Related: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass

2026-04-17 13:57:45 +02:00 · 2026-04-17 13:57:45 +02:00 · f7d28fedc6
commit f7d28fedc6
parent 6cd1353d0a
2 changed files with 7 additions and 4 deletions
--- a/0001-patch-8.1.1366-using-expressions-in-modeline-is-unsafe.patch
+++ b/0001-patch-8.1.1366-using-expressions-in-modeline-is-unsafe.patch
@ -106,8 +106,8 @@ index b7f9869..2558f17 100644
 +	When on allow some options that are an expression to be set in the
 +	modeline.  Check the option for whether it is affected by
 +	'modelineexpr'.  Also see |modeline|.
-+        This option cannot be set from a |modeline| or in the |sandbox|, for
-+        security reasons.
+	This option cannot be set from a |modeline| or in the |sandbox|, for
+	security reasons.
 +
 'modelines' 'mls'	number	(default 5)
 			global
@ -346,7 +346,7 @@ index 31aec7e..74ad244 100644
 		}
 +		if ((flags & P_MLE) && !p_mle)
 +		{
-+		    errmsg = _("E992: Not allowed in a modeline when 'modelineexpr' is off");
+		    errmsg = (char_u *)_("E992: Not allowed in a modeline when 'modelineexpr' is off");
 +		    goto skip;
 +		}
 #ifdef FEAT_DIFF
--- a/vim.spec
+++ b/vim.spec
@ -24,7 +24,7 @@ Summary: The VIM editor
 URL:     http://www.vim.org/
 Name: vim
 Version: %{baseversion}.%{patchlevel}
-Release: 22%{?dist}.2
+Release: 22%{?dist}.3
 License: Vim and MIT
 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
 Source1: vim.sh
@ -901,6 +901,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %{_datadir}/icons/locolor/*/apps/*

 %changelog
+* Fri Apr 17 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-22.3
+- Relates: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass
+
 * Mon Apr 13 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-22.2
 - Resolves: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass