vim (2:9.1.0016-1ubuntu7.9) noble-security; urgency=medium
* SECURITY UPDATE: Path traversal when opening specially crafted tar/zip
archives.
- debian/patches/CVE-2025-53905.patch: remove leading slashes from name,
replace tar_secure with g:tar_secure in runtime/autoload/tar.vim.
- debian/patches/CVE-2025-53906.patch: Add need_rename, replace w! with w,
call warning for path traversal attack, and escape leading "../" in
runtime/autoload/zip.vim.
- CVE-2025-53905
- CVE-2025-53906
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Fri, 05 Sep 2025 17:14:46 -0230
vim (2:9.1.0016-1ubuntu7.8) noble-security; urgency=medium
* SECURITY UPDATE: Crash when file is inaccessible with log option.
- debian/patches/CVE-2025-1215.patch: Split common_init to common_init_1
and common_init_2 in ./src/main.c
- CVE-2025-1215
* SECURITY UPDATE: Use after free when redirecting display command to
register.
- debian/patches/CVE-2025-26603.patch: Change redir_reg check to use
vim_strchr command check in ./src/register.c.
- CVE-2025-26603
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Tue, 01 Apr 2025 17:42:31 -0230
vim (2:9.1.0016-1ubuntu7.7) noble-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()
in files src/gui.c, src/testdir/crash/ex_redraw_crash,
src/testdir/test_crash.vim.
- CVE-2025-24014
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Mon, 03 Feb 2025 08:25:28 -0300
vim (2:9.1.0016-1ubuntu7.6) noble-security; urgency=medium
* SECURITY UPDATE: Heap-buffer-overflow when switching buffers.
- debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to
src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.
- CVE-2025-22134
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 16 Jan 2025 16:43:18 -0330
vim (2:9.1.0016-1ubuntu7.5) noble-security; urgency=medium
* SECURITY UPDATE: Use after free when closing a buffer.
- debian/patches/CVE-2024-47814.patch: Add buf_locked() in src/buffer.c.
Abort autocommands editing a file when buf_locked() in src/ex_cmds.c.
Add buf_locked() in src/proto/buffer.pro.
- CVE-2024-47814
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 06 Nov 2024 15:34:03 -0330
vim (2:9.1.0016-1ubuntu7.4) noble; urgency=medium
* Ensure Ubuntu codenames are current (LP: #2084706).
-- Simon Quigley <tsimonq2@ubuntu.com> Wed, 16 Oct 2024 13:05:40 -0500
vim (2:9.1.0016-1ubuntu7.3) noble-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2024-43802.patch: check buflen before advancing
offset. Add src/testdir/crash/heap_overflow3 to include-binaries.
- CVE-2024-43802
-- Vyom Yadav <vyom.yadav@canonical.com> Wed, 25 Sep 2024 15:43:04 +0530
vim (2:9.1.0016-1ubuntu7.2) noble-security; urgency=medium
* SECURITY UPDATE: use after free
- debian/patches/CVE-2024-41957.patch: set tagname to NULL
after being freed
- CVE-2024-41957
* SECURITY UPDATE: use after free
- debian/patches/CVE-2024-43374.patch: add lock to keep
reference valid
- CVE-2024-43374
-- Bruce Cable <bruce.cable@canonical.com> Tue, 27 Aug 2024 14:08:09 +1000
vim (2:9.1.0016-1ubuntu7.1) noble; urgency=medium
* Ensure Ubuntu codenames are current (LP: #2064687).
-- Simon Quigley <tsimonq2@ubuntu.com> Thu, 02 May 2024 21:45:42 -0500
vim (2:9.1.0016-1ubuntu7) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <steve.langasek@ubuntu.com> Sun, 31 Mar 2024 00:15:53 +0000
vim (2:9.1.0016-1ubuntu6) noble; urgency=medium
* No-change rebuild against libcanberra t64.
-- Matthias Klose <doko@ubuntu.com> Sun, 24 Mar 2024 14:47:33 +0100
vim (2:9.1.0016-1ubuntu5) noble; urgency=medium
* No-change rebuild against libperl5.38t64
-- Steve Langasek <steve.langasek@ubuntu.com> Sat, 09 Mar 2024 18:23:42 +0000
vim (2:9.1.0016-1ubuntu4) noble; urgency=medium
* No-change rebuild against libglib2.0-0t64
-- Steve Langasek <steve.langasek@ubuntu.com> Fri, 08 Mar 2024 07:56:16 +0000
vim (2:9.1.0016-1ubuntu3) noble; urgency=medium
* No-change upload to remove support of ruby3.1.
-- Lucas Kanashiro <kanashiro@ubuntu.com> Tue, 20 Feb 2024 15:51:36 -0300
vim (2:9.1.0016-1ubuntu2) noble; urgency=medium
* No-change rebuild with Python 3.12 as default
-- Graham Inggs <ginggs@ubuntu.com> Fri, 19 Jan 2024 21:04:08 +0000
vim (2:9.1.0016-1ubuntu1) noble; urgency=medium
* Merge from Debian Unstable (LP: #2047982). Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
-- Simon Quigley <tsimonq2@ubuntu.com> Thu, 11 Jan 2024 14:48:41 -0600
vim (2:9.1.0016-1) unstable; urgency=medium
* Team upload.
* New upstream release:
- Fix high-contrast diff highlighting introduced in 2:9.0.2189-1.
-- Simon Quigley <tsimonq2@debian.org> Thu, 11 Jan 2024 14:38:16 -0600
vim (2:9.1.0-1ubuntu3) noble; urgency=medium
* No-change rebuild due to failed Launchpad dist-upgrade.
-- Matthias Klose <doko@ubuntu.com> Thu, 11 Jan 2024 13:48:47 +0100
vim (2:9.1.0-1ubuntu2) noble; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <doko@ubuntu.com> Wed, 10 Jan 2024 14:13:51 +0100
vim (2:9.1.0-1ubuntu1) noble; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
-- Simon Quigley <tsimonq2@ubuntu.com> Tue, 02 Jan 2024 19:40:24 -0600
vim (2:9.1.0-1) unstable; urgency=medium
* Team upload.
* New upstream release, dedicated to the memory of Bram Moolenaar, Vim's
lead developer for more than 30 years, who passed away half a year ago.
