diff --git a/7.1.087 b/7.1.087
new file mode 100644
index 0000000..3ba731e
--- /dev/null
+++ b/7.1.087
@@ -0,0 +1,151 @@
+To: vim-dev@vim.org
+Subject: patch 7.1.087
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.1.087
+Problem: Reading past ":cscope find" command. Writing past end of a buffer.
+Solution: Check length of the argument before using the pattern. Use
+ vim_strncpy(). (Dominique Pelle)
+Files: if_cscope.c
+
+
+*** ../vim-7.1.086/src/if_cscope.c Sun Mar 11 15:48:29 2007
+--- src/if_cscope.c Sun Aug 19 22:17:09 2007
+***************
+*** 73,78 ****
+--- 73,80 ----
+
+
+ static csinfo_T csinfo[CSCOPE_MAX_CONNECTIONS];
++ static int eap_arg_len; /* length of eap->arg, set in
++ cs_lookup_cmd() */
+ static cscmd_T cs_cmds[] =
+ {
+ { "add", cs_add,
+***************
+*** 260,273 ****
+
+ if ((p = cs_manage_matches(NULL, NULL, -1, Get)) == NULL)
+ return TRUE;
+!
+! if ((int)strlen(p) > size)
+! {
+! strncpy((char *)buf, p, size - 1);
+! buf[size] = '\0';
+! }
+! else
+! (void)strcpy((char *)buf, p);
+
+ return FALSE;
+ } /* cs_fgets */
+--- 262,268 ----
+
+ if ((p = cs_manage_matches(NULL, NULL, -1, Get)) == NULL)
+ return TRUE;
+! vim_strncpy(buf, (char_u *)p, size - 1);
+
+ return FALSE;
+ } /* cs_fgets */
+***************
+*** 386,392 ****
+ * PRIVATE: cs_add
+ *
+ * add cscope database or a directory name (to look for cscope.out)
+! * the the cscope connection list
+ *
+ * MAXPATHL 256
+ */
+--- 381,387 ----
+ * PRIVATE: cs_add
+ *
+ * add cscope database or a directory name (to look for cscope.out)
+! * to the cscope connection list
+ *
+ * MAXPATHL 256
+ */
+***************
+*** 966,972 ****
+ }
+
+ pat = opt + strlen(opt) + 1;
+! if (pat == NULL || (pat != NULL && pat[0] == '\0'))
+ {
+ cs_usage_msg(Find);
+ return FALSE;
+--- 961,967 ----
+ }
+
+ pat = opt + strlen(opt) + 1;
+! if (pat >= (char *)eap->arg + eap_arg_len)
+ {
+ cs_usage_msg(Find);
+ return FALSE;
+***************
+*** 1317,1323 ****
+ #else
+ /* compare pathnames first */
+ && ((fullpathcmp(csinfo[j].fname, fname, FALSE) & FPC_SAME)
+! /* if not Windows 9x, test index file atributes too */
+ || (!mch_windows95()
+ && csinfo[j].nVolume == bhfi.dwVolumeSerialNumber
+ && csinfo[j].nIndexHigh == bhfi.nFileIndexHigh
+--- 1312,1318 ----
+ #else
+ /* compare pathnames first */
+ && ((fullpathcmp(csinfo[j].fname, fname, FALSE) & FPC_SAME)
+! /* if not Windows 9x, test index file attributes too */
+ || (!mch_windows95()
+ && csinfo[j].nVolume == bhfi.dwVolumeSerialNumber
+ && csinfo[j].nIndexHigh == bhfi.nFileIndexHigh
+***************
+*** 1401,1406 ****
+--- 1396,1404 ----
+ if (eap->arg == NULL)
+ return NULL;
+
++ /* Store length of eap->arg before it gets modified by strtok(). */
++ eap_arg_len = STRLEN(eap->arg);
++
+ if ((stok = strtok((char *)(eap->arg), (const char *)" ")) == NULL)
+ return NULL;
+
+***************
+*** 2195,2201 ****
+ cs_add_common(dblist[i], pplist[i], fllist[i]);
+ if (p_csverbose)
+ {
+! /* dont' use smsg_attr because want to display
+ * connection number in the same line as
+ * "Added cscope database..."
+ */
+--- 2193,2199 ----
+ cs_add_common(dblist[i], pplist[i], fllist[i]);
+ if (p_csverbose)
+ {
+! /* don't use smsg_attr() because we want to display the
+ * connection number in the same line as
+ * "Added cscope database..."
+ */
+*** ../vim-7.1.086/src/version.c Tue Aug 21 17:29:04 2007
+--- src/version.c Tue Aug 21 17:59:42 2007
+***************
+*** 668,669 ****
+--- 668,671 ----
+ { /* Add new patch number below this line */
++ /**/
++ 87,
+ /**/
+
+--
+hundred-and-one symptoms of being an internet addict:
+223. You set up a web-cam as your home's security system.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
+/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\ download, build and distribute -- http://www.A-A-P.org ///
+ \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
diff --git a/README.patches b/README.patches
index 2219a41..d3eafb1 100644
--- a/README.patches
+++ b/README.patches
@@ -101,4 +101,13 @@ Individual patches for Vim 7.1:
5259 7.1.074 crash when using string() on a recursively nested List
1686 7.1.075 ":let v:statusmsg" reads memory already freed
2376 7.1.076 a couple more strcpy() with overlapping arguments
- 1551 7.1.077 flag indicating spell checking is to be done isn't always set
+ 2678 7.1.078 dropping file name on gvim containing CSI byte doesn't work
+ 2922 7.1.079 "@" character in 'isfname' doesn't pick up umlauts for latin1
+ 2960 7.1.080 (extra) Compiler warnings for gvimex.cpp
+ 3253 7.1.081 completion doesn't work after ":!cat <foo"
+ 3464 7.1.082 matchparen plugin doesn't update after window split
+ 3448 7.1.083 (after 7.1.081) completion doesn't work with wildcards
+ 1671 7.1.084 netbeans doesn't get fileOpened events when using -nb twice
+ 2496 7.1.085 after ":split fold.c" folds in one window disappear
+ 3561 7.1.086 crash when using specific Python syntax highlighting
+ 4165 7.1.087 cscope: reading past command end; writing past buffer end
diff --git a/vim.spec b/vim.spec
index b5e5566..2add7ff 100644
--- a/vim.spec
+++ b/vim.spec
@@ -15,7 +15,7 @@
#used for pre-releases:
%define beta %{nil}
%define vimdir vim71%{?beta}
-%define patchlevel 77
+%define patchlevel 87
Summary: The VIM editor
URL: http://www.vim.org/
@@ -92,7 +92,7 @@ Patch037: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.037
Patch038: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.038
Patch039: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039
Patch040: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.040
-#Patch041: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.041
+Patch041: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.041
Patch042: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.042
Patch043: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.043
Patch044: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.044
@@ -129,6 +129,16 @@ Patch074: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.074
Patch075: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.075
Patch076: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.076
Patch077: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.077
+Patch078: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.078
+Patch079: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.079
+Patch080: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.080
+Patch081: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.081
+Patch082: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.082
+Patch083: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.083
+Patch084: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.084
+Patch085: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.085
+Patch086: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.086
+Patch087: ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.087
Patch3000: vim-7.0-syntax.patch
Patch3002: vim-7.1-nowarnings.patch
@@ -245,9 +255,9 @@ with graphics and mouse capabilities. You'll also need to install the
vim-common package.
%prep
+%setup -q -b 0 -n %{vimdir}
%setup -q -b 1 -n %{vimdir}
-%{__tar} xzf %{SOURCE1}
-%{__tar} xzf %{SOURCE2}
+%setup -q -b 2 -n %{vimdir}
# fix rogue dependencies from sample code
chmod -x runtime/tools/mve.awk
%patch2002 -p1
@@ -303,7 +313,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
%patch039 -p0
%patch040 -p0
# DOS, Amiga, OS2, VMS:
-#patch041 -p0
+%patch041 -p0
%patch042 -p0
%patch043 -p0
%patch044 -p0
@@ -343,6 +353,16 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
%patch075 -p0
%patch076 -p0
%patch077 -p0
+%patch078 -p0
+%patch079 -p0
+%patch080 -p0
+%patch081 -p0
+%patch082 -p0
+%patch083 -p0
+%patch084 -p0
+%patch085 -p0
+%patch086 -p0
+%patch087 -p0
# install spell files
%if %{withvimspell}
@@ -728,6 +748,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/icons/hicolor/*/apps/*
%changelog
+* Fri Aug 24 2007 Karsten Hopp <karsten@redhat.com> 7.1.87-1
+- patchlevel 87
+
* Wed Aug 15 2007 Karsten Hopp <karsten@redhat.com> 7.1.77-1
- patchlevel 77