import UBI vim-8.0.1763-21.el8_10

import vim-8.0.1763-19.el8_6.4
import vim-8.0.1763-19.el8_6.2
2025-10-12 00:12:02 +00:00 · 2022-08-02 07:04:13 +00:00 · 2022-06-28 10:55:02 +00:00 · 2022-04-26 13:51:47 +00:00 · 2022-03-24 14:06:57 +00:00 · 2022-02-01 20:15:52 +00:00
31 changed files with 2792 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,5 @@
-SOURCES/Changelog.rpm
+SOURCES/gvim16.png
 SOURCES/gvim32.png
 SOURCES/gvim48.png
 SOURCES/gvim64.png
 SOURCES/vim-8.0-1763.tar.bz2
--- a/.vim.metadata
+++ b/.vim.metadata
@ -1,3 +1,5 @@
-5ea81545fc28b57c490d25bda67a63a2838dd25b SOURCES/Changelog.rpm
+a7c81ffd40611b19c125c505699d8a6401f6e022 SOURCES/gvim16.png
 2356345378a9f1ba3c9e9e6508b695611e8f2cfa SOURCES/gvim32.png
 37ad682f67539da7f4d4b7316383115dfe43222d SOURCES/gvim48.png
 c32bd520a1498b71ee9bbcddc7ad05df1565d085 SOURCES/gvim64.png
 6716ebb416c9da91d16a2b17dc6bc2cecf65b4eb SOURCES/vim-8.0-1763.tar.bz2
--- a/SOURCES/0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch
+++ b/SOURCES/0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch
@ -0,0 +1,461 @@
 diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt
 index 8256152..8320039 100644
 --- a/runtime/doc/starting.txt
 +++ b/runtime/doc/starting.txt
@@ -247,12 +247,18 @@ a slash.  Thus "-R" means recovery and "-/R" readonly.
 		changes and writing.
 		{not in Vi}
 -						*-Z* *restricted-mode* *E145*
 +					*-Z* *restricted-mode* *E145* *E981*
 -Z		Restricted mode.  All commands that make use of an external
 		shell are disabled.  This includes suspending with CTRL-Z,
 -		":sh", filtering, the system() function, backtick expansion,
 -		delete(), rename(), mkdir(), writefile(), libcall(),
 -		job_start(), etc.
 +		":sh", filtering, the system() function, backtick expansion
 +		and libcall().
 +		Also disallowed are delete(), rename(), mkdir(), job_start(),
 +		etc.
 +		Interfaces, such as Python, Ruby and Lua, are also disabled,
 +		since they could be used to execute shell commands.  Perl uses
 +		the Safe module.
 +		Note that the user may still find a loophole to execute a
 +		shell command, it has only been made difficult.
 		{not in Vi}
 							*-g*
 diff --git a/src/evalfunc.c b/src/evalfunc.c
 index dd4462d..3cc305a 100644
 --- a/src/evalfunc.c
 +++ b/src/evalfunc.c
@@ -6446,7 +6446,7 @@ f_histadd(typval_T *argvars UNUSED, typval_T *rettv)
 #endif
     rettv->vval.v_number = FALSE;
 -    if (check_restricted() || check_secure())
 +    if (check_secure())
 	return;
 #ifdef FEAT_CMDHIST
     str = get_tv_string_chk(&argvars[0]);	/* NULL on type error */
@@ -7456,6 +7456,9 @@ f_luaeval(typval_T *argvars, typval_T *rettv)
     char_u	*str;
     char_u	buf[NUMBUFLEN];
 +    if (check_restricted() || check_secure())
 +	return;
 +
     str = get_tv_string_buf(&argvars[0], buf);
     do_luaeval(str, argvars + 1, rettv);
 }
@@ -8188,6 +8191,8 @@ f_mzeval(typval_T *argvars, typval_T *rettv)
     char_u	*str;
     char_u	buf[NUMBUFLEN];
 +    if (check_restricted() || check_secure())
 +	return;
     str = get_tv_string_buf(&argvars[0], buf);
     do_mzeval(str, rettv);
 }
@@ -8398,6 +8403,9 @@ f_py3eval(typval_T *argvars, typval_T *rettv)
     char_u	*str;
     char_u	buf[NUMBUFLEN];
 +    if (check_restricted() || check_secure())
 +	return;
 +
     if (p_pyx == 0)
 	p_pyx = 3;
@@ -8416,6 +8424,9 @@ f_pyeval(typval_T *argvars, typval_T *rettv)
     char_u	*str;
     char_u	buf[NUMBUFLEN];
 +    if (check_restricted() || check_secure())
 +	return;
 +
     if (p_pyx == 0)
 	p_pyx = 2;
@@ -8431,6 +8442,9 @@ f_pyeval(typval_T *argvars, typval_T *rettv)
     static void
 f_pyxeval(typval_T *argvars, typval_T *rettv)
 {
 +    if (check_restricted() || check_secure())
 +	return;
 +
 # if defined(FEAT_PYTHON) && defined(FEAT_PYTHON3)
     init_pyxversion();
     if (p_pyx == 2)
@@ -10272,7 +10286,7 @@ f_setbufvar(typval_T *argvars, typval_T *rettv UNUSED)
     typval_T	*varp;
     char_u	nbuf[NUMBUFLEN];
 -    if (check_restricted() || check_secure())
 +    if (check_secure())
 	return;
     (void)get_tv_number(&argvars[0]);	    /* issue errmsg if type error */
     varname = get_tv_string_chk(&argvars[1]);
@@ -10792,7 +10806,7 @@ f_settabvar(typval_T *argvars, typval_T *rettv)
     rettv->vval.v_number = 0;
 -    if (check_restricted() || check_secure())
 +    if (check_secure())
 	return;
     tp = find_tabpage((int)get_tv_number_chk(&argvars[0], NULL));
@@ -13674,7 +13688,7 @@ f_writefile(typval_T *argvars, typval_T *rettv)
     list_T	*list;
     rettv->vval.v_number = -1;
 -    if (check_restricted() || check_secure())
 +    if (check_secure())
 	return;
     if (argvars[0].v_type != VAR_LIST)
 diff --git a/src/ex_cmds.c b/src/ex_cmds.c
 index 111fe01..1827fec 100644
 --- a/src/ex_cmds.c
 +++ b/src/ex_cmds.c
@@ -4693,7 +4693,7 @@ check_restricted(void)
 {
     if (restricted)
     {
 -	EMSG(_("E145: Shell commands not allowed in rvim"));
 +	EMSG(_("E145: Shell commands and some functionality not allowed in rvim"));
 	return TRUE;
     }
     return FALSE;
 diff --git a/src/ex_cmds.h b/src/ex_cmds.h
 index 48b0253..82d6e29 100644
 --- a/src/ex_cmds.h
 +++ b/src/ex_cmds.h
@@ -56,6 +56,7 @@
 				 * curbuf_lock is set */
 #define MODIFY       0x200000L	/* forbidden in non-'modifiable' buffer */
 #define EXFLAGS      0x400000L	/* allow flags after count in argument */
 +#define RESTRICT     0x800000L	/* forbidden in restricted mode */
 #define FILES	(XFILE | EXTRA)	/* multiple extra files allowed */
 #define WORD1	(EXTRA | NOSPC)	/* one extra word allowed */
 #define FILE1	(FILES | NOSPC)	/* 1 file allowed, defaults to current file */
@@ -860,13 +861,13 @@ EX(CMD_lunmap,		"lunmap",	ex_unmap,
 			EXTRA|TRLBAR|NOTRLCOM|USECTRLV|CMDWIN,
 			ADDR_LINES),
 EX(CMD_lua,		"lua",		ex_lua,
 -			RANGE|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_luado,		"luado",	ex_luado,
 -			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_luafile,		"luafile",	ex_luafile,
 -			RANGE|FILE1|NEEDARG|CMDWIN,
 +			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_lvimgrep,	"lvimgrep",	ex_vimgrep,
 			RANGE|NOTADR|BANG|NEEDARG|EXTRA|NOTRLCOM|TRLBAR|XFILE,
@@ -929,10 +930,10 @@ EX(CMD_mode,		"mode",		ex_mode,
 			WORD1|TRLBAR|CMDWIN,
 			ADDR_LINES),
 EX(CMD_mzscheme,	"mzscheme",	ex_mzscheme,
 -			RANGE|EXTRA|DFLALL|NEEDARG|CMDWIN|SBOXOK,
 +			RANGE|EXTRA|DFLALL|NEEDARG|CMDWIN|SBOXOK|RESTRICT,
 			ADDR_LINES),
 EX(CMD_mzfile,		"mzfile",	ex_mzfile,
 -			RANGE|FILE1|NEEDARG|CMDWIN,
 +			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_next,		"next",		ex_next,
 			RANGE|NOTADR|BANG|FILES|EDITCMD|ARGOPT|TRLBAR,
@@ -1115,37 +1116,37 @@ EX(CMD_pwd,		"pwd",		ex_pwd,
 			TRLBAR|CMDWIN,
 			ADDR_LINES),
 EX(CMD_python,		"python",	ex_python,
 -			RANGE|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_pydo,		"pydo",		ex_pydo,
 -			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_pyfile,		"pyfile",	ex_pyfile,
 -			RANGE|FILE1|NEEDARG|CMDWIN,
 +			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_py3,		"py3",		ex_py3,
 -			RANGE|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_py3do,		"py3do",	ex_py3do,
 -			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_python3,		"python3",	ex_py3,
 -			RANGE|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_py3file,		"py3file",	ex_py3file,
 -			RANGE|FILE1|NEEDARG|CMDWIN,
 +			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_pyx,		"pyx",		ex_pyx,
 -			RANGE|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_pyxdo,		"pyxdo",	ex_pyxdo,
 -			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_pythonx,		"pythonx",	ex_pyx,
 -			RANGE|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_pyxfile,		"pyxfile",	ex_pyxfile,
 -			RANGE|FILE1|NEEDARG|CMDWIN,
 +			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_quit,		"quit",		ex_quit,
 			BANG|RANGE|COUNT|NOTADR|TRLBAR|CMDWIN,
@@ -1199,13 +1200,13 @@ EX(CMD_runtime,		"runtime",	ex_runtime,
 			BANG|NEEDARG|FILES|TRLBAR|SBOXOK|CMDWIN,
 			ADDR_LINES),
 EX(CMD_ruby,		"ruby",		ex_ruby,
 -			RANGE|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_rubydo,		"rubydo",	ex_rubydo,
 -			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_rubyfile,	"rubyfile",	ex_rubyfile,
 -			RANGE|FILE1|NEEDARG|CMDWIN,
 +			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_rundo,		"rundo",	ex_rundo,
 			NEEDARG|FILE1,
@@ -1472,13 +1473,13 @@ EX(CMD_tabs,		"tabs",		ex_tabs,
 			TRLBAR|CMDWIN,
 			ADDR_TABS),
 EX(CMD_tcl,		"tcl",		ex_tcl,
 -			RANGE|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_tcldo,		"tcldo",	ex_tcldo,
 -			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
 +			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_tclfile,		"tclfile",	ex_tclfile,
 -			RANGE|FILE1|NEEDARG|CMDWIN,
 +			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
 			ADDR_LINES),
 EX(CMD_tearoff,		"tearoff",	ex_tearoff,
 			NEEDARG|EXTRA|TRLBAR|NOTRLCOM|CMDWIN,
 diff --git a/src/ex_docmd.c b/src/ex_docmd.c
 index ef86fc8..aaf2f9d 100644
 --- a/src/ex_docmd.c
 +++ b/src/ex_docmd.c
@@ -2372,11 +2372,16 @@ do_one_cmd(
 #ifdef HAVE_SANDBOX
 	if (sandbox != 0 && !(ea.argt & SBOXOK))
 	{
 -	    /* Command not allowed in sandbox. */
 +	    // Command not allowed in sandbox.
 	    errormsg = (char_u *)_(e_sandbox);
 	    goto doend;
 	}
 #endif
 +	if (restricted != 0 && (ea.argt & RESTRICT))
 +	{
 +	    errormsg = (char_u *)_("E981: Command not allowed in rvim");
 +	    goto doend;
 +	}
 	if (!curbuf->b_p_ma && (ea.argt & MODIFY))
 	{
 	    /* Command not allowed in non-'modifiable' buffer */
 diff --git a/src/if_perl.xs b/src/if_perl.xs
 index 7b45033..fc8d613 100644
 --- a/src/if_perl.xs
 +++ b/src/if_perl.xs
@@ -930,6 +930,7 @@ VIM_init(void)
 #ifdef DYNAMIC_PERL
 static char *e_noperl = N_("Sorry, this command is disabled: the Perl library could not be loaded.");
 #endif
 +static char *e_perlsandbox = N_("E299: Perl evaluation forbidden in sandbox without the Safe module");
 /*
  * ":perl"
@@ -978,13 +979,12 @@ ex_perl(exarg_T *eap)
 	vim_free(script);
     }
 -#ifdef HAVE_SANDBOX
 -    if (sandbox)
 +    if (sandbox || secure)
     {
 	safe = perl_get_sv("VIM::safe", FALSE);
 # ifndef MAKE_TEST  /* avoid a warning for unreachable code */
 	if (safe == NULL || !SvTRUE(safe))
 -	    EMSG(_("E299: Perl evaluation forbidden in sandbox without the Safe module"));
 +	    EMSG(_(e_perlsandbox));
 	else
 # endif
 	{
@@ -996,7 +996,6 @@ ex_perl(exarg_T *eap)
 	}
     }
     else
 -#endif
 	perl_eval_sv(sv, G_DISCARD | G_NOARGS);
     SvREFCNT_dec(sv);
@@ -1259,13 +1258,12 @@ do_perleval(char_u *str, typval_T *rettv)
 	ENTER;
 	SAVETMPS;
 -#ifdef HAVE_SANDBOX
 -	if (sandbox)
 +	if (sandbox || secure)
 	{
 	    safe = get_sv("VIM::safe", FALSE);
 # ifndef MAKE_TEST  /* avoid a warning for unreachable code */
 	    if (safe == NULL || !SvTRUE(safe))
 -		EMSG(_("E299: Perl evaluation forbidden in sandbox without the Safe module"));
 +		EMSG(_(e_perlsandbox));
 	    else
 # endif
 	    {
@@ -1281,7 +1279,6 @@ do_perleval(char_u *str, typval_T *rettv)
 	    }
 	}
 	else
 -#endif /* HAVE_SANDBOX */
 	    sv = eval_pv((char *)str, 0);
 	if (sv) {
 diff --git a/src/testdir/Make_all.mak b/src/testdir/Make_all.mak
 index e36089a..5f1c38c 100644
 --- a/src/testdir/Make_all.mak
 +++ b/src/testdir/Make_all.mak
@@ -156,6 +156,7 @@ NEW_TESTS = test_arabic.res \
 	    test_quotestar.res \
 	    test_regex_char_classes.res \
 	    test_registers.res \
 +	    test_restricted.res \
 	    test_retab.res \
 	    test_ruby.res \
 	    test_scrollbind.res \
 diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
 new file mode 100644
 index 0000000..9dd937c
 --- /dev/null
 +++ b/src/testdir/test_restricted.vim
@@ -0,0 +1,107 @@
 +" Test for "rvim" or "vim -Z"
 +
 +source shared.vim
 +
 +func Test_restricted()
 +  let cmd = GetVimCommand('Xrestricted')
 +  if cmd == ''
 +    return
 +  endif
 +
 +  call writefile([
 +	\ "silent !ls",
 +	\ "call writefile([v:errmsg], 'Xrestrout')",
 +	\ "qa!",
 +	\ ], 'Xrestricted')
 +  call system(cmd . ' -Z')
 +  call assert_match('E145:', join(readfile('Xrestrout')))
 +
 +  call delete('Xrestricted')
 +  call delete('Xrestrout')
 +endfunc
 +
 +func Run_restricted_test(ex_cmd, error)
 +  let cmd = GetVimCommand('Xrestricted')
 +  if cmd == ''
 +    return
 +  endif
 +
 +  call writefile([
 +	\ a:ex_cmd,
 +	\ "call writefile([v:errmsg], 'Xrestrout')",
 +	\ "qa!",
 +	\ ], 'Xrestricted')
 +  call system(cmd . ' -Z')
 +  call assert_match(a:error, join(readfile('Xrestrout')))
 +
 +  call delete('Xrestricted')
 +  call delete('Xrestrout')
 +endfunc
 +
 +func Test_restricted_lua()
 +  if !has('lua')
 +    throw 'Skipped: Lua is not supported'
 +  endif
 +  call Run_restricted_test('lua print("Hello, Vim!")', 'E981:')
 +  call Run_restricted_test('luado return "hello"', 'E981:')
 +  call Run_restricted_test('luafile somefile', 'E981:')
 +  call Run_restricted_test('call luaeval("expression")', 'E145:')
 +endfunc
 +
 +func Test_restricted_mzscheme()
 +  if !has('mzscheme')
 +    throw 'Skipped: MzScheme is not supported'
 +  endif
 +  call Run_restricted_test('mzscheme statement', 'E981:')
 +  call Run_restricted_test('mzfile somefile', 'E981:')
 +  call Run_restricted_test('call mzeval("expression")', 'E145:')
 +endfunc
 +
 +func Test_restricted_perl()
 +  if !has('perl')
 +    throw 'Skipped: Perl is not supported'
 +  endif
 +  " TODO: how to make Safe mode fail?