The Vim project wouldn't exist without his work!
-- Simon Quigley <tsimonq2@debian.org> Tue, 02 Jan 2024 19:25:17 -0600
vim (2:9.0.2189-1ubuntu1) noble; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
-- Simon Quigley <tsimonq2@ubuntu.com> Mon, 01 Jan 2024 14:25:31 -0600
vim (2:9.0.2189-1) unstable; urgency=medium
[ Simon Quigley ]
* Merge upstream patch v9.0.2184:
- Security fixes:
+ 9.0.2121: use-after-free in ex_substitute, CVE-2023-48706
- Update copyright years.
[ James McCoy ]
* Merge upstream patch v9.0.2189
- syntax/debcontrol.vim: Add support for loong64 keyword. Thanks to
zhangjialing@loongson.cn for the patch.
-- James McCoy <jamessan@debian.org> Mon, 01 Jan 2024 09:23:58 -0500
vim (2:9.0.2184-0ubuntu1) noble; urgency=medium
* New upstream release.
- Forwarded: https://salsa.debian.org/vim-team/vim/-/merge_requests/9
- Drop all reverse-applicable CVE patches.
-- Simon Quigley <tsimonq2@ubuntu.com> Sat, 23 Dec 2023 11:58:34 -0600
vim (2:9.0.2116-1ubuntu2) noble; urgency=medium
* SECURITY UPDATE: use-after-free in ex_substitute
- debian/patches/CVE-2023-48706.patch
- CVE-2023-48706
-- Simon Quigley <tsimonq2@ubuntu.com> Tue, 28 Nov 2023 13:13:06 -0600
vim (2:9.0.2116-1ubuntu1) noble; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
-- Simon Quigley <tsimonq2@ubuntu.com> Mon, 20 Nov 2023 17:12:45 -0600
vim (2:9.0.2116-1) unstable; urgency=medium
* Merge upstream patch v9.0.2116
+ Security fixes
- 9.0.2106: Use-after-free in win_close(), CVE-2023-48231
- 9.0.2107: FPE in adjust_plines_for_skipcol, CVE-2023-48232
- 9.0.2108: overflow with count for :s command. Abort command if count
is too large, CVE-2023-48233
- 9.0.2109: overflow in nv_z_get_count. Limit max value of count,
CVE-2023-48234
- 9.0.2110: overflow in ex address parsing. Verify lnum is positive
before subtracting from LONG_MAX, CVE-2023-48235
- 9.0.2111: overflow in get_number. Return 0 when the count gets too
large, CVE-2023-48236
- 9.0.2112: overflow in shift_line. Limit indent to INT_MAX,
CVE-2023-48237
+ 9.0.2116: Crash when callback function aborts because of recursiveness.
- Fixes FTBFS on armel
-- James McCoy <jamessan@debian.org> Mon, 20 Nov 2023 11:05:25 -0500
vim (2:9.0.2103-1) unstable; urgency=medium
* Merge upstream patch v9.0.2103
+ 9.0.2103: Fix FTBFS on 32-bit architectures due to recursive callback
test. Limit recursiveness to 20 levels, rather than 100.
-- James McCoy <jamessan@debian.org> Mon, 13 Nov 2023 08:48:31 -0500
vim (2:9.0.2087-1ubuntu1) noble; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
-- Simon Quigley <tsimonq2@ubuntu.com> Sun, 12 Nov 2023 15:14:32 -0600
vim (2:9.0.2087-1) unstable; urgency=medium
* Merge upstream patch v9.0.2087 (Closes: #1055287)
+ Security fixes
- 9.0.2068: overflow in :history, CVE-2023-46246
-- James McCoy <jamessan@debian.org> Sat, 04 Nov 2023 13:55:54 -0400
vim (2:9.0.2018-1ubuntu1) noble; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
* debian/patches/ubuntu-codenames.patch:
- Update the supported list of codenames.
-- Simon Quigley <tsimonq2@ubuntu.com> Fri, 20 Oct 2023 12:00:25 -0500
vim (2:9.0.2018-1) unstable; urgency=medium
* Merge upstream patch v9.0.2018
+ Security fixes
- 9.0.1969: buffer-overflow in trunc_string() (Closes: #1053694,
CVE-2023-5344)
- 9.0.1992: segfault in exmode when redrawing, CVE-2023-5441
- 9.0.2010: use-after-free from buf_contents_changed(), CVE-2023-5535
* xxd: Remove obsolete Breaks/Replaces on vim-common
-- James McCoy <jamessan@debian.org> Fri, 13 Oct 2023 15:54:12 -0400
vim (2:9.0.1894-1) unstable; urgency=medium
* The "Farewell, Bram" upload
* Merge upstream patch v9.0.1894
+ Vulnerability fixes
- 9.0.1664: Divide by zero when scrolling with 'smoothscroll' set,
CVE-2023-3896
- 9.0.1840: Use after free in do_ecmd, CVE-2023-4733
- 9.0.1846: Crash when fullcommand() is called with an invalid argument,
CVE-2023-4734
- 9.0.1847: Out of bounds write in do_addsub(), CVE-2023-4735
- 9.0.1848: Buffer overflow in vim_regsub_both(), CVE-2023-4738
- 9.0.1857: Heap use after free in is_qf_win(), CVE-2023-4750
- 9.0.1858: Heap use after free in ins_compl_get_exp(), CVE-2023-4752
- 9.0.1873: Heap buffer overflow in vim_regsub_both(), CVE-2023-4781
+ 9.0.1682: Use little-endian byte order for sodium encrypted files. This
allows re-enabling the crypt tests on big-endian platforms.
+ 9.0.1683: Use Lua 5.1 compatible numeric escapes to fix if_lua tests
with Lua 5.1.
+ 9.0.1739: Ensure all libvterm files are cleaned during "make clean"
+ Ship an "editorconfig" plugin as an optional package.
