Backport fix for CVE-2026-52858 to vim on c8s. Two upstream
patches are applied:
- Patch 3059 (upstream 9.2.0561): Disables execution of
import/from statements in python3complete.vim and
pythoncomplete.vim unless g:pythoncomplete_allow_import
is explicitly set by the user.
- Patch 3060 (upstream 9.2.0568): Follow-up fix adding
missing 'import vim' in evalsource() so the opt-in
variable is actually honored.
Both patches had src/version.c hunks stripped per
maintainer rules. Minor conflicts in filetype.txt and
test_popup.vim were resolved manually due to differences
between vim 8.0 and upstream.
CVE: CVE-2026-52858
Upstream patches:
- 4b850457e1.patch
- 868ad62cb8.patch
Resolves: RHEL-186648
This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.
Assisted-by: Ymir