 +  " call Run_restricted_test('perl system("ls")', 'E981:')
 +  " call Run_restricted_test('perldo system("hello")', 'E981:')
 +  " call Run_restricted_test('perlfile somefile', 'E981:')
 +  " call Run_restricted_test('call perleval("system(\"ls\")")', 'E145:')
 +endfunc
 +
 +func Test_restricted_python()
 +  if !has('python')
 +    throw 'Skipped: Python is not supported'
 +  endif
 +  call Run_restricted_test('python print "hello"', 'E981:')
 +  call Run_restricted_test('pydo return "hello"', 'E981:')
 +  call Run_restricted_test('pyfile somefile', 'E981:')
 +  call Run_restricted_test('call pyeval("expression")', 'E145:')
 +endfunc
 +
 +func Test_restricted_python3()
 +  if !has('python3')
 +    throw 'Skipped: Python3 is not supported'
 +  endif
 +  call Run_restricted_test('py3 print "hello"', 'E981:')
 +  call Run_restricted_test('py3do return "hello"', 'E981:')
 +  call Run_restricted_test('py3file somefile', 'E981:')
 +  call Run_restricted_test('call py3eval("expression")', 'E145:')
 +endfunc
 +
 +func Test_restricted_ruby()
 +  if !has('ruby')
 +    throw 'Skipped: Ruby is not supported'
 +  endif
 +  call Run_restricted_test('ruby print "Hello"', 'E981:')
 +  call Run_restricted_test('rubydo print "Hello"', 'E981:')
 +  call Run_restricted_test('rubyfile somefile', 'E981:')
 +endfunc
 +
 +func Test_restricted_tcl()
 +  if !has('tcl')
 +    throw 'Skipped: Tcl is not supported'
 +  endif
 +  call Run_restricted_test('tcl puts "Hello"', 'E981:')
 +  call Run_restricted_test('tcldo puts "Hello"', 'E981:')
 +  call Run_restricted_test('tclfile somefile', 'E981:')
 +endfunc
--- a/SOURCES/0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
+++ b/SOURCES/0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
@ -0,0 +1,35 @@
 diff -up vim80/src/screen.c.cve3872 vim80/src/screen.c
 --- vim80/src/screen.c.cve3872	2021-10-21 13:20:27.694921335 +0200
 +++ vim80/src/screen.c	2021-10-21 13:22:42.221732996 +0200
@@ -6911,13 +6911,13 @@ win_redr_status(win_T *wp)
 	    *(p + len++) = ' ';
 	if (bt_help(wp->w_buffer))
 	{
 -	    STRCPY(p + len, _("[Help]"));
 +	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]"));
 	    len += (int)STRLEN(p + len);
 	}
 #ifdef FEAT_QUICKFIX
 	if (wp->w_p_pvw)
 	{
 -	    STRCPY(p + len, _("[Preview]"));
 +	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]"));
 	    len += (int)STRLEN(p + len);
 	}
 #endif
@@ -6927,12 +6927,12 @@ win_redr_status(win_T *wp)
 #endif
 		)
 	{
 -	    STRCPY(p + len, "[+]");
 -	    len += 3;
 +	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]");
 +	    len += (int)STRLEN(p + len);
 	}
 	if (wp->w_buffer->b_p_ro)
 	{
 -	    STRCPY(p + len, _("[RO]"));
 +	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]"));
 	    len += (int)STRLEN(p + len);
 	}
--- a/SOURCES/0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
+++ b/SOURCES/0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
@ -0,0 +1,34 @@
 diff --git a/src/misc1.c b/src/misc1.c
 index de79c8e..1c5867d 100644
 --- a/src/misc1.c
 +++ b/src/misc1.c
@@ -6792,7 +6792,7 @@ find_start_brace(void)	    /* XXX */
 		       && (pos = ind_find_start_CORS(NULL)) == NULL) /* XXX */
 	    break;
 	if (pos != NULL)
 -	    curwin->w_cursor.lnum = pos->lnum;
 +	    curwin->w_cursor = *pos;
     }
     curwin->w_cursor = cursor_save;
     return trypos;
 diff --git a/src/testdir/test_cindent.vim b/src/testdir/test_cindent.vim
 index 7c2c5e3..f8c7e57 100644
 --- a/src/testdir/test_cindent.vim
 +++ b/src/testdir/test_cindent.vim
@@ -102,4 +102,16 @@ func Test_cindent_expr()
   bw!
 endfunc
 +func Test_find_brace_backwards()
 +  " this was looking beyond the end of the line
 +  new
 +  norm R/*
 +  norm o0{
 +  norm o//
 +  norm V{=
 +  call assert_equal(['/*', '   0{', '//'], getline(1, 3))
 +  bwipe!
 +endfunc
 +
 +
 " vim: shiftwidth=2 sts=2 expandtab
--- a/SOURCES/0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch
+++ b/SOURCES/0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch
@ -0,0 +1,14 @@
 diff --git a/src/ex_cmds.c b/src/ex_cmds.c
 index 1827fec..e69fbd3 100644
 --- a/src/ex_cmds.c
 +++ b/src/ex_cmds.c
@@ -6537,8 +6537,7 @@ find_help_tags(
 		    || (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
 							   && arg[2] != NUL)))
 	{
 -	    STRCPY(d, "/\\\\");
 -	    STRCPY(d + 3, arg + 1);
 +	    vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
 	    /* Check for "/\\_$", should be "/\\_\$" */
 	    if (d[3] == '_' && d[4] == '$')
 		STRCPY(d + 4, "\\$");
--- a/SOURCES/0001-patch-8.2.3949-using-freed-memory-with-V.patch
+++ b/SOURCES/0001-patch-8.2.3949-using-freed-memory-with-V.patch
@ -0,0 +1,45 @@
 diff -up vim80/src/regexp.c.cve4192 vim80/src/regexp.c
 --- vim80/src/regexp.c.cve4192	2022-01-12 15:21:44.792239040 +0100
 +++ vim80/src/regexp.c	2022-01-12 15:34:35.190425880 +0100
@@ -4203,9 +4203,9 @@ reg_match_visual(void)
     if (lnum < top.lnum || lnum > bot.lnum)
 	return FALSE;
 +    col = (colnr_T)(reginput - regline);
     if (mode == 'v')
     {
 -	col = (colnr_T)(reginput - regline);
 	if ((lnum == top.lnum && col < top.col)
 		|| (lnum == bot.lnum && col >= bot.col + (*p_sel != 'e')))
 	    return FALSE;
@@ -4220,7 +4220,12 @@ reg_match_visual(void)
 	    end = end2;
 	if (top.col == MAXCOL || bot.col == MAXCOL)
 	    end = MAXCOL;
 -	cols = win_linetabsize(wp, regline, (colnr_T)(reginput - regline));
 +
 +	// getvvcol() flushes rex.line, need to get it again
 +	regline = reg_getline(reglnum);
 +	reginput = regline + col;
 +
 +	cols = win_linetabsize(wp, regline, col);
 	if (cols < start || cols > end - (*p_sel == 'e'))
 	    return FALSE;
     }
 diff -up vim80/src/testdir/test_regexp_latin.vim.cve4192 vim80/src/testdir/test_regexp_latin.vim
 --- vim80/src/testdir/test_regexp_latin.vim.cve4192	2022-01-12 15:21:44.792239040 +0100
 +++ vim80/src/testdir/test_regexp_latin.vim	2022-01-12 15:36:12.499693099 +0100
@@ -80,3 +80,13 @@ func Test_using_invalid_visual_position(
   /\%V
   bwipe!
 endfunc
 +
 +func Test_using_visual_position()
 +  " this was using freed memory
 +  new
 +  exe "norm 0o\<Esc>\<C-V>k\<C-X>o0"
 +  /\%V
 +  bwipe!
 +endfunc
 +
 +" vim: shiftwidth=2 sts=2 expandtab
--- a/SOURCES/0001-patch-8.2.3950-going-beyond-the-end-of-the-line-with.patch
+++ b/SOURCES/0001-patch-8.2.3950-going-beyond-the-end-of-the-line-with.patch
@ -0,0 +1,38 @@
 diff -up vim80/src/charset.c.cve4193 vim80/src/charset.c
 --- vim80/src/charset.c.cve4193	2022-01-12 14:49:08.710592947 +0100
 +++ vim80/src/charset.c	2022-01-12 14:49:47.594705863 +0100
@@ -1291,10 +1291,15 @@ getvcol(
 	posptr = NULL;  /* continue until the NUL */
     else
     {
 -	/* Special check for an empty line, which can happen on exit, when
 -	 * ml_get_buf() always returns an empty string. */
 -	if (*ptr == NUL)
 -	    pos->col = 0;
 +	colnr_T i;
 +
 +	// In a few cases the position can be beyond the end of the line.
 +	for (i = 0; i < pos->col; ++i)
 +	    if (ptr[i] == NUL)
 +	    {
 +		pos->col = i;
 +		break;
 +	    }
 	posptr = ptr + pos->col;
 #ifdef FEAT_MBYTE
 	if (has_mbyte)
 diff -up vim80/src/testdir/test_regexp_latin.vim.cve4193 vim80/src/testdir/test_regexp_latin.vim
 --- vim80/src/testdir/test_regexp_latin.vim.cve4193	2022-01-12 14:49:08.710592947 +0100
 +++ vim80/src/testdir/test_regexp_latin.vim	2022-01-12 14:50:45.186873107 +0100
@@ -72,3 +72,11 @@ func Test_backref()
   call assert_fails('call search("\\%#=2\\(e\\1\\)")', 'E65:')
   bwipe!
 endfunc
 +
 +func Test_using_invalid_visual_position()
 +  " this was going beyond the end of the line
 +  new
 +  exe "norm 0o000\<Esc>0\<C-V>$s0"
 +  /\%V
 +  bwipe!
 +endfunc
--- a/SOURCES/0001-patch-8.2.4120-block-insert-goes-over-the-end-of-the.patch
+++ b/SOURCES/0001-patch-8.2.4120-block-insert-goes-over-the-end-of-the.patch
@ -0,0 +1,95 @@
 diff -up vim80/src/ops.c.cve0261 vim80/src/ops.c
 --- vim80/src/ops.c.cve0261	2022-01-26 14:30:27.475308323 +0100
 +++ vim80/src/ops.c	2022-01-26 14:34:16.650933713 +0100
@@ -636,23 +636,30 @@ block_insert(
 	    if (b_insert)
 	    {
 		off = (*mb_head_off)(oldp, oldp + offset + spaces);
 +		spaces -= off;
 +		count -= off;
 	    }
 	    else
 	    {
 -		off = (*mb_off_next)(oldp, oldp + offset);
 -		offset += off;
 +		// spaces fill the gap, the character that's at the edge moves
 +		// right
 +		off = (*mb_head_off)(oldp, oldp + offset);
 +		offset -= off;
 	    }
 	    spaces -= off;
 	    count -= off;
 	}
 #endif
 -	newp = alloc_check((unsigned)(STRLEN(oldp)) + s_len + count + 1);
 +	// Make sure the allocated size matches what is actually copied below.
 +	newp = alloc(STRLEN(oldp) + spaces + s_len
 +		    + (spaces > 0 && !bdp->is_short ? p_ts - spaces : 0)
 +								  + count + 1);
 	if (newp == NULL)
 	    continue;
 	/* copy up to shifted part */
 -	mch_memmove(newp, oldp, (size_t)(offset));
 +	mch_memmove(newp, oldp, (size_t)offset);
 	oldp += offset;
 	/* insert pre-padding */
@@ -662,14 +669,21 @@ block_insert(
 	mch_memmove(newp + offset + spaces, s, (size_t)s_len);
 	offset += s_len;
 -	if (spaces && !bdp->is_short)
 +	if (spaces > 0 && !bdp->is_short)
 	{
 -	    /* insert post-padding */
 -	    vim_memset(newp + offset + spaces, ' ', (size_t)(p_ts - spaces));
 -	    /* We're splitting a TAB, don't copy it. */
 -	    oldp++;
 -	    /* We allowed for that TAB, remember this now */
 -	    count++;
 +	    if (*oldp == TAB)
 +	    {
 +		// insert post-padding
 +		vim_memset(newp + offset + spaces, ' ',
 +						    (size_t)(p_ts - spaces));
 +		// we're splitting a TAB, don't copy it
 +		oldp++;
 +		// We allowed for that TAB, remember this now
 +		count++;
 +	    }
 +	    else
 +		// Not a TAB, no extra spaces
 +		count = spaces;
 	}
 	if (spaces > 0)
@@ -2738,9 +2752,9 @@ op_insert(oparg_T *oap, long count1)
 		oap->start_vcol = t;
 	    }
 	    else if (oap->op_type == OP_APPEND
 -		      && oap->end.col
 +		      && oap->start.col
 #ifdef FEAT_VIRTUALEDIT
 -			    + oap->end.coladd
 +			    + oap->start.coladd
 #endif
 			>= curbuf->b_op_start_orig.col
 #ifdef FEAT_VIRTUALEDIT
 diff -up vim80/src/testdir/test_visual.vim.cve0261 vim80/src/testdir/test_visual.vim
 --- vim80/src/testdir/test_visual.vim.cve0261	2022-01-26 14:30:27.476308325 +0100
 +++ vim80/src/testdir/test_visual.vim	2022-01-26 14:36:03.482225225 +0100
@@ -254,3 +254,12 @@ func Test_virtual_replace2()
   %d_
   set bs&vim
 endfunc
 +
 +func Test_visual_block_append_invalid_char()
 +  " this was going over the end of the line
 +  new
 +  call setline(1, ['	   let xxx', 'xxxxx', 'xxxxxxxxxxx'])
 +  exe "normal 0\<C-V>jjA-\<Esc>"
 +  call assert_equal(['	-   let xxx', 'xxxxx   -', 'xxxxxxxx-xxx'], getline(1, 3))
 +  bwipe!