* Adjust copyright years and license text for Bram's passing
* Fix the check for when to run "make distclean" (Closes: #1045719)
* Build against Lua 5.1 instead of Lua 5.2 (Closes: #1050637)
* Re-enable Test_uncrypt_xchacha20 tests on big-endian systems
* Skip flaky test Test_crash1
-- James McCoy <jamessan@debian.org> Mon, 11 Sep 2023 09:22:50 -0400
vim (2:9.0.1672-1ubuntu2) mantic; urgency=medium
* debian/patches/0002-disable-failing-tests-on-ppc64.patch (LP: #2033072)
- Skip few more tests failing on ppc64el due to sodium_mlock().
Some of them also failed on arm64 and armd64 during tests with a PPA, so
skip them on those archs as well.
-- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Fri, 25 Aug 2023 13:17:49 +0100
vim (2:9.0.1672-1ubuntu1) mantic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 25 Jul 2023 13:58:43 +0200
vim (2:9.0.1672-1) unstable; urgency=medium
* Merge upstream patch v9.0.1672
* Remove check for DEB_BUILD_OPTIONS=nocheck, since dh_auto_test handles it now
* Skip Test_uncrypt_xchacha20 tests on big endian systems
-- James McCoy <jamessan@debian.org> Tue, 04 Jul 2023 09:02:26 -0400
vim (2:9.0.1658-1) unstable; urgency=medium
* Merge upstream patch v9.0.1658
+ Vulnerability fixes
- 9.0.1392: Using NULL pointer with nested :open command, CVE-2023-1264
- 9.0.1402: Crash when using null_class, CVE-2023-1355
- 9.0.1531: Crash when register contents ends up being invalid,
CVE-2023-2609
- 9.0.1532: Crash when expanding "~" in substitute causes very long
text, (Closes: #1035955, CVE-2023-2610)
+ 9.0.1409: Racket files are recognized as their own filetype, rather than
as scheme
+ 9.0.1619: Always recognize the codes for focus gained/lost, even if Vim
doesn't expect the terminal to support them. (Closes: #1038401)
+ Document behavior of C-x / C-a on numbers outside the range of a 64-bit
value. (Closes: #1031256)
* Refresh patches, dropping backport of v9.0.1499
* Include uganda.txt, sponsor.txt, and versionX.txt in vim-common so the
intro screen has functional help links when only vim-tiny and vim-common
are installed
* Declare compliance with Policy 4.6.2, no changes needed
* Remove non-functional diversion handling in vim-runtime.postinst
-- James McCoy <jamessan@debian.org> Sat, 24 Jun 2023 11:08:58 -0400
vim (2:9.0.1378-2ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: NULL pointer dereference when processing register content
- debian/patches/CVE-2023-2609.patch: check "y_array" is not NULL.
- CVE-2023-2609
* SECURITY UPDATE: integer overflow and excessive memory consumption when
allocating memory for tilde processing in pattern
- debian/patches/CVE-2023-2610.patch: limit the text length to MAXCOL.
- CVE-2023-2610
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Wed, 24 May 2023 11:10:23 -0300
vim (2:9.0.1378-2ubuntu1) mantic; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
- SECURITY UPDATE: NULL pointer dereference vulnerability
+ debian/patches/CVE-2023-1264.patch: using NULL pointer with nested
:open command
+ CVE-2023-1264
- SECURITY UPDATE: NULL pointer dereference vulnerability
+ debian/patches/CVE-2023-1355.patch
+ CVE-2023-1355
* Welcome to the Mantic Minotaur!
-- Simon Quigley <tsimonq2@ubuntu.com> Wed, 10 May 2023 11:28:16 -0500
vim (2:9.0.1378-2) unstable; urgency=medium
* Backport 9.0.1499 to fix CVE-2023-2426 (Closes: #1035323)
* Backport fix for indenting of Perl subroutines (Closes: #1034529)
-- James McCoy <jamessan@debian.org> Thu, 04 May 2023 06:24:44 -0400
vim (2:9.0.1378-1ubuntu1) mantic; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
- SECURITY UPDATE: NULL pointer dereference vulnerability
+ debian/patches/CVE-2023-1264.patch: using NULL pointer with nested
:open command
+ CVE-2023-1264
* SECURITY UPDATE: NULL pointer dereference vulnerability
- debian/patches/CVE-2023-1355.patch
- CVE-2023-1355
-- Simon Quigley <tsimonq2@ubuntu.com> Wed, 26 Apr 2023 16:25:45 -0500
vim (2:9.0.1378-1) unstable; urgency=medium
* Merge upstream patch v9.0.1378
+ Vulnerability fixes
- 9.0.1143: Invalid memory access with bad 'statusline' value,
CVE-2023-0049
- 9.0.1144: Reading beyond text, CVE-2023-0051
- 9.0.1145: Invalid memory access with recursive substitute expression,
(Closes: #1031875, CVE-2023-0054)
- 9.0.1189: Invalid memory access with folding and using "L",
CVE-2023-0288
- 9.0.1225: Reading past the end of a line when formatting text,
CVE-2023-0433
- 9.0.1247: Divide by zero with 'smoothscroll' set and a narrow window,
CVE-2023-0512
- 9.0.1331: Illegal memory access when using :ball in Visual mode,
CVE-2023-4751
- 9.0.1367: Divide by zero in zero-width window, CVE-2023-1127
- 9.0.1376: Accessing invalid memory with put in Visual block mode,
CVE-2023-1170
+ 9.0.1073, 9.0.1080: Fix keyboard input/mapping support for some
terminals (e.g., foot and kitty). (Closes: #1029049)
+ 9.0.1213: Fix inconsistent behavior when adding text after a fold at the
end of the buffer (Closes: #868252)
+ syntax/2html.vim: Fix reference to undefined s:settings_no_doc variable
(Closes: #1030151)
+ syntax/debcontrol.vim, syntax/debsources.vim: Add support for
non-free-firmware. (Closes: #1029986)
-- James McCoy <jamessan@debian.org> Sat, 04 Mar 2023 14:41:33 -0500
vim (2:9.0.1000-4ubuntu3) lunar; urgency=medium
* Security upload for the devel series (LP: #2013211)
* SECURITY UPDATE: reading past the end of a line when formatting text
- debian/patches/CVE-2023-0433.patch: check for not going over the end of
the line.
