rpms/vim
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9
rpms:c9s
rpms:c10s
rpms:c10
rpms:c10-beta
rpms:c8s
rpms:c9-beta
rpms:c8-beta
rpms:imports/c9/vim-8.2.2637-23.el9_7.2
rpms:imports/c10s/vim-9.1.083-10.el10
rpms:imports/c10/vim-9.1.083-6.el10_1.3
rpms:imports/c8/vim-8.0.1763-22.el8_10.1
rpms:imports/c10-beta/vim-9.1.083-9.el10_2
rpms:imports/c9-beta/vim-8.2.2637-26.el9_8
rpms:imports/c9/vim-8.2.2637-23.el9_7.1
rpms:imports/c10s/vim-9.1.083-9.el10
rpms:imports/c10/vim-9.1.083-6.el10_1.1
rpms:imports/c8/vim-8.0.1763-22.el8_10
rpms:imports/c10s/vim-9.1.083-8.el10
rpms:imports/c10s/vim-9.1.083-7.el10
rpms:imports/c10/vim-9.1.083-6.el10_1
rpms:imports/c9/vim-8.2.2637-23.el9_7
rpms:imports/c10/vim-9.1.083-5.el10_0.1
rpms:imports/c9/vim-8.2.2637-22.el9_6.1
rpms:imports/c8/vim-8.0.1763-21.el8_10
rpms:imports/c10s/vim-9.1.083-6.el10
rpms:imports/c10/vim-9.1.083-5.el10_0
rpms:imports/c9/vim-8.2.2637-22.el9_6
rpms:imports/c10s/vim-9.1.083-5.el10
rpms:imports/c10s/vim-9.1.083-4.el10
rpms:imports/c9/vim-8.2.2637-21.el9
rpms:imports/c10s/vim-9.1.083-3.el10
rpms:imports/c9-beta/vim-8.2.2637-21.el9
rpms:imports/c10s/vim-9.1.083-2.el10
rpms:imports/c9-beta/vim-8.2.2637-20.el9_1
rpms:imports/c9/vim-8.2.2637-20.el9_1
rpms:imports/c9-beta/vim-8.2.2637-16.el9_0.3
rpms:imports/c8-beta/vim-8.0.1763-19.el8_6.4
rpms:imports/c9/vim-8.2.2637-16.el9_0.3
rpms:imports/c8/vim-8.0.1763-19.el8_6.4
rpms:imports/c8/vim-8.0.1763-19.el8_6.2
rpms:imports/c9/vim-8.2.2637-16.el9_0.2
rpms:imports/c8s/vim-8.0.1763-19.el8_6.4
rpms:imports/c8s/vim-8.0.1763-19.el8_6.2
rpms:imports/c9/vim-8.2.2637-15.el9
rpms:imports/c8/vim-8.0.1763-16.el8_5.13
rpms:imports/c8s/vim-8.0.1763-16.el8_5.13
rpms:imports/c9-beta/vim-8.2.2637-15.el9
rpms:imports/c8-beta/vim-8.0.1763-16.el8_5.12
rpms:imports/c8/vim-8.0.1763-16.el8_5.12
rpms:imports/c9-beta/vim-8.2.2637-13.el9
rpms:imports/c8s/vim-8.0.1763-16.el8_5.12
rpms:imports/c8/vim-8.0.1763-16.el8_5.4
rpms:imports/c9-beta/vim-8.2.2637-10.el9
rpms:imports/c8s/vim-8.0.1763-16.el8_5.7
rpms:imports/c8s/vim-8.0.1763-16.el8_5.4
rpms:imports/c9-beta/vim-8.2.2637-9.el9
rpms:imports/c9-beta/vim-8.2.2637-8.el9
rpms:imports/c9-beta/vim-8.2.2637-5.el9
rpms:imports/c8s/vim-8.0.1763-16.el8_5.3
rpms:imports/c8s/vim-8.0.1763-16.el8_5.2
rpms:imports/c8/vim-8.0.1763-16.el8
rpms:imports/c8-beta/vim-8.0.1763-15.el8
rpms:imports/c8-beta/vim-8.0.1763-13.el8
rpms:imports/c8-beta/vim-8.0.1763-11.el8
rpms:imports/c8s/vim-8.0.1763-16.el8
rpms:imports/c8s/vim-8.0.1763-15.el8
rpms:imports/c8s/vim-8.0.1763-14.el8
rpms:imports/c8/vim-8.0.1763-15.el8
rpms:imports/c8/vim-8.0.1763-13.el8
rpms:imports/c8/vim-8.0.1763-11.el8_0
rpms:imports/c8/vim-8.0.1763-10.el8
...
pull from: rpms:c8-beta
Branches Tags
rpms:c9
rpms:c9s
rpms:c10s
rpms:c10
rpms:c8
rpms:c10-beta
rpms:c8s
rpms:c9-beta
rpms:c8-beta
rpms:imports/c9/vim-8.2.2637-23.el9_7.2
rpms:imports/c10s/vim-9.1.083-10.el10
rpms:imports/c10/vim-9.1.083-6.el10_1.3
rpms:imports/c8/vim-8.0.1763-22.el8_10.1
rpms:imports/c10-beta/vim-9.1.083-9.el10_2
rpms:imports/c9-beta/vim-8.2.2637-26.el9_8
rpms:imports/c9/vim-8.2.2637-23.el9_7.1
rpms:imports/c10s/vim-9.1.083-9.el10
rpms:imports/c10/vim-9.1.083-6.el10_1.1
rpms:imports/c8/vim-8.0.1763-22.el8_10
rpms:imports/c10s/vim-9.1.083-8.el10
rpms:imports/c10s/vim-9.1.083-7.el10
rpms:imports/c10/vim-9.1.083-6.el10_1
rpms:imports/c9/vim-8.2.2637-23.el9_7
rpms:imports/c10/vim-9.1.083-5.el10_0.1
rpms:imports/c9/vim-8.2.2637-22.el9_6.1
rpms:imports/c8/vim-8.0.1763-21.el8_10
rpms:imports/c10s/vim-9.1.083-6.el10
rpms:imports/c10/vim-9.1.083-5.el10_0
rpms:imports/c9/vim-8.2.2637-22.el9_6
rpms:imports/c10s/vim-9.1.083-5.el10
rpms:imports/c10s/vim-9.1.083-4.el10
rpms:imports/c9/vim-8.2.2637-21.el9
rpms:imports/c10s/vim-9.1.083-3.el10
rpms:imports/c9-beta/vim-8.2.2637-21.el9
rpms:imports/c10s/vim-9.1.083-2.el10
rpms:imports/c9-beta/vim-8.2.2637-20.el9_1
rpms:imports/c9/vim-8.2.2637-20.el9_1
rpms:imports/c9-beta/vim-8.2.2637-16.el9_0.3
rpms:imports/c8-beta/vim-8.0.1763-19.el8_6.4
rpms:imports/c9/vim-8.2.2637-16.el9_0.3
rpms:imports/c8/vim-8.0.1763-19.el8_6.4
rpms:imports/c8/vim-8.0.1763-19.el8_6.2
rpms:imports/c9/vim-8.2.2637-16.el9_0.2
rpms:imports/c8s/vim-8.0.1763-19.el8_6.4
rpms:imports/c8s/vim-8.0.1763-19.el8_6.2
rpms:imports/c9/vim-8.2.2637-15.el9
rpms:imports/c8/vim-8.0.1763-16.el8_5.13
rpms:imports/c8s/vim-8.0.1763-16.el8_5.13
rpms:imports/c9-beta/vim-8.2.2637-15.el9
rpms:imports/c8-beta/vim-8.0.1763-16.el8_5.12
rpms:imports/c8/vim-8.0.1763-16.el8_5.12
rpms:imports/c9-beta/vim-8.2.2637-13.el9
rpms:imports/c8s/vim-8.0.1763-16.el8_5.12
rpms:imports/c8/vim-8.0.1763-16.el8_5.4
rpms:imports/c9-beta/vim-8.2.2637-10.el9
rpms:imports/c8s/vim-8.0.1763-16.el8_5.7
rpms:imports/c8s/vim-8.0.1763-16.el8_5.4
rpms:imports/c9-beta/vim-8.2.2637-9.el9
rpms:imports/c9-beta/vim-8.2.2637-8.el9
rpms:imports/c9-beta/vim-8.2.2637-5.el9
rpms:imports/c8s/vim-8.0.1763-16.el8_5.3
rpms:imports/c8s/vim-8.0.1763-16.el8_5.2
rpms:imports/c8/vim-8.0.1763-16.el8
rpms:imports/c8-beta/vim-8.0.1763-15.el8
rpms:imports/c8-beta/vim-8.0.1763-13.el8
rpms:imports/c8-beta/vim-8.0.1763-11.el8
rpms:imports/c8s/vim-8.0.1763-16.el8
rpms:imports/c8s/vim-8.0.1763-15.el8
rpms:imports/c8s/vim-8.0.1763-14.el8
rpms:imports/c8/vim-8.0.1763-15.el8
rpms:imports/c8/vim-8.0.1763-13.el8
rpms:imports/c8/vim-8.0.1763-11.el8_0
rpms:imports/c8/vim-8.0.1763-10.el8

No commits in common. "c8" and "c8-beta" have entirely different histories.
c8 ... c8-beta

18 changed files with 14 additions and 2026 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,5 +1,3 @@
SOURCES/gvim16.png
SOURCES/gvim32.png
SOURCES/gvim48.png
SOURCES/Changelog.rpm
SOURCES/gvim64.png
SOURCES/vim-8.0-1763.tar.bz2

4
.vim.metadata
View File

@ -1,5 +1,3 @@
a7c81ffd40611b19c125c505699d8a6401f6e022 SOURCES/gvim16.png
2356345378a9f1ba3c9e9e6508b695611e8f2cfa SOURCES/gvim32.png
37ad682f67539da7f4d4b7316383115dfe43222d SOURCES/gvim48.png
5ea81545fc28b57c490d25bda67a63a2838dd25b SOURCES/Changelog.rpm
c32bd520a1498b71ee9bbcddc7ad05df1565d085 SOURCES/gvim64.png
6716ebb416c9da91d16a2b17dc6bc2cecf65b4eb SOURCES/vim-8.0-1763.tar.bz2

109
SOURCES/0001-patch-9.0.1477-crash-when-recovering-from-corrupted-.patch
View File

@ -1,109 +0,0 @@
diff -up vim80/src/globals.h.check-page-count vim80/src/globals.h
--- vim80/src/globals.h.check-page-count 2026-03-19 17:53:51.063638067 +0100
+++ vim80/src/globals.h 2026-03-19 17:56:16.144187736 +0100
@@ -1584,6 +1584,7 @@
#endif
EXTERN char_u e_dirnotf[] INIT(= N_("E919: Directory not found in '%s': \"%s\""));
EXTERN char_u e_au_recursive[] INIT(= N_("E952: Autocommand caused recursive behavior"));
+EXTERN char_u e_warning_pointer_block_corrupted[] INIT(= N_("E1364: Warning: Pointer block corrupted"));
#ifdef FEAT_GUI_MAC
EXTERN short disallow_gui INIT(= FALSE);
diff -up vim80/src/memfile.c.check-page-count vim80/src/memfile.c
--- vim80/src/memfile.c.check-page-count 2021-03-22 10:02:42.000000000 +0100
+++ vim80/src/memfile.c 2026-03-19 18:13:11.196323045 +0100
@@ -432,7 +432,9 @@ mf_get(memfile_T *mfp, blocknr_T nr, int
* If not, allocate a new block.
*/
hp = mf_release(mfp, page_count);
- if (hp == NULL && (hp = mf_alloc_bhdr(mfp, page_count)) == NULL)
+ if (hp == NULL && page_count > 0)
+ hp = mf_alloc_bhdr(mfp, page_count);
+ if (hp == NULL)
return NULL;
hp->bh_bnum = nr;
@@ -813,8 +815,10 @@ mf_release(memfile_T *mfp, int page_coun
*/
if (hp->bh_page_count != page_count)
{
- vim_free(hp->bh_data);
- if ((hp->bh_data = alloc(mfp->mf_page_size * page_count)) == NULL)
+ VIM_CLEAR(hp->bh_data);
+ if (page_count > 0)
+ hp->bh_data = alloc((size_t)mfp->mf_page_size * page_count);
+ if (hp->bh_data == NULL)
{
vim_free(hp);
return NULL;
@@ -872,7 +876,7 @@ mf_release_all(void)
}
/*
- * Allocate a block header and a block of memory for it
+ * Allocate a block header and a block of memory for it.
*/
static bhdr_T *
mf_alloc_bhdr(memfile_T *mfp, int page_count)
@@ -892,7 +896,7 @@ mf_alloc_bhdr(memfile_T *mfp, int page_c
}
/*
- * Free a block header and the block of memory for it
+ * Free a block header and the block of memory for it.
*/
static void
mf_free_bhdr(bhdr_T *hp)
@@ -902,7 +906,7 @@ mf_free_bhdr(bhdr_T *hp)
}
/*
- * insert entry *hp in the free list
+ * Insert entry *hp in the free list.
*/
static void
mf_ins_free(memfile_T *mfp, bhdr_T *hp)
diff -up vim80/src/memline.c.check-page-count vim80/src/memline.c
--- vim80/src/memline.c.check-page-count 2021-03-22 10:02:42.000000000 +0100
+++ vim80/src/memline.c 2026-03-19 18:13:59.116720443 +0100
@@ -96,6 +96,9 @@ struct pointer_block
* followed by empty space until end of page */
};
+// Value for pb_count_max.
+#define PB_COUNT_MAX(mfp) (short_u)(((mfp)->mf_page_size - offsetof(PTR_BL, pb_pointer)) / sizeof(PTR_EN))
+
/*
* A data block is a leaf in the tree.
*
@@ -1505,6 +1508,20 @@ ml_recover(int checkext)
pp = (PTR_BL *)(hp->bh_data);
if (pp->pb_id == PTR_ID) /* it is a pointer block */
{
+ int ptr_block_error = FALSE;
+ if (pp->pb_count_max != PB_COUNT_MAX(mfp))
+ {
+ ptr_block_error = TRUE;
+ pp->pb_count_max = PB_COUNT_MAX(mfp);
+ }
+ if (pp->pb_count > pp->pb_count_max)
+ {
+ ptr_block_error = TRUE;
+ pp->pb_count = pp->pb_count_max;
+ }
+ if (ptr_block_error)
+ EMSG(_(e_warning_pointer_block_corrupted));
+
/* check line count when using pointer block first time */
if (idx == 0 && line_count != 0)
{
@@ -4040,8 +4057,7 @@ ml_new_ptr(memfile_T *mfp)
pp = (PTR_BL *)(hp->bh_data);
pp->pb_id = PTR_ID;
pp->pb_count = 0;
- pp->pb_count_max = (short_u)((mfp->mf_page_size - sizeof(PTR_BL))
- / sizeof(PTR_EN) + 1);
+ pp->pb_count_max = PB_COUNT_MAX(mfp);
return hp;
}