 +endfunc
--- a/SOURCES/0001-patch-8.2.4151-reading-beyond-the-end-of-a-line.patch
+++ b/SOURCES/0001-patch-8.2.4151-reading-beyond-the-end-of-a-line.patch
@ -0,0 +1,46 @@
 diff --git a/src/ops.c b/src/ops.c
 index e9cfb1d..e35b033 100644
 --- a/src/ops.c
 +++ b/src/ops.c
@@ -629,26 +629,9 @@ block_insert(
 #ifdef FEAT_MBYTE
 	if (has_mbyte && spaces > 0)
 -	{
 -	    int off;
 +	    // avoid copying part of a multi-byte character
 +	    offset -= (*mb_head_off)(oldp, oldp + offset);
 -	    /* Avoid starting halfway a multi-byte character. */
 -	    if (b_insert)
 -	    {
 -		off = (*mb_head_off)(oldp, oldp + offset + spaces);
 -		spaces -= off;
 -		count -= off;
 -	    }
 -	    else
 -	    {
 -		// spaces fill the gap, the character that's at the edge moves
 -		// right
 -		off = (*mb_head_off)(oldp, oldp + offset);
 -		offset -= off;
 -	    }
 -	    spaces -= off;
 -	    count -= off;
 -	}
 #endif
 	// Make sure the allocated size matches what is actually copied below.
 diff --git a/src/testdir/test_utf8.vim b/src/testdir/test_utf8.vim
 index 24e3db8..1042720 100644
 --- a/src/testdir/test_utf8.vim
 +++ b/src/testdir/test_utf8.vim
@@ -9,7 +9,7 @@ func Test_visual_block_insert()
   new
   call setline(1, ["aaa", "あああ", "bbb"])
   exe ":norm! gg0l\<C-V>jjIx\<Esc>"
 -  call assert_equal(['axaa', 'xあああ', 'bxbb'], getline(1, '$'))
 +  call assert_equal(['axaa', ' xあああ', 'bxbb'], getline(1, '$'))
   bwipeout!
 endfunc
--- a/SOURCES/0001-patch-8.2.4214-illegal-memory-access-with-large-tabs.patch
+++ b/SOURCES/0001-patch-8.2.4214-illegal-memory-access-with-large-tabs.patch
@ -0,0 +1,12 @@
 diff -up vim80/src/ex_getln.c.cve0359 vim80/src/ex_getln.c
 --- vim80/src/ex_getln.c.cve0359	2022-01-27 16:55:41.386213891 +0100
 +++ vim80/src/ex_getln.c	2022-01-27 17:00:20.330960544 +0100
@@ -300,7 +300,7 @@ getcmdline(
     ccline.cmdindent = (firstc > 0 ? indent : 0);
     /* alloc initial ccline.cmdbuff */
 -    alloc_cmdbuff(exmode_active ? 250 : indent + 1);
 +    alloc_cmdbuff(indent + 50);
     if (ccline.cmdbuff == NULL)
 	return NULL;			    /* out of memory */
     ccline.cmdlen = ccline.cmdpos = 0;
--- a/SOURCES/0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
+++ b/SOURCES/0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
@ -0,0 +1,33 @@
 diff -up vim80/src/ex_cmds.c.cve0361 vim80/src/ex_cmds.c
 --- vim80/src/ex_cmds.c.cve0361	2022-02-08 12:20:51.277666290 +0100
 +++ vim80/src/ex_cmds.c	2022-02-08 12:20:51.280666209 +0100
@@ -983,6 +983,8 @@ ex_copy(linenr_T line1, linenr_T line2,
     }
     appended_lines_mark(n, count);
 +    if (VIsual_active)
 +	check_pos(curbuf, &VIsual);
     msgmore((long)count);
 }
 diff -up vim80/src/testdir/test_visual.vim.cve0361 vim80/src/testdir/test_visual.vim
 --- vim80/src/testdir/test_visual.vim.cve0361	2022-02-08 12:20:51.280666209 +0100
 +++ vim80/src/testdir/test_visual.vim	2022-02-08 12:21:44.530356814 +0100
@@ -263,3 +263,17 @@ func Test_visual_block_append_invalid_ch
   call assert_equal(['	-   let xxx', 'xxxxx   -', 'xxxxxxxx-xxx'], getline(1, 3))
   bwipe!
 endfunc
 +
 +" this was leaving the end of the Visual area beyond the end of a line
 +func Test_visual_ex_copy_line()
 +  new
 +  call setline(1, ["aaa", "bbbbbbbbbxbb"])
 +  /x
 +  exe "normal ggvjfxO"
 +  t0
 +  normal gNU
 +  bwipe!
 +endfunc
 +
 +
 +" vim: shiftwidth=2 sts=2 expandtab
--- a/SOURCES/0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch
+++ b/SOURCES/0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch
@ -0,0 +1,85 @@
 commit ec45bc7682fd698d8d39f43732129c4d092355f3
 Author: Tomas Korbar <tkorbar@redhat.com>
 Date:   Wed Feb 2 16:30:11 2022 +0100
    Fix illegal memory access with bracketed paste in Ex mode
 diff --git a/src/edit.c b/src/edit.c
 index f29fbc7..57b8dce 100644
 --- a/src/edit.c
 +++ b/src/edit.c
@@ -9519,27 +9519,33 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
     int		ret_char = -1;
     int		save_allow_keys = allow_keys;
     int		save_paste = p_paste;
 -    int		save_ai = curbuf->b_p_ai;
 -    /* If the end code is too long we can't detect it, read everything. */
 -    if (STRLEN(end) >= NUMBUFLEN)
 +    // If the end code is too long we can't detect it, read everything.
 +    if (end != NULL && STRLEN(end) >= NUMBUFLEN)
 	end = NULL;
     ++no_mapping;
     allow_keys = 0;
 -    p_paste = TRUE;
 -    curbuf->b_p_ai = FALSE;
 +    if (!p_paste)
 +	// Also have the side effects of setting 'paste' to make it work much
 +	// faster.
 +	set_option_value((char_u *)"paste", TRUE, NULL, 0);
     for (;;)
     {
 	/* When the end is not defined read everything. */
 	if (end == NULL && vpeekc() == NUL)
 	    break;
 -	c = plain_vgetc();
 -#ifdef FEAT_MBYTE
 +	do
 +	    c = vgetc();
 +	while (c == K_IGNORE || c == K_VER_SCROLLBAR || c == K_HOR_SCROLLBAR);
 +	if (c == NUL || got_int || (ex_normal_busy > 0 && c == Ctrl_C))
 +	    // When CTRL-C was encountered the typeahead will be flushed and we
 +	    // won't get the end sequence.  Except when using ":normal".
 +	    break;
 +
 	if (has_mbyte)
 	    idx += (*mb_char2bytes)(c, buf + idx);
 	else
 -#endif
 	    buf[idx++] = c;
 	buf[idx] = NUL;
 	if (end != NULL && STRNCMP(buf, end, idx) == 0)
@@ -9557,7 +9563,8 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
 		    break;
 		case PASTE_EX:
 -		    if (gap != NULL && ga_grow(gap, idx) == OK)
 +		    // add one for the NUL that is going to be appended
 +		    if (gap != NULL && ga_grow(gap, idx + 1) == OK)
 		    {
 			mch_memmove((char *)gap->ga_data + gap->ga_len,
 							     buf, (size_t)idx);
@@ -9582,11 +9589,9 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
 		case PASTE_ONE_CHAR:
 		    if (ret_char == -1)
 		    {
 -#ifdef FEAT_MBYTE
 			if (has_mbyte)
 			    ret_char = (*mb_ptr2char)(buf);
 			else
 -#endif
 			    ret_char = buf[0];
 		    }
 		    break;
@@ -9597,8 +9602,8 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
     --no_mapping;
     allow_keys = save_allow_keys;
 -    p_paste = save_paste;
 -    curbuf->b_p_ai = save_ai;
 +    if (!save_paste)
 +	set_option_value((char_u *)"paste", FALSE, NULL, 0);
     return ret_char;
 }
--- a/SOURCES/0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch
+++ b/SOURCES/0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch
@ -0,0 +1,51 @@
 commit c604f3ad4782fde770617ff688e1ceac0dc1bd7c
 Author: Tomas Korbar <tkorbar@redhat.com>
 Date:   Thu Feb 3 10:14:42 2022 +0100
    Fix using freed memory when substitute with function call
 diff --git a/src/ex_cmds.c b/src/ex_cmds.c
 index e69fbd3..0788573 100644
 --- a/src/ex_cmds.c
 +++ b/src/ex_cmds.c
@@ -4767,6 +4767,7 @@ do_sub(exarg_T *eap)
     int		save_do_all;		/* remember user specified 'g' flag */
     int		save_do_ask;		/* remember user specified 'c' flag */
     char_u	*pat = NULL, *sub = NULL;	/* init for GCC */
 +	char_u	*sub_copy = NULL;
     int		delimiter;
     int		sublen;
     int		got_quit = FALSE;
@@ -5062,11 +5063,20 @@ do_sub(exarg_T *eap)
     sub_firstline = NULL;
     /*
 -     * ~ in the substitute pattern is replaced with the old pattern.
 -     * We do it here once to avoid it to be replaced over and over again.
 -     * But don't do it when it starts with "\=", then it's an expression.
 +     * If the substitute pattern starts with "\=" then it's an expression.
 +     * Make a copy, a recursive function may free it.
 +     * Otherwise, '~' in the substitute pattern is replaced with the old
 +     * pattern.  We do it here once to avoid it to be replaced over and over
 +     * again.
      */
 -    if (!(sub[0] == '\\' && sub[1] == '='))
 +    if (sub[0] == '\\' && sub[1] == '=')
 +    {
 +	sub = vim_strsave(sub);
 +	if (sub == NULL)
 +	    return;
 +	sub_copy = sub;
 +    }
 +    else
 	sub = regtilde(sub, p_magic);
     /*
@@ -5825,6 +5835,7 @@ outofmem:
 #endif
     vim_regfree(regmatch.regprog);
 +	vim_free(sub_copy);
     /* Restore the flag values, they can be used for ":&&". */
     subflags.do_all = save_do_all;
--- a/SOURCES/0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
+++ b/SOURCES/0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
@ -0,0 +1,22 @@
 diff -up vim80/src/regexp.c.cve1154 vim80/src/regexp.c
 --- vim80/src/regexp.c.cve1154	2022-04-09 12:01:30.054452927 +0200
 +++ vim80/src/regexp.c	2022-04-09 12:02:48.987999877 +0200
@@ -4415,8 +4415,17 @@ regmatch(
 		int	mark = OPERAND(scan)[0];
 		int	cmp = OPERAND(scan)[1];
 		pos_T	*pos;
 +		size_t	col = REG_MULTI ? reginput - regline : 0;
 		pos = getmark_buf(rex.reg_buf, mark, FALSE);
 +
 +		// Line may have been freed, get it again.
 +		if (REG_MULTI)
 +		{
 +		    regline = reg_getline(reglnum);
 +		    reginput = regline + col;
 +		}
 +
 		if (pos == NULL		     /* mark doesn't exist */
 			|| pos->lnum <= 0    /* mark isn't set in reg_buf */
 			|| (pos->lnum == reglnum + rex.reg_firstlnum
 diff -up vim80/src/testdir/test_regexp_latin.vim.cve1154 vim80/src/testdir/test_regexp_latin.vim
--- a/SOURCES/0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch
+++ b/SOURCES/0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch
@ -0,0 +1,57 @@
 diff --git a/src/globals.h b/src/globals.h
 index d5320d7..968ba33 100644
 --- a/src/globals.h
 +++ b/src/globals.h
@@ -1657,6 +1657,11 @@ EXTERN int *eval_lavars_used INIT(= NULL);
 EXTERN int ctrl_break_was_pressed INIT(= FALSE);
 #endif
 +#ifdef FEAT_SPELL
 +EXTERN char e_illegal_character_in_word[]
 +	INIT(= N_("E1280: Illegal character in word"));
 +#endif
 +
 /*
  * Optional Farsi support.  Include it here, so EXTERN and INIT are defined.
  */
 diff --git a/src/mbyte.c b/src/mbyte.c
 index 6d21f11..a7531f1 100644
 --- a/src/mbyte.c
 +++ b/src/mbyte.c
@@ -4034,7 +4034,7 @@ theend:
     convert_setup(&vimconv, NULL, NULL);
 }
 -#if defined(FEAT_GUI_GTK) || defined(PROTO)
 +#if defined(FEAT_GUI_GTK) || defined(FEAT_SPELL) || defined(PROTO)
 /*
  * Return TRUE if string "s" is a valid utf-8 string.
  * When "end" is NULL stop at the first NUL.
 diff --git a/src/spellfile.c b/src/spellfile.c
 index 496e07f..92997ef 100644
 --- a/src/spellfile.c
 +++ b/src/spellfile.c
@@ -4441,6 +4441,10 @@ store_word(
     int		res = OK;
     char_u	*p;
 +    // Avoid adding illegal bytes to the word tree.
 +    if (enc_utf8 && !utf_valid_string(word, NULL))
 +	return FAIL;
 +
     (void)spell_casefold(word, len, foldword, MAXWLEN);
     for (p = pfxlist; res == OK; ++p)
     {
@@ -6251,6 +6255,12 @@ spell_add_word(
     int		i;
     char_u	*spf;
 +    if (enc_utf8 && !utf_valid_string(word, NULL))
 +    {
 +	EMSG(_(e_illegal_character_in_word));
 +	return;
 +    }
 +
     if (idx == 0)	    /* use internal wordlist */
     {
 	if (int_wordlist == NULL)
--- a/SOURCES/0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch
+++ b/SOURCES/0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch
@ -0,0 +1,15 @@
 diff -up vim80/src/search.c.cve1629 vim80/src/search.c
 --- vim80/src/search.c.cve1629	2022-05-24 13:55:06.789859865 +0200
 +++ vim80/src/search.c	2022-05-24 13:56:31.889218958 +0200
@@ -4349,7 +4349,11 @@ find_next_quote(
 	if (c == NUL)
 	    return -1;
 	else if (escape != NULL && vim_strchr(escape, c))
 +	{
 	    ++col;
 +	    if (line[col] == NUL)
 +		return -1;
 +	}
 	else if (c == quotechar)
 	    break;
 #ifdef FEAT_MBYTE
--- a/SOURCES/0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch
+++ b/SOURCES/0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch
@ -0,0 +1,57 @@
 diff -up vim80/src/ex_cmds.c.cve1785 vim80/src/ex_cmds.c
 --- vim80/src/ex_cmds.c.cve1785	2022-06-10 10:46:33.818286626 +0200
 +++ vim80/src/ex_cmds.c	2022-06-10 10:58:04.009515524 +0200
@@ -5486,12 +5486,17 @@ do_sub(exarg_T *eap)
 		/* Save flags for recursion.  They can change for e.g.
 		 * :s/^/\=execute("s#^##gn") */
 		subflags_save = subflags;
 +
 +		// Disallow changing text or switching window in an expression.
 +		++textlock;
 #endif
 		/* get length of substitution part */
 		sublen = vim_regsub_multi(&regmatch,
 				    sub_firstlnum - regmatch.startpos[0].lnum,
 				    sub, sub_firstline, FALSE, p_magic, TRUE);
 #ifdef FEAT_EVAL
 +		--textlock;
 +
 		/* Don't keep flags set by a recursive call. */
 		subflags = subflags_save;
 		if (subflags.do_count)
@@ -5570,9 +5575,15 @@ do_sub(exarg_T *eap)
 		mch_memmove(new_end, sub_firstline + copycol, (size_t)copy_len);
 		new_end += copy_len;
 +#ifdef FEAT_EVAL
 +		++textlock;
 +#endif
 		(void)vim_regsub_multi(&regmatch,
 				    sub_firstlnum - regmatch.startpos[0].lnum,
 					   sub, new_end, TRUE, p_magic, TRUE);
 +#ifdef FEAT_EVAL
 +		--textlock;
 +#endif
 		sub_nsubs++;
 		did_sub = TRUE;
 diff -up vim80/src/testdir/test_substitute.vim.cve1785 vim80/src/testdir/test_substitute.vim
 --- vim80/src/testdir/test_substitute.vim.cve1785	2022-06-10 10:46:33.818286626 +0200
 +++ vim80/src/testdir/test_substitute.vim	2022-06-10 10:59:17.168437630 +0200
@@ -500,3 +500,16 @@ func Test_sub_cmd_8()
   enew!
   set titlestring&
 endfunc
 +
 +" This was switching windows in between computing the length and using it.
