Bug#472522: vim: Please document non-default setting of "nomodeline"

Daniel Hahler debian-bugs at thequod.de
Mon Mar 24 19:11:42 UTC 2008


Package: vim
Version: 1:7.1-138+1
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu hardy ubuntu-patch

Debian sets "nomodeline" by default in
/usr/share/vim/vimcurrent/debian.vim.

This has been done for security reasons and has been reverted and
reapplied.

As long as this non-default setting does not get changed back to Vim's
default ("nomodeline" for root, "modeline" for normal users), it should
be documented.

The attached patch adds a note to debian/README.Debian, and fixes
debian/FAQ and vim-7.1/vim71/runtime/doc/options.txt (through a patch).

This bug has been reported in Ubuntu at
https://launchpad.net/bugs/130531.


*** /tmp/tmpkYgU88
In Ubuntu, we've applied the attached patch to achieve the following:

  * modeline-default.diff, debian/README.Debian, debian/FAQ:
    Document the default of "nomodeline" in Debian/Ubuntu (LP: #130531)

We thought you might be interested in doing the same. 
-------------- next part --------------
diff -u vim-7.1/patches/series vim-7.1/patches/series
--- vim-7.1/patches/series
+++ vim-7.1/patches/series
@@ -32,0 +33 @@
+modeline-default.diff
diff -u vim-7.1/debian/README.Debian vim-7.1/debian/README.Debian
--- vim-7.1/debian/README.Debian
+++ vim-7.1/debian/README.Debian
@@ -48,0 +49,11 @@
+
+Modeline support disabled by default
+------------------------------------
+
+Modelines have historically been a source of security/resource vulnerabilities
+and are therefore disabled by default in /usr/share/vim/vimcurrent/debian.vim.
+
+You can enable them in ~/.vimrc or /etc/vim/vimrc with "set modeline".
+
+ -- Daniel Hahler <ubuntu at thequod.de> Mon, 24 Mar 2008 17:10:42 +0100
+
diff -u vim-7.1/debian/FAQ vim-7.1/debian/FAQ
--- vim-7.1/debian/FAQ
+++ vim-7.1/debian/FAQ
@@ -3911,8 +3911,9 @@
 
 This will set the 'shiftwidth' option to 4, when editing that C file.
 For this to work, the 'modeline' option should be set. By default, the
-'modeline' option is set. The 'modelines' settings specifies the number of
-lines that will be checked for the Vim set commands.
+'modeline' option is not set in Debian for security reasons.
+The 'modelines' setting specifies the number of lines that will be
+checked for the Vim set commands.
 
 For more information, read
 
diff -u vim-7.1/debian/changelog vim-7.1/debian/changelog
only in patch2:
unchanged:
--- vim-7.1.orig/patches/modeline-default.diff
+++ vim-7.1/patches/modeline-default.diff
@@ -0,0 +1,13 @@
+Index: vim-7.1/vim71/runtime/doc/options.txt
+===================================================================
+--- vim-7.1.orig/vim71/runtime/doc/options.txt	2008-03-24 19:40:30.000000000 +0100
++++ vim-7.1/vim71/runtime/doc/options.txt	2008-03-24 19:48:57.000000000 +0100
+@@ -4557,7 +4557,7 @@
+ 	languages, no matter what you set 'mkspellmem' to.
+ 
+ 				   *'modeline'* *'ml'* *'nomodeline'* *'noml'*
+-'modeline' 'ml'		boolean	(Vim default: on (off for root),
++'modeline' 'ml'		boolean	(Vim default in Debian: off,
+ 				 Vi default: off)
+ 			local to buffer
+ 						*'modelines'* *'mls'*


More information about the pkg-vim-maintainers mailing list