Bug#472522: vim: Please document non-default setting of "nomodeline"
Daniel Hahler
debian-bugs at thequod.de
Mon Mar 24 19:11:42 UTC 2008
Package: vim
Version: 1:7.1-138+1
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu hardy ubuntu-patch
Debian sets "nomodeline" by default in
/usr/share/vim/vimcurrent/debian.vim.
This has been done for security reasons and has been reverted and
reapplied.
As long as this non-default setting does not get changed back to Vim's
default ("nomodeline" for root, "modeline" for normal users), it should
be documented.
The attached patch adds a note to debian/README.Debian, and fixes
debian/FAQ and vim-7.1/vim71/runtime/doc/options.txt (through a patch).
This bug has been reported in Ubuntu at
https://launchpad.net/bugs/130531.
*** /tmp/tmpkYgU88
In Ubuntu, we've applied the attached patch to achieve the following:
* modeline-default.diff, debian/README.Debian, debian/FAQ:
Document the default of "nomodeline" in Debian/Ubuntu (LP: #130531)
We thought you might be interested in doing the same.
-------------- next part --------------
diff -u vim-7.1/patches/series vim-7.1/patches/series
--- vim-7.1/patches/series
+++ vim-7.1/patches/series
@@ -32,0 +33 @@
+modeline-default.diff
diff -u vim-7.1/debian/README.Debian vim-7.1/debian/README.Debian
--- vim-7.1/debian/README.Debian
+++ vim-7.1/debian/README.Debian
@@ -48,0 +49,11 @@
+
+Modeline support disabled by default
+------------------------------------
+
+Modelines have historically been a source of security/resource vulnerabilities
+and are therefore disabled by default in /usr/share/vim/vimcurrent/debian.vim.
+
+You can enable them in ~/.vimrc or /etc/vim/vimrc with "set modeline".
+
+ -- Daniel Hahler <ubuntu at thequod.de> Mon, 24 Mar 2008 17:10:42 +0100
+
diff -u vim-7.1/debian/FAQ vim-7.1/debian/FAQ
--- vim-7.1/debian/FAQ
+++ vim-7.1/debian/FAQ
@@ -3911,8 +3911,9 @@
This will set the 'shiftwidth' option to 4, when editing that C file.
For this to work, the 'modeline' option should be set. By default, the
-'modeline' option is set. The 'modelines' settings specifies the number of
-lines that will be checked for the Vim set commands.
+'modeline' option is not set in Debian for security reasons.
+The 'modelines' setting specifies the number of lines that will be
+checked for the Vim set commands.
For more information, read
diff -u vim-7.1/debian/changelog vim-7.1/debian/changelog
only in patch2:
unchanged:
--- vim-7.1.orig/patches/modeline-default.diff
+++ vim-7.1/patches/modeline-default.diff
@@ -0,0 +1,13 @@
+Index: vim-7.1/vim71/runtime/doc/options.txt
+===================================================================
+--- vim-7.1.orig/vim71/runtime/doc/options.txt 2008-03-24 19:40:30.000000000 +0100
++++ vim-7.1/vim71/runtime/doc/options.txt 2008-03-24 19:48:57.000000000 +0100
+@@ -4557,7 +4557,7 @@
+ languages, no matter what you set 'mkspellmem' to.
+
+ *'modeline'* *'ml'* *'nomodeline'* *'noml'*
+-'modeline' 'ml' boolean (Vim default: on (off for root),
++'modeline' 'ml' boolean (Vim default in Debian: off,
+ Vi default: off)
+ local to buffer
+ *'modelines'* *'mls'*
More information about the pkg-vim-maintainers
mailing list