 +func Test_sub_change_window()
 +  silent! lfile
 +  sil! norm o0000000000000000000000000000000000000000000000000000
 +  func Repl()
 +    lopen
 +  endfunc
 +  silent!  s/\%')/\=Repl()
 +  bwipe!
 +  bwipe!
 +  delfunc Repl
 +endfunc
--- a/SOURCES/0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch
+++ b/SOURCES/0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch
@ -0,0 +1,120 @@
 diff -up vim80/src/normal.c.cve1897 vim80/src/normal.c
 --- vim80/src/normal.c.cve1897	2022-06-13 14:50:22.800290132 +0200
 +++ vim80/src/normal.c	2022-06-13 14:55:06.082861349 +0200
@@ -532,6 +532,22 @@ find_command(int cmdchar)
 }
 /*
 + * If currently editing a cmdline or text is locked: beep and give an error
 + * message, return TRUE.
 + */
 +    static int
 +check_text_locked(oparg_T *oap)
 +{
 +    if (text_locked())
 +    {
 +	clearopbeep(oap);
 +	text_locked_msg();
 +	return TRUE;
 +    }
 +    return FALSE;
 +}
 +
 +/*
  * Execute a command in Normal mode.
  */
     void
@@ -792,14 +808,9 @@ getcount:
 	goto normal_end;
     }
 -    if (text_locked() && (nv_cmds[idx].cmd_flags & NV_NCW))
 -    {
 -	/* This command is not allowed while editing a cmdline: beep. */
 -	clearopbeep(oap);
 -	text_locked_msg();
 -	goto normal_end;
 -    }
 -    if ((nv_cmds[idx].cmd_flags & NV_NCW) && curbuf_locked())
 +    if ((nv_cmds[idx].cmd_flags & NV_NCW)
 +				&& (check_text_locked(oap) || curbuf_locked()))
 +	// this command is not allowed now
 	goto normal_end;
     /*
@@ -6234,12 +6245,8 @@ nv_gotofile(cmdarg_T *cap)
     char_u	*ptr;
     linenr_T	lnum = -1;
 -    if (text_locked())
 -    {
 -	clearopbeep(cap->oap);
 -	text_locked_msg();
 +    if (check_text_locked(cap->oap))
 	return;
 -    }
     if (curbuf_locked())
     {
 	clearop(cap->oap);
@@ -8420,14 +8427,7 @@ nv_g_cmd(cmdarg_T *cap)
     /* "gQ": improved Ex mode */
     case 'Q':
 -	if (text_locked())
 -	{
 -	    clearopbeep(cap->oap);
 -	    text_locked_msg();
 -	    break;
 -	}
 -
 -	if (!checkclearopq(oap))
 +	if (!check_text_locked(cap->oap) && !checkclearopq(oap))
 	    do_exmode(TRUE);
 	break;
 diff -up vim80/src/testdir/test_substitute.vim.cve1897 vim80/src/testdir/test_substitute.vim
 --- vim80/src/testdir/test_substitute.vim.cve1897	2022-06-13 14:50:22.849290402 +0200
 +++ vim80/src/testdir/test_substitute.vim	2022-06-13 14:55:50.370111134 +0200
@@ -513,3 +513,26 @@ func Test_sub_change_window()
   bwipe!
   delfunc Repl
 endfunc
 +
 +" This was undoign a change in between computing the length and using it.
 +func Do_Test_sub_undo_change()
 +  new
 +  norm o0000000000000000000000000000000000000000000000000000
 +  silent! s/\%')/\=Repl()
 +  bwipe!
 +endfunc
 +
 +func Test_sub_undo_change()
 +  func Repl()
 +    silent! norm g-
 +  endfunc
 +  call Do_Test_sub_undo_change()
 +
 +  func! Repl()
 +    silent earlier
 +  endfunc
 +  call Do_Test_sub_undo_change()
 +
 +  delfunc Repl
 +endfunc
 +
 diff -up vim80/src/undo.c.cve1897 vim80/src/undo.c
 --- vim80/src/undo.c.cve1897	2022-06-13 14:50:22.849290402 +0200
 +++ vim80/src/undo.c	2022-06-13 14:56:57.916492090 +0200
@@ -2283,6 +2283,12 @@ undo_time(
     if (curbuf->b_u_synced == FALSE)
 	u_sync(TRUE);
 +    if (text_locked())
 +    {
 +	text_locked_msg();
 +	return;
 +    }
 +
     u_newcount = 0;
     u_oldcount = 0;
     if (curbuf->b_ml.ml_flags & ML_EMPTY)
--- a/SOURCES/0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch
+++ b/SOURCES/0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch
@ -0,0 +1,85 @@
 diff -up vim80/src/ex_docmd.c.cve1927 vim80/src/ex_docmd.c
 --- vim80/src/ex_docmd.c.cve1927	2022-06-13 16:31:41.841068554 +0200
 +++ vim80/src/ex_docmd.c	2022-06-13 16:37:02.789876973 +0200
@@ -1720,6 +1720,8 @@ do_one_cmd(
     int			ni;			/* set when Not Implemented */
     char_u		*cmd;
     int			address_count = 1;
 +    int			need_check_cursor = FALSE;
 +    int			ret_addr = FAIL;
     vim_memset(&ea, 0, sizeof(ea));
     ea.line1 = 1;
@@ -2084,7 +2086,7 @@ do_one_cmd(
 	lnum = get_address(&ea, &ea.cmd, ea.addr_type, ea.skip,
 					  ea.addr_count == 0, address_count++);
 	if (ea.cmd == NULL)		    /* error detected */
 -	    goto doend;
 +	    goto addr_end;
 	if (lnum == MAXLNUM)
 	{
 	    if (*ea.cmd == '%')		    /* '%' - all lines */
@@ -2128,12 +2130,12 @@ do_one_cmd(
 			    /* there is no Vim command which uses '%' and
 			     * ADDR_WINDOWS or ADDR_TABS */
 			    errormsg = (char_u *)_(e_invrange);
 -			    goto doend;
 +			    goto addr_end;
 			}
 			break;
 		    case ADDR_TABS_RELATIVE:
 			errormsg = (char_u *)_(e_invrange);
 -			goto doend;
 +			goto addr_end;
 			break;
 		    case ADDR_ARGUMENTS:
 			if (ARGCOUNT == 0)
@@ -2163,7 +2165,7 @@ do_one_cmd(
 		if (ea.addr_type != ADDR_LINES)
 		{
 		    errormsg = (char_u *)_(e_invrange);
 -		    goto doend;
 +		    goto addr_end;
 		}
 		++ea.cmd;
@@ -2171,11 +2173,11 @@ do_one_cmd(
 		{
 		    fp = getmark('<', FALSE);
 		    if (check_mark(fp) == FAIL)
 -			goto doend;
 +			goto addr_end;
 		    ea.line1 = fp->lnum;
 		    fp = getmark('>', FALSE);
 		    if (check_mark(fp) == FAIL)
 -			goto doend;
 +			goto addr_end;
 		    ea.line2 = fp->lnum;
 		    ++ea.addr_count;
 		}
@@ -2190,8 +2192,11 @@ do_one_cmd(
 	    if (!ea.skip)
 	    {
 		curwin->w_cursor.lnum = ea.line2;
 +
 		/* don't leave the cursor on an illegal line or column */
 +		// Check the cursor position before returning.
 		check_cursor();
 +		need_check_cursor = TRUE;
 	    }
 	}
 	else if (*ea.cmd != ',')
@@ -2208,6 +2213,13 @@ do_one_cmd(
 	    ea.addr_count = 0;
     }
 +    ret_addr = OK;
 +
 +addr_end:
 +    if (need_check_cursor)
 +	check_cursor();
 +    if (ret_addr == FAIL)
 +	goto doend;
 /*
  * 5. Parse the command.
  */
--- a/SOURCES/0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch
+++ b/SOURCES/0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch
@ -0,0 +1,70 @@
 diff -up vim82/runtime/autoload/zip.vim.CVE-2025-53906 vim82/runtime/autoload/zip.vim
 --- vim82/runtime/autoload/zip.vim.CVE-2025-53906	2021-03-22 10:02:41.000000000 +0100
 +++ vim82/runtime/autoload/zip.vim	2025-09-10 19:33:11.491115978 +0200
@@ -251,6 +251,7 @@ fun! zip#Write(fname)
 "  call Dfunc("zip#Write(fname<".a:fname.">) zipfile_".winnr()."<".s:zipfile_{winnr()}.">")
   let repkeep= &report
   set report=10
 +  let need_rename = 0
   " sanity checks
   if !executable(substitute(g:zip_zipcmd,'\s\+.*$','',''))
@@ -261,14 +262,6 @@ fun! zip#Write(fname)
 "   call Dret("zip#Write")
    return
   endif
 -  if !exists("*mkdir")
 -   redraw!
 -   echohl Error | echo "***error*** (zip#Write) sorry, mkdir() doesn't work on your system" | echohl None
 -"   call inputsave()|call input("Press <cr> to continue")|call inputrestore()
 -   let &report= repkeep
 -"   call Dret("zip#Write")
 -   return
 -  endif
   let curdir= getcwd()
   let tmpdir= tempname()
@@ -302,6 +295,11 @@ fun! zip#Write(fname)
    let zipfile = substitute(a:fname,'^.\{-}zipfile:\(.\{-}\)::[^\\].*$','\1','')
    let fname   = substitute(a:fname,'^.\{-}zipfile:.\{-}::\([^\\].*\)$','\1','')
   endif
 +  if fname =~ '^[.]\{1,2}/'
 +    call system(g:zip_zipcmd." -d ".s:Escape(fnamemodify(zipfile,":p"),0)." ".s:Escape(fname,0))
 +    let fname = substitute(fname, '^\([.]\{1,2}/\)\+', '', 'g')
 +    let need_rename = 1
 +  endif
 "  call Decho("zipfile<".zipfile.">")
 "  call Decho("fname  <".fname.">")
@@ -318,7 +316,7 @@ fun! zip#Write(fname)
   endif
 "  call Decho("zipfile<".zipfile."> fname<".fname.">")
 -  exe "w! ".fnameescape(fname)
 +  exe "w ".fnameescape(fname)
   if has("win32unix") && executable("cygpath")
    let zipfile = substitute(system("cygpath ".s:Escape(zipfile,0)),'\n','','e')
   endif
@@ -348,6 +346,10 @@ fun! zip#Write(fname)
    let &binary = binkeep
    q!
    unlet s:zipfile_{winnr()}
 +  elseif need_rename
 +    sil exe 'keepalt file '.fnameescape("zipfile://".zipfile.'::'.fname)
 +    redraw!
 +    echohl Error | echo "***error*** (zip#Browse) Path Traversal Attack detected, dropping relative path" | echohl None
   endif
   " cleanup and restore current directory
@@ -383,6 +385,11 @@ fun! zip#Extract()
    let &report= repkeep
 "   call Dret("zip#Extract")
    return
 +  elseif fname =~ '^[.]\?[.]/'
 +    redraw!
 +    echohl Error | echo "***error*** (zip#Browse) Path Traversal Attack detected, not extracting!" | echohl None
 +    let &report= repkeep
 +    return
   endif
   " extract the file mentioned under the cursor
--- a/SOURCES/0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch
+++ b/SOURCES/0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch
@ -0,0 +1,288 @@
 diff --git a/runtime/autoload/tar.vim b/runtime/autoload/tar.vim
 index 9c518cb..e320b9a 100644
 --- a/runtime/autoload/tar.vim
 +++ b/runtime/autoload/tar.vim
@@ -37,10 +37,10 @@ set cpo&vim
 " ---------------------------------------------------------------------
 "  Default Settings: {{{1
 if !exists("g:tar_browseoptions")
 - let g:tar_browseoptions= "Ptf"
 + let g:tar_browseoptions= "tf"
 endif
 if !exists("g:tar_readoptions")
 - let g:tar_readoptions= "OPxf"
 + let g:tar_readoptions= "Oxf"
 endif
 if !exists("g:tar_cmd")
  let g:tar_cmd= "tar"
@@ -95,6 +95,9 @@ if !exists("g:tar_shq")
 " call Decho("g:tar_shq<".g:tar_shq.">")
 endif
 +let g:tar_secure=' -- '
 +let g:tar_leading_pat='^\%([.]\{,2\}/\)\+'
 +
 " ----------------
 "  Functions: {{{1
 " ----------------
@@ -195,6 +198,15 @@ fun! tar#Browse(tarfile)
    return
   endif
 +  " remove tar: Removing leading '/' from member names
 +  " Note: the message could be localized
 +  if search('^tar: ') > 0 || search(g:tar_leading_pat) > 0
 +    call append(3,'" Note: Path Traversal Attack detected!')
 +    let b:leading_slash = 1
 +    " remove the message output
 +    sil g/^tar: /d
 +  endif
 +
   setlocal noma nomod ro
   noremap <silent> <buffer> <cr> :call <SID>TarBrowseSelect()<cr>
@@ -211,12 +223,7 @@ fun! s:TarBrowseSelect()
   let fname= getline(".")
 "  call Decho("fname<".fname.">")
 -  if !exists("g:tar_secure") && fname =~ '^\s*-\|\s\+-'
 -   redraw!
 -   echohl WarningMsg | echo '***warning*** (tar#BrowseSelect) rejecting tarfile member<'.fname.'> because of embedded "-"'
 -"   call Dret('tar#BrowseSelect : rejecting tarfile member<'.fname.'> because of embedded "-"')
 -   return
 -  endif
 +  let ls= get(b:, 'leading_slash', 0)
   " sanity check
   if fname =~ '^"'
@@ -238,7 +245,8 @@ fun! s:TarBrowseSelect()
    wincmd _
   endif
   let s:tblfile_{winnr()}= curfile
 -  call tar#Read("tarfile:".tarfile.'::'.fname,1)
 +  let b:leading_slash= ls
 +  call tar#Read("tarfile:".tarfile.'::'.fname)
   filetype detect
   set nomod
   exe 'com! -buffer -nargs=? -complete=file TarDiff	:call tar#Diff(<q-args>,"'.fnameescape(fname).'")'
@@ -249,8 +257,8 @@ endfun
 " ---------------------------------------------------------------------
 " tar#Read: {{{2
 -fun! tar#Read(fname,mode)
 -"  call Dfunc("tar#Read(fname<".a:fname.">,mode=".a:mode.")")
 +fun! tar#Read(fname)
 +"  call Dfunc("tar#Read(fname<".a:fname.">)")
   let repkeep= &report
   set report=10
   let tarfile = substitute(a:fname,'tarfile:\(.\{-}\)::.*$','\1','')
@@ -262,6 +270,8 @@ fun! tar#Read(fname,mode)
 "  call Decho("tarfile<".tarfile.">")
 "  call Decho("fname<".fname.">")
 +  let curdir= getcwd()
 +  let b:curdir= curdir
   if  fname =~ '\.bz2$' && executable("bzcat")
    let decmp= "|bzcat"
    let doro = 1
@@ -282,33 +292,31 @@ fun! tar#Read(fname,mode)
    endif
   endif
 -  if exists("g:tar_secure")
 -   let tar_secure= " -- "
 -  else
 -   let tar_secure= " "
 -  endif
   if tarfile =~# '\.bz2$'
 -"   call Decho("7: exe silent r! bzip2 -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp)
 -   exe "sil! r! bzip2 -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp
 +"   call Decho("7: exe silent r! bzip2 -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp)
 +   exe "sil! r! bzip2 -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp
   elseif tarfile =~# '\.\(gz\|tgz\)$'
 -"   call Decho("5: exe silent r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd.' -'.g:tar_readoptions.' - '.tar_secure.shellescape(fname,1))
 -   exe "sil! r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp
 +"   call Decho("5: exe silent r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd.' -'.g:tar_readoptions.' - '.g:tar_secure.shellescape(fname,1))
 +   exe "sil! r! gzip -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp
   elseif tarfile =~# '\.lrp$'
 -"   call Decho("6: exe silent r! cat ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp)
 -   exe "sil! r! cat -- ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp
 +"   call Decho("6: exe silent r! cat ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp)
 +   exe "sil! r! cat -- ".shellescape(tarfile,1)." | gzip -d -c - | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp
   elseif tarfile =~# '\.lzma$'
 -"   call Decho("7: exe silent r! lzma -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp)
 -   exe "sil! r! lzma -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp
 +"   call Decho("7: exe silent r! lzma -d -c ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp)
 +   exe "sil! r! lzma -d -c -- ".shellescape(tarfile,1)."| ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp
   elseif tarfile =~# '\.\(xz\|txz\)$'
 -"   call Decho("3: exe silent r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp)
 -   exe "sil! r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".tar_secure.shellescape(fname,1).decmp
 +"   call Decho("3: exe silent r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp)
 +   exe "sil! r! xz --decompress --stdout -- ".shellescape(tarfile,1)." | ".g:tar_cmd." -".g:tar_readoptions." - ".g:tar_secure.shellescape(fname,1).decmp
   else
    if tarfile =~ '^\s*-'
     " A file name starting with a dash is taken as an option.  Prepend ./ to avoid that.
     let tarfile = substitute(tarfile, '-', './-', '')
    endif
 -"   call Decho("8: exe silent r! ".g:tar_cmd." -".g:tar_readoptions.tar_secure.shellescape(tarfile,1)." ".shellescape(fname,1).decmp)
 -   exe "silent r! ".g:tar_cmd." -".g:tar_readoptions.shellescape(tarfile,1)." ".tar_secure.shellescape(fname,1).decmp
 +"   call Decho("8: exe silent r! ".g:tar_cmd." -".g:tar_readoptions.g:tar_secure.shellescape(tarfile,1)." ".shellescape(fname,1).decmp)
 +   exe "silent r! ".g:tar_cmd." -".g:tar_readoptions.shellescape(tarfile,1)." ".g:tar_secure.shellescape(fname,1).decmp
 +  endif
 +  if get(b:, 'leading_slash', 0)
 +    sil g/^tar: /d
   endif
   if doro
@@ -317,13 +325,14 @@ fun! tar#Read(fname,mode)
   endif
   let b:tarfile= a:fname
 -  exe "file tarfile::".fnameescape(fname)
   " cleanup
   keepj sil! 0d
   set nomod
   let &report= repkeep
 +  exe "lcd ".fnameescape(curdir)
 +  silent exe "file tarfile::".fnameescape(fname)
 "  call Dret("tar#Read : b:tarfile<".b:tarfile.">")
 endfun
@@ -334,13 +343,6 @@ fun! tar#Write(fname)
   let repkeep= &report
   set report=10
 -  if !exists("g:tar_secure") && a:fname =~ '^\s*-\|\s\+-'
 -   redraw!
 -   echohl WarningMsg | echo '***warning*** (tar#Write) rejecting tarfile member<'.a:fname.'> because of embedded "-"'
 -"   call Dret('tar#Write : rejecting tarfile member<'.fname.'> because of embedded "-"')
 -   return
 -  endif
 -
   " sanity checks
   if !executable(g:tar_cmd)
    redraw!
@@ -389,6 +391,13 @@ fun! tar#Write(fname)
   let tarfile = substitute(b:tarfile,'tarfile:\(.\{-}\)::.*$','\1','')
   let fname   = substitute(b:tarfile,'tarfile:.\{-}::\(.*\)$','\1','')
 +  if get(b:, 'leading_slash', 0)
 +   redraw!
 +   echohl Error | echo "***error*** (tar#Write) sorry, not attempting to update ".tarfile." with ".fname | echohl None
 +   let &report= repkeep
 +   return
 +  endif
 +
   " handle compressed archives
   if tarfile =~# '\.bz2'
    call system("bzip2 -d -- ".shellescape(tarfile,0))
@@ -442,27 +451,23 @@ fun! tar#Write(fname)
    endif
 "   call Decho("tarfile<".tarfile."> fname<".fname.">")
 -   if exists("g:tar_secure")
 -    let tar_secure= " -- "
 -   else
 -    let tar_secure= " "
 -   endif
 -   exe "w! ".fnameescape(fname)
 +   " don't overwrite a file forcefully
 +   exe "w ".fnameescape(fname)
    if has("win32unix") && executable("cygpath")
     let tarfile = substitute(system("cygpath ".shellescape(tarfile,0)),'\n','','e')
    endif
    " delete old file from tarfile
 "   call Decho("system(".g:tar_cmd." --delete -f ".shellescape(tarfile,0)." -- ".shellescape(fname,0).")")
 -   call system(g:tar_cmd." --delete -f ".shellescape(tarfile,0).tar_secure.shellescape(fname,0))
 +   call system(g:tar_cmd." --delete -f ".shellescape(tarfile,0).g:tar_secure.shellescape(fname,0))
    if v:shell_error != 0
     redraw!
     echohl Error | echo "***error*** (tar#Write) sorry, unable to update ".fnameescape(tarfile)." with ".fnameescape(fname) | echohl None
    else
     " update tarfile with new file 
 -"    call Decho(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).tar_secure.shellescape(fname,0))
 -    call system(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).tar_secure.shellescape(fname,0))
 +"    call Decho(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).g:tar_secure.shellescape(fname,0))
 +    call system(g:tar_cmd." -".g:tar_writeoptions." ".shellescape(tarfile,0).g:tar_secure.shellescape(fname,0))
     if v:shell_error != 0
      redraw!
      echohl Error | echo "***error*** (tar#Write) sorry, unable to update ".fnameescape(tarfile)." with ".fnameescape(fname) | echohl None
@@ -511,6 +516,7 @@ fun! tar#Diff(userfname,fname)
   if a:userfname != ""
    let fname= a:userfname
   endif
 +  exe "lcd ".fnameescape(b:tmpdir). '/_ZIPVIM_'
   if filereadable(fname)
    " sets current file (from tarball) for diff'ing
    " splits window vertically
 diff --git a/runtime/doc/pi_tar.txt b/runtime/doc/pi_tar.txt
 index 1b03d31..a6c72cd 100644
 --- a/runtime/doc/pi_tar.txt
 +++ b/runtime/doc/pi_tar.txt
@@ -61,7 +61,7 @@ Copyright 2005-2012:					*tar-copyright*
 	the file mentioned in the tarball.  If the current directory is not
 	correct for that path, :TarDiff will fail to find the associated file.
 -	If the [filename] is given, that that filename (and path) will be used
 +	If the [filename] is given, that filename (and path) will be used
 	to specify the associated file.
@@ -86,18 +86,6 @@ Copyright 2005-2012:					*tar-copyright*
    *g:tar_readoptions*    "OPxf"  used to extract a file from a tarball
    *g:tar_cmd*            "tar"   the name of the tar program
    *g:tar_nomax*            0     if true, file window will not be maximized
 -   *g:tar_secure*         undef   if exists:
 -					"--"s will be used to prevent unwanted
 -					option expansion in tar commands.
 -					Please be sure that your tar command
 -					accepts "--"; Posix compliant tar
 -					utilities do accept them.
 -				  if not exists:
 -				  	The tar plugin will reject any tar
 -					files or member files that begin with
 -					"-"
 -				  Not all tar's support the "--" which is why
 -				  it isn't default.
    *g:tar_writeoptions*   "uf"    used to update/replace a file
 diff --git a/runtime/doc/tags b/runtime/doc/tags
 index 5895c05..2e09b72 100644
 --- a/runtime/doc/tags
 +++ b/runtime/doc/tags
@@ -6517,7 +6517,6 @@ g:tar_copycmd	pi_tar.txt	/*g:tar_copycmd*
 g:tar_extractcmd	pi_tar.txt	/*g:tar_extractcmd*
 g:tar_nomax	pi_tar.txt	/*g:tar_nomax*
 g:tar_readoptions	pi_tar.txt	/*g:tar_readoptions*
 -g:tar_secure	pi_tar.txt	/*g:tar_secure*
 g:tar_writeoptions	pi_tar.txt	/*g:tar_writeoptions*
 g:terminal_ansi_colors	terminal.txt	/*g:terminal_ansi_colors*
 g:tex_comment_nospell	syntax.txt	/*g:tex_comment_nospell*
 diff --git a/runtime/plugin/tarPlugin.vim b/runtime/plugin/tarPlugin.vim
 index 6d9e6bd..471712f 100644
 --- a/runtime/plugin/tarPlugin.vim
 +++ b/runtime/plugin/tarPlugin.vim
@@ -22,14 +22,14 @@ set cpo&vim
 "  Public Interface: {{{1
 augroup tar
   au!
 -  au BufReadCmd   tarfile::*	call tar#Read(expand("<amatch>"), 1)
 -  au FileReadCmd  tarfile::*	call tar#Read(expand("<amatch>"), 0)
 +  au BufReadCmd   tarfile::*	call tar#Read(expand("<amatch>"))
 +  au FileReadCmd  tarfile::*	call tar#Read(expand("<amatch>"))
   au BufWriteCmd  tarfile::*	call tar#Write(expand("<amatch>"))
   au FileWriteCmd tarfile::*	call tar#Write(expand("<amatch>"))
   if has("unix")
 -   au BufReadCmd   tarfile::*/*	call tar#Read(expand("<amatch>"), 1)
 -   au FileReadCmd  tarfile::*/*	call tar#Read(expand("<amatch>"), 0)
 +   au BufReadCmd   tarfile::*/*	call tar#Read(expand("<amatch>"))
 +   au FileReadCmd  tarfile::*/*	call tar#Read(expand("<amatch>"))
    au BufWriteCmd  tarfile::*/*	call tar#Write(expand("<amatch>"))
    au FileWriteCmd tarfile::*/*	call tar#Write(expand("<amatch>"))
   endif
--- a/SOURCES/Changelog.rpm
+++ b/SOURCES/Changelog.rpm
@ -0,0 +1,430 @@
 * Tue Aug 28 2012 Karsten Hopp <karsten@redhat.com> 7.3.638-1
 - patchlevel 638
 * Mon Aug 06 2012 Karsten Hopp <karsten@redhat.com> 2:7.3.622-2
 - add epoch to spec.vim and automatic changelog entries
 * Mon Aug 06 2012 Karsten Hopp <karsten@redhat.com> 7.3.622-1
 - patchlevel 622
 * Mon Aug 06 2012 Karsten Hopp <karsten@redhat.com> 7.3.604-1
 - drop vim-6.1-rh3.patch, (bz #754801)
 * Wed Jul 18 2012 Karsten Hopp <karsten@redhat.com> 7.3.604-1
 - patchlevel 604
 * Wed Jul 11 2012 Petr Pisar <ppisar@redhat.com> - 2:7.3.594-2
 - Perl 5.16 rebuild
 * Tue Jul 10 2012 Karsten Hopp <karsten@redhat.com> 7.3.594-1
 - patchlevel 594
 * Tue Jul 10 2012 Karsten Hopp <karsten@redhat.com> 7.3.592-1
 - patchlevel 592
 * Mon Jul 09 2012 Petr Pisar <ppisar@redhat.com> - 2:7.3.584-2
 - Perl 5.16 rebuild
 * Mon Jul 02 2012 Karsten Hopp <karsten@redhat.com> 7.3.584-1
 - patchlevel 584
 * Thu Jun 28 2012 Petr Pisar <ppisar@redhat.com> - 2:7.3.556-2
 - Perl 5.16 rebuild
 * Mon Jun 18 2012 Karsten Hopp <karsten@redhat.com> 7.3.556-1
 - patchlevel 556
 * Mon Jun 11 2012 Petr Pisar <ppisar@redhat.com> - 2:7.3.515-2
 - Perl 5.16 rebuild
 * Mon May 21 2012 Karsten Hopp <karsten@redhat.com> 7.3.515-1
 - enable highlighting for older log files (#816848)
 * Tue May 08 2012 Karsten Hopp <karsten@redhat.com> 7.3.515-1
 - patchlevel 515
 * Fri Mar 16 2012 Karsten Hopp <karsten@redhat.com> 7.3.471-1
 - patchlevel 471
 * Mon Feb 13 2012 Karsten Hopp <karsten@redhat.com> 7.3.444-1
 - patchlevel 444
 * Tue Feb 07 2012 Karsten Hopp <karsten@redhat.com> 7.3.434-1
 - patchlevel 434
 * Tue Feb 07 2012 Karsten Hopp <karsten@redhat.com> 7.3.393-3
 - update spec file template, bugzilla 736774
 * Thu Jan 26 2012 Harald Hoyer <harald@redhat.com> 7.3.393-3
 - rebuild against the new ruby library
 * Thu Jan 26 2012 Harald Hoyer <harald@redhat.com> 7.3.393-2
 - install everything in /usr
  https://fedoraproject.org/wiki/Features/UsrMove
 * Thu Jan 05 2012 Karsten Hopp <karsten@redhat.com> 7.3.393-1
 - patchlevel 393
 - fix boolean key 'Terminal' in gvim.desktop
 * Fri Dec 23 2011 Karsten Hopp <karsten@redhat.com> 7.3.386-1
 - patchlevel 386
 * Mon Sep 26 2011 Karsten Hopp <karsten@redhat.com> 7.3.322-1
 - patchlevel 322
 * Wed Sep 21 2011 Karsten Hopp <karsten@redhat.com> 7.3.315-1
 - patchlevel 315
 * Mon Aug 29 2011 Karsten Hopp <karsten@redhat.com> 7.3.289-1
 - patchlevel 289
 * Mon Aug 29 2011 Karsten Hopp <karsten@redhat.com> 7.3.244-4
 - Remove old patched files. (Ricky Zhou <ricky@fedoraproject.org>)
  (bugzilla #709456)
 * Thu Jul 21 2011 Petr Sabata <contyk@redhat.com> - 2:7.3.244-3
 - Perl mass rebuild
 * Thu Jul 21 2011 Petr Sabata <contyk@redhat.com> - 2:7.3.244-2
 - Perl mass rebuild
 * Mon Jul 11 2011 Karsten Hopp <karsten@redhat.com> 7.3.244-1
 - patchlevel 244
 * Tue Jun 14 2011 Marcela Mašláňová <mmaslano@redhat.com> - 2:7.3.206-3
 - Perl mass rebuild
 * Tue May 31 2011 Ville Skyttä <ville.skytta@iki.fi> - 2:7.3.206-2
 - Own the /usr/share/vim/vim73 dir.
