new file mode 100644

@@ -0,0 +1,62 @@

+diff -rup vim74/src/option.c vim74-new/src/option.c

+--- vim74/src/option.c	2013-07-17 12:39:13.000000000 -0700

+@@ -5653,6 +5653,21 @@ set_string_option(opt_idx, value, opt_fl

+ }

+ 

+ /*

++ * Return TRUE if "val" is a valid 'filetype' name.

++ * Also used for 'syntax' and 'keymap'.

++ */

++    static int

++valid_filetype(char_u *val)

++{

++    char_u *s;

++

++    for (s = val; *s != NUL; ++s)

++	if (!ASCII_ISALNUM(*s) && vim_strchr((char_u *)".-_", *s) == NULL)

++	    return FALSE;

++    return TRUE;

++}

++

++/*

+  * Handle string options that need some action to perform when changed.

+  * Returns NULL for success, or an error message for an error.

+  */

+@@ -6043,8 +6058,11 @@ did_set_string_option(opt_idx, varp, new

+ #ifdef FEAT_KEYMAP

+     else if (varp == &curbuf->b_p_keymap)

+     {

+-	/* load or unload key mapping tables */

+-	errmsg = keymap_init();

++	if (!valid_filetype(*varp))

++	    errmsg = e_invarg;

++	else

++	    /* load or unload key mapping tables */

++	    errmsg = keymap_init();

+ 

+ 	if (errmsg == NULL)

+ 	{

+@@ -6990,6 +7008,22 @@ did_set_string_option(opt_idx, varp, new

+     }

+ #endif

+ 

++#ifdef FEAT_AUTOCMD

++    else if (gvarp == &p_ft)

++    {

++	if (!valid_filetype(*varp))

++	    errmsg = e_invarg;

++    }

++#endif

++

++#ifdef FEAT_SYN_HL

++    else if (gvarp == &p_syn)

++    {

++	if (!valid_filetype(*varp))

++	    errmsg = e_invarg;

++    }

++#endif

++

+     /* Options that are a list of flags. */

+     else

+     {

@@ -1,37 +1,39 @@

 %define debug_package %{nil}

-Summary:	Text editor

-Name:		vim

-Version:	7.4

-Release:	7%{?dist}

-License:	Charityware

-URL:		http://www.vim.org

-Group:		Applications/Editors

-Vendor:		VMware, Inc.

-Distribution:	Photon

-Source0:	%{name}-%{version}.tar.bz2

+Summary:    Text editor

+Name:       vim

+Version:    7.4

+Release:    8%{?dist}

+License:    Charityware

+URL:        http://www.vim.org

+Group:      Applications/Editors

+Vendor:     VMware, Inc.

+Distribution:   Photon

+Source0:    %{name}-%{version}.tar.bz2

 %define sha1 vim=601abf7cc2b5ab186f40d8790e542f86afca86b7

-BuildRequires:	ncurses-devel

-Requires:	tcsh

+Patch0:         vim-CVE-2016-1248.patch

+BuildRequires:  ncurses-devel

+Requires:   tcsh

 %description

 The Vim package contains a powerful text editor.

-%package 	extra

-Summary: 	Extra files for Vim text editor

-Group: 		Applications/Editors

-Requires:	tcsh

+%package    extra

+Summary:    Extra files for Vim text editor

+Group:      Applications/Editors

+Requires:   tcsh

 %description extra

 The vim extra package contains a extra files for powerful text editor.

 %prep

 %setup -q -n %{name}74

+%patch0 -p1

 echo '#define SYS_VIMRC_FILE "/etc/vimrc"' >> src/feature.h

 %build

 ./configure \

-	--prefix=%{_prefix} \

-	--enable-multibyte

+    --prefix=%{_prefix} \

+    --enable-multibyte

 make VERBOSE=1 %{?_smp_mflags}

 %install

 cd %{_builddir}/%{name}74

@@ -155,8 +157,10 @@ make test

 %{_bindir}/vimdiff

 %changelog

-*       Wed Oct 05 2016 ChangLee <changlee@vmware.com> 7.4-7

--       Modified %check

+*   Fri Nov 18 2016 Anish Swaminathan <anishs@vmware.com>  7.4-8

+-   Fix for CVE-2016-1248

+*   Wed Oct 05 2016 ChangLee <changlee@vmware.com> 7.4-7

+-   Modified %check

 *   Wed Aug 24 2016 Alexey Makhalov <amakhalov@vmware.com> 7.4-6

 -   vimrc: Added tags search, tab->spaces and some bindings

 *   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 7.4-5