70
SOURCES/0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch
View File

@ -1,70 +0,0 @@
diff -up vim82/runtime/autoload/zip.vim.CVE-2025-53906 vim82/runtime/autoload/zip.vim
--- vim82/runtime/autoload/zip.vim.CVE-2025-53906 2021-03-22 10:02:41.000000000 +0100
+++ vim82/runtime/autoload/zip.vim 2025-09-10 19:33:11.491115978 +0200
@@ -251,6 +251,7 @@ fun! zip#Write(fname)
" call Dfunc("zip#Write(fname<".a:fname.">) zipfile_".winnr()."<".s:zipfile_{winnr()}.">")
let repkeep= &report
set report=10
+ let need_rename = 0
" sanity checks
if !executable(substitute(g:zip_zipcmd,'\s\+.*$','',''))
@@ -261,14 +262,6 @@ fun! zip#Write(fname)
" call Dret("zip#Write")
return
endif
- if !exists("*mkdir")
- redraw!
- echohl Error | echo "***error*** (zip#Write) sorry, mkdir() doesn't work on your system" | echohl None
-" call inputsave()|call input("Press <cr> to continue")|call inputrestore()
- let &report= repkeep
-" call Dret("zip#Write")
- return
- endif
let curdir= getcwd()
let tmpdir= tempname()
@@ -302,6 +295,11 @@ fun! zip#Write(fname)
let zipfile = substitute(a:fname,'^.\{-}zipfile:\(.\{-}\)::[^\\].*$','\1','')
let fname = substitute(a:fname,'^.\{-}zipfile:.\{-}::\([^\\].*\)$','\1','')
endif
+ if fname =~ '^[.]\{1,2}/'
+ call system(g:zip_zipcmd." -d ".s:Escape(fnamemodify(zipfile,":p"),0)." ".s:Escape(fname,0))
+ let fname = substitute(fname, '^\([.]\{1,2}/\)\+', '', 'g')
+ let need_rename = 1
+ endif
" call Decho("zipfile<".zipfile.">")
" call Decho("fname <".fname.">")
@@ -318,7 +316,7 @@ fun! zip#Write(fname)
endif
" call Decho("zipfile<".zipfile."> fname<".fname.">")
- exe "w! ".fnameescape(fname)
+ exe "w ".fnameescape(fname)
if has("win32unix") && executable("cygpath")
let zipfile = substitute(system("cygpath ".s:Escape(zipfile,0)),'\n','','e')
endif
@@ -348,6 +346,10 @@ fun! zip#Write(fname)
let &binary = binkeep
q!
unlet s:zipfile_{winnr()}
+ elseif need_rename
+ sil exe 'keepalt file '.fnameescape("zipfile://".zipfile.'::'.fname)
+ redraw!
+ echohl Error | echo "***error*** (zip#Browse) Path Traversal Attack detected, dropping relative path" | echohl None
endif
" cleanup and restore current directory
@@ -383,6 +385,11 @@ fun! zip#Extract()
let &report= repkeep
" call Dret("zip#Extract")
return
+ elseif fname =~ '^[.]\?[.]/'
+ redraw!
+ echohl Error | echo "***error*** (zip#Browse) Path Traversal Attack detected, not extracting!" | echohl None
+ let &report= repkeep
+ return
endif
" extract the file mentioned under the cursor

288
SOURCES/0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch
View File

@ -1,288 +0,0 @@
diff --git a/runtime/autoload/tar.vim b/runtime/autoload/tar.vim
index 9c518cb..e320b9a 100644
--- a/runtime/autoload/tar.vim
+++ b/runtime/autoload/tar.vim
@@ -37,10 +37,10 @@ set cpo&vim
" ---------------------------------------------------------------------
" Default Settings: {{{1
if !exists("g:tar_browseoptions")
- let g:tar_browseoptions= "Ptf"
+ let g:tar_browseoptions= "tf"
endif
if !exists("g:tar_readoptions")
- let g:tar_readoptions= "OPxf"
+ let g:tar_readoptions= "Oxf"
endif
if !exists("g:tar_cmd")
let g:tar_cmd= "tar"
@@ -95,6 +95,9 @@ if !exists("g:tar_shq")
" call Decho("g:tar_shq<".g:tar_shq.">")
endif
+let g:tar_secure=' -- '
+let g:tar_leading_pat='^\%([.]\{,2\}/\)\+'
+
" ----------------
" Functions: {{{1
" ----------------
@@ -195,6 +198,15 @@ fun! tar#Browse(tarfile)
return
endif
+ " remove tar: Removing leading '/' from member names
+ " Note: the message could be localized
+ if search('^tar: ') > 0 || search(g:tar_leading_pat) > 0
+ call append(3,'" Note: Path Traversal Attack detected!')
+ let b:leading_slash = 1
+ " remove the message output
+ sil g/^tar: /d
+ endif
+
setlocal noma nomod ro
noremap <silent> <buffer> <cr> :call <SID>TarBrowseSelect()<cr>
@@ -211,12 +223,7 @@ fun! s:TarBrowseSelect()
let fname= getline(".")
" call Decho("fname<".fname.">")
- if !exists("g:tar_secure") && fname =~ '^\s*-\|\s\+-'
- redraw!
- echohl WarningMsg | echo '***warning*** (tar#BrowseSelect) rejecting tarfile member<'.fname.'> because of embedded "-"'
-" call Dret('tar#BrowseSelect : rejecting tarfile member<'.fname.'> because of embedded "-"')
- return
- endif
+ let ls= get(b:, 'leading_slash', 0)
" sanity check
if fname =~ '^"'
@@ -238,7 +245,8 @@ fun! s:TarBrowseSelect()
wincmd _
endif
let s:tblfile_{winnr()}= curfile
- call tar#Read("tarfile:".tarfile.'::'.fname,1)
+ let b:leading_slash= ls
+ call tar#Read("tarfile:".tarfile.'::'.fname)
filetype detect
set nomod
exe 'com! -buffer -nargs=? -complete=file TarDiff :call tar#Diff(<q-args>,"'.fnameescape(fname).'")'
@@ -249,8 +257,8 @@ endfun
" ---------------------------------------------------------------------
" tar#Read: {{{2
-fun! tar#Read(fname,mode)
-" call Dfunc("tar#Read(fname<".a:fname.">,mode=".a:mode.")")
+fun! tar#Read(fname)
+" call Dfunc("tar#Read(fname<".a:fname.">)")
let repkeep= &report
set report=10
let tarfile = substitute(a:fname,'tarfile:\(.\{-}\)::.*$','\1','')
@@ -262,6 +270,8 @@ fun! tar#Read(fname,mode)
" call Decho("tarfile<".tarfile.">")
" call Decho("fname<".fname.">")
+ let curdir= getcwd()
+ let b:curdir= curdir
if fname =~ '\.bz2$' && executable("bzcat")
let decmp= "|bzcat"
let doro = 1
@@ -282,33 +292,31 @@ fun! tar#Read(fname,mode)
endif
endif
- if exists("g:tar_secure")
- let tar_secure= " -- "
- else
- let tar_secure= " "
- endif
if tarfile =~# '\.bz2$'
-" call Decho("7: exe silent r! bzip2 -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp)
- exe "sil! r! bzip2 -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp
+" call Decho("7: exe silent r! bzip2 -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp)
+ exe "sil! r! bzip2 -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp
elseif tarfile =~# '\.\(gz\|tgz\)$'
-" call Decho("5: exe silent r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd.' -'.g:tar_readoptions.' - '.tar_secure.shellescape(fname,1))
- exe "sil! r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp
+" call Decho("5: exe silent r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd.' -'.g:tar_readoptions.' - '.g:tar_secure.shellescape(fname,1))
+ exe "sil! r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp
elseif tarfile =~# '\.lrp$'
-" call Decho("6: exe silent r! cat ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp)
- exe "sil! r! cat -- ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp
+" call Decho("6: exe silent r! cat ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp)
+ exe "sil! r! cat -- ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp
elseif tarfile =~# '\.lzma$'
-" call Decho("7: exe silent r! lzma -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp)
- exe "sil! r! lzma -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp
+" call Decho("7: exe silent r! lzma -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp)
+ exe "sil! r! lzma -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp
elseif tarfile =~# '\.\(xz\|txz\)$'
-" call Decho("3: exe silent r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp)
- exe "sil! r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp
+" call Decho("3: exe silent r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp)
+ exe "sil! r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp
else
if tarfile =~ '^\s*-'
" A file name starting with a dash is taken as an option. Prepend ./ to avoid that.
let tarfile = substitute(tarfile, '-', './-', '')
endif
-" call Decho("8: exe silent r! ".g:tar_cmd." -".g:tar_readoptions.tar_secure.shellescape(tarfile,1)." ".shellescape(fname,1).decmp)
- exe "silent r! ".g:tar_cmd." -".g:tar_readoptions.shellescape(tarfile,1)." ".tar_secure.shellescape(fname,1).decmp
+" call Decho("8: exe silent r! ".g:tar_cmd." -".g:tar_readoptions.g:tar_secure.shellescape(tarfile,1)." ".shellescape(fname,1).decmp)
+ exe "silent r! ".g:tar_cmd." -".g:tar_readoptions.shellescape(tarfile,1)." ".g:tar_secure.shellescape(fname,1).decmp
+ endif
+ if get(b:, 'leading_slash', 0)
+ sil g/^tar: /d
endif
if doro
@@ -317,13 +325,14 @@ fun! tar#Read(fname,mode)
endif
let b:tarfile= a:fname
- exe "file tarfile::".fnameescape(fname)
" cleanup
keepj sil! 0d
set nomod
let &report= repkeep
+ exe "lcd ".fnameescape(curdir)
+ silent exe "file tarfile::".fnameescape(fname)
" call Dret("tar#Read : b:tarfile<".b:tarfile.">")
endfun
@@ -334,13 +343,6 @@ fun! tar#Write(fname)
let repkeep= &report
set report=10
- if !exists("g:tar_secure") && a:fname =~ '^\s*-\|\s\+-'
- redraw!
- echohl WarningMsg | echo '***warning*** (tar#Write) rejecting tarfile member<'.a:fname.'> because of embedded "-"'
-" call Dret('tar#Write : rejecting tarfile member<'.fname.'> because of embedded "-"')
- return
- endif
-
" sanity checks
if !executable(g:tar_cmd)
redraw!
@@ -389,6 +391,13 @@ fun! tar#Write(fname)
let tarfile = substitute(b:tarfile,'tarfile:\(.\{-}\)::.*$','\1','')
let fname = substitute(b:tarfile,'tarfile:.\{-}::\(.*\)$','\1','')
+ if get(b:, 'leading_slash', 0)
+ redraw!
+ echohl Error | echo "***error*** (tar#Write) sorry, not attempting to update ".tarfile." with ".fname | echohl None
+ let &report= repkeep
+ return
+ endif
+
" handle compressed archives
if tarfile =~# '\.bz2'
call system("bzip2 -d -- ".shellescape(tarfile,0))
@@ -442,27 +451,23 @@ fun! tar#Write(fname)
endif
" call Decho("tarfile<".tarfile."> fname<".fname.">")
- if exists("g:tar_secure")
- let tar_secure= " -- "
- else
- let tar_secure= " "
- endif
- exe "w! ".fnameescape(fname)
+ " don't overwrite a file forcefully
+ exe "w ".fnameescape(fname)
if has("win32unix") && executable("cygpath")
let tarfile = substitute(system("cygpath ".shellescape(tarfile,0)),'\n','','e')
endif
" delete old file from tarfile
" call Decho("system(".g:tar_cmd." --delete -f ".shellescape(tarfile,0)." -- ".shellescape(fname,0).")")
- call system(g:tar_cmd." --delete -f ".shellescape(tarfile,0).tar_secure.shellescape(fname,0))
+ call system(g:tar_cmd." --delete -f ".shellescape(tarfile,0).g:tar_secure.shellescape(fname,0))
if v:shell_error != 0
redraw!
echohl Error | echo "***error*** (tar#Write) sorry, unable to update ".fnameescape(tarfile)." with ".fnameescape(fname) | echohl None
else
" update tarfile with new file
-" call Decho(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).tar_secure.shellescape(fname,0))
- call system(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).tar_secure.shellescape(fname,0))
+" call Decho(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).g:tar_secure.shellescape(fname,0))
+ call system(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).g:tar_secure.shellescape(fname,0))
if v:shell_error != 0
redraw!
echohl Error | echo "***error*** (tar#Write) sorry, unable to update ".fnameescape(tarfile)." with ".fnameescape(fname) | echohl None
@@ -511,6 +516,7 @@ fun! tar#Diff(userfname,fname)
if a:userfname != ""
let fname= a:userfname
endif
+ exe "lcd ".fnameescape(b:tmpdir). '/_ZIPVIM_'
if filereadable(fname)
" sets current file (from tarball) for diff'ing
" splits window vertically
diff --git a/runtime/doc/pi_tar.txt b/runtime/doc/pi_tar.txt
index 1b03d31..a6c72cd 100644
--- a/runtime/doc/pi_tar.txt
+++ b/runtime/doc/pi_tar.txt
@@ -61,7 +61,7 @@ Copyright 2005-2012: *tar-copyright*
the file mentioned in the tarball. If the current directory is not
correct for that path, :TarDiff will fail to find the associated file.
- If the [filename] is given, that that filename (and path) will be used
+ If the [filename] is given, that filename (and path) will be used
to specify the associated file.
@@ -86,18 +86,6 @@ Copyright 2005-2012: *tar-copyright*
*g:tar_readoptions* "OPxf" used to extract a file from a tarball
*g:tar_cmd* "tar" the name of the tar program
*g:tar_nomax* 0 if true, file window will not be maximized
- *g:tar_secure* undef if exists:
- "--"s will be used to prevent unwanted
- option expansion in tar commands.
- Please be sure that your tar command
- accepts "--"; Posix compliant tar
- utilities do accept them.
- if not exists:
- The tar plugin will reject any tar
- files or member files that begin with
- "-"
- Not all tar's support the "--" which is why
- it isn't default.
*g:tar_writeoptions* "uf" used to update/replace a file
diff --git a/runtime/doc/tags b/runtime/doc/tags
index 5895c05..2e09b72 100644
--- a/runtime/doc/tags
+++ b/runtime/doc/tags
@@ -6517,7 +6517,6 @@ g:tar_copycmd pi_tar.txt /*g:tar_copycmd*
g:tar_extractcmd pi_tar.txt /*g:tar_extractcmd*
g:tar_nomax pi_tar.txt /*g:tar_nomax*
g:tar_readoptions pi_tar.txt /*g:tar_readoptions*
-g:tar_secure pi_tar.txt /*g:tar_secure*
g:tar_writeoptions pi_tar.txt /*g:tar_writeoptions*
g:terminal_ansi_colors terminal.txt /*g:terminal_ansi_colors*
g:tex_comment_nospell syntax.txt /*g:tex_comment_nospell*
diff --git a/runtime/plugin/tarPlugin.vim b/runtime/plugin/tarPlugin.vim
index 6d9e6bd..471712f 100644
--- a/runtime/plugin/tarPlugin.vim
+++ b/runtime/plugin/tarPlugin.vim
@@ -22,14 +22,14 @@ set cpo&vim
" Public Interface: {{{1
augroup tar
au!
- au BufReadCmd tarfile::* call tar#Read(expand("<amatch>"), 1)
- au FileReadCmd tarfile::* call tar#Read(expand("<amatch>"), 0)
+ au BufReadCmd tarfile::* call tar#Read(expand("<amatch>"))
+ au FileReadCmd tarfile::* call tar#Read(expand("<amatch>"))
au BufWriteCmd tarfile::* call tar#Write(expand("<amatch>"))
au FileWriteCmd tarfile::* call tar#Write(expand("<amatch>"))
if has("unix")
- au BufReadCmd tarfile::*/* call tar#Read(expand("<amatch>"), 1)
- au FileReadCmd tarfile::*/* call tar#Read(expand("<amatch>"), 0)
+ au BufReadCmd tarfile::*/* call tar#Read(expand("<amatch>"))
+ au FileReadCmd tarfile::*/* call tar#Read(expand("<amatch>"))
au BufWriteCmd tarfile::*/* call tar#Write(expand("<amatch>"))
au FileWriteCmd tarfile::*/* call tar#Write(expand("<amatch>"))
endif