- CVE-2023-0433
* SECURITY UPDATE: divide by zero issue
- debian/patches/CVE-2023-0512.patch: divide by zero with 'smoothscroll'
set and a narrow window
- debian/patches/CVE-2023-1127.patch: divide by zero in zero-width window
- CVE-2023-0512
- CVE-2023-1127
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-1170.patch: accessing invalid memory with put
in Visual block mode
- CVE-2023-1170
* SECURITY UPDATE: incorrect calculation of buffer size
- debian/patches/CVE-2023-1175.patch: illegal memory access when using
virtual editing
- CVE-2023-1175
* SECURITY UPDATE: NULL pointer dereference vulnerability
- debian/patches/CVE-2023-1264.patch: using NULL pointer with nested
:open command
- CVE-2023-1264
-- Nishit Majithia <nishit.majithia@canonical.com> Wed, 29 Mar 2023 18:19:19 +0530
vim (2:9.0.1000-4ubuntu2) lunar; urgency=medium
* No-change upload to remove support for ruby3.0.
-- Lucas Kanashiro <kanashiro@ubuntu.com> Fri, 03 Feb 2023 14:06:49 -0300
vim (2:9.0.1000-4ubuntu1) lunar; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
* SECURITY UPDATE: invalid memory access with bad 'statusline' value
- debian/patches/CVE-2023-0049.patch: Avoid going over the NUL at the end
- CVE-2023-0049
* SECURITY UPDATE: reading beyond text
- debian/patches/CVE-2023-0051.patch: Add strlen_maxlen() and use it
- CVE-2023-0051
* SECURITY UPDATE: Invalid memory access with recursive substitute expression
- debian/patches/CVE-2023-0054.patch: Check the return value of vim_regsub
- CVE-2023-0054
* SECURITY UPDATE: Invalid memory access with folding and using "L"
- debian/patches/CVE-2023-0288.patch: Prevent the cursor from moving to l0
- CVE-2023-0288
-- Simon Quigley <tsimonq2@ubuntu.com> Tue, 17 Jan 2023 18:16:17 -0600
vim (2:9.0.1000-4) unstable; urgency=medium
* Backport patch to fix tests on IPv6-only hosts (Closes: #1027824)
-- James McCoy <jamessan@debian.org> Tue, 10 Jan 2023 22:16:36 -0500
vim (2:9.0.1000-3ubuntu2) lunar; urgency=medium
* Fix test failures on ppc64el.
-- Simon Quigley <tsimonq2@ubuntu.com> Thu, 05 Jan 2023 16:10:31 -0600
vim (2:9.0.1000-3ubuntu1) lunar; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
- Reverse-applicable (dropped) changes:
+ debian/patches/lunar_lobster.patch: Welcome to the Lunar Lobster!
-- Simon Quigley <tsimonq2@ubuntu.com> Wed, 04 Jan 2023 12:28:15 -0600
vim (2:9.0.1000-3) unstable; urgency=medium
* Fix substitution of VIMCUR in vim-common.install (Closes: #1027766)
* Backport v9.0.1129 to fix sporadic Test_range failure
-- James McCoy <jamessan@debian.org> Tue, 03 Jan 2023 10:15:51 -0500
vim (2:9.0.1000-2) unstable; urgency=medium
* Restore man page translations for da, de, and ja (Closes: #1027318)
* Update to debhelper-compat 13
* Remove obsolete maintscript files for versions earlier than oldstable
* Remove PER_VARIANT_FILES handling in debian/rules
* Add future=+lfs to DEB_BUILD_MAINT_OPTIONS
* Backport v9.0.1118 to fix sporadic test failures
* ci: Run tests against installed xxd
* ci: Install python3 for vim tests
* Backport v9.0.1117 to fix bracketed paste with new ncurses
(Closes: #1027674)
-- James McCoy <jamessan@debian.org> Mon, 02 Jan 2023 06:31:55 -0500
vim (2:9.0.1000-1) unstable; urgency=medium
* Merge upstream patch v9.0.1000
+ Security fixes
- 9.0.0882: using freed memory after SpellFileMissing autocmd uses
bwipe, CVE-2022-4292
- 9.0.0947: invalid memory access in substitute with function that goes
to another file (Closes: #1027146, CVE-2022-4141)
* Backport v9.0.1087 to fix test_autocmd flakiness
-- James McCoy <jamessan@debian.org> Wed, 28 Dec 2022 11:51:10 -0500
vim (2:9.0.0813-1ubuntu2) lunar; urgency=medium
* No-change rebuild with Python 3.11 as default
-- Graham Inggs <ginggs@ubuntu.com> Sun, 25 Dec 2022 20:46:36 +0000
vim (2:9.0.0813-1ubuntu1) lunar; urgency=medium
* Merge from Debian Unstable. Remaining changes:
+ debian/runtime/vimrc:
"syntax on" is a sane default for non-tiny vim.
+ debian/patches/debian/ubuntu-grub-syntax.patch:
Add Ubuntu-specific "quiet" keyword.
+ debian/patches/ubuntu-mouse-off.patch:
Mouse mode is actively harmful in some chroots.
+ debian/patches/patches/increase_timeout.diff:
Increase timeout for the Test_pattern_compile_speed patch.
+ debian/patches/0001-fix-flaky-terminal-mode-test.vim: Fix flaky vim
terminal mode test
+ debian/patches/0002-disable-failing-tests-on-ppc64.patch: Disable some
tests that were throwing an ENOMEM during build on ppc64el. The tests
are only disabled when building on ppc64el.
+ debian/patches/lunar_lobster.patch: Welcome to the Lunar Lobster!
-- Simon Quigley <tsimonq2@ubuntu.com> Sat, 10 Dec 2022 22:42:10 -0600
vim (2:9.0.0813-1) unstable; urgency=medium
* Merge upstream patch v9.0.0813
+ syntax/markdown.vim: Fix performance of markdownLinkText highlighting.
(Closes: #994209)
-- James McCoy <jamessan@debian.org> Sun, 30 Oct 2022 16:59:44 -0400
vim (2:9.0.0626-1ubuntu1) lunar; urgency=medium
* Merge from Debian Unstable. Remaining changes:
+ debian/runtime/vimrc:
"syntax on" is a sane default for non-tiny vim.
+ debian/patches/debian/ubuntu-grub-syntax.patch:
Add Ubuntu-specific "quiet" keyword.
+ debian/patches/ubuntu-mouse-off.patch:
Mouse mode is actively harmful in some chroots.
+ debian/patches/patches/increase_timeout.diff:
Increase timeout for the Test_pattern_compile_speed patch.
+ debian/patches/0001-fix-flaky-terminal-mode-test.vim: Fix flaky vim
terminal mode test
+ debian/patches/0002-disable-failing-tests-on-ppc64.patch: Disable some
tests that were throwing an ENOMEM during build on ppc64el. The tests
are only disabled when building on ppc64el.
* Refresh all Ubuntu patches.
* Add lunar_lobster.patch, welcome to the Lunar Lobster!
-- Simon Quigley <tsimonq2@ubuntu.com> Fri, 28 Oct 2022 13:46:59 -0500
vim (2:9.0.0626-1) unstable; urgency=medium
* Merge upstream patch v9.0.0626
+ Various CVE fixes (Closes: #1019590)
- 9.0.0246: using freed memory when 'tagfunc' deletes the buffer,
CVE-2022-2946
- 9.0.0260: using freed memory when using 'quickfixtextfunc'
recursively, CVE-2022-2982
- 9.0.0322: crash when no errors and 'quickfixtextfunc' is set,
CVE-2022-3037
- 9.0.0360: crash when invalid line number on :for is ignored,
CVE-2022-3099
- 9.0.0389: crash when 'tagfunc' closes the window, CVE-2022-3134
- 9.0.0483: illegal memory access when replacing in virtualedit mode,
CVE-2022-3234
- 9.0.0490: using freed memory with cmdwin and BufEnter autocmd,
CVE-2022-3235
- 9.0.0530: using freed memory when autocmd changes mark, CVE-2022-3256
- 9.0.0577: buffer underflow with unexpected :finally, CVE-2022-3296
- 9.0.0598: using negative array index with negative width window,
CVE-2022-3324
- 9.0.0614: CVE-2022-3352
+ 9.0.0509: confusing error for "saveas" command with "nofile" buffer
(Closes: #796872)
-- James McCoy <jamessan@debian.org> Fri, 30 Sep 2022 00:38:50 -0400
vim (2:9.0.0242-1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
+ debian/runtime/vimrc:
"syntax on" is a sane default for non-tiny vim.
+ debian/patches/debian/ubuntu-grub-syntax.patch:
Add Ubuntu-specific "quiet" keyword.
+ debian/patches/ubuntu-mouse-off.patch:
Mouse mode is actively harmful in some chroots.
+ debian/patches/patches/increase_timeout.diff:
Increase timeout for the Test_pattern_compile_speed patch.
+ debian/patches/0001-fix-flaky-terminal-mode-test.vim: Fix flaky vim
terminal mode test
+ debian/patches/0002-disable-failing-tests-on-ppc64.patch: Disable some
tests that were throwing an ENOMEM during build on ppc64el. The tests
are only disabled when building on ppc64el.
-- Steve Langasek <steve.langasek@ubuntu.com> Tue, 23 Aug 2022 13:18:58 -0700
vim (2:9.0.0242-1) unstable; urgency=medium
* Merge upstream patch v9.0.0242
+ 9.0.241/242: Install the shared syntax files (Closes: #1017856)
* Add historic changelog entry for #947120 fix
* Adjust lintian overrides for new []-format
* Declare compliance with Policy 4.6.1, no changes needed
-- James McCoy <jamessan@debian.org> Mon, 22 Aug 2022 22:46:33 -0400
vim (2:9.0.0229-1) unstable; urgency=medium
* Merge upstream patch v9.0.0229
+ Various CVE fixes
- 9.0.0211: invalid memory access when compiling :lockvar, CVE-2022-2819
- 9.0.0212: invalid memory access when compiling :unlet, CVE-2022-2816
- 9.0.0213: using freed memory with error in assert argument,
CVE-2022-2817
- 9.0.0218: reading before the start of the line, CVE-2022-2845
- 9.0.0220: invalid memory access with for loop over NULL string,
CVE-2022-2849
- 9.0.0221: accessing freed memory if compiling nested function fails,
CVE-2022-2862
- 9.0.0225: using freed memory with multiple line breaks in expression,
CVE-2022-2889
* Add Recommends: xxd to vim-common
* Minor fixes for vim-tiny's fake help file (Closes: #1017715)
* Revert "Temporarily skip Test_Debugger_breakadd_expr", test fixed upstream
-- James McCoy <jamessan@debian.org> Sat, 20 Aug 2022 09:56:52 -0400
vim (2:9.0.0135-1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
+ debian/runtime/vimrc:
"syntax on" is a sane default for non-tiny vim.
+ debian/patches/debian/ubuntu-grub-syntax.patch:
Add Ubuntu-specific "quiet" keyword.
+ debian/patches/ubuntu-mouse-off.patch:
Mouse mode is actively harmful in some chroots.
+ debian/patches/patches/increase_timeout.diff:
Increase timeout for the Test_pattern_compile_speed patch.
+ debian/patches/0001-fix-flaky-terminal-mode-test.vim: Fix flaky vim
terminal mode test
+ debian/patches/0002-disable-failing-tests-on-ppc64.patch: Disable some
tests that were throwing an ENOMEM during build on ppc64el. The tests
are only disabled when building on ppc64el.
* Dropped, no longer needed:
+ debian/patches/debian/update-upstart-syntax.patch: we no longer
support upstart; no reason to carry a patch to an editor to improve
syntax highlighting for upstart files.
+ debian/patches/ubuntu-fix-ftbfs.patch: Resolve FTBFS in kinetic
-- Steve Langasek <steve.langasek@ubuntu.com> Tue, 16 Aug 2022 09:32:41 -0700
vim (2:9.0.0135-1) unstable; urgency=medium
* Merge upstream patch v8.2.5172
+ ftplugin/perl.vim: Only add : to 'isfname' in Perl buffers. (Closes:
#761800)
+ ftplugin/tap.vim: Set fold-related options local to the buffer. (Closes:
#954113)
+ syntax/debcontrol.vim: Fix highlighting of sections with a slash (e.g.,
"non-free/utils"). (Closes: #1010839)
+ syntax/tap.vim: Match TODO/SKIP markers case-insensitively. (Closes:
#954016)
+ syntax/perl.vim: Properly highlight code on the same line as the start
of a here-doc block. (Closes: #136455)
+ Various CVE fixes (Closes: #1015984, #1016068)
- 8.2.5043: can open a cmdline window from a substitute expression,
CVE-2022-1942
- 8.2.5050: using freed memory when searching for pattern in path,
CVE-2022-1968
- 8.2.5063: error for a command may go over the end of IObuff,
CVE-2022-2000
- 8.2.5120: searching for quotes may go over the end of the line,
CVE-2022-2124
- 8.2.5122: lisp indenting may run over the end of the line,
CVE-2022-2125
- 8.2.5123: using invalid index when looking for spell suggestions,
CVE-2022-2126
- 8.2.5126: substitute may overrun destination buffer, CVE-2022-2129
- 9.0.0018: going over the end of the typeahead, CVE-2022-2285
- 9.0.0025: accessing beyond allocated memory with the cmdline window,
CVE-2022-2288
- 9.0.0035: spell dump may go beyond end of an array, CVE-2022-2304
- 8.2.5162: reading before the start of the line with BS in Replace
mode, CVE-2022-2207
- 8.2.4895: buffer overflow with invalid command with composing chars,
CVE-2022-1616
- 8.2.4899: with latin1 encoding CTRL-W might go before the cmdline,
CVE-2022-1619
- 8.2.4919: can add invalid bytes with :spellgood, CVE-2022-1621
- 8.2.4956: reading past end of line with "gf" in Visual block mode,
CVE-2022-1720
- 8.2.4977: memory access error when substitute expression changes
window, CVE-2022-1785
- 8.2.5013: after text formatting cursor may be in an invalid position,
CVE-2022-1851
- 8.2.5023: substitute overwrites allocated buffer, CVE-2022-1897
- 8.2.5024: using freed memory with "]d", CVE-2022-1898
- 9.0.0060: accessing uninitialized memory when completing long line,
CVE-2022-2522
* Temporarily skip Test_Debugger_breakadd_expr
* Remove "Depends: xxd" from vim-common (Closes: #1007887)
* Suppress error about missing defaults.vim in vim-tiny (Closes: #1004118)
-- James McCoy <jamessan@debian.org> Wed, 03 Aug 2022 19:00:35 -0400
vim (2:8.2.5166-0ubuntu1) kinetic; urgency=medium
* New upstream version.
-- Simon Quigley <tsimonq2@ubuntu.com> Sun, 26 Jun 2022 22:22:46 -0500
vim (2:8.2.4793-1ubuntu2) kinetic; urgency=medium
* Resolve FTBFS in kinetic (LP: #1979336)
-- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com> Tue, 21 Jun 2022 09:44:32 -0500
vim (2:8.2.4793-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable, remaining changes:
+ debian/runtime/vimrc:
"syntax on" is a sane default for non-tiny vim.
+ debian/patches/debian/ubuntu-grub-syntax.patch:
Add Ubuntu-specific "quiet" keyword.
+ debian/patches/debian/update-upstart-syntax.patch:
Add setuid and setgid to syntax file.
+ debian/patches/ubuntu-mouse-off.patch:
Mouse mode is actively harmful in some chroots.
+ debian/patches/patches/increase_timeout.diff:
Increase timeout for the Test_pattern_compile_speed patch.
* Update my patch adding Kinetic given the new upstream changes. The patch
only adds Kinetic at this point.
-- Simon Quigley <tsimonq2@ubuntu.com> Sat, 11 Jun 2022 15:25:56 -0400
vim (2:8.2.4793-1) unstable; urgency=medium
* Merge upstream patch v8.2.4793
-- James McCoy <jamessan@debian.org> Wed, 20 Apr 2022 20:23:54 -0400
vim (2:8.2.4659-1) unstable; urgency=medium
* Merge upstream patch v8.2.4659
+ 8.2.4151: reading beyond end of a line (Closes: #1004859, CVE-2022-0318)
+ autoload/phpcomplete.vim: Fix E565 error in omni-completion (Closes:
#1008710)
* Remove outdated NEWS and README.Debian entries
* README.Debian: Fix links to vim-policy
* Improve docs about purpose and effect of defaults.vim (Closes: #856273)
* Define system (g)vimrc location as /etc/vim/(g)vimrc, rather than
symlinking from /usr/share/vim/(g)vimrc -> /etc/vim/(g)vimrc.
* Replace vim-athena with vim-motif, Athena GUI deprecated upstream
* Remove lintian override for rgb.txt, removed upstream
* Declare compliance with Policy 4.6.0, no changes needed
* Remove vim-gtk transitional package
-- James McCoy <jamessan@debian.org> Sun, 03 Apr 2022 10:44:13 -0400
vim (2:8.2.3995-1ubuntu3) kinetic; urgency=medium
* Add ubuntu-kinetic.patch, which drops Hirsute from the supported releases
and adds Kinetic to the supported releases.
-- Simon Quigley <tsimonq2@ubuntu.com> Fri, 29 Apr 2022 04:04:08 -0500
vim (2:8.2.3995-1ubuntu2) jammy; urgency=medium
* Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
-- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com> Mon, 18 Apr 2022 14:26:30 -0500
vim (2:8.2.3995-1ubuntu1) jammy; urgency=medium
* Merge from Debian unstable, remaining changes:
+ debian/runtime/vimrc:
"syntax on" is a sane default for non-tiny vim.
+ debian/patches/debian/ubuntu-grub-syntax.patch:
Add Ubuntu-specific "quiet" keyword.
+ debian/patches/debian/update-upstart-syntax.patch:
Add setuid and setgid to syntax file.
+ debian/patches/ubuntu-mouse-off.patch:
Mouse mode is actively harmful in some chroots.
+ debian/patches/patches/increase_timeout.diff:
Increase timeout for the Test_pattern_compile_speed patch.
* Dropped changes, fixed upstream:
+ debian/patches/CVE-2021-3927.patch
+ debian/patches/CVE-2021-3928.patch
+ debian/patches/python3.10.patch
* Dropped change, seems to be no longer needed
+ debian/rules:
Disable tests on riscv64.
-- Graham Inggs <ginggs@ubuntu.com> Thu, 24 Feb 2022 16:42:38 +0000
vim (2:8.2.3995-1) unstable; urgency=medium
* Merge upstream patch v8.2.3918
+ 8.2.3610: crash when ModeChanged triggered too early (Closes: #1001900,
CVE-2021-3968)
+ 8.2.3611: crash when using CTRL-W f without finding a file name (Closes:
#1001899, CVE-2021-3973)
+ 8.2.3612: using freed memory with regexp using a mark (Closes: #1001897,
CVE-2021-3974)
+ 8.2.3625: illegal memory access when C-indenting (Closes: #1001896,
CVE-2021-3984)
+ 8.2.3847: illegal memory access when using a lambda with an error
(Closes: #1002534, CVE-2021-4136)
+ autoload/zip.vim: Use URI syntax for pseudo-filename to avoid empty
buffer after 8.2.3468 (Closes: #1000767)
* Revert "Disable Test_very_large_count since it fails on 32-bit systems",
fixed upstream
-- James McCoy <jamessan@debian.org> Mon, 03 Jan 2022 17:57:10 -0500
vim (2:8.2.3565-1ubuntu6) jammy; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <doko@ubuntu.com> Sun, 06 Feb 2022 13:48:51 +0100
vim (2:8.2.3565-1ubuntu5) jammy; urgency=medium
* Adjust expected test output for Python 3.10
-- Graham Inggs <ginggs@ubuntu.com> Fri, 14 Jan 2022 10:27:09 +0000
vim (2:8.2.3565-1ubuntu4) jammy; urgency=medium
* No-change rebuild with Python 3.10 as default version
-- Graham Inggs <ginggs@ubuntu.com> Thu, 13 Jan 2022 20:38:37 +0000
vim (2:8.2.3565-1ubuntu3) jammy; urgency=medium
* No-change upload due to ruby3.0 transition, remove ruby2.7 support.
-- Lucas Kanashiro <kanashiro@ubuntu.com> Fri, 03 Dec 2021 19:17:35 -0300
vim (2:8.2.3565-1ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: Fix heap-based buffer overflow when reading character
past end of line
- debian/patches/CVE-2021-3927.patch: Correct the cursor column in
src/ex_docmd.c, src/testdir/test_put.vim.
- CVE-2021-3927
* SECURITY UPDATE: Fix stack-based buffer overflow when reading
uninitialized memory when giving spell suggestions
- debian/patches/CVE-2021-3928.patch: Check that preword is not empty in
src/spellsuggest.c, src/testdir/test_spell.vim.
- CVE-2021-3928
* Fix flaky vim terminal mode test
-- Spyros Seimenis <spyros.seimenis@canonical.com> Thu, 11 Nov 2021 15:50:41 +0100
vim (2:8.2.3565-1ubuntu1) jammy; urgency=medium
* Merge from Debian Sid. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny vim.
- debian/rules:
+ Disable tests on riscv64.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/debian/update-upstart-syntax.patch:
+ Add setuid and setgid to syntax file.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- Drop upstreamed CVE patches.
- Drop 0001-add-impish.patch which has been upstreamed.
-- Simon Quigley <tsimonq2@ubuntu.com> Thu, 11 Nov 2021 04:52:05 -0600
vim (2:8.2.3565-1) unstable; urgency=medium
* Merge upstream patch v8.2.3565
+ 8.2.3489: ml_get error after search with range (Closes: #996593,
CVE-2021-3875)
+ syntax/{debchangelog,debsources}.vim: Add jammy as a recognized Ubuntu
release (Closes: #996760)
* Drop patches applied upstream
+ Fix test_recover.vim's checks for endianness and size of long
+ Use explicitly signed type for tt_min_argcount to fix unsigned char
systems
* Revert "Temporarily depend on xxd for build tests/autopkgtests"
* Disable Test_very_large_count since it fails on 32-bit systems
-- James McCoy <jamessan@debian.org> Sat, 30 Oct 2021 10:56:38 -0400
vim (2:8.2.3455-2) unstable; urgency=medium
* Fix test_recover.vim's checks for endianness and size of long
* Use explicitly signed type for tt_min_argcount to fix unsigned char systems
-- James McCoy <jamessan@debian.org> Sun, 03 Oct 2021 09:17:57 -0400
vim (2:8.2.3455-1) unstable; urgency=medium
* Merge upstream patch v8.2.3455
+ 8.2.2761: Don't add current_syn_inc_tag to topgrp. (Closes: #947120)
+ 8.2.3022: Add support for xchacha20 encryption, using libsodium
+ 8.2.3068: Update Unicode support to Unicode 13
+ 8.2.3402, 8.2.3403: invalid memory access when using :retab with large
value (Closes: CVE-2021-3770, #994076)
+ 8.2.3409: reading beyond end of line with invalid utf-8 character
(Closes: CVE-2021-3778, #994498)
+ 8.2.3428: using freed memory when replacing (Closes: CVE-2021-3796,
#994497)
+ 8.2.3430: Add the ModeChanged autocommand event
+ ftplugin/scala.vim: Fix syntax of includeexpr option (Closes: #895629)
+ syntax/{debchangelog,debsources}.vim: Add impish as a recognized Ubuntu
release (Closes: #995151)
* Vim addons policy
+ Automatically publish policy to https://vim-team.pages.debian.net/vim/
(Closes: #989223)
+ Rewrite policy to document use of dh_vim-addon instead of
vim-addon-manager
* Explicitly Depend on lynx to ensure docbook2txt works
* Build against libsodium for non-tiny builds
* Define a writable $HOME for the tests
* Temporarily depend on xxd for build tests/autopkgtests, otherwise
new tests for the xchacha20 encryption fail.
* Switch to salsa-ci-team pipeline for CI
-- James McCoy <jamessan@debian.org> Thu, 30 Sep 2021 12:54:53 -0400
vim (2:8.2.2434-3ubuntu4) jammy; urgency=medium
* Add Jammy to the supported Ubuntu releases.
-- Simon Quigley <tsimonq2@ubuntu.com> Wed, 27 Oct 2021 03:20:08 -0500
vim (2:8.2.2434-3ubuntu3) impish; urgency=medium
* Add impish to supported releases (LP: #1944419)
-- Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tue, 21 Sep 2021 10:39:53 +0200
vim (2:8.2.2434-3ubuntu2) impish; urgency=medium
* SECURITY UPDATE: Fix heap-based buffer overflow when using :retab with large value
- debian/patches/CVE-2021-3770-1.patch: Check vartabstop contains positive
number in src/indent.c.
- debian/patches/CVE-2021-3770-2.patch: Fix memory leak for :retab with
invalid argument
- CVE-2021-3770
* SECURITY UPDATE: Fix heap-based buffer overflow when reading beyond end of line
with invalid utf-8 character
- debian/patches/CVE-2021-3778.patch: Validate encoding of character before
advancing line in regexp_nfa.c.
- CVE-2021-3778
* SECURITY UPDATE: Fix use after free when replacing
- debian/patches/CVE-2021-3796.patch: Get the line pointer after calling
ins_copychar() in src/normal.c.
- CVE-2021-3796
-- Spyros Seimenis <spyros.seimenis@canonical.com> Mon, 20 Sep 2021 14:50:52 +0300
vim (2:8.2.2434-3ubuntu1) impish; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny vim.
- debian/rules:
+ Disable tests on riscv64
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/debian/update-upstart-syntax.patch:
+ Add setuid and setgid to syntax file.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
-- Lukas Märdian <slyon@ubuntu.com> Mon, 10 May 2021 13:47:48 +0200
vim (2:8.2.2434-3) unstable; urgency=medium
* Add pkg.vim.noruby Build-Profile
* Disable ruby interpreter on alpha and ia64 (Closes: #983308)
* Re-enable ruby for vim-gtk3 on Ubuntu, since it is no longer in main
-- James McCoy <jamessan@debian.org> Mon, 01 Mar 2021 21:58:09 -0500
vim (2:8.2.2434-2) unstable; urgency=medium
* Only enable sound support for GUI builds (Closes: #982856)
-- James McCoy <jamessan@debian.org> Sat, 20 Feb 2021 13:46:51 -0500
vim (2:8.2.2434-1ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny vim.
- debian/rules:
+ Disable tests on riscv64
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/debian/update-upstart-syntax.patch:
+ Add setuid and setgid to syntax file.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
* Dropped changes, deprecated:
- patches/riscv64-test-timeout.patch
+ Increase Test_mode_message_at_leaving_insert_with_esc_mapped timeout
for riscv64.
+ It was changed to WaitForAssert(), our patch patches another function:
Test_mode_message_at_leaving_insert_by_ctrl_c()
* Dropped changes, included upstream:
- debian/patches/ubuntu-series-support.patch:
+ Add hirsute, move eoan to unsupported
-- Lukas Märdian <slyon@ubuntu.com> Mon, 15 Feb 2021 13:29:39 +0100
vim (2:8.2.2434-1) unstable; urgency=medium
* Merge upstream patch v8.2.2434
+ 8.2.2428: Fix handling of focus events when 'ttymouse' is unset.
(Closes: #980449)
-- James McCoy <jamessan@debian.org> Sat, 30 Jan 2021 23:47:07 -0500
vim (2:8.2.2367-1) unstable; urgency=medium
* Merge upstream patch v8.2.2367
+ 8.2.2367: Fix test failures on armel/armhf/mipsel
-- James McCoy <jamessan@debian.org> Sun, 17 Jan 2021 10:53:54 -0500
vim (2:8.2.2344-2) unstable; urgency=medium
* rules: Add dummy command to test target to fix make error when
DEB_BUILD_OPTIONS=nocheck
-- James McCoy <jamessan@debian.org> Thu, 14 Jan 2021 22:25:21 -0500
vim (2:8.2.2344-1) unstable; urgency=medium
* Merge upstream patch v8.2.2344
+ ftplugin/spec.vim: Fix missing ":let" (Closes: #977429)
+ syntax/cabal.vim: Add build-tools-depends keyword (Closes: #973548)
* rules: Sanitize locale-related environment variables (Closes: #973943)
-- James McCoy <jamessan@debian.org> Thu, 14 Jan 2021 21:40:26 -0500
vim (2:8.2.1913-1ubuntu3) hirsute; urgency=medium
* No-change rebuild to build with python3.9 as default.
-- Matthias Klose <doko@ubuntu.com> Thu, 19 Nov 2020 18:39:38 +0100
vim (2:8.2.1913-1ubuntu2) hirsute; urgency=medium
* Increase timeout for the Test_pattern_compile_speed patch.
* Update the ubuntu-mouse patch.
-- Matthias Klose <doko@ubuntu.com> Wed, 18 Nov 2020 21:03:57 +0100
vim (2:8.2.1913-1ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/debian/update-upstart-syntax.patch:
+ Add setuid and setgid to syntax file.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- Increase Test_mode_message_at_leaving_insert_with_esc_mapped timeout
for riscv64.
- debian/patches/ubuntu-series-support.patch:
+ Add hirsute, move eoan to unsupported
-- Brian Murray <brian@ubuntu.com> Mon, 09 Nov 2020 12:42:28 -0800
vim (2:8.2.1913-1) unstable; urgency=medium
[ James McCoy ]
* Merge upstream tag v8.2.1913
+ syntax/sh.vim: Highlight "local var" appropriately when /bin/sh is dash.
(Closes: #796282)
+ plugin/netrwPlugin.vim: Fix directory navigation with
g:netrw_liststyle=3 and g:netrw_list_hide='^\..*'. (Closes: #942549)
+ 8.2.1909: Remove the limit on items in 'statusline' (Closes: #688258)
+ 8.2.1912: Fix test failures with Python 3 >= 3.9 (Closes: #972777)
* rules: Provide path to vim when building vim.pot
* Add procps and cscope to (autopkg)test Depends
* d/tests: Use dpkg-query rather than dpkg-parsechangelog to get upstream version
* d/tests: Use runtime/ from source tree
* d/tests: Force TERM=xterm when running upstreamtest
* Stop installing vim2html.pl
* Stop installing README.txt files in vim-runtime
* Lintian
+ Add national-encoding overrides for files intentionally in non-UTF8
encodings
+ Add package-contains-documentation-outside-usr-share-doc overrides for
builtin help
+ Rename binary-without-manpage override to no-manual-page
+ Rename manpage-without-