 * Mon May 30 2011 Karsten Hopp <karsten@redhat.com> 7.3.206-1
 - drop xxd-locale patch
 - update to patchlevel 206
 * Wed May 11 2011 Karsten Hopp <karsten@redhat.com> 7.3.189-1
 - patchlevel 189
 * Wed Mar 16 2011 Karsten Hopp <karsten@redhat.com> 7.3.138-1
 - patchlevel 138
 * Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:7.3.107-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 * Mon Jan 24 2011 Karsten Hopp <karsten@redhat.com> 7.3.107-1
 - patchlevel 107
 * Mon Jan 10 2011 Karsten Hopp <karsten@redhat.com> 7.3.099-1
 - patchlevel 099
 * Mon Jan 03 2011 Karsten Hopp <karsten@redhat.com> 7.3.094-1
 - patchlevel 094
 * Thu Dec 09 2010 Karsten Hopp <karsten@redhat.com> 7.3.081-1
 - patchlevel 081
 * Wed Dec 08 2010 Karsten Hopp <karsten@redhat.com> 7.3.080-1
 - patchlevel 080
 * Fri Dec 03 2010 Karsten Hopp <karsten@redhat.com> 7.3.075-1
 - patchlevel 075
 * Thu Dec 02 2010 Karsten Hopp <karsten@redhat.com> 7.3.073-1
 - patchlevel 073
 * Thu Nov 25 2010 Karsten Hopp <karsten@redhat.com> 7.3.069-1
 - patchlevel 069
 * Wed Nov 24 2010 Karsten Hopp <karsten@redhat.com> 7.3.068-1
 - patchlevel 068
 * Wed Nov 24 2010 Karsten Hopp <karsten@redhat.com> 7.3.063-1
 - patchlevel 063
 * Wed Nov 17 2010 Karsten Hopp <karsten@redhat.com> 7.3.062-1
 - patchlevel 062
 * Tue Nov 16 2010 Karsten Hopp <karsten@redhat.com> 7.3.061-1
 - patchlevel 061
 * Tue Nov 16 2010 Karsten Hopp <karsten@redhat.com> 7.3.056-1
 - patchlevel 056
 * Thu Nov 11 2010 Karsten Hopp <karsten@redhat.com> 7.3.055-1
 - patchlevel 055
 * Wed Nov 10 2010 Karsten Hopp <karsten@redhat.com> 7.3.051-1
 - patchlevel 051
 * Thu Nov 04 2010 Karsten Hopp <karsten@redhat.com> 7.3.050-1
 - patchlevel 050
 * Thu Nov 04 2010 Karsten Hopp <karsten@redhat.com> 7.3.048-1
 - patchlevel 048
 * Thu Oct 28 2010 Karsten Hopp <karsten@redhat.com> 7.3.047-1
 - patchlevel 047
 * Wed Oct 27 2010 Karsten Hopp <karsten@redhat.com> 7.3.046-1
 - patchlevel 046
 * Wed Oct 27 2010 Karsten Hopp <karsten@redhat.com> 7.3.039-1
 - patchlevel 039
 * Sun Oct 24 2010 Karsten Hopp <karsten@redhat.com> 7.3.035-1
 - patchlevel 035
 * Sat Oct 23 2010 Karsten Hopp <karsten@redhat.com> 7.3.034-1
 - patchlevel 034
 * Sat Oct 23 2010 Karsten Hopp <karsten@redhat.com> 7.3.033-1
 - patchlevel 033
 * Thu Oct 21 2010 Karsten Hopp <karsten@redhat.com> 7.3.032-1
 - patchlevel 032
 * Wed Oct 20 2010 Karsten Hopp <karsten@redhat.com> 7.3.031-1
 - patchlevel 031
 * Sat Oct 16 2010 Karsten Hopp <karsten@redhat.com> 7.3.029-1
 - patchlevel 029
 * Fri Oct 15 2010 Karsten Hopp <karsten@redhat.com> 7.3.028-1
 - patchlevel 028
 * Thu Oct 14 2010 Karsten Hopp <karsten@redhat.com> 7.3.027-1
 - patchlevel 027
 * Wed Oct 13 2010 Karsten Hopp <karsten@redhat.com> 7.3.026-1
 - patchlevel 026
 * Sun Oct 10 2010 Karsten Hopp <karsten@redhat.com> 7.3.021-1
 - patchlevel 021
 * Sat Oct 09 2010 Karsten Hopp <karsten@redhat.com> 7.3.020-1
 - patchlevel 020
 * Fri Oct 01 2010 Karsten Hopp <karsten@redhat.com> 7.3.019-1
 - patchlevel 019
 * Thu Sep 30 2010 Karsten Hopp <karsten@redhat.com> 7.3.018-1
 - patchlevel 018
 * Thu Sep 30 2010 Karsten Hopp <karsten@redhat.com> 7.3.011-3
 - add filesystem subpackage (#628293)
 * Wed Sep 29 2010 jkeating - 2:7.3.011-2
 - Rebuilt for gcc bug 634757
 * Wed Sep 22 2010 Karsten Hopp <karsten@redhat.com> 7.3.011-1
 - update to VIM 7.3 patchlevel 011
 # vim:nrformats-=octal
 * Tue Jul 27 2010 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> 7.2.446-2
 - Rebuild against python 2.7
 * Tue Jul 13 2010 Karsten Hopp <karsten@redhat.com> 7.2.446-1
 - patchlevel 446
 * Thu Jul 08 2010 Karsten Hopp <karsten@redhat.com> 7.2.445-1
 - patchlevel 445
 * Wed Jun 23 2010 Karsten Hopp <karsten@redhat.com> 7.2.444-2
 - rebuild with perl-5.12
 * Sun Jun 13 2010 Karsten Hopp <karsten@redhat.com> 7.2.444-1
 - patchlevel 444
 * Sun Jun 13 2010 Karsten Hopp <karsten@redhat.com> 7.2.443-1
 - patchlevel 443
 * Sat Jun 05 2010 Karsten Hopp <karsten@redhat.com> 7.2.442-1
 - patchlevel 442
 * Wed Jun 02 2010 Marcela Maslanova <mmaslano@redhat.com> - 2:7.2.441-2
 - Mass rebuild with perl-5.12.0
 * Sun May 30 2010 Karsten Hopp <karsten@redhat.com> 7.2.441-1
 - patchlevel 441
 * Sat May 29 2010 Karsten Hopp <karsten@redhat.com> 7.2.440-1
 - patchlevel 440
 * Wed May 26 2010 Karsten Hopp <karsten@redhat.com> 7.2.438-1
 - patchlevel 438
 * Sat May 22 2010 Karsten Hopp <karsten@redhat.com> 7.2.437-1
 - patchlevel 437
 * Sun May 16 2010 Karsten Hopp <karsten@redhat.com> 7.2.436-1
 - patchlevel 436
 * Sat May 15 2010 Karsten Hopp <karsten@redhat.com> 7.2.433-1
 - patchlevel 433
 * Fri May 14 2010 Karsten Hopp <karsten@redhat.com> 7.2.427-1
 - patchlevel 427
 * Thu May 13 2010 Karsten Hopp <karsten@redhat.com> 7.2.422-1
 - patchlevel 422
 * Fri May 07 2010 Karsten Hopp <karsten@redhat.com> 7.2.416-1
 - patchlevel 416
 * Tue Apr 20 2010 Karsten Hopp <karsten@redhat.com> 7.2.411-2
 - fix rvim manpage (#583180)
 * Wed Mar 24 2010 Karsten Hopp <karsten@redhat.com> 7.2.411-1
 - patchlevel 411
 * Tue Mar 23 2010 Karsten Hopp <karsten@redhat.com> 7.2.410-1
 - patchlevel 410
 * Sat Mar 20 2010 Karsten Hopp <karsten@redhat.com> 7.2.403-1
 - patchlevel 403
 * Thu Mar 18 2010 Karsten Hopp <karsten@redhat.com> 7.2.402-1
 - patchlevel 402
 * Wed Mar 17 2010 Karsten Hopp <karsten@redhat.com> 7.2.399-1
 - patchlevel 399
 * Wed Mar 10 2010 Karsten Hopp <karsten@redhat.com> 7.2.394-1
 - patchlevel 394
 * Wed Mar 03 2010 Karsten Hopp <karsten@redhat.com> 7.2.385-1
 - patchlevel 385
 * Tue Mar 02 2010 Karsten Hopp <karsten@redhat.com> 7.2.384-1
 - patchlevel 384
 * Tue Mar 02 2010 Karsten Hopp <karsten@redhat.com> 7.2.381-1
 - patchlevel 381
 * Sat Feb 27 2010 Karsten Hopp <karsten@redhat.com> 7.2.377-1
 - patchlevel 377
 * Wed Feb 24 2010 Karsten Hopp <karsten@redhat.com> 7.2.376-1
 - patchlevel 376
 * Thu Feb 18 2010 Karsten Hopp <karsten@redhat.com> 7.2.368-1
 - patchlevel 368
 * Thu Feb 18 2010 Karsten Hopp <karsten@redhat.com> 7.2.367-1
 - patchlevel 367
 * Wed Feb 17 2010 Karsten Hopp <karsten@redhat.com> 7.2.365-1
 - patchlevel 365
 * Fri Feb 12 2010 Karsten Hopp <karsten@redhat.com> 7.2.359-1
 - patchlevel 359
 * Thu Feb 11 2010 Karsten Hopp <karsten@redhat.com> 7.2.357-1
 - patchlevel 357
 * Thu Feb 04 2010 Karsten Hopp <karsten@redhat.com> 7.2.356-1
 - patchlevel 356
 * Wed Feb 03 2010 Karsten Hopp <karsten@redhat.com> 7.2.354-1
 - patchlevel 354
 * Fri Jan 29 2010 Karsten Hopp <karsten@redhat.com> 7.2.351-1
 - patchlevel 351
 * Thu Jan 28 2010 Karsten Hopp <karsten@redhat.com> 7.2.350-1
 - patchlevel 350
 * Mon Dec  7 2009 Stepan Kasal <skasal@redhat.com> - 2:7.2.315-2
 - rebuild against perl 5.10.1
 * Wed Dec 03 2009 Karsten Hopp <karsten@redhat.com> 7.2.315-1
 - patchlevel 315
 - fix vimrc location in man page (#456992)
 - correct syntax highlighting of httpd config files in /etc/httpd (#499123)
 - Buildrequire ruby, ruby-devel (#503872)
 - Remove check for static gravity (#510307)
 - sort tags file (#517725)
 - use one gvim to open multiple file selections from nautilus (#519265)
 - use elinks -source instead of elinks -dump (#518791)
 - add ext4 keyword to /etc/fstab syntax highlighting (#498290)
 * Mon Nov 09 2009 Karsten Hopp <karsten@redhat.com> 7.2.284-1
 - patchlevel 284
 * Thu Aug 20 2009 Karsten Hopp <karsten@redhat.com> 7.2.245-3
 - change range of system ids in /etc/profile.d/vim/* (#518555)
 * Mon Aug 03 2009 Karsten Hopp <karsten@redhat.com> 7.2.245-2
 - add fix for glibc fortify segfault (#514717, Adam Tkac)
 * Sat Aug 01 2009 Karsten Hopp <karsten@redhat.com> 7.2.245-1
 - add 97 upstream patches to get to patchlevel 245
 * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:7.2.148-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 * Fri Mar 27 2009 Karsten Hopp <karsten@redhat.com> 7.2.148-1
 - patchlevel 148, fixes #461417
 * Tue Mar 10 2009 Karsten Hopp <karsten@redhat.com> 7.2.132-1
 - patchlevel 132, fixes accesses to freed memory
 * Wed Mar 04 2009 Karsten Hopp <karsten@redhat.com> 7.2.131-1
 - patchlevel 131
 * Tue Feb 24 2009 Karsten Hopp <karsten@redhat.com> 7.2.127-1
 - patchlevel 127
 * Mon Feb 23 2009 Karsten Hopp <karsten@redhat.com> 7.2.124-1
 - patchlevel 124
 * Mon Jan 26 2009 Karsten Hopp <karsten@redhat.com> 7.2.088-1
 - patchlevel 88
 * Thu Jan 08 2009 Karsten Hopp <karsten@redhat.com> 7.2.079-2
 - patchlevel 79
 * Thu Dec 04 2008 Jesse Keating <jkeating@redhat.com> - 7.2.060-2
 - Rebuild for new python.
 * Mon Dec 01 2008 Karsten Hopp <karsten@redhat.com> 7.2.060-1
 - patchlevel 60
 * Mon Nov 10 2008 Karsten Hopp <karsten@redhat.com> 7.2.032-1
 - patchlevel 32
 * Mon Nov 03 2008 Karsten Hopp <karsten@redhat.com> 7.2.026-2
 - add more /usr/share/vim/vimfiles directories (#444387)
 * Mon Nov 03 2008 Karsten Hopp <karsten@redhat.com> 7.2.026-1
 - patchlevel 26
 - own some directories in /usr/share/vim/vimfiles (#469491)
 * Tue Oct 21 2008 Karsten Hopp <karsten@redhat.com> 7.2.025-2
 - re-enable clean
 * Mon Oct 20 2008 Karsten Hopp <karsten@redhat.com> 7.2.025-1
 - patchlevel 25
 - add Categories tag to desktop file (#226526)
 - add requirement on hicolor-icon-theme to vim-X11 (#226526)
 - drop Amiga info files (#226526)
 - remove non-utf8 man pages (#226526)
 - drop Application from categories (#226526)
 * Tue Sep 30 2008 Karsten Hopp <karsten@redhat.com> 7.2.022-1
 - patchlevel 22
 * Mon Sep 08 2008 Karsten Hopp <karsten@redhat.com> 7.2.013-1
 - patchlevel 13
 * Mon Aug 25 2008 Karsten Hopp <karsten@redhat.com> 7.2.006-1
 - patchlevel 6
 * Mon Aug 18 2008 Karsten Hopp <karsten@redhat.com> 7.2.002-1
 - patchlevel 2
 - fix specfile template (#446070)
 - old specfile changelog moved to Changelog.rpm
 * Fri Aug 14 2008 Karsten Hopp <karsten@redhat.com> 7.2.000-1
 - vim 7.2
 - drop 330 patches
--- a/SOURCES/gvim16.png
+++ b/SOURCES/gvim16.png
--- a/SOURCES/gvim32.png
+++ b/SOURCES/gvim32.png
--- a/SOURCES/gvim48.png
+++ b/SOURCES/gvim48.png
--- a/SOURCES/vim-7.0-hunspell.patch
+++ b/SOURCES/vim-7.0-hunspell.patch
@ -0,0 +1,399 @@
 diff -ru vim70.orig/src/Makefile vim70.hunspell/src/Makefile
 --- vim70.orig/src/Makefile	2006-12-15 12:29:41.000000000 +0000
 +++ vim70.hunspell/src/Makefile	2006-12-14 11:11:20.000000000 +0000
@@ -1287,7 +1287,7 @@
 PFLAGS = $(PROTO_FLAGS) -DPROTO $(LINT_CFLAGS)
 ALL_LIB_DIRS = $(GUI_LIBS_DIR) $(X_LIBS_DIR)
 -ALL_LIBS = $(GUI_LIBS1) $(GUI_X_LIBS) $(GUI_LIBS2) $(X_PRE_LIBS) $(X_LIBS) $(X_EXTRA_LIBS) $(LIBS) $(EXTRA_LIBS) $(MZSCHEME_LIBS) $(PERL_LIBS) $(PYTHON_LIBS) $(TCL_LIBS) $(RUBY_LIBS) $(PROFILE_LIBS)
 +ALL_LIBS = $(GUI_LIBS1) $(GUI_X_LIBS) $(GUI_LIBS2) $(X_PRE_LIBS) $(X_LIBS) $(X_EXTRA_LIBS) $(LIBS) $(EXTRA_LIBS) $(MZSCHEME_LIBS) $(PERL_LIBS) $(PYTHON_LIBS) $(TCL_LIBS) $(RUBY_LIBS) $(PROFILE_LIBS) -lhunspell-1.1
 # abbreviations
 DEST_BIN = $(DESTDIR)$(BINDIR)
 diff -ru vim70.orig/src/spell.c vim70.hunspell/src/spell.c
 --- vim70.orig/src/spell.c	2006-12-15 12:29:44.000000000 +0000
 +++ vim70.hunspell/src/spell.c	2006-12-15 12:27:49.000000000 +0000
@@ -319,6 +319,8 @@
 # include <time.h>	/* for time_t */
 #endif
 +#include "hunspell/hunspell.h"
 +
 #define MAXWLEN 250		/* Assume max. word len is this many bytes.
 				   Some places assume a word length fits in a
 				   byte, thus it can't be above 255. */
@@ -428,6 +430,8 @@
 #define	SP_FORMERROR	-2	/* format error in spell file */
 #define SP_OTHERERROR	-3	/* other error while reading spell file */
 +#define MAXREGIONS 20
 +
 /*
  * Structure used to store words and other info for one language, loaded from
  * a .spl file.