39
SOURCES/0001-patch-9.1.2132-security-buffer-overflow-in-helpfile-.patch
View File

@ -1,39 +0,0 @@
diff -up vim80/src/structs.h.tag-overflow vim80/src/structs.h
--- vim80/src/structs.h.tag-overflow 2018-04-24 17:10:42.000000000 +0200
+++ vim80/src/structs.h 2026-02-25 15:20:08.027012072 +0100
@@ -3423,3 +3423,7 @@ typedef struct {
int save_opcount;
tasave_T tabuf;
} save_state_T;
+
+// Return the length of a string literal
+#define STRLEN_LITERAL(s) (sizeof(s) - 1)
+
diff -up vim80/src/tag.c.tag-overflow vim80/src/tag.c
--- vim80/src/tag.c.tag-overflow 2018-03-05 15:55:42.000000000 +0100
+++ vim80/src/tag.c 2026-02-25 15:21:18.623604260 +0100
@@ -2677,7 +2677,7 @@ get_tagfname(
if (tnp->tn_hf_idx > tag_fnames.ga_len || *p_hf == NUL)
return FAIL;
++tnp->tn_hf_idx;
- STRCPY(buf, p_hf);
+ vim_strncpy(buf, p_hf, MAXPATHL - 1);
STRCPY(gettail(buf), "tags");
}
else
diff -up vim80/src/testdir/test_help.vim.tag-overflow vim80/src/testdir/test_help.vim
--- vim80/src/testdir/test_help.vim.tag-overflow 2017-12-11 10:20:46.000000000 +0100
+++ vim80/src/testdir/test_help.vim 2026-02-25 15:21:53.687898395 +0100
@@ -49,3 +49,12 @@ func Test_help_local_additions()
call delete('Xruntime', 'rf')
let &rtp = rtp_save
endfunc
+
+" This caused a buffer overflow
+func Test_helpfile_overflow()
+ let _helpfile = &helpfile
+ let &helpfile = repeat('A', 5000)
+ help
+ helpclose
+ let &helpfile = _helpfile
+endfunc

26
SOURCES/0001-patch-9.1.2133-Another-case-of-buffer-overflow-with-.patch
View File

@ -1,26 +0,0 @@
diff -up vim80/src/tag.c.tag-overflow2 vim80/src/tag.c
--- vim80/src/tag.c.tag-overflow2 2026-02-25 15:22:41.624581958 +0100
+++ vim80/src/tag.c 2026-02-25 15:23:23.993655916 +0100
@@ -2677,7 +2677,7 @@ get_tagfname(
if (tnp->tn_hf_idx > tag_fnames.ga_len || *p_hf == NUL)
return FAIL;
++tnp->tn_hf_idx;
- vim_strncpy(buf, p_hf, MAXPATHL - 1);
+ vim_strncpy(buf, p_hf, MAXPATHL - STRLEN_LITERAL("tags") - 1);
STRCPY(gettail(buf), "tags");
}
else
diff -up vim80/src/testdir/test_help.vim.tag-overflow2 vim80/src/testdir/test_help.vim
--- vim80/src/testdir/test_help.vim.tag-overflow2 2026-02-25 15:22:41.624858588 +0100
+++ vim80/src/testdir/test_help.vim 2026-02-25 15:24:01.774829851 +0100
@@ -56,5 +56,10 @@ func Test_helpfile_overflow()
let &helpfile = repeat('A', 5000)
help
helpclose
+ for i in range(4089, 4096)
+ let &helpfile = repeat('A', i) . '/A'
+ help
+ helpclose
+ endfor
let &helpfile = _helpfile
endfunc

56
SOURCES/0001-patch-9.2.0073-security-possible-command-injection-u.patch
View File

@ -1,56 +0,0 @@
diff -up vim91/runtime/autoload/netrw.vim.CVE-2026-28417 vim91/runtime/autoload/netrw.vim
--- vim91/runtime/autoload/netrw.vim.CVE-2026-28417 2026-03-17 19:22:17.101915588 +0100
+++ vim91/runtime/autoload/netrw.vim 2026-03-17 19:32:29.134514079 +0100
@@ -3376,13 +3376,26 @@ endif
" s:NetrwValidateHostname: Validate that the hostname is valid {{{2
" Input:
-" hostname
+" hostname, may include an optional username, e.g. user@hostname
+" allow a alphanumeric hostname or an IPv(4/6) address
" Output:
" true if g:netrw_machine is valid according to RFC1123 #Section 2
fun! s:NetrwValidateHostname(hostname)
- " RFC1123#section-2 mandates, a valid hostname starts with letters or digits
- " so reject everyhing else
- return a:hostname =~? '^[a-z0-9]'
+ " Username:
+ let user_pat = '\%([a-zA-Z0-9._-]\+@\)\?'
+ " Hostname: 1-64 chars, alphanumeric/dots/hyphens.
+ " No underscores. No leading/trailing dots/hyphens.
+ let host_pat = '[a-zA-Z0-9]\%([-a-zA-Z0-9.]{,62}[a-zA-Z0-9]\)\?$'
+
+ " IPv4: 1-3 digits separated by dots
+ let ipv4_pat = '\%(\d\{1,3}\.\)\{3\}\d\{1,3\}$'
+
+ " IPv6: Hex, colons, and optional brackets
+ let ipv6_pat = '\[\?\%([a-fA-F0-9:]\{2,}\)\+\]\?$'
+
+ return a:hostname =~? '^'.user_pat.host_pat ||
+ \ a:hostname =~? '^'.user_pat.ipv4_pat ||
+ \ a:hostname =~? '^'.user_pat.ipv6_pat
endfun
" ---------------------------------------------------------------------
@@ -11880,15 +11893,15 @@ endfun
" a correct command for use with a system() call
fun! s:MakeSshCmd(sshcmd)
" call Dfunc("s:MakeSshCmd(sshcmd<".a:sshcmd.">) user<".s:user."> machine<".s:machine.">")
- if s:user == ""
- let sshcmd = substitute(a:sshcmd,'\<HOSTNAME\>',s:machine,'')
- else
- let sshcmd = substitute(a:sshcmd,'\<HOSTNAME\>',s:user."@".s:machine,'')
+ let machine = shellescape(s:machine, 1)
+ if s:user != ''
+ let machine = shellescape(s:user, 1).'@'.machine
endif
+ let sshcmd = substitute(a:sshcmd,'\<HOSTNAME\>',machine,'')
if exists("g:netrw_port") && g:netrw_port != ""
- let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.g:netrw_port,'')
+ let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.shellescape(g:netrw_port,1),'')
elseif exists("s:port") && s:port != ""
- let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.s:port,'')
+ let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.shellescape(s:port,1),'')
else
let sshcmd= substitute(sshcmd,"USEPORT ",'','')
endif

397
SOURCES/0001-patch-9.2.0077-security-Crash-when-recovering-a-corr.patch
View File

@ -1,397 +0,0 @@
diff -up vim80/src/memline.c.CVE-2026-28421 vim80/src/memline.c
--- vim80/src/memline.c.CVE-2026-28421 2021-03-22 10:02:42.000000000 +0100
+++ vim80/src/memline.c 2026-03-19 10:42:50.113672743 +0100
@@ -1536,8 +1536,12 @@ ml_recover(int checkext)
if (!cannot_open)
{
line_count = pp->pb_pointer[idx].pe_line_count;
- if (readfile(curbuf->b_ffname, NULL, lnum,
- pp->pb_pointer[idx].pe_old_lnum - 1,
+ linenr_T pe_old_lnum = pp->pb_pointer[idx].pe_old_lnum;
+ // Validate pe_line_count and pe_old_lnum from the
+ // untrusted swap file before passing to readfile().
+ if (line_count <= 0 || pe_old_lnum < 1 ||
+ readfile(curbuf->b_ffname, NULL, lnum,
+ pe_old_lnum - 1,
line_count, NULL, 0) != OK)
cannot_open = TRUE;
else
@@ -1568,6 +1572,27 @@ ml_recover(int checkext)
bnum = pp->pb_pointer[idx].pe_bnum;
line_count = pp->pb_pointer[idx].pe_line_count;
page_count = pp->pb_pointer[idx].pe_page_count;
+ // Validate pe_bnum and pe_page_count from the untrusted
+ // swap file before passing to mf_get(), which uses
+ // page_count to calculate allocation size. A bogus value
+ // (e.g. 0x40000000) would cause a multi-GB allocation.
+ // pe_page_count must be >= 1 and bnum + page_count must
+ // not exceed the number of pages in the swap file.
+ if (page_count < 1
+ || bnum + page_count > mfp->mf_blocknr_max + 1)
+ {
+ ++error;
+ ml_append(lnum++,
+ (char_u *)_("???ILLEGAL BLOCK NUMBER"),
+ (colnr_T)0, TRUE);
+ // Skip this entry and pop back up the stack to keep
+ // recovering whatever else we can.
+ idx = ip->ip_index + 1;
+ bnum = ip->ip_bnum;
+ page_count = 1;
+ --buf->b_ml.ml_stack_top;
+ continue;
+ }
idx = 0;
continue;
}
--- vim80/src/po/af.po.CVE-2026-28421 2026-04-01 09:23:53.971493324 -0400
+++ vim80/src/po/af.po 2026-04-01 09:23:53.971493324 -0400
@@ -5391,3 +5391,6 @@ msgstr "E463: Omgewing is onder bewaking
#~ msgid "WARNING: tag command changed a buffer!!!"
#~ msgstr "WAARSKUWING: etiketbevel het buffer verander!!!"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/ca.po.CVE-2026-28421 2026-04-01 09:23:53.976493324 -0400
+++ vim80/src/po/ca.po 2026-04-01 09:23:53.976493324 -0400
@@ -6937,3 +6937,6 @@ msgid ""
msgstr ""
"Error en establir el path: sys.path no és una llista\n"
"Hauríeu d'afegir vim.VIM_SPECIAL_PATH a sys.path"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/cs.cp1250.po.CVE-2026-28421 2026-04-01 09:23:53.981493324 -0400
+++ vim80/src/po/cs.cp1250.po 2026-04-01 09:23:53.981493324 -0400
@@ -4658,3 +4658,6 @@ msgstr "Nulový poèet"
msgid "E81: Using <SID> not in a script context"
msgstr "E81: Použití <SID> mimo kontext skriptu"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/cs.po.CVE-2026-28421 2026-04-01 09:23:53.986493324 -0400
+++ vim80/src/po/cs.po 2026-04-01 09:23:53.987493324 -0400
@@ -4658,3 +4658,6 @@ msgstr "Nulový poèet"
msgid "E81: Using <SID> not in a script context"
msgstr "E81: Pou¾ití <SID> mimo kontext skriptu"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/de.po.CVE-2026-28421 2026-04-01 09:23:53.992493324 -0400
+++ vim80/src/po/de.po 2026-04-01 09:23:53.992493324 -0400
@@ -7101,3 +7101,6 @@ msgid ""
msgstr ""
"Fehler beim setzen des Pfades: sys.path ist keine Liste\n"
"Fügen Sie vim.VIM_SPECIAL_PATH zu sys.path hinzu"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/en_GB.po.CVE-2026-28421 2026-04-01 09:23:53.998493324 -0400
+++ vim80/src/po/en_GB.po 2026-04-01 09:23:53.999493324 -0400
@@ -765,3 +765,6 @@ msgid "can't delete OutputObject attribu
msgstr "cannot delete OutputObject attributes"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/eo.po.CVE-2026-28421 2026-04-01 09:23:54.005493324 -0400
+++ vim80/src/po/eo.po 2026-04-01 09:23:54.005493324 -0400
@@ -7024,3 +7024,6 @@ msgid ""
msgstr ""
"Agordo de serĉvojo malsukcesis: sys.path ne estas listo\n"
"Vi nun devas aldoni vim.VIM_SPECIAL_PATH al sys.path"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/es.po.CVE-2026-28421 2026-04-01 09:23:54.010493324 -0400
+++ vim80/src/po/es.po 2026-04-01 09:23:54.011493324 -0400
@@ -8275,3 +8275,6 @@ msgstr "La búsqueda ha llegado al FINAL
#~ msgid "-V[N]\t\tVerbose level"
#~ msgstr "-V[N]\t\tNivel de verbosidad (traza de ejecución)"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/fi.po.CVE-2026-28421 2026-04-01 09:23:54.016493324 -0400
+++ vim80/src/po/fi.po 2026-04-01 09:23:54.016493324 -0400
@@ -6991,3 +6991,6 @@ msgid ""
msgstr ""
"Ei onnistuttu asettaman polkua: sys.path ei ole list\n"
"Lisää vim.VIM_SPECIAL_PATH muuttujaan sys.path"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/fr.po.CVE-2026-28421 2026-04-01 09:23:54.021493324 -0400
+++ vim80/src/po/fr.po 2026-04-01 09:23:54.021493324 -0400
@@ -7306,3 +7306,6 @@ msgid ""
msgstr ""
"Impossible d'initialiser le chemin : sys.math n'est pas une liste\n"
"Vous devez maintenant ajouter vim.VIM_SPECIAL_PATH à sys.path"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/ga.po.CVE-2026-28421 2026-04-01 09:23:54.026493324 -0400
+++ vim80/src/po/ga.po 2026-04-01 09:23:54.026493324 -0400
@@ -7509,3 +7509,6 @@ msgstr ""
#~ msgid "E363: pattern caused out-of-stack error"
#~ msgstr "E363: ghin an patrún earráid as-an-chruach"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/it.po.CVE-2026-28421 2026-04-01 09:23:54.031493324 -0400
+++ vim80/src/po/it.po 2026-04-01 09:23:54.031493324 -0400
@@ -7015,3 +7015,6 @@ msgstr ""
"Dovresti aggiungere vim.VIM_SPECIAL_PATH a sys.path"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/ja.euc-jp.po.CVE-2026-28421 2026-04-01 09:23:54.036493324 -0400
+++ vim80/src/po/ja.euc-jp.po 2026-04-01 09:23:54.036493324 -0400
@@ -7031,3 +7031,6 @@ msgid ""
msgstr ""
"¥Ñ¥¹¤ÎÀßÄê¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: sys.path ¤¬¥ê¥¹¥È¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó\n"
"¤¹¤°¤Ë vim.VIM_SPECIAL_PATH ¤ò sys.path ¤ËÄɲ䷤Ƥ¯¤À¤µ¤¤"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/ja.po.CVE-2026-28421 2026-04-01 09:23:54.041493324 -0400
+++ vim80/src/po/ja.po 2026-04-01 09:23:54.041493324 -0400
@@ -7031,3 +7031,6 @@ msgid ""
msgstr ""
"ãƒã¹ã<C2B9>®è¨­å®šã<C5A1>«å¤±æ•—ã<E28094>—ã<E28094>¾ã<C2BE>—ã<E28094>Ÿ: sys.path ã<>Œãƒªã¹ãƒˆã<CB86>§ã<C2A7>¯ã<C2AF>ãŠã<C5A0>¾ã<C2BE>ã“\n"
<>™ã<E284A2><C3A3>ã<EFBFBD>« vim.VIM_SPECIAL_PATH ã‚’ sys.path ã<>«è¿½åŠ ã<C2A0>—ã<E28094>¦ã<C2A6><C3A3>ã<EFBFBD> ã<C2A0>•ã<E280A2>„"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/ja.sjis.po.CVE-2026-28421 2026-04-01 09:23:54.046493324 -0400
+++ vim80/src/po/ja.sjis.po 2026-04-01 09:23:54.046493324 -0400
@@ -7031,3 +7031,6 @@ msgid ""
msgstr ""
"ƒpƒXÌ<E2809A>ÝèÉŽ¸”sµÜµ½: sys.path ªƒŠƒXƒgÅÍ èܹñ\n"
"‚·‚®‚É vim.VIM_SPECIAL_PATH ‚ð sys.path ‚ɒljÁ‚µ‚Ä‚­‚¾‚³‚¢"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/ko.po.CVE-2026-28421 2026-04-01 09:23:54.051493324 -0400
+++ vim80/src/po/ko.po 2026-04-01 09:23:54.051493324 -0400
@@ -6951,3 +6951,6 @@ msgstr "%sÀ»(¸¦) vim list·Î º¯°æÇÒ ¼ö ¾ø
#~ "Failed to set path: sys.path is not a list\n"
#~ "You should now append vim.VIM_SPECIAL_PATH to sys.path"
#~ msgstr ""
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/ko.UTF-8.po.CVE-2026-28421 2026-04-01 09:23:54.056493324 -0400
+++ vim80/src/po/ko.UTF-8.po 2026-04-01 09:23:54.056493324 -0400
@@ -6951,3 +6951,6 @@ msgstr "%sì<73>„(를) vim listë¡œ 변경할
#~ "Failed to set path: sys.path is not a list\n"
#~ "You should now append vim.VIM_SPECIAL_PATH to sys.path"
#~ msgstr ""
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/lv.po.CVE-2026-28421 2026-04-01 09:23:54.061493324 -0400
+++ vim80/src/po/lv.po 2026-04-01 09:23:54.061493324 -0400
@@ -280,3 +280,6 @@ msgstr "E442: Nevar sadalÄ«t kreiso augÅ
#, c-format
msgid "E447: Can't find file \"%s\" in path"
msgstr "E447: Failu \"%s\" ceļÄ<C2BC> nevar atrast"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/nb.po.CVE-2026-28421 2026-04-01 09:23:54.066493324 -0400
+++ vim80/src/po/nb.po 2026-04-01 09:23:54.066493324 -0400
@@ -6164,3 +6164,6 @@ msgstr "Søket traff TOPPEN, fortsetter f
msgid "search hit BOTTOM, continuing at TOP"
msgstr "Søket traff BUNNEN, fortsetter fra TOPPEN"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/nl.po.CVE-2026-28421 2026-04-01 09:23:54.071493324 -0400
+++ vim80/src/po/nl.po 2026-04-01 09:23:54.071493324 -0400
@@ -5850,3 +5850,6 @@ msgstr "zoeken bereikte TOP, verder vana
msgid "search hit BOTTOM, continuing at TOP"
msgstr "zoeken bereikte BODEM, verder vanaf TOP"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/no.po.CVE-2026-28421 2026-04-01 09:23:54.076493324 -0400
+++ vim80/src/po/no.po 2026-04-01 09:23:54.076493324 -0400
@@ -6164,3 +6164,6 @@ msgstr "Søket traff TOPPEN, fortsetter f
msgid "search hit BOTTOM, continuing at TOP"
msgstr "Søket traff BUNNEN, fortsetter fra TOPPEN"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/pl.cp1250.po.CVE-2026-28421 2026-04-01 09:23:54.081493324 -0400
+++ vim80/src/po/pl.cp1250.po 2026-04-01 09:23:54.081493324 -0400
@@ -6903,3 +6903,6 @@ msgstr ""
#~ msgid "E569: maximum number of cscope connections reached"
#~ msgstr "E569: wyczerpano maksymaln¹ liczbê po³¹czeñ cscope"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/pl.po.CVE-2026-28421 2026-04-01 09:23:54.086493324 -0400
+++ vim80/src/po/pl.po 2026-04-01 09:23:54.086493324 -0400
@@ -6903,3 +6903,6 @@ msgstr ""
#~ msgid "E569: maximum number of cscope connections reached"
#~ msgstr "E569: wyczerpano maksymaln± liczbê po³±czeñ cscope"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/pl.UTF-8.po.CVE-2026-28421 2026-04-01 09:23:54.091493324 -0400
+++ vim80/src/po/pl.UTF-8.po 2026-04-01 09:23:54.091493324 -0400
@@ -6903,3 +6903,6 @@ msgstr ""
#~ msgid "E569: maximum number of cscope connections reached"
#~ msgstr "E569: wyczerpano maksymalnÄ… liczbÄ™ poÅÄ…czeÅ„ cscope"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/pt_BR.po.CVE-2026-28421 2026-04-01 09:23:54.096493324 -0400
+++ vim80/src/po/pt_BR.po 2026-04-01 09:23:54.096493324 -0400
@@ -7013,3 +7013,6 @@ msgid ""
msgstr ""
"Falha ao definir path: sys.path não é uma lista\n"
"Você deve adicionar vim.VIM_SPECIAL_PATH ao sys.path"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/ru.cp1251.po.CVE-2026-28421 2026-04-01 09:23:54.101493324 -0400
+++ vim80/src/po/ru.cp1251.po 2026-04-01 09:23:54.101493324 -0400
@@ -6932,3 +6932,6 @@ msgstr ""
"Îøèáêà ïðè óñòàíîâêå ïóòè: sys.path íå ÿâëÿåòñÿ ñïèñêîì\n"
"Ñëåäóåò äîáàâèòü vim.VIM_SPECIAL_PATH â sys.path"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/ru.po.CVE-2026-28421 2026-04-01 09:23:54.106493324 -0400
+++ vim80/src/po/ru.po 2026-04-01 09:23:54.106493324 -0400
@@ -6932,3 +6932,6 @@ msgstr ""
"Ошибка при уÑ<C692>Ñановке пути: sys.path не Ñ<>влÑ<C2BB>еÑÑ<E2809A>Ñ<EFBFBD> Ñ<>пиÑ<C2B8>ком\n"
"Следует добавить vim.VIM_SPECIAL_PATH в sys.path"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/sk.cp1250.po.CVE-2026-28421 2026-04-01 09:23:54.111493324 -0400
+++ vim80/src/po/sk.cp1250.po 2026-04-01 09:23:54.111493324 -0400
@@ -5820,3 +5820,6 @@ msgstr "h¾adanie dosiahlo zaèiatok, pokr
msgid "search hit BOTTOM, continuing at TOP"
msgstr "h¾adanie dosiahlo koniec, pokraèovanie od zaèiatku"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/sk.po.CVE-2026-28421 2026-04-01 09:23:54.116493324 -0400
+++ vim80/src/po/sk.po 2026-04-01 09:23:54.116493324 -0400
@@ -5820,3 +5820,6 @@ msgstr "hµadanie dosiahlo zaèiatok, pokr
msgid "search hit BOTTOM, continuing at TOP"
msgstr "hµadanie dosiahlo koniec, pokraèovanie od zaèiatku"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/sr.po.CVE-2026-28421 2026-04-01 09:23:54.121493324 -0400
+++ vim80/src/po/sr.po 2026-04-01 09:23:54.122493324 -0400
@@ -6916,3 +6916,6 @@ msgid ""
msgstr ""
"Путања није могла да Ñ<>е поÑ<C2BE>Ñави: sys.path није у лиÑ<C2B8>Ñи\n"
"Сада би требало да додате vim.VIM_SPECIAL_PATH на крај sys.path"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/sv.po.CVE-2026-28421 2026-04-01 09:23:54.127493324 -0400
+++ vim80/src/po/sv.po 2026-04-01 09:23:54.127493324 -0400
@@ -6146,3 +6146,6 @@ msgstr "sökning nådde TOPPEN, fortsätter
msgid "search hit BOTTOM, continuing at TOP"
msgstr "sökning nådde BOTTEN, forsätter vid TOPPEN"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/uk.cp1251.po.CVE-2026-28421 2026-04-01 09:23:54.132493324 -0400
+++ vim80/src/po/uk.cp1251.po 2026-04-01 09:23:54.132493324 -0400
@@ -7272,3 +7272,6 @@ msgid ""
msgstr ""
"Íå âäàëîñÿ âñòàíîâèòè øëÿõ: sys.path íå ñïèñîê\n"
"Âàñ ñë³ä äîäàòè vim.VIM_SPECIAL_PATH äî sys.path"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/uk.po.CVE-2026-28421 2026-04-01 09:23:54.137493324 -0400
+++ vim80/src/po/uk.po 2026-04-01 09:23:54.137493324 -0400
@@ -7272,3 +7272,6 @@ msgid ""
msgstr ""
<>е вдалоÑ<C2BE>Ñ<EFBFBD> вÑ<C2B2>ÑановиÑи шлÑ<C2BB>Ñ…: sys.path не Ñ<>пиÑ<C2B8>ок\n"
аÑ<C2B0> Ñ<>лÑд додати vim.VIM_SPECIAL_PATH до sys.path"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/vi.po.CVE-2026-28421 2026-04-01 09:23:54.142493324 -0400
+++ vim80/src/po/vi.po 2026-04-01 09:23:54.142493324 -0400
@@ -5194,3 +5194,6 @@ msgstr "E449: Nhận Äược má»™t biá»
msgid "E463: Region is guarded, cannot modify"
msgstr "E463: Không thể thay Äổi vùng đã Äược bảo vệ"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/zh_CN.cp936.po.CVE-2026-28421 2026-04-01 09:23:54.147493324 -0400
+++ vim80/src/po/zh_CN.cp936.po 2026-04-01 09:23:54.147493324 -0400
@@ -6138,3 +6138,6 @@ msgstr "ÒѲéÕÒµ½Îļþ½á⣬ÔÙ´Ó¿ªÍ·¼ÌÐø²é
#~ msgid "with BeOS GUI."
#~ msgstr "ʹÓà BeOS ͼÐνçÃæ¡£"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/zh_CN.po.CVE-2026-28421 2026-04-01 09:23:54.152493324 -0400
+++ vim80/src/po/zh_CN.po 2026-04-01 09:23:54.152493324 -0400
@@ -6138,3 +6138,6 @@ msgstr "ÒѲéÕÒµ½Îļþ½á⣬ÔÙ´Ó¿ªÍ·¼ÌÐø²é
#~ msgid "with BeOS GUI."
#~ msgstr "ʹÓà BeOS ͼÐνçÃæ¡£"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/zh_CN.UTF-8.po.CVE-2026-28421 2026-04-01 09:23:54.157493324 -0400
+++ vim80/src/po/zh_CN.UTF-8.po 2026-04-01 09:23:54.157493324 -0400
@@ -6138,3 +6138,6 @@ msgstr "已查找到æ‡ä»¶ç»“尾,å†<C3A5>ä»
#~ msgid "with BeOS GUI."
#~ msgstr "使用 BeOS å¾å½¢ç•Œé<C592>¢ã€"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/zh_TW.po.CVE-2026-28421 2026-04-01 09:23:54.163493324 -0400
+++ vim80/src/po/zh_TW.po 2026-04-01 09:23:54.164493324 -0400
@@ -5273,3 +5273,6 @@ msgstr "E463: °Ï°ì³Q«OÅ@¡AµLªk­×§ï"
#~ msgid "E277: Unrecognized sniff request [%s]"
#~ msgstr "E277: µLªk¿ëÃÑ sniff ©R¥O [%s]"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""
--- vim80/src/po/zh_TW.UTF-8.po.CVE-2026-28421 2026-04-01 09:23:54.170493324 -0400
+++ vim80/src/po/zh_TW.UTF-8.po 2026-04-01 09:23:54.171493324 -0400
@@ -5280,3 +5280,6 @@ msgstr "E463: å<>€åŸŸè¢«ä¿<C3A4>護,無法ä¿
#~ msgid "E277: Unrecognized sniff request [%s]"
#~ msgstr "E277: 無法辨識 sniff 命令 [%s]"
+
+msgid "???ILLEGAL BLOCK NUMBER"
+msgstr ""

39
SOURCES/0001-patch-9.2.0089-netrw-does-not-take-port-into-account.patch
View File

@ -1,39 +0,0 @@
diff -up vim91/runtime/autoload/netrw.vim.validateportnum vim91/runtime/autoload/netrw.vim
--- vim91/runtime/autoload/netrw.vim.validateportnum 2026-03-17 19:35:34.062575124 +0100
+++ vim91/runtime/autoload/netrw.vim 2026-03-17 19:39:39.005999509 +0100
@@ -3376,7 +3376,8 @@ endif
" s:NetrwValidateHostname: Validate that the hostname is valid {{{2
" Input:
-" hostname, may include an optional username, e.g. user@hostname
+" hostname, may include an optional username and port number, e.g.
+" user@hostname:port
" allow a alphanumeric hostname or an IPv(4/6) address
" Output:
" true if g:netrw_machine is valid according to RFC1123 #Section 2
@@ -3385,17 +3386,19 @@ fun! s:NetrwValidateHostname(hostname)
let user_pat = '\%([a-zA-Z0-9._-]\+@\)\?'
" Hostname: 1-64 chars, alphanumeric/dots/hyphens.
" No underscores. No leading/trailing dots/hyphens.
- let host_pat = '[a-zA-Z0-9]\%([-a-zA-Z0-9.]{,62}[a-zA-Z0-9]\)\?$'
+ let host_pat = '[a-zA-Z0-9]\%([-a-zA-Z0-9.]\{0,62}[a-zA-Z0-9]\)\?'
+ " Port: 16 bit unsigned integer
+ let port_pat = '\%(:\d\{1,5\}\)\?$'
" IPv4: 1-3 digits separated by dots
- let ipv4_pat = '\%(\d\{1,3}\.\)\{3\}\d\{1,3\}$'
+ let ipv4_pat = '\%(\d\{1,3}\.\)\{3\}\d\{1,3\}'
" IPv6: Hex, colons, and optional brackets
- let ipv6_pat = '\[\?\%([a-fA-F0-9:]\{2,}\)\+\]\?$'
+ let ipv6_pat = '\[\?\%([a-fA-F0-9:]\{2,}\)\+\]\?'
- return a:hostname =~? '^'.user_pat.host_pat ||
- \ a:hostname =~? '^'.user_pat.ipv4_pat ||
- \ a:hostname =~? '^'.user_pat.ipv6_pat
+ return a:hostname =~? '^'.user_pat.host_pat.port_pat ||
+ \ a:hostname =~? '^'.user_pat.ipv4_pat.port_pat ||
+ \ a:hostname =~? '^'.user_pat.ipv6_pat.port_pat
endfun
" ---------------------------------------------------------------------

40
SOURCES/0001-patch-9.2.0202-security-command-injection-via-newlin.patch
View File

@ -1,40 +0,0 @@
From 645ed6597d1ea896c712cd7ddbb6edee79577e9a Mon Sep 17 00:00:00 2001
From: pyllyukko <pyllyukko@maimed.org>
Date: Thu, 19 Mar 2026 19:58:05 +0000
Subject: [PATCH] patch 9.2.0202: [security]: command injection via newline in
glob()
Problem: The glob() function on Unix-like systems does not escape
newline characters when expanding wildcards. A maliciously
crafted string containing '\n' can be used as a command
separator to execute arbitrary shell commands via
mch_expand_wildcards(). This depends on the user's 'shell'
setting.
Solution: Add the newline character ('\n') to the SHELL_SPECIAL
definition to ensure it is properly escaped before being
passed to the shell (pyllyukko).
closes: #19746
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
Signed-off-by: pyllyukko <pyllyukko@maimed.org>
Signed-off-by: Christian Brabandt <cb@256bit.org>
---
src/os_unix.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/os_unix.c b/src/os_unix.c
index 03f7649090c96..91bfd63d0dcb2 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -6772,7 +6772,7 @@ mch_expand_wildcards(
# define SEEK_END 2
#endif
-#define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|"
+#define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|\n"
int
mch_expand_wildcards(

65
SOURCES/0001-runtime-netrw-upstream-snapshot-of-v179.patch
View File

@ -1,65 +0,0 @@
diff -up vim91/runtime/autoload/netrw.vim.validatehostname vim91/runtime/autoload/netrw.vim
--- vim91/runtime/autoload/netrw.vim.validatehostname 2024-02-09 06:33:54.000000000 +0100
+++ vim91/runtime/autoload/netrw.vim 2026-03-17 19:16:22.210561235 +0100
@@ -1453,6 +1453,10 @@ fun! netrw#Obtain(islocal,fname,...)
call s:SetupNetrwStatusLine('%f %h%m%r%=%9*Obtaining '.a:fname)
endif
call s:NetrwMethod(b:netrw_curdir)
+ if !s:NetrwValidateHostname(g:netrw_machine)
+ call netrw#ErrorMsg(s:ERROR,"Rejecting invalid hostname: <" .. g:netrw_machine .. ">",107)
+ return
+ endif
if b:netrw_method == 4
" obtain file using scp
@@ -1948,6 +19,10 @@ fun! netrw#NetRead(mode,...)
" call Dfunc("netrw#NetRead : unsupported method")
return
endif
+ if !s:NetrwValidateHostname(g:netrw_machine)
+ call netrw#ErrorMsg(s:ERROR,"Rejecting invalid hostname: <" .. g:netrw_machine .. ">",107)
+ return
+ endif
let tmpfile= s:GetTempfile(b:netrw_fname) " apply correct suffix
" Check whether or not NetrwBrowse() should be handling this request
@@ -2565,6 +2573,10 @@ fun! netrw#NetWrite(...) range
" call Dfunc("netrw#NetWrite : unsupported method")
return
endif
+ if !s:NetrwValidateHostname(g:netrw_machine)
+ call netrw#ErrorMsg(s:ERROR,"Rejecting invalid hostname: <" .. g:netrw_machine .. ">",107)
+ return
+ endif
" =============
" NetWrite: Perform Protocol-Based Write {{{3
@@ -3362,6 +3374,17 @@ if has("win95") && exists("g:netrw_win95
endfun
endif
+" s:NetrwValidateHostname: Validate that the hostname is valid {{{2
+" Input:
+" hostname
+" Output:
+" true if g:netrw_machine is valid according to RFC1123 #Section 2
+fun! s:NetrwValidateHostname(hostname)
+ " RFC1123#section-2 mandates, a valid hostname starts with letters or digits
+ " so reject everyhing else
+ return a:hostname =~? '^[a-z0-9]'
+endfun
+
" ---------------------------------------------------------------------
" NetUserPass: set username and password for subsequent ftp transfer {{{2
" Usage: :call NetUserPass() -- will prompt for userid and password
@@ -8842,6 +8865,10 @@ fun! s:NetrwUpload(fname,tgt,...)
elseif a:tgt =~ '^ftp:'
call s:NetrwMethod(a:tgt)
+ if !s:NetrwValidateHostname(g:netrw_machine)
+ call netrw#ErrorMsg(s:ERROR,"Rejecting invalid hostname: <" .. g:netrw_machine .. ">",107)
+ return
+ endif
if b:netrw_method == 2
" handle uploading a list of files via ftp+.netrc

