-v179.patch
 Patch3061: 0001-patch-9.2.0073-security-possible-command-injection-u.patch
 Patch3062: 0001-patch-9.2.0089-netrw-does-not-take-port-into-account.patch
-# RHEL-155422 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
+# RHEL-155423 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
 # 0001-patch-9.0.1477-crash-when-recovering-from-corrupted-.patch - adds check for max page count, which fixes
 # crash which happens after applying 0001-patch-9.2.0077-security-Crash-when-recovering-a-corr.patch
 # 0001-patch-9.2.0077-security-Crash-when-recovering-a-corr.patch - validates line count and page count from
 # untrusted swap file before passing it to read and allocation functions
 Patch3063: 0001-patch-9.0.1477-crash-when-recovering-from-corrupted-.patch
 Patch3064: 0001-patch-9.2.0077-security-Crash-when-recovering-a-corr.patch
-# RHEL-159629 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
+# RHEL-159630 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
 Patch3065: 0001-patch-9.2.0202-security-command-injection-via-newlin.patch
-# RHEL-164965 CVE-2026-34982 vim: arbitrary command execution via modeline sandbox bypass
-# https://redhat.atlassian.net/browse/RHEL-164965
+# RHEL-164966 CVE-2026-34982 vim: arbitrary command execution via modeline sandbox bypass
+# https://redhat.atlassian.net/browse/RHEL-164966
 # https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615f13a7de44c0587
 # https://github.com/vim/vim/commit/8c8772c6b321d4955c8f09926e3eda2b4cd83680
 Patch3066: 0001-patch-9.2.0276-security-modeline-security-bypass.patch
@@ -433,7 +432,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
 %patch -P 3063 -p1 -b .check-page-count
 %patch -P 3064 -p1 -b .CVE-2026-28421
 %patch -P 3065 -p1 -b .CVE-2026-33412
-%patch -P 3066 -p1 -b .CVE-2026-34982
+%patch -P 3066 -p1 -b .modeline-bypass
 %patch -P 3067 -p1 -b .modeline-tests
 
 %build
@@ -578,17 +577,13 @@ cd src
 # and put the stripped files into correct dirs. Build system (koji/brew) 
 # does it for us, so there is no need to do it in Vim
 %make_install BINDIR=%{_bindir} VIMRCLOC=/etc VIMRUNTIMEDIR=/usr/share/vim/%{vimdir} STRIP=/bin/true
-# make install creates vim binary and view symlink, they will be wrappers
-# so remove them here
-%{_bindir}/rm -f %{buildroot}%{_bindir}/{vim,view}
+
 make installgtutorbin  DESTDIR=%{buildroot} BINDIR=%{_bindir} VIMRCLOC=/etc VIMRUNTIMEDIR=/usr/share/vim/%{vimdir}
 mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,32x32,48x48,64x64}/apps
-mkdir -p %{buildroot}%{_libexecdir}
-install -m755 minimal-vim %{buildroot}%{_libexecdir}/vi
+install -m755 minimal-vim %{buildroot}%{_bindir}/vi
 install -m755 enhanced-vim %{buildroot}%{_bindir}/vim
 install -m755 gvim %{buildroot}%{_bindir}/gvim
 install -m755 %{SOURCE12} %{buildroot}%{_bindir}/view
-install -m755 %{SOURCE13} %{buildroot}%{_bindir}/vi
 install -p -m644 %{SOURCE3} \
    %{buildroot}%{_datadir}/icons/hicolor/16x16/apps/gvim.png
 install -p -m644 %{SOURCE4} \
@@ -642,9 +637,9 @@ SentUpstream: 2014-05-22
 EOF
 
 ( cd %{buildroot}
-  ln -sf %{_libexecdir}/vi .%{_bindir}/rvi
-  ln -sf %{_libexecdir}/vi .%{_bindir}/rview
-  ln -sf %{_libexecdir}/vi .%{_bindir}/ex
+  ln -sf %{_bindir}/vi .%{_bindir}/rvi
+  ln -sf %{_bindir}/vi .%{_bindir}/rview
+  ln -sf %{_bindir}/vi .%{_bindir}/ex
   ln -sf %{_bindir}/vim .%{_bindir}/rvim
   ln -sf %{_bindir}/vim .%{_bindir}/vimdiff
   perl -pi -e "s,%{buildroot},," .%{_mandir}/man1/vim.1 .%{_mandir}/man1/vimtutor.1
@@ -922,7 +917,6 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %{_bindir}/rview
 %{_bindir}/vi
 %{_bindir}/view
-%{_libexecdir}/vi
 %{_mandir}/man1/vi.*
 %{_mandir}/man1/ex.*
 %{_mandir}/man1/rvi.*
@@ -992,16 +986,27 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %endif
 
 %changelog
-* Wed Apr 08 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-23.3
-- Resolves: RHEL-164965 vim: arbitrary command execution via modeline sandbox bypass
+* Wed Apr 08 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-26.4
+- Resolves: RHEL-164966 vim: arbitrary command execution via modeline sandbox bypass
 
-* Thu Mar 26 2026 Petr Dancak <pdancak@redhat.com> - 2:8.2.2637-23.2
-- RHEL-155437 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
-- RHEL-155422 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
-- RHEL-159629 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
+* Tue Mar 31 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-26.3
+- Related: RHEL-159630 rebuild to build with exception target
 
-* Wed Feb 25 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-23.1
-- RHEL-147940 CVE-2026-25749 vim: Heap Overflow in Vim
+* Fri Mar 27 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-26.2
+- remove -O0 from flags
+
+* Wed Mar 25 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-26.1
+- RHEL-159630 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
+
+* Thu Mar 19 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-26
+- RHEL-155438 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
+- RHEL-155423 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
+
+* Tue Feb 10 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-25
+- RHEL-147941 CVE-2026-25749 vim: Heap Overflow in Vim
+
+* Mon Feb 02 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-24
+- RHEL-143726 sudo not able to spawn "vi" command when NOEXEC is used to prevent escaping to shell
 
 * Wed Sep 17 2025 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-23
 - RHEL-112005 CVE-2025-53905 vim: Vim path traversial