From fd875ab0ac404b4ba6180d66fabbfe65585f6dde Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 5 Nov 2019 16:29:29 -0500
Subject: [PATCH] import vim-8.0.1763-13.el8

---
 SOURCES/vim-crypto-warning.patch | 86 ++++++++++++++++++++++++++++++++
 SPECS/vim.spec                   | 14 +++++-
 2 files changed, 99 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/vim-crypto-warning.patch

diff --git a/SOURCES/vim-crypto-warning.patch b/SOURCES/vim-crypto-warning.patch
new file mode 100644
index 0000000..408f755
--- /dev/null
+++ b/SOURCES/vim-crypto-warning.patch
@@ -0,0 +1,86 @@
+diff --git a/src/config.h.in b/src/config.h.in
+index 7d61220..ca0b1a8 100644
+--- a/src/config.h.in
++++ b/src/config.h.in
+@@ -478,3 +478,12 @@
+ 
+ /* Define to inline symbol or empty */
+ #undef inline
++
++/* Do we need FIPS warning? */
++#undef HAVE_FIPS_WARNING
++
++/* Link to system-fips file */
++#undef SYSTEM_FIPS_FILE_LINK
++
++/* Link to fips_enabled file */
++#undef FIPS_ENABLED_FILE_LINK
+diff --git a/src/configure.ac b/src/configure.ac
+index 1e7d444..5e45762 100644
+--- a/src/configure.ac
++++ b/src/configure.ac
+@@ -525,6 +525,38 @@ else
+   AC_MSG_RESULT(yes)
+ fi
+ 
++dnl Checking if we want FIPS warning
++
++AC_MSG_CHECKING(--enable-fips-warning)
++AC_ARG_ENABLE([fips-warning],
++              AS_HELP_STRING([--enable-fips-warning], [Enable FIPS warning]),
++              ,[enable_fips_warning="no"])
++
++if test "$enable_fips_warning" = "yes"; then
++  AC_MSG_RESULT(yes)
++  AC_DEFINE([HAVE_FIPS_WARNING])
++
++  dnl Setting path for system-fips file
++
++  AC_MSG_CHECKING(--with-system-fips-file argument)
++  AC_ARG_WITH([system-fips-file], [  --with-system-fips-file=PATH       Link to system-fips file (default: /etc/system-fips)],
++	with_system_fips_file=$withval,
++       with_system_fips_file="/etc/system-fips")
++  AC_MSG_RESULT([$with_system_fips_file])
++  AC_DEFINE_UNQUOTED([SYSTEM_FIPS_FILE_LINK], ["$with_system_fips_file"])
++
++  dnl Setting link to fips_enabled file
++
++  AC_MSG_CHECKING(--with-fips-enabled-file argument)
++  AC_ARG_WITH([fips-enabled-file], [  --with-fips-enabled-file=PATH       Link to fibs_enabled file (default: /proc/sys/crypto/fips_enabled)],
++	with_fips_enabled_file=$withval,
++       with_fips_enabled_file="/proc/sys/crypto/fips_enabled")
++  AC_MSG_RESULT([$with_fips_enabled_file])
++  AC_DEFINE_UNQUOTED([FIPS_ENABLED_FILE_LINK], ["$with_fips_enabled_file"])
++else
++  AC_MSG_RESULT(no)
++fi
++
+ dnl Check for Lua feature.
+ AC_MSG_CHECKING(--enable-luainterp argument)
+ AC_ARG_ENABLE(luainterp,
+diff --git a/src/crypt.c b/src/crypt.c
+index dfbf02c..c935bc0 100644
+--- a/src/crypt.c
++++ b/src/crypt.c
+@@ -501,6 +501,21 @@ crypt_check_method(int method)
+ 	msg_scroll = TRUE;
+ 	MSG(_("Warning: Using a weak encryption method; see :help 'cm'"));
+     }
++#ifdef HAVE_FIPS_WARNING
++    FILE *fips_enable_fd = fopen(FIPS_ENABLED_FILE_LINK, "r");
++    if (fips_enable_fd == NULL)
++      return;
++
++    int enabled = fgetc(fips_enable_fd);
++
++    if ( access(SYSTEM_FIPS_FILE_LINK, F_OK) != -1 && enabled == '1')
++    {
++	msg_scroll = TRUE;
++	MSG(_("Warning: This cryptography is not FIPS 140-2 compliant."));
++    }
++
++    fclose(fips_enable_fd);
++#endif
+ }
+ 
+     void
diff --git a/SPECS/vim.spec b/SPECS/vim.spec
index b5e30b5..fd65122 100644
--- a/SPECS/vim.spec
+++ b/SPECS/vim.spec
@@ -24,7 +24,7 @@ Summary: The VIM editor
 URL:     http://www.vim.org/
 Name: vim
 Version: %{baseversion}.%{patchlevel}
-Release: 11%{?dist}
+Release: 13%{?dist}
 License: Vim and MIT
 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
 Source1: vim.sh
@@ -71,6 +71,8 @@ Patch3017: vim-python3-tests.patch
 Patch3018: vim-covscan.patch
 # 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
 Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
+# 1605095 - vim: should not re-implement crypto
+Patch3020: vim-crypto-warning.patch
 
 # gcc is no longer in buildroot by default
 BuildRequires: gcc
@@ -267,6 +269,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
 %patch3017 -p1
 %patch3018 -p1
 %patch3019 -p1 -b .cve
+%patch3020 -p1 -b .crypto-warning
 
 %build
 %if 0%{?rhel} > 7
@@ -296,6 +299,7 @@ perl -pi -e "s/vimrc/virc/"  os_unix.h
 %endif
   --disable-pythoninterp --disable-perlinterp --disable-tclinterp \
   --with-tlib=ncurses --enable-gui=no --disable-gpm --exec-prefix=/ \
+  --enable-fips-warning \
   --with-compiledby="<bugzilla@redhat.com>" \
   --with-modified-by="<bugzilla@redhat.com>"
 
@@ -314,6 +318,7 @@ mv -f ex_cmds.c.save ex_cmds.c
   --enable-xim --enable-multibyte \
   --with-tlib=ncurses \
   --enable-gtk3-check --enable-gui=gtk3 \
+  --enable-fips-warning \
   --with-compiledby="<bugzilla@redhat.com>" --enable-cscope \
   --with-modified-by="<bugzilla@redhat.com>" \
 %if "%{withnetbeans}" == "1"
@@ -351,6 +356,7 @@ make clean
  --enable-gui=no --exec-prefix=%{_prefix} --enable-multibyte \
  --enable-cscope --with-modified-by="<bugzilla@redhat.com>" \
  --with-tlib=ncurses \
+  --enable-fips-warning \
  --with-compiledby="<bugzilla@redhat.com>" \
 %if "%{withnetbeans}" == "1"
   --enable-netbeans \
@@ -792,6 +798,12 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %{_datadir}/icons/locolor/*/apps/*
 
 %changelog
+* Tue Jul 23 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-13
+- fixing covscan issues raised by previous commit
+
+* Tue Jul 23 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-12
+- 1605095 - vim: should not re-implement crypto
+
 * Fri Jun 14 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-11
 - 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]