430
SOURCES/Changelog.rpm
View File

@ -1,430 +0,0 @@
* Tue Aug 28 2012 Karsten Hopp <karsten@redhat.com> 7.3.638-1
- patchlevel 638
* Mon Aug 06 2012 Karsten Hopp <karsten@redhat.com> 2:7.3.622-2
- add epoch to spec.vim and automatic changelog entries
* Mon Aug 06 2012 Karsten Hopp <karsten@redhat.com> 7.3.622-1
- patchlevel 622
* Mon Aug 06 2012 Karsten Hopp <karsten@redhat.com> 7.3.604-1
- drop vim-6.1-rh3.patch, (bz #754801)
* Wed Jul 18 2012 Karsten Hopp <karsten@redhat.com> 7.3.604-1
- patchlevel 604
* Wed Jul 11 2012 Petr Pisar <ppisar@redhat.com> - 2:7.3.594-2
- Perl 5.16 rebuild
* Tue Jul 10 2012 Karsten Hopp <karsten@redhat.com> 7.3.594-1
- patchlevel 594
* Tue Jul 10 2012 Karsten Hopp <karsten@redhat.com> 7.3.592-1
- patchlevel 592
* Mon Jul 09 2012 Petr Pisar <ppisar@redhat.com> - 2:7.3.584-2
- Perl 5.16 rebuild
* Mon Jul 02 2012 Karsten Hopp <karsten@redhat.com> 7.3.584-1
- patchlevel 584
* Thu Jun 28 2012 Petr Pisar <ppisar@redhat.com> - 2:7.3.556-2
- Perl 5.16 rebuild
* Mon Jun 18 2012 Karsten Hopp <karsten@redhat.com> 7.3.556-1
- patchlevel 556
* Mon Jun 11 2012 Petr Pisar <ppisar@redhat.com> - 2:7.3.515-2
- Perl 5.16 rebuild
* Mon May 21 2012 Karsten Hopp <karsten@redhat.com> 7.3.515-1
- enable highlighting for older log files (#816848)
* Tue May 08 2012 Karsten Hopp <karsten@redhat.com> 7.3.515-1
- patchlevel 515
* Fri Mar 16 2012 Karsten Hopp <karsten@redhat.com> 7.3.471-1
- patchlevel 471
* Mon Feb 13 2012 Karsten Hopp <karsten@redhat.com> 7.3.444-1
- patchlevel 444
* Tue Feb 07 2012 Karsten Hopp <karsten@redhat.com> 7.3.434-1
- patchlevel 434
* Tue Feb 07 2012 Karsten Hopp <karsten@redhat.com> 7.3.393-3
- update spec file template, bugzilla 736774
* Thu Jan 26 2012 Harald Hoyer <harald@redhat.com> 7.3.393-3
- rebuild against the new ruby library
* Thu Jan 26 2012 Harald Hoyer <harald@redhat.com> 7.3.393-2
- install everything in /usr
https://fedoraproject.org/wiki/Features/UsrMove
* Thu Jan 05 2012 Karsten Hopp <karsten@redhat.com> 7.3.393-1
- patchlevel 393
- fix boolean key 'Terminal' in gvim.desktop
* Fri Dec 23 2011 Karsten Hopp <karsten@redhat.com> 7.3.386-1
- patchlevel 386
* Mon Sep 26 2011 Karsten Hopp <karsten@redhat.com> 7.3.322-1
- patchlevel 322
* Wed Sep 21 2011 Karsten Hopp <karsten@redhat.com> 7.3.315-1
- patchlevel 315
* Mon Aug 29 2011 Karsten Hopp <karsten@redhat.com> 7.3.289-1
- patchlevel 289
* Mon Aug 29 2011 Karsten Hopp <karsten@redhat.com> 7.3.244-4
- Remove old patched files. (Ricky Zhou <ricky@fedoraproject.org>)
(bugzilla #709456)
* Thu Jul 21 2011 Petr Sabata <contyk@redhat.com> - 2:7.3.244-3
- Perl mass rebuild
* Thu Jul 21 2011 Petr Sabata <contyk@redhat.com> - 2:7.3.244-2
- Perl mass rebuild
* Mon Jul 11 2011 Karsten Hopp <karsten@redhat.com> 7.3.244-1
- patchlevel 244
* Tue Jun 14 2011 Marcela Mašláňová <mmaslano@redhat.com> - 2:7.3.206-3
- Perl mass rebuild
* Tue May 31 2011 Ville Skyttä <ville.skytta@iki.fi> - 2:7.3.206-2
- Own the /usr/share/vim/vim73 dir.
* Mon May 30 2011 Karsten Hopp <karsten@redhat.com> 7.3.206-1
- drop xxd-locale patch
- update to patchlevel 206
* Wed May 11 2011 Karsten Hopp <karsten@redhat.com> 7.3.189-1
- patchlevel 189
* Wed Mar 16 2011 Karsten Hopp <karsten@redhat.com> 7.3.138-1
- patchlevel 138
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:7.3.107-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jan 24 2011 Karsten Hopp <karsten@redhat.com> 7.3.107-1
- patchlevel 107
* Mon Jan 10 2011 Karsten Hopp <karsten@redhat.com> 7.3.099-1
- patchlevel 099
* Mon Jan 03 2011 Karsten Hopp <karsten@redhat.com> 7.3.094-1
- patchlevel 094
* Thu Dec 09 2010 Karsten Hopp <karsten@redhat.com> 7.3.081-1
- patchlevel 081
* Wed Dec 08 2010 Karsten Hopp <karsten@redhat.com> 7.3.080-1
- patchlevel 080
* Fri Dec 03 2010 Karsten Hopp <karsten@redhat.com> 7.3.075-1
- patchlevel 075
* Thu Dec 02 2010 Karsten Hopp <karsten@redhat.com> 7.3.073-1
- patchlevel 073
* Thu Nov 25 2010 Karsten Hopp <karsten@redhat.com> 7.3.069-1
- patchlevel 069
* Wed Nov 24 2010 Karsten Hopp <karsten@redhat.com> 7.3.068-1
- patchlevel 068
* Wed Nov 24 2010 Karsten Hopp <karsten@redhat.com> 7.3.063-1
- patchlevel 063
* Wed Nov 17 2010 Karsten Hopp <karsten@redhat.com> 7.3.062-1
- patchlevel 062
* Tue Nov 16 2010 Karsten Hopp <karsten@redhat.com> 7.3.061-1
- patchlevel 061
* Tue Nov 16 2010 Karsten Hopp <karsten@redhat.com> 7.3.056-1
- patchlevel 056
* Thu Nov 11 2010 Karsten Hopp <karsten@redhat.com> 7.3.055-1
- patchlevel 055
* Wed Nov 10 2010 Karsten Hopp <karsten@redhat.com> 7.3.051-1
- patchlevel 051
* Thu Nov 04 2010 Karsten Hopp <karsten@redhat.com> 7.3.050-1
- patchlevel 050
* Thu Nov 04 2010 Karsten Hopp <karsten@redhat.com> 7.3.048-1
- patchlevel 048
* Thu Oct 28 2010 Karsten Hopp <karsten@redhat.com> 7.3.047-1
- patchlevel 047
* Wed Oct 27 2010 Karsten Hopp <karsten@redhat.com> 7.3.046-1
- patchlevel 046
* Wed Oct 27 2010 Karsten Hopp <karsten@redhat.com> 7.3.039-1
- patchlevel 039
* Sun Oct 24 2010 Karsten Hopp <karsten@redhat.com> 7.3.035-1
- patchlevel 035
* Sat Oct 23 2010 Karsten Hopp <karsten@redhat.com> 7.3.034-1
- patchlevel 034
* Sat Oct 23 2010 Karsten Hopp <karsten@redhat.com> 7.3.033-1
- patchlevel 033
* Thu Oct 21 2010 Karsten Hopp <karsten@redhat.com> 7.3.032-1
- patchlevel 032
* Wed Oct 20 2010 Karsten Hopp <karsten@redhat.com> 7.3.031-1
- patchlevel 031
* Sat Oct 16 2010 Karsten Hopp <karsten@redhat.com> 7.3.029-1
- patchlevel 029
* Fri Oct 15 2010 Karsten Hopp <karsten@redhat.com> 7.3.028-1
- patchlevel 028
* Thu Oct 14 2010 Karsten Hopp <karsten@redhat.com> 7.3.027-1
- patchlevel 027
* Wed Oct 13 2010 Karsten Hopp <karsten@redhat.com> 7.3.026-1
- patchlevel 026
* Sun Oct 10 2010 Karsten Hopp <karsten@redhat.com> 7.3.021-1
- patchlevel 021
* Sat Oct 09 2010 Karsten Hopp <karsten@redhat.com> 7.3.020-1
- patchlevel 020
* Fri Oct 01 2010 Karsten Hopp <karsten@redhat.com> 7.3.019-1
- patchlevel 019
* Thu Sep 30 2010 Karsten Hopp <karsten@redhat.com> 7.3.018-1
- patchlevel 018
* Thu Sep 30 2010 Karsten Hopp <karsten@redhat.com> 7.3.011-3
- add filesystem subpackage (#628293)
* Wed Sep 29 2010 jkeating - 2:7.3.011-2
- Rebuilt for gcc bug 634757
* Wed Sep 22 2010 Karsten Hopp <karsten@redhat.com> 7.3.011-1
- update to VIM 7.3 patchlevel 011
# vim:nrformats-=octal
* Tue Jul 27 2010 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> 7.2.446-2
- Rebuild against python 2.7
* Tue Jul 13 2010 Karsten Hopp <karsten@redhat.com> 7.2.446-1
- patchlevel 446
* Thu Jul 08 2010 Karsten Hopp <karsten@redhat.com> 7.2.445-1
- patchlevel 445
* Wed Jun 23 2010 Karsten Hopp <karsten@redhat.com> 7.2.444-2
- rebuild with perl-5.12
* Sun Jun 13 2010 Karsten Hopp <karsten@redhat.com> 7.2.444-1
- patchlevel 444
* Sun Jun 13 2010 Karsten Hopp <karsten@redhat.com> 7.2.443-1
- patchlevel 443
* Sat Jun 05 2010 Karsten Hopp <karsten@redhat.com> 7.2.442-1
- patchlevel 442
* Wed Jun 02 2010 Marcela Maslanova <mmaslano@redhat.com> - 2:7.2.441-2
- Mass rebuild with perl-5.12.0
* Sun May 30 2010 Karsten Hopp <karsten@redhat.com> 7.2.441-1
- patchlevel 441
* Sat May 29 2010 Karsten Hopp <karsten@redhat.com> 7.2.440-1
- patchlevel 440
* Wed May 26 2010 Karsten Hopp <karsten@redhat.com> 7.2.438-1
- patchlevel 438
* Sat May 22 2010 Karsten Hopp <karsten@redhat.com> 7.2.437-1
- patchlevel 437
* Sun May 16 2010 Karsten Hopp <karsten@redhat.com> 7.2.436-1
- patchlevel 436
* Sat May 15 2010 Karsten Hopp <karsten@redhat.com> 7.2.433-1
- patchlevel 433
* Fri May 14 2010 Karsten Hopp <karsten@redhat.com> 7.2.427-1
- patchlevel 427
* Thu May 13 2010 Karsten Hopp <karsten@redhat.com> 7.2.422-1
- patchlevel 422
* Fri May 07 2010 Karsten Hopp <karsten@redhat.com> 7.2.416-1
- patchlevel 416
* Tue Apr 20 2010 Karsten Hopp <karsten@redhat.com> 7.2.411-2
- fix rvim manpage (#583180)
* Wed Mar 24 2010 Karsten Hopp <karsten@redhat.com> 7.2.411-1
- patchlevel 411
* Tue Mar 23 2010 Karsten Hopp <karsten@redhat.com> 7.2.410-1
- patchlevel 410
* Sat Mar 20 2010 Karsten Hopp <karsten@redhat.com> 7.2.403-1
- patchlevel 403
* Thu Mar 18 2010 Karsten Hopp <karsten@redhat.com> 7.2.402-1
- patchlevel 402
* Wed Mar 17 2010 Karsten Hopp <karsten@redhat.com> 7.2.399-1
- patchlevel 399
* Wed Mar 10 2010 Karsten Hopp <karsten@redhat.com> 7.2.394-1
- patchlevel 394
* Wed Mar 03 2010 Karsten Hopp <karsten@redhat.com> 7.2.385-1
- patchlevel 385
* Tue Mar 02 2010 Karsten Hopp <karsten@redhat.com> 7.2.384-1
- patchlevel 384
* Tue Mar 02 2010 Karsten Hopp <karsten@redhat.com> 7.2.381-1
- patchlevel 381
* Sat Feb 27 2010 Karsten Hopp <karsten@redhat.com> 7.2.377-1
- patchlevel 377
* Wed Feb 24 2010 Karsten Hopp <karsten@redhat.com> 7.2.376-1
- patchlevel 376
* Thu Feb 18 2010 Karsten Hopp <karsten@redhat.com> 7.2.368-1
- patchlevel 368
* Thu Feb 18 2010 Karsten Hopp <karsten@redhat.com> 7.2.367-1
- patchlevel 367
* Wed Feb 17 2010 Karsten Hopp <karsten@redhat.com> 7.2.365-1
- patchlevel 365
* Fri Feb 12 2010 Karsten Hopp <karsten@redhat.com> 7.2.359-1
- patchlevel 359
* Thu Feb 11 2010 Karsten Hopp <karsten@redhat.com> 7.2.357-1
- patchlevel 357
* Thu Feb 04 2010 Karsten Hopp <karsten@redhat.com> 7.2.356-1
- patchlevel 356
* Wed Feb 03 2010 Karsten Hopp <karsten@redhat.com> 7.2.354-1
- patchlevel 354
* Fri Jan 29 2010 Karsten Hopp <karsten@redhat.com> 7.2.351-1
- patchlevel 351
* Thu Jan 28 2010 Karsten Hopp <karsten@redhat.com> 7.2.350-1
- patchlevel 350
* Mon Dec 7 2009 Stepan Kasal <skasal@redhat.com> - 2:7.2.315-2
- rebuild against perl 5.10.1
* Wed Dec 03 2009 Karsten Hopp <karsten@redhat.com> 7.2.315-1
- patchlevel 315
- fix vimrc location in man page (#456992)
- correct syntax highlighting of httpd config files in /etc/httpd (#499123)
- Buildrequire ruby, ruby-devel (#503872)
- Remove check for static gravity (#510307)
- sort tags file (#517725)
- use one gvim to open multiple file selections from nautilus (#519265)
- use elinks -source instead of elinks -dump (#518791)
- add ext4 keyword to /etc/fstab syntax highlighting (#498290)
* Mon Nov 09 2009 Karsten Hopp <karsten@redhat.com> 7.2.284-1
- patchlevel 284
* Thu Aug 20 2009 Karsten Hopp <karsten@redhat.com> 7.2.245-3
- change range of system ids in /etc/profile.d/vim/* (#518555)
* Mon Aug 03 2009 Karsten Hopp <karsten@redhat.com> 7.2.245-2
- add fix for glibc fortify segfault (#514717, Adam Tkac)
* Sat Aug 01 2009 Karsten Hopp <karsten@redhat.com> 7.2.245-1
- add 97 upstream patches to get to patchlevel 245
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:7.2.148-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Fri Mar 27 2009 Karsten Hopp <karsten@redhat.com> 7.2.148-1
- patchlevel 148, fixes #461417
* Tue Mar 10 2009 Karsten Hopp <karsten@redhat.com> 7.2.132-1
- patchlevel 132, fixes accesses to freed memory
* Wed Mar 04 2009 Karsten Hopp <karsten@redhat.com> 7.2.131-1
- patchlevel 131
* Tue Feb 24 2009 Karsten Hopp <karsten@redhat.com> 7.2.127-1
- patchlevel 127
* Mon Feb 23 2009 Karsten Hopp <karsten@redhat.com> 7.2.124-1
- patchlevel 124
* Mon Jan 26 2009 Karsten Hopp <karsten@redhat.com> 7.2.088-1
- patchlevel 88
* Thu Jan 08 2009 Karsten Hopp <karsten@redhat.com> 7.2.079-2
- patchlevel 79
* Thu Dec 04 2008 Jesse Keating <jkeating@redhat.com> - 7.2.060-2
- Rebuild for new python.
* Mon Dec 01 2008 Karsten Hopp <karsten@redhat.com> 7.2.060-1
- patchlevel 60
* Mon Nov 10 2008 Karsten Hopp <karsten@redhat.com> 7.2.032-1
- patchlevel 32
* Mon Nov 03 2008 Karsten Hopp <karsten@redhat.com> 7.2.026-2
- add more /usr/share/vim/vimfiles directories (#444387)
* Mon Nov 03 2008 Karsten Hopp <karsten@redhat.com> 7.2.026-1
- patchlevel 26
- own some directories in /usr/share/vim/vimfiles (#469491)
* Tue Oct 21 2008 Karsten Hopp <karsten@redhat.com> 7.2.025-2
- re-enable clean
* Mon Oct 20 2008 Karsten Hopp <karsten@redhat.com> 7.2.025-1
- patchlevel 25
- add Categories tag to desktop file (#226526)
- add requirement on hicolor-icon-theme to vim-X11 (#226526)
- drop Amiga info files (#226526)
- remove non-utf8 man pages (#226526)
- drop Application from categories (#226526)
* Tue Sep 30 2008 Karsten Hopp <karsten@redhat.com> 7.2.022-1
- patchlevel 22
* Mon Sep 08 2008 Karsten Hopp <karsten@redhat.com> 7.2.013-1
- patchlevel 13
* Mon Aug 25 2008 Karsten Hopp <karsten@redhat.com> 7.2.006-1
- patchlevel 6
* Mon Aug 18 2008 Karsten Hopp <karsten@redhat.com> 7.2.002-1
- patchlevel 2
- fix specfile template (#446070)
- old specfile changelog moved to Changelog.rpm
* Fri Aug 14 2008 Karsten Hopp <karsten@redhat.com> 7.2.000-1
- vim 7.2
- drop 330 patches

