From d7469ab8267ede68a8c69920325c6bd803111c6a Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jun 26 2019 21:23:09 +0000
Subject: import vim-8.0.1763-11.el8_0


---

diff --git a/SOURCES/0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch b/SOURCES/0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
new file mode 100644
index 0000000..97e8e2e
--- /dev/null
+++ b/SOURCES/0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
@@ -0,0 +1,16 @@
+diff -up vim80/src/getchar.c.cve vim80/src/getchar.c
+--- vim80/src/getchar.c.cve	2019-06-14 13:46:17.269523985 +0200
++++ vim80/src/getchar.c	2019-06-14 13:46:58.427169288 +0200
+@@ -1418,6 +1418,12 @@ openscript(
+ 	EMSG(_(e_nesting));
+ 	return;
+     }
++
++    // Disallow sourcing a file in the sandbox, the commands would be executed
++    // later, possibly outside of the sandbox.
++    if (check_secure())
++	return;
++
+ #ifdef FEAT_EVAL
+     if (ignore_script)
+ 	/* Not reading from script, also don't open one.  Warning message? */
diff --git a/SPECS/vim.spec b/SPECS/vim.spec
index 5db2172..b5e30b5 100644
--- a/SPECS/vim.spec
+++ b/SPECS/vim.spec
@@ -24,7 +24,7 @@ Summary: The VIM editor
 URL:     http://www.vim.org/
 Name: vim
 Version: %{baseversion}.%{patchlevel}
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: Vim and MIT
 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
 Source1: vim.sh
@@ -69,6 +69,8 @@ Patch3016: vim-8.0-copy-paste.patch
 Patch3017: vim-python3-tests.patch
 # 1602727 - fixed several covscan issues and backported from upstream
 Patch3018: vim-covscan.patch
+# 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
+Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
 
 # gcc is no longer in buildroot by default
 BuildRequires: gcc
@@ -264,6 +266,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
 %patch3016 -p1
 %patch3017 -p1
 %patch3018 -p1
+%patch3019 -p1 -b .cve
 
 %build
 %if 0%{?rhel} > 7
@@ -789,6 +792,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %{_datadir}/icons/locolor/*/apps/*
 
 %changelog
+* Fri Jun 14 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-11
+- 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [rhel-8.1.0]
+
 * Thu Dec 06 2018 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-10
 - do not strip binaries before build system strips them