@@ -450,6 +454,10 @@
     char_u	*sl_name;	/* language name "en", "en.rare", "nl", etc. */
     char_u	*sl_fname;	/* name of .spl file */
     int		sl_add;		/* TRUE if it's a .add file. */
 +    int		sl_ishunspell;	/* TRUE if it's an unconverted hunspell aff/dic combination. */
 +    Hunhandle	*sl_hunspell;
 +    vimconv_T   sl_tohunconv;
 +    vimconv_T   sl_fromhunconv;
     char_u	*sl_fbyts;	/* case-folded word bytes */
     idx_T	*sl_fidxs;	/* case-folded word indexes */
@@ -460,7 +468,7 @@
     char_u	*sl_info;	/* infotext string or NULL */
 -    char_u	sl_regions[17];	/* table with up to 8 region names plus NUL */
 +    char_u	sl_regions[MAXREGIONS * 2 + 1];	/* table with up to 8 region names plus NUL */
     char_u	*sl_midword;	/* MIDWORD string or NULL */
@@ -997,6 +1005,36 @@
 static char_u	*repl_from = NULL;
 static char_u	*repl_to = NULL;
 +static void
 +ensurehunspellinit(lp)
 +    slang_T *lp;
 +{
 +    if (!lp->sl_hunspell)
 +    {
 +        char_u *dic = lp->sl_fname;
 +        char_u *aff = vim_strnsave(dic, strlen(dic));
 +    
 +	vim_strncpy(aff + strlen(aff) - 3, "aff", 3);
 +    
 +	lp->sl_hunspell = Hunspell_create(aff, dic);
 +
 +	vim_free(aff);
 +
 +	if (convert_setup(&lp->sl_tohunconv, spell_enc(), 
 +	    Hunspell_get_dic_encoding(lp->sl_hunspell)) == FAIL)
 +	{
 +	    lp->sl_tohunconv.vc_fail = TRUE;
 +	}
 +
 +	if (convert_setup(&lp->sl_fromhunconv, 
 +	    Hunspell_get_dic_encoding(lp->sl_hunspell), spell_enc()) == FAIL)
 +	{
 +	    lp->sl_fromhunconv.vc_fail = TRUE;
 +	}
 +    }
 +}
 +
 +
 /*
  * Main spell-checking function.
  * "ptr" points to a character that could be the start of a word.
@@ -1101,27 +1139,70 @@
     {
 	mi.mi_lp = LANGP_ENTRY(wp->w_buffer->b_langp, lpi);
 +	if (mi.mi_lp->lp_slang->sl_ishunspell)
 +	{
 +	    slang_T *lp = mi.mi_lp->lp_slang;
 +	    char_u *converted = 0;
 +	    char_u *thisword;
 +	    char_u *mi_end = mi.mi_end;
 +	    char_u *mi_final =  mi.mi_word + strlen(mi.mi_word);
 +
 +	    while (1)
 +	    {
 +		ensurehunspellinit(lp);
 +		if ((lp->sl_tohunconv.vc_fail == TRUE) || (lp->sl_fromhunconv.vc_fail == TRUE))
 +		    break;
 +
 +		if (mi_end != mi.mi_word)
 +		{
 +		    thisword = vim_strnsave(mi.mi_word, mi_end - mi.mi_word);
 +		    converted = string_convert(&lp->sl_tohunconv, thisword, NULL);
 +		    if (converted)
 +		    {
 +			if (Hunspell_spell(lp->sl_hunspell, converted) != 0)
 +			{
 +			    mi.mi_result = SP_OK;
 +			    mi.mi_end = mi.mi_cend = mi.mi_word + strlen(thisword);
 +			}
 +			vim_free(converted);
 +		    }
 +		    vim_free(thisword);
 +		}
 +
 +		if (mi_end == mi_final)
 +		    break;
 +
 +		do
 +		{
 +		    mb_ptr_adv(mi_end);
 +		} while (*mi_end != NUL && spell_iswordp(mi_end, wp->w_buffer));
 +	    }
 +	}
 +
 	/* If reloading fails the language is still in the list but everything
 	 * has been cleared. */
 -	if (mi.mi_lp->lp_slang->sl_fidxs == NULL)
 +	if (!mi.mi_lp->lp_slang->sl_ishunspell && mi.mi_lp->lp_slang->sl_fidxs == NULL)
 	    continue;
 -	/* Check for a matching word in case-folded words. */
 -	find_word(&mi, FIND_FOLDWORD);
 +	if (!mi.mi_lp->lp_slang->sl_ishunspell)
 +	{
 +	    /* Check for a matching word in case-folded words. */
 +	    find_word(&mi, FIND_FOLDWORD);
 -	/* Check for a matching word in keep-case words. */
 -	find_word(&mi, FIND_KEEPWORD);
 +	    /* Check for a matching word in keep-case words. */
 +	    find_word(&mi, FIND_KEEPWORD);
 -	/* Check for matching prefixes. */
 -	find_prefix(&mi, FIND_FOLDWORD);
 +	    /* Check for matching prefixes. */
 +	    find_prefix(&mi, FIND_FOLDWORD);
 -	/* For a NOBREAK language, may want to use a word without a following
 -	 * word as a backup. */
 -	if (mi.mi_lp->lp_slang->sl_nobreak && mi.mi_result == SP_BAD
 -						   && mi.mi_result2 != SP_BAD)
 -	{
 -	    mi.mi_result = mi.mi_result2;
 -	    mi.mi_end = mi.mi_end2;
 +	    /* For a NOBREAK language, may want to use a word without a following
 +	     * word as a backup. */
 +	    if (mi.mi_lp->lp_slang->sl_nobreak && mi.mi_result == SP_BAD
 +						       && mi.mi_result2 != SP_BAD)
 +	    {
 +		mi.mi_result = mi.mi_result2;
 +		mi.mi_end = mi.mi_end2;
 +	    }
 	}
 	/* Count the word in the first language where it's found to be OK. */
@@ -2359,6 +2440,80 @@
     if (r == FAIL)
     {
 +#	define HUNSPELLDICT "/usr/share/myspell/"
 +	DIR *dirp = opendir(HUNSPELLDICT);
 +	if (dirp != NULL)
 +	{
 +	    slang_T* thislang[MAXREGIONS] = {0};
 +	    slang_T *lp = 0;
 +	    struct dirent *dp;
 +	    int i = 0;
 +
 +	    while ((dp = readdir(dirp)) != NULL)
 +	    {
 +		char_u final_name[MAXPATHL];
 +		char_u spf_name[MAXPATHL];
 +		char_u thisregion[3] = {0};
 +		char *resolvedlink = final_name;
 +		int j, regionpos;
 +
 +		if (strncmp(dp->d_name, lang, strlen(lang)) != 0)
 +		    continue;
 +		
 +		if ((strlen(dp->d_name) <= 4) || (dp->d_name[strlen(lang)] != '_'))
 +		    continue;
 +
 +		if (strncmp(".dic", dp->d_name + strlen(dp->d_name) - 4, 4) != 0)
 +		    continue;
 +
 +		vim_strncpy(spf_name, HUNSPELLDICT, strlen(HUNSPELLDICT));
 +		vim_strncpy(spf_name + strlen(HUNSPELLDICT), dp->d_name, strlen(HUNSPELLDICT));
 +
 +		if (realpath(spf_name, resolvedlink) != resolvedlink)
 +		    continue;
 +
 +		thisregion[0] = tolower(dp->d_name[strlen(lang)+1]);
 +		thisregion[1] = tolower(dp->d_name[strlen(lang)+1+1]);
 +
 +		r = OK;
 +
 +		for (j = 0; j < MAXREGIONS; ++j)
 +		{
 +		    if (thislang[j] && (strcmp(thislang[j]->sl_fname, final_name) == 0))
 +			break;
 +		}
 +
 +		if (j < MAXREGIONS)
 +		    lp = thislang[j];
 +		else
 +		{
 +		    lp = slang_alloc(lang);
 +		    lp->sl_ishunspell = TRUE;
 +
 +		    lp->sl_fname = vim_strsave(resolvedlink);
 +
 +		    lp->sl_next = first_lang;
 +		    first_lang = lp;
 +		    thislang[i] = lp;
 +		}
 +
 +		regionpos = 0;
 +		while (lp->sl_regions[regionpos] != 0) ++regionpos;
 +
 +		//silently lose regions which won't fit in
 +		if (regionpos == MAXREGIONS * 2)
 +		    continue;
 +
 +		vim_strncpy(lp->sl_regions + regionpos, thisregion, 2);
 +
 +		++i;
 +	    }
 +	    closedir(dirp);
 +	}
 +    }
 +
 +    if (r == FAIL)
 +    {
 	smsg((char_u *)_("Warning: Cannot find word list \"%s.%s.spl\" or \"%s.ascii.spl\""),
 						     lang, spell_enc(), lang);
     }
@@ -2429,6 +2584,9 @@
 slang_free(lp)
     slang_T	*lp;
 {
 +    Hunspell_destroy(lp->sl_hunspell);
 +    convert_setup(&lp->sl_tohunconv, NULL, NULL);
 +    convert_setup(&lp->sl_fromhunconv, NULL, NULL);
     vim_free(lp->sl_name);
     vim_free(lp->sl_fname);
     slang_clear(lp);
@@ -2974,7 +3132,7 @@
 {
     int		i;
 -    if (len > 16)
 +    if (len > MAXREGIONS*2)
 	return SP_FORMERROR;
     for (i = 0; i < len; ++i)
 	lp->sl_regions[i] = getc(fd);			/* <regionname> */
@@ -4112,6 +4270,7 @@
     /* loop over comma separated language names. */
     for (splp = buf->b_p_spl; *splp != NUL; )
     {
 +	int hunspellregionunsupported;
 	/* Get one language name. */
 	copy_option_part(&splp, lang, MAXWLEN, ",");
@@ -4182,6 +4341,7 @@
 	/*
 	 * Loop over the languages, there can be several files for "lang".
 	 */
 +	hunspellregionunsupported = 0;
 	for (slang = first_lang; slang != NULL; slang = slang->sl_next)
 	    if (filename ? fullpathcmp(lang, slang->sl_fname, FALSE) == FPC_SAME
 			 : STRICMP(lang, slang->sl_name) == 0)
@@ -4199,6 +4359,11 @@
 				/* This addition file is for other regions. */
 				region_mask = 0;
 			}
 +			else if (slang->sl_ishunspell)
 +			{
 +			    region_mask = 0;
 +			    hunspellregionunsupported++;
 +			}
 			else
 			    /* This is probably an error.  Give a warning and
 			     * accept the words anyway. */
@@ -4207,7 +4372,10 @@
 								      region);
 		    }
 		    else
 +		    {
 +			hunspellregionunsupported--;
 			region_mask = 1 << c;
 +		    }
 		}
 		if (region_mask != 0)
@@ -4225,6 +4393,9 @@
 			nobreak = TRUE;
 		}
 	    }
 +
 +	if (region && hunspellregionunsupported >= 1)
 +	    smsg((char_u *) _("Warning: region %s not supported"), region);
     }
     /* round 0: load int_wordlist, if possible.
@@ -4832,7 +5003,7 @@
     char_u	*si_info;	/* info text chars or NULL  */
     int		si_region_count; /* number of regions supported (1 when there
 				    are no regions) */
 -    char_u	si_region_name[16]; /* region names; used only if
 +    char_u	si_region_name[MAXREGIONS*2]; /* region names; used only if
 				     * si_region_count > 1) */
     garray_T	si_rep;		/* list of fromto_T entries from REP lines */
@@ -7093,7 +7264,7 @@
 		else
 		{
 		    line += 8;
 -		    if (STRLEN(line) > 16)
 +		    if (STRLEN(line) > MAXREGIONS)
 			smsg((char_u *)_("Too many regions in %s line %d: %s"),
 						       fname, lnum, line);
 		    else
@@ -8973,7 +9144,7 @@
     char_u	wfname[MAXPATHL];
     char_u	**innames;
     int		incount;
 -    afffile_T	*(afile[8]);
 +    afffile_T	*(afile[MAXREGIONS]);
     int		i;
     int		len;
     struct stat	st;
@@ -9040,8 +9211,8 @@
 	EMSG(_(e_invarg));	/* need at least output and input names */
     else if (vim_strchr(gettail(wfname), '_') != NULL)
 	EMSG(_("E751: Output file name must not have region name"));
 -    else if (incount > 8)
 -	EMSG(_("E754: Only up to 8 regions supported"));
 +    else if (incount > MAXREGIONS)
 +	EMSG2(_("E754: Only up to %d regions supported"), MAXREGIONS);
     else
     {
 	/* Check for overwriting before doing things that may take a lot of
@@ -11097,6 +11268,36 @@
     {
 	lp = LANGP_ENTRY(curbuf->b_langp, lpi);
 +	if (lp->lp_slang->sl_ishunspell)
 +	{
 +	    slang_T *slp = lp->lp_slang;
 +	    char **slst;
 +	    char_u *converted = 0;
 +
 +	    ensurehunspellinit(slp);
 +
 +	    converted = string_convert(&slp->sl_tohunconv, su->su_fbadword, NULL);
 +	    if (converted)
 +	    {
 +		int suggests;
 +		suggests = Hunspell_suggest(slp->sl_hunspell, &slst, converted);
 +		if (suggests > 0)
 +		{
 +		    int i;
 +		    char_u *suggest;
 +		    for (i = 0; i < suggests; ++i)
 +		    {
 +			suggest = string_convert(&slp->sl_fromhunconv, slst[i], NULL);
 +			add_suggestion(su, &su->su_ga, suggest, su->su_badlen, i, 0, FALSE,
 +			    slp, FALSE);
 +			vim_free(suggest);
 +		    }
 +		    free(slst);
 +		}
 +		vim_free(converted);
 +	    }
 +	}
 +
 	/* If reloading a spell file fails it's still in the list but
 	 * everything has been cleared. */
 	if (lp->lp_slang->sl_fbyts == NULL)
--- a/SOURCES/vim-crypto-warning.patch
+++ b/SOURCES/vim-crypto-warning.patch
@ -0,0 +1,86 @@
 diff --git a/src/config.h.in b/src/config.h.in
 index 7d61220..ca0b1a8 100644
 --- a/src/config.h.in
 +++ b/src/config.h.in
@@ -478,3 +478,12 @@
 /* Define to inline symbol or empty */
 #undef inline
 +
 +/* Do we need FIPS warning? */
 +#undef HAVE_FIPS_WARNING
 +
 +/* Link to system-fips file */
 +#undef SYSTEM_FIPS_FILE_LINK
 +
 +/* Link to fips_enabled file */
 +#undef FIPS_ENABLED_FILE_LINK
 diff --git a/src/configure.ac b/src/configure.ac
 index 1e7d444..5e45762 100644
 --- a/src/configure.ac
 +++ b/src/configure.ac
@@ -525,6 +525,38 @@ else
   AC_MSG_RESULT(yes)
 fi
 +dnl Checking if we want FIPS warning
 +
 +AC_MSG_CHECKING(--enable-fips-warning)
 +AC_ARG_ENABLE([fips-warning],
 +              AS_HELP_STRING([--enable-fips-warning], [Enable FIPS warning]),
 +              ,[enable_fips_warning="no"])
 +
 +if test "$enable_fips_warning" = "yes"; then
 +  AC_MSG_RESULT(yes)
 +  AC_DEFINE([HAVE_FIPS_WARNING])
 +
 +  dnl Setting path for system-fips file
 +
 +  AC_MSG_CHECKING(--with-system-fips-file argument)
 +  AC_ARG_WITH([system-fips-file], [  --with-system-fips-file=PATH       Link to system-fips file (default: /etc/system-fips)],
 +	with_system_fips_file=$withval,
 +       with_system_fips_file="/etc/system-fips")
 +  AC_MSG_RESULT([$with_system_fips_file])
 +  AC_DEFINE_UNQUOTED([SYSTEM_FIPS_FILE_LINK], ["$with_system_fips_file"])
 +
 +  dnl Setting link to fips_enabled file
 +
 +  AC_MSG_CHECKING(--with-fips-enabled-file argument)
 +  AC_ARG_WITH([fips-enabled-file], [  --with-fips-enabled-file=PATH       Link to fibs_enabled file (default: /proc/sys/crypto/fips_enabled)],
 +	with_fips_enabled_file=$withval,
 +       with_fips_enabled_file="/proc/sys/crypto/fips_enabled")
 +  AC_MSG_RESULT([$with_fips_enabled_file])
 +  AC_DEFINE_UNQUOTED([FIPS_ENABLED_FILE_LINK], ["$with_fips_enabled_file"])
 +else
 +  AC_MSG_RESULT(no)
 +fi
 +
 dnl Check for Lua feature.
 AC_MSG_CHECKING(--enable-luainterp argument)
 AC_ARG_ENABLE(luainterp,
 diff --git a/src/crypt.c b/src/crypt.c
 index dfbf02c..c935bc0 100644
 --- a/src/crypt.c
 +++ b/src/crypt.c
@@ -501,6 +501,21 @@ crypt_check_method(int method)
 	msg_scroll = TRUE;
 	MSG(_("Warning: Using a weak encryption method; see :help 'cm'"));
     }
 +#ifdef HAVE_FIPS_WARNING
 +    FILE *fips_enable_fd = fopen(FIPS_ENABLED_FILE_LINK, "r");
 +    if (fips_enable_fd == NULL)
 +      return;
 +
 +    int enabled = fgetc(fips_enable_fd);
 +
 +    if ( access(SYSTEM_FIPS_FILE_LINK, F_OK) != -1 && enabled == '1')
 +    {
 +	msg_scroll = TRUE;
 +	MSG(_("Warning: This cryptography is not FIPS 140-2 compliant."));
 +    }
 +
 +    fclose(fips_enable_fd);
 +#endif
 }
     void
--- a/SOURCES/vim-cve3778-fix.patch
+++ b/SOURCES/vim-cve3778-fix.patch
@ -0,0 +1,13 @@
 diff -up vim80/src/regexp_nfa.c.cve3796-fix vim80/src/regexp_nfa.c
 --- vim80/src/regexp_nfa.c.cve3796-fix	2021-09-20 08:27:13.752604505 +0200
 +++ vim80/src/regexp_nfa.c	2021-09-20 08:29:10.206546910 +0200
@@ -5493,7 +5493,8 @@ find_match_text(colnr_T startcol, int re
 		match = FALSE;
 		break;
 	    }
 -	    len2 += MB_CHAR2LEN(c2);
 +	    len2 += enc_utf8 ? utf_ptr2len(regline + col + len2)
 +							     : MB_CHAR2LEN(c2);
 	}
 	if (match
 #ifdef FEAT_MBYTE
--- a/SOURCES/vim-cve3796.patch
+++ b/SOURCES/vim-cve3796.patch
@ -0,0 +1,51 @@
 diff --git a/src/normal.c b/src/normal.c
 index be0e75e..7d62e20 100644
 --- a/src/normal.c
 +++ b/src/normal.c
@@ -7147,19 +7147,23 @@ nv_replace(cmdarg_T *cap)
 	    {
 		/*
 		 * Get ptr again, because u_save and/or showmatch() will have
 -		 * released the line.  At the same time we let know that the
 -		 * line will be changed.
 +		 * released the line.  This may also happen in ins_copychar().
 +		 * At the same time we let know that the line will be changed.
 		 */
 -		ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
 		if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y)
 		{
 		  int c = ins_copychar(curwin->w_cursor.lnum
 					   + (cap->nchar == Ctrl_Y ? -1 : 1));
 +
 +		  ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
 		  if (c != NUL)
 		    ptr[curwin->w_cursor.col] = c;
 		}
 		else
 +		{
 +		    ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
 		    ptr[curwin->w_cursor.col] = cap->nchar;
 +		}
 		if (p_sm && msg_silent == 0)
 		    showmatch(cap->nchar);
 		++curwin->w_cursor.col;
 diff --git a/src/testdir/test_edit.vim b/src/testdir/test_edit.vim
 index 7278bcd..8818805 100644
 --- a/src/testdir/test_edit.vim
 +++ b/src/testdir/test_edit.vim
@@ -1387,3 +1387,15 @@ func Test_edit_quit()
   only
 endfunc
 +" Test for getting the character of the line below after "p"
 +func Test_edit_put_CTRL_E()
 +  set encoding=latin1
 +  new
 +  let @" = ''
 +  sil! norm orggRx
 +  sil! norm pr
 +  call assert_equal(['r', 'r'], getline(1, 2))
 +  bwipe!
 +  set encoding=utf-8
 +endfunc
 +
--- a/SPECS/vim.spec
+++ b/SPECS/vim.spec
@ -24,7 +24,7 @@ Summary: The VIM editor
 URL:     http://www.vim.org/
 Name: vim
 Version: %{baseversion}.%{patchlevel}
-Release: 11%{?dist}
+Release: 21%{?dist}
 License: Vim and MIT
 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
 Source1: vim.sh
@ -47,10 +47,7 @@ Source16: macros.vim
 Patch2002: vim-7.0-fixkeys.patch
 Patch2003: vim-7.4-specsyntax.patch
 %if %{withhunspell}
 Patch2011: vim-7.0-hunspell.patch
 BuildRequires: hunspell-devel
 %endif
 Patch3000: vim-7.4-syntax.patch
 Patch3002: vim-7.4-nowarnings.patch
@ -71,6 +68,52 @@ Patch3017: vim-python3-tests.patch
 Patch3018: vim-covscan.patch
 # 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
 Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
 # 1605095 - vim: should not re-implement crypto
 Patch3020: vim-crypto-warning.patch
 # 1842755 - CVE-2019-20807
 Patch3021: 0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch
 # 2004975 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.6.0]
 Patch3022: vim-cve3796.patch
 # 2004892 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.6.0]
 Patch3023: vim-cve3778-fix.patch
 Patch3024: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
 # 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
 Patch3025: 0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
 # 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]
 Patch3026: 0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch
 # CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
 Patch3027: 0001-patch-8.2.3950-going-beyond-the-end-of-the-line-with.patch
 # CVE-2021-4192 vim: vulnerable to Use After Free
 Patch3028: 0001-patch-8.2.3949-using-freed-memory-with-V.patch
 # CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
 Patch3029: 0001-patch-8.2.4120-block-insert-goes-over-the-end-of-the.patch
 # CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c
 Patch3030: 0001-patch-8.2.4151-reading-beyond-the-end-of-a-line.patch
 # CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c
 Patch3031: 0001-patch-8.2.4214-illegal-memory-access-with-large-tabs.patch
 # CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
 Patch3032: 0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch
 # CVE-2022-0413 vim: use after free in src/ex_cmds.c
 Patch3033: 0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch
 # CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
 Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
 # 2073391 - CVE-2022-1154 vim: use after free in utf_ptr2char
 Patch3035: 0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
 # CVE-2022-1621 vim: heap buffer overflow
 Patch3036: 0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch
 # CVE-2022-1629 vim: buffer over-read
 Patch3037: 0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch
 # CVE-2022-1785 vim: Out-of-bounds Write
 Patch3038: 0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch
 # CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c
 Patch3039: 0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch
 # CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
 Patch3040: 0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch
 # RHEL-112003 CVE-2025-53905 vim: Vim path traversial
 Patch3041: 0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch
 # RHEL-112007 CVE-2025-53906 vim: Vim path traversal
 Patch3042: 0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch
 # gcc is no longer in buildroot by default
 BuildRequires: gcc
@ -95,6 +138,11 @@ BuildRequires: lua-devel
 Requires: desktop-file-utils
 BuildRequires: desktop-file-utils >= %{desktop_file_utils_version}
 %endif
 %if %{withhunspell}
 BuildRequires: hunspell-devel
 %endif
 Epoch: 2
 Conflicts: filesystem < 3
@ -112,7 +160,7 @@ Conflicts: man-pages-pl < 0.24-2
 Requires: %{name}-filesystem
 # it conflicts with older version of vim-minimal during update because of manpage
 # move
-Conflicts: %{name}-minimal < 8.0.1428-4
+Conflicts: %{name}-minimal < 2:8.0.1428-4
 %description common
 VIM (VIsual editor iMproved) is an updated and improved version of the
@ -135,11 +183,11 @@ many different languages.
 %package minimal
 Summary: A minimal version of the VIM editor
-Provides: vi = %{version}-%{release}
+Provides: vi = %{epoch}:%{version}-%{release}
 Provides: %{_bindir}/vi
 # it conflicts with older version of vim-common during update because of manpage
 # move
-Conflicts: %{name}-common < 8.0.1428-4
+Conflicts: %{name}-common < 2:8.0.1428-4
 %description minimal
 VIM (VIsual editor iMproved) is an updated and improved version of the
@ -154,7 +202,7 @@ package is installed.
 %package enhanced
 Summary: A version of the VIM editor which includes recent enhancements
 Requires: vim-common = %{epoch}:%{version}-%{release} which
-Provides: vim = %{version}-%{release}
+Provides: vim = %{epoch}:%{version}-%{release}
 Provides: %{_bindir}/mergetool
 Provides: %{_bindir}/vim
 # suggest python3, python2, lua, ruby and perl packages because of their 
@ -185,7 +233,6 @@ need to install the vim-common package.
 %package filesystem
 Summary: VIM filesystem layout
 BuildArch: noarch
 %Description filesystem
 This package provides some directories which are required by other
 packages that add vim files, p.e.  additional syntax files or filetypes.
@ -201,7 +248,7 @@ BuildRequires: libXpm-devel
 BuildRequires: libICE-devel
 Requires: vim-common = %{epoch}:%{version}-%{release} libattr >= 2.4 gtk3 
-Provides: gvim = %{version}-%{release}
+Provides: gvim = %{epoch}:%{version}-%{release}
 Provides: %{_bindir}/mergetool
 Provides: %{_bindir}/gvim
 Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@ -267,6 +314,29 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
 %patch3017 -p1
 %patch3018 -p1
 %patch3019 -p1 -b .cve
 %patch3020 -p1 -b .crypto-warning
 %patch3021 -p1 -b .rvim
 %patch3022 -p1 -b .cve3796
 %patch3023 -p1 -b .cve3778
 %patch3024 -p1 -b .cve3872
 %patch3025 -p1 -b .cve3984
 %patch3026 -p1 -b .cve4019
 %patch3027 -p1 -b .cve4193
 %patch3028 -p1 -b .cve4192
 %patch3029 -p1 -b .cve0261
 %patch3030 -p1 -b .cve0318
 %patch3031 -p1 -b .cve0359
 %patch3032 -p1 -b .cve0392
 %patch3033 -p1 -b .cve0413
 %patch3034 -p1 -b .cve0361
 %patch3035 -p1 -b .cve1154
 %patch3036 -p1 -b .cve1621
 %patch3037 -p1 -b .cve1629
 %patch3038 -p1 -b .cve1785
 %patch3039 -p1 -b .cve1897
 %patch3040 -p1 -b .cve1927
 %patch -P 3041 -p1 -b .CVE-2025-53905
 %patch -P 3042 -p1 -b .CVE-2025-53906
 %build
 %if 0%{?rhel} > 7
@ -296,6 +366,7 @@ perl -pi -e "s/vimrc/virc/"  os_unix.h
 %endif
  --disable-pythoninterp --disable-perlinterp --disable-tclinterp \
  --with-tlib=ncurses --enable-gui=no --disable-gpm --exec-prefix=/ \
  --enable-fips-warning \
  --with-compiledby="<bugzilla@redhat.com>" \
  --with-modified-by="<bugzilla@redhat.com>"
@ -314,6 +385,7 @@ mv -f ex_cmds.c.save ex_cmds.c
  --enable-xim --enable-multibyte \
  --with-tlib=ncurses \
  --enable-gtk3-check --enable-gui=gtk3 \
  --enable-fips-warning \
  --with-compiledby="<bugzilla@redhat.com>" --enable-cscope \
  --with-modified-by="<bugzilla@redhat.com>" \
 %if "%{withnetbeans}" == "1"
@ -351,6 +423,7 @@ make clean
 --enable-gui=no --exec-prefix=%{_prefix} --enable-multibyte \
 --enable-cscope --with-modified-by="<bugzilla@redhat.com>" \
 --with-tlib=ncurses \
  --enable-fips-warning \
 --with-compiledby="<bugzilla@redhat.com>" \
 %if "%{withnetbeans}" == "1"
  --enable-netbeans \
@ -543,16 +616,6 @@ rm -f %{buildroot}/%{_datadir}/vim/%{vimdir}/macros/maze/maze*.c
 rm -rf %{buildroot}/%{_datadir}/vim/%{vimdir}/tools
 rm -rf %{buildroot}/%{_datadir}/vim/%{vimdir}/doc/vim2html.pl
 rm -f %{buildroot}/%{_datadir}/vim/%{vimdir}/tutor/tutor.gr.utf-8~
 ( cd %{buildroot}/%{_mandir}
  for i in `find ??/ -type f`; do
    if [[ "`file $i`" == *UTF-8\ Unicode\ text* ]]; then
      continue
    fi
    bi=`basename $i`
    iconv -f latin1 -t UTF8 $i > %{buildroot}/$bi
    mv -f %{buildroot}/$bi $i
  done
 )
 # Remove not UTF-8 manpages
 for i in pl.ISO8859-2 it.ISO8859-1 ru.KOI8-R fr.ISO8859-1; do
@ -792,6 +855,67 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %{_datadir}/icons/locolor/*/apps/*
 %changelog
 * Wed Sep 17 2025 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-21
 - RHEL-112003 CVE-2025-53905 vim: Vim path traversial
 - RHEL-112007 CVE-2025-53906 vim: Vim path traversal
 * Tue Jun 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-20
 - fix issue reported by covscan
 * Mon Jun 13 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-20
 - CVE-2022-1785 vim: Out-of-bounds Write
 - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c
 - CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
 * Sat May 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-20
 - CVE-2022-1621 vim: heap buffer overflow
 - CVE-2022-1629 vim: buffer over-read
 * Sat Apr 09 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-20
 - CVE-2022-1154 vim: use after free in utf_ptr2char
 * Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19
 - CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
 * Mon Feb 07 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
 - CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
 - CVE-2022-0413 vim: use after free in src/ex_cmds.c
 * Thu Jan 27 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
 - fix test suite after fix for CVE-2022-0318
 - CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c
 * Wed Jan 12 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
 - CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
 - CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c
 * Wed Jan 12 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
 - CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
 - CVE-2021-4192 vim: vulnerable to Use After Free
 * Fri Dec 03 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
 - 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
 - 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]
 * Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-17
 - 2016201 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0]
 * Thu Sep 23 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16
 - 2004975 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.6.0]
 - 2004892 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.6.0]
 * Tue Jun 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-15
 - 1842755 - CVE-2019-20807
 * Mon Feb 10 2020 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-14
 - 1745476 - manpage of vim is garbled in Japanese locale
 * Tue Jul 23 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-13
 - fixing covscan issues raised by previous commit
 * Tue Jul 23 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-12
 - 1605095 - vim: should not re-implement crypto
 * Fri Jun 14 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-11
 - 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
Author	SHA1	Message	Date
eabdullin	a2b7606273	import UBI vim-8.0.1763-21.el8_10	2025-10-12 00:12:02 +00:00
CentOS Sources	86dde19991	import vim-8.0.1763-19.el8_6.4	2022-08-02 07:04:13 +00:00
CentOS Sources	329a0f6996	import vim-8.0.1763-19.el8_6.2	2022-06-28 10:55:02 +00:00
CentOS Sources	eedc06f3b5	import vim-8.0.1763-16.el8_5.13	2022-04-26 13:51:47 +00:00
CentOS Sources	89a326fa02	import vim-8.0.1763-16.el8_5.12	2022-03-24 14:06:57 +00:00
CentOS Sources	1b77547944	import vim-8.0.1763-16.el8_5.4	2022-02-01 20:15:52 +00:00
CentOS Sources	1d937bdab7	import vim-8.0.1763-16.el8	2021-11-11 08:23:51 +00:00
CentOS Sources	bf4d6e3fac	import vim-8.0.1763-15.el8	2021-09-10 05:40:51 +00:00
CentOS Sources	fd875ab0ac	import vim-8.0.1763-13.el8	2021-09-10 05:40:49 +00:00