BIN
SOURCES/gvim16.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 226 B

BIN
SOURCES/gvim32.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 347 B

BIN
SOURCES/gvim48.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 474 B

399
SOURCES/vim-7.0-hunspell.patch
View File

@ -1,399 +0,0 @@
diff -ru vim70.orig/src/Makefile vim70.hunspell/src/Makefile
--- vim70.orig/src/Makefile 2006-12-15 12:29:41.000000000 +0000
+++ vim70.hunspell/src/Makefile 2006-12-14 11:11:20.000000000 +0000
@@ -1287,7 +1287,7 @@
PFLAGS = $(PROTO_FLAGS) -DPROTO $(LINT_CFLAGS)
ALL_LIB_DIRS = $(GUI_LIBS_DIR) $(X_LIBS_DIR)
-ALL_LIBS = $(GUI_LIBS1) $(GUI_X_LIBS) $(GUI_LIBS2) $(X_PRE_LIBS) $(X_LIBS) $(X_EXTRA_LIBS) $(LIBS) $(EXTRA_LIBS) $(MZSCHEME_LIBS) $(PERL_LIBS) $(PYTHON_LIBS) $(TCL_LIBS) $(RUBY_LIBS) $(PROFILE_LIBS)
+ALL_LIBS = $(GUI_LIBS1) $(GUI_X_LIBS) $(GUI_LIBS2) $(X_PRE_LIBS) $(X_LIBS) $(X_EXTRA_LIBS) $(LIBS) $(EXTRA_LIBS) $(MZSCHEME_LIBS) $(PERL_LIBS) $(PYTHON_LIBS) $(TCL_LIBS) $(RUBY_LIBS) $(PROFILE_LIBS) -lhunspell-1.1
# abbreviations
DEST_BIN = $(DESTDIR)$(BINDIR)
diff -ru vim70.orig/src/spell.c vim70.hunspell/src/spell.c
--- vim70.orig/src/spell.c 2006-12-15 12:29:44.000000000 +0000
+++ vim70.hunspell/src/spell.c 2006-12-15 12:27:49.000000000 +0000
@@ -319,6 +319,8 @@
# include <time.h> /* for time_t */
#endif
+#include "hunspell/hunspell.h"
+
#define MAXWLEN 250 /* Assume max. word len is this many bytes.
Some places assume a word length fits in a
byte, thus it can't be above 255. */
@@ -428,6 +430,8 @@
#define SP_FORMERROR -2 /* format error in spell file */
#define SP_OTHERERROR -3 /* other error while reading spell file */
+#define MAXREGIONS 20
+
/*
* Structure used to store words and other info for one language, loaded from
* a .spl file.
@@ -450,6 +454,10 @@
char_u *sl_name; /* language name "en", "en.rare", "nl", etc. */
char_u *sl_fname; /* name of .spl file */
int sl_add; /* TRUE if it's a .add file. */
+ int sl_ishunspell; /* TRUE if it's an unconverted hunspell aff/dic combination. */
+ Hunhandle *sl_hunspell;
+ vimconv_T sl_tohunconv;
+ vimconv_T sl_fromhunconv;
char_u *sl_fbyts; /* case-folded word bytes */
idx_T *sl_fidxs; /* case-folded word indexes */
@@ -460,7 +468,7 @@
char_u *sl_info; /* infotext string or NULL */
- char_u sl_regions[17]; /* table with up to 8 region names plus NUL */
+ char_u sl_regions[MAXREGIONS * 2 + 1]; /* table with up to 8 region names plus NUL */
char_u *sl_midword; /* MIDWORD string or NULL */
@@ -997,6 +1005,36 @@
static char_u *repl_from = NULL;
static char_u *repl_to = NULL;
+static void
+ensurehunspellinit(lp)
+ slang_T *lp;
+{
+ if (!lp->sl_hunspell)
+ {
+ char_u *dic = lp->sl_fname;
+ char_u *aff = vim_strnsave(dic, strlen(dic));
+
+ vim_strncpy(aff + strlen(aff) - 3, "aff", 3);
+
+ lp->sl_hunspell = Hunspell_create(aff, dic);
+
+ vim_free(aff);
+
+ if (convert_setup(&lp->sl_tohunconv, spell_enc(),
+ Hunspell_get_dic_encoding(lp->sl_hunspell)) == FAIL)
+ {
+ lp->sl_tohunconv.vc_fail = TRUE;
+ }
+
+ if (convert_setup(&lp->sl_fromhunconv,
+ Hunspell_get_dic_encoding(lp->sl_hunspell), spell_enc()) == FAIL)
+ {
+ lp->sl_fromhunconv.vc_fail = TRUE;
+ }
+ }
+}
+
+
/*
* Main spell-checking function.
* "ptr" points to a character that could be the start of a word.
@@ -1101,27 +1139,70 @@
{
mi.mi_lp = LANGP_ENTRY(wp->w_buffer->b_langp, lpi);
+ if (mi.mi_lp->lp_slang->sl_ishunspell)
+ {
+ slang_T *lp = mi.mi_lp->lp_slang;
+ char_u *converted = 0;
+ char_u *thisword;
+ char_u *mi_end = mi.mi_end;
+ char_u *mi_final = mi.mi_word + strlen(mi.mi_word);
+
+ while (1)
+ {
+ ensurehunspellinit(lp);
+ if ((lp->sl_tohunconv.vc_fail == TRUE) || (lp->sl_fromhunconv.vc_fail == TRUE))
+ break;
+
+ if (mi_end != mi.mi_word)
+ {
+ thisword = vim_strnsave(mi.mi_word, mi_end - mi.mi_word);
+ converted = string_convert(&lp->sl_tohunconv, thisword, NULL);
+ if (converted)
+ {
+ if (Hunspell_spell(lp->sl_hunspell, converted) != 0)
+ {
+ mi.mi_result = SP_OK;
+ mi.mi_end = mi.mi_cend = mi.mi_word + strlen(thisword);
+ }
+ vim_free(converted);
+ }
+ vim_free(thisword);
+ }
+
+ if (mi_end == mi_final)
+ break;
+
+ do
+ {
+ mb_ptr_adv(mi_end);
+ } while (*mi_end != NUL && spell_iswordp(mi_end, wp->w_buffer));
+ }
+ }
+
/* If reloading fails the language is still in the list but everything
* has been cleared. */
- if (mi.mi_lp->lp_slang->sl_fidxs == NULL)
+ if (!mi.mi_lp->lp_slang->sl_ishunspell && mi.mi_lp->lp_slang->sl_fidxs == NULL)
continue;
- /* Check for a matching word in case-folded words. */
- find_word(&mi, FIND_FOLDWORD);
+ if (!mi.mi_lp->lp_slang->sl_ishunspell)
+ {
+ /* Check for a matching word in case-folded words. */
+ find_word(&mi, FIND_FOLDWORD);
- /* Check for a matching word in keep-case words. */
- find_word(&mi, FIND_KEEPWORD);
+ /* Check for a matching word in keep-case words. */
+ find_word(&mi, FIND_KEEPWORD);
- /* Check for matching prefixes. */
- find_prefix(&mi, FIND_FOLDWORD);
+ /* Check for matching prefixes. */
+ find_prefix(&mi, FIND_FOLDWORD);
- /* For a NOBREAK language, may want to use a word without a following
- * word as a backup. */
- if (mi.mi_lp->lp_slang->sl_nobreak && mi.mi_result == SP_BAD
- && mi.mi_result2 != SP_BAD)
- {
- mi.mi_result = mi.mi_result2;
- mi.mi_end = mi.mi_end2;
+ /* For a NOBREAK language, may want to use a word without a following
+ * word as a backup. */
+ if (mi.mi_lp->lp_slang->sl_nobreak && mi.mi_result == SP_BAD
+ && mi.mi_result2 != SP_BAD)
+ {
+ mi.mi_result = mi.mi_result2;
+ mi.mi_end = mi.mi_end2;
+ }
}
/* Count the word in the first language where it's found to be OK. */
@@ -2359,6 +2440,80 @@
if (r == FAIL)
{
+# define HUNSPELLDICT "/usr/share/myspell/"
+ DIR *dirp = opendir(HUNSPELLDICT);
+ if (dirp != NULL)
+ {
+ slang_T* thislang[MAXREGIONS] = {0};
+ slang_T *lp = 0;
+ struct dirent *dp;
+ int i = 0;
+
+ while ((dp = readdir(dirp)) != NULL)
+ {
+ char_u final_name[MAXPATHL];
+ char_u spf_name[MAXPATHL];
+ char_u thisregion[3] = {0};
+ char *resolvedlink = final_name;
+ int j, regionpos;
+
+ if (strncmp(dp->d_name, lang, strlen(lang)) != 0)
+ continue;
+
+ if ((strlen(dp->d_name) <= 4) || (dp->d_name[strlen(lang)] != '_'))
+ continue;
+
+ if (strncmp(".dic", dp->d_name + strlen(dp->d_name) - 4, 4) != 0)
+ continue;
+
+ vim_strncpy(spf_name, HUNSPELLDICT, strlen(HUNSPELLDICT));
+ vim_strncpy(spf_name + strlen(HUNSPELLDICT), dp->d_name, strlen(HUNSPELLDICT));
+
+ if (realpath(spf_name, resolvedlink) != resolvedlink)
+ continue;
+
+ thisregion[0] = tolower(dp->d_name[strlen(lang)+1]);
+ thisregion[1] = tolower(dp->d_name[strlen(lang)+1+1]);
+
+ r = OK;
+
+ for (j = 0; j < MAXREGIONS; ++j)
+ {
+ if (thislang[j] && (strcmp(thislang[j]->sl_fname, final_name) == 0))
+ break;
+ }
+
+ if (j < MAXREGIONS)
+ lp = thislang[j];
+ else
+ {
+ lp = slang_alloc(lang);
+ lp->sl_ishunspell = TRUE;
+
+ lp->sl_fname = vim_strsave(resolvedlink);
+
+ lp->sl_next = first_lang;
+ first_lang = lp;
+ thislang[i] = lp;
+ }
+
+ regionpos = 0;
+ while (lp->sl_regions[regionpos] != 0) ++regionpos;
+
+ //silently lose regions which won't fit in
+ if (regionpos == MAXREGIONS * 2)
+ continue;
+
+ vim_strncpy(lp->sl_regions + regionpos, thisregion, 2);
+
+ ++i;
+ }
+ closedir(dirp);
+ }
+ }
+
+ if (r == FAIL)
+ {
smsg((char_u *)_("Warning: Cannot find word list \"%s.%s.spl\" or \"%s.ascii.spl\""),
lang, spell_enc(), lang);
}
@@ -2429,6 +2584,9 @@
slang_free(lp)
slang_T *lp;
{
+ Hunspell_destroy(lp->sl_hunspell);
+ convert_setup(&lp->sl_tohunconv, NULL, NULL);
+ convert_setup(&lp->sl_fromhunconv, NULL, NULL);
vim_free(lp->sl_name);
vim_free(lp->sl_fname);
slang_clear(lp);
@@ -2974,7 +3132,7 @@
{
int i;
- if (len > 16)
+ if (len > MAXREGIONS*2)
return SP_FORMERROR;
for (i = 0; i < len; ++i)
lp->sl_regions[i] = getc(fd); /* <regionname> */
@@ -4112,6 +4270,7 @@
/* loop over comma separated language names. */
for (splp = buf->b_p_spl; *splp != NUL; )
{
+ int hunspellregionunsupported;
/* Get one language name. */
copy_option_part(&splp, lang, MAXWLEN, ",");
@@ -4182,6 +4341,7 @@
/*
* Loop over the languages, there can be several files for "lang".
*/
+ hunspellregionunsupported = 0;
for (slang = first_lang; slang != NULL; slang = slang->sl_next)
if (filename ? fullpathcmp(lang, slang->sl_fname, FALSE) == FPC_SAME
: STRICMP(lang, slang->sl_name) == 0)
@@ -4199,6 +4359,11 @@
/* This addition file is for other regions. */
region_mask = 0;
}
+ else if (slang->sl_ishunspell)
+ {
+ region_mask = 0;
+ hunspellregionunsupported++;
+ }
else
/* This is probably an error. Give a warning and
* accept the words anyway. */
@@ -4207,7 +4372,10 @@
region);
}
else
+ {
+ hunspellregionunsupported--;
region_mask = 1 << c;
+ }
}
if (region_mask != 0)
@@ -4225,6 +4393,9 @@
nobreak = TRUE;
}
}
+
+ if (region && hunspellregionunsupported >= 1)
+ smsg((char_u *) _("Warning: region %s not supported"), region);
}
/* round 0: load int_wordlist, if possible.
@@ -4832,7 +5003,7 @@
char_u *si_info; /* info text chars or NULL */
int si_region_count; /* number of regions supported (1 when there
are no regions) */
- char_u si_region_name[16]; /* region names; used only if
+ char_u si_region_name[MAXREGIONS*2]; /* region names; used only if
* si_region_count > 1) */
garray_T si_rep; /* list of fromto_T entries from REP lines */
@@ -7093,7 +7264,7 @@
else
{
line += 8;
- if (STRLEN(line) > 16)
+ if (STRLEN(line) > MAXREGIONS)
smsg((char_u *)_("Too many regions in %s line %d: %s"),
fname, lnum, line);
else
@@ -8973,7 +9144,7 @@
char_u wfname[MAXPATHL];
char_u **innames;
int incount;
- afffile_T *(afile[8]);
+ afffile_T *(afile[MAXREGIONS]);
int i;
int len;
struct stat st;
@@ -9040,8 +9211,8 @@
EMSG(_(e_invarg)); /* need at least output and input names */
else if (vim_strchr(gettail(wfname), '_') != NULL)
EMSG(_("E751: Output file name must not have region name"));
- else if (incount > 8)
- EMSG(_("E754: Only up to 8 regions supported"));
+ else if (incount > MAXREGIONS)
+ EMSG2(_("E754: Only up to %d regions supported"), MAXREGIONS);
else
{
/* Check for overwriting before doing things that may take a lot of
@@ -11097,6 +11268,36 @@
{
lp = LANGP_ENTRY(curbuf->b_langp, lpi);
+ if (lp->lp_slang->sl_ishunspell)
+ {
+ slang_T *slp = lp->lp_slang;
+ char **slst;
+ char_u *converted = 0;
+
+ ensurehunspellinit(slp);
+
+ converted = string_convert(&slp->sl_tohunconv, su->su_fbadword, NULL);
+ if (converted)
+ {
+ int suggests;
+ suggests = Hunspell_suggest(slp->sl_hunspell, &slst, converted);
+ if (suggests > 0)
+ {
+ int i;
+ char_u *suggest;
+ for (i = 0; i < suggests; ++i)
+ {
+ suggest = string_convert(&slp->sl_fromhunconv, slst[i], NULL);
+ add_suggestion(su, &su->su_ga, suggest, su->su_badlen, i, 0, FALSE,
+ slp, FALSE);
+ vim_free(suggest);
+ }
+ free(slst);
+ }
+ vim_free(converted);
+ }
+ }
+
/* If reloading a spell file fails it's still in the list but
* everything has been cleared. */
if (lp->lp_slang->sl_fbyts == NULL)

74
SPECS/vim.spec
View File

@ -24,7 +24,7 @@ Summary: The VIM editor
URL: http://www.vim.org/
Name: vim
Version: %{baseversion}.%{patchlevel}
Release: 22%{?dist}.1
Release: 19%{?dist}.4
License: Vim and MIT
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
Source1: vim.sh
@ -47,7 +47,10 @@ Source16: macros.vim
Patch2002: vim-7.0-fixkeys.patch
Patch2003: vim-7.4-specsyntax.patch
%if %{withhunspell}
Patch2011: vim-7.0-hunspell.patch
BuildRequires: hunspell-devel
%endif
Patch3000: vim-7.4-syntax.patch
Patch3002: vim-7.4-nowarnings.patch
@ -97,7 +100,7 @@ Patch3032: 0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch
Patch3033: 0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch
# CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
# 2073391 - CVE-2022-1154 vim: use after free in utf_ptr2char
# CVE-2022-1154 vim: use after free in utf_ptr2char
Patch3035: 0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
# CVE-2022-1621 vim: heap buffer overflow
Patch3036: 0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch
@ -109,33 +112,6 @@ Patch3038: 0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch
Patch3039: 0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch
# CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
Patch3040: 0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch
# RHEL-112003 CVE-2025-53905 vim: Vim path traversial
Patch3041: 0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch
# RHEL-112007 CVE-2025-53906 vim: Vim path traversal
Patch3042: 0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch
# RHEL-147935 CVE-2026-25749 vim: Heap Overflow in Vim
# 0001-patch-9.1.2132-security-buffer-overflow-in-helpfile-.patch
# 0001-patch-9.1.2133-Another-case-of-buffer-overflow-with-.patch
Patch3043: 0001-patch-9.1.2132-security-buffer-overflow-in-helpfile-.patch
Patch3044: 0001-patch-9.1.2133-Another-case-of-buffer-overflow-with-.patch
# RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
Patch3045: 0001-patch-9.2.0202-security-command-injection-via-newlin.patch
# RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
# 3 patches:
# 0001-runtime-netrw-upstream-snapshot-of-v179.patch - introduces NetrwValidateHostname
# 0001-patch-9.2.0073-security-possible-command-injection-u.patch - CVE patch which sanitizes hostnames
# and reports invalid characters in SSH commands
# 0001-patch-9.2.0089-netrw-does-not-take-port-into-account.patch - include portnumber in hostname checking
Patch3046: 0001-runtime-netrw-upstream-snapshot-of-v179.patch
Patch3047: 0001-patch-9.2.0073-security-possible-command-injection-u.patch
Patch3048: 0001-patch-9.2.0089-netrw-does-not-take-port-into-account.patch
# RHEL-155412 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
# 0001-patch-9.0.1477-crash-when-recovering-from-corrupted-.patch - adds check for max page count, which fixes
# crash which happens after applying 0001-patch-9.2.0077-security-Crash-when-recovering-a-corr.patch
# 0001-patch-9.2.0077-security-Crash-when-recovering-a-corr.patch - validates line count and page count from
# untrusted swap file before passing it to read and allocation functions
Patch3049: 0001-patch-9.0.1477-crash-when-recovering-from-corrupted-.patch
Patch3050: 0001-patch-9.2.0077-security-Crash-when-recovering-a-corr.patch
# gcc is no longer in buildroot by default
BuildRequires: gcc
@ -160,11 +136,6 @@ BuildRequires: lua-devel
Requires: desktop-file-utils
BuildRequires: desktop-file-utils >= %{desktop_file_utils_version}
%endif
%if %{withhunspell}
BuildRequires: hunspell-devel
%endif
Epoch: 2
Conflicts: filesystem < 3
@ -182,7 +153,7 @@ Conflicts: man-pages-pl < 0.24-2
Requires: %{name}-filesystem
# it conflicts with older version of vim-minimal during update because of manpage
# move
Conflicts: %{name}-minimal < 2:8.0.1428-4
Conflicts: %{name}-minimal < 8.0.1428-4
%description common
VIM (VIsual editor iMproved) is an updated and improved version of the
@ -205,11 +176,11 @@ many different languages.
%package minimal
Summary: A minimal version of the VIM editor
Provides: vi = %{epoch}:%{version}-%{release}
Provides: vi = %{version}-%{release}
Provides: %{_bindir}/vi
# it conflicts with older version of vim-common during update because of manpage
# move
Conflicts: %{name}-common < 2:8.0.1428-4
Conflicts: %{name}-common < 8.0.1428-4
%description minimal
VIM (VIsual editor iMproved) is an updated and improved version of the
@ -224,7 +195,7 @@ package is installed.
%package enhanced
Summary: A version of the VIM editor which includes recent enhancements
Requires: vim-common = %{epoch}:%{version}-%{release} which
Provides: vim = %{epoch}:%{version}-%{release}
Provides: vim = %{version}-%{release}
Provides: %{_bindir}/mergetool
Provides: %{_bindir}/vim
# suggest python3, python2, lua, ruby and perl packages because of their
@ -255,6 +226,7 @@ need to install the vim-common package.
%package filesystem
Summary: VIM filesystem layout
BuildArch: noarch
%Description filesystem
This package provides some directories which are required by other
packages that add vim files, p.e. additional syntax files or filetypes.
@ -270,7 +242,7 @@ BuildRequires: libXpm-devel
BuildRequires: libICE-devel
Requires: vim-common = %{epoch}:%{version}-%{release} libattr >= 2.4 gtk3
Provides: gvim = %{epoch}:%{version}-%{release}
Provides: gvim = %{version}-%{release}
Provides: %{_bindir}/mergetool
Provides: %{_bindir}/gvim
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@ -357,16 +329,6 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
%patch3038 -p1 -b .cve1785
%patch3039 -p1 -b .cve1897
%patch3040 -p1 -b .cve1927
%patch -P 3041 -p1 -b .CVE-2025-53905
%patch -P 3042 -p1 -b .CVE-2025-53906
%patch -P 3043 -p1 -b .tag-overflow
%patch -P 3044 -p1 -b .tag-overflow2
%patch -P 3045 -p1 -b .CVE-2026-33412
%patch -P 3046 -p1 -b .validatehostname
%patch -P 3047 -p1 -b .CVE-2026-28417
%patch -P 3048 -p1 -b .validateportnum
%patch -P 3049 -p1 -b .check-page-count
%patch -P 3050 -p1 -b .CVE-2026-28421
%build
%if 0%{?rhel} > 7
@ -885,18 +847,6 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
%{_datadir}/icons/locolor/*/apps/*
%changelog
* Tue Mar 31 2026 Petr Dancak <pdancak@redhat.com> - 2:8.0.1763-22.1
- RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
- RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
- RHEL-155412 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
* Fri Feb 27 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-22
- RHEL-147935 CVE-2026-25749 vim: Heap Overflow in Vim
* Wed Sep 17 2025 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-21
- RHEL-112003 CVE-2025-53905 vim: Vim path traversial
- RHEL-112007 CVE-2025-53906 vim: Vim path traversal
* Tue Jun 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.4
- fix issue reported by covscan
@ -905,7 +855,7 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
- CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c
- CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
* Sat May 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.2
* Wed May 25 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.2
- CVE-2022-1621 vim: heap buffer overflow
- CVE-2022-1629 vim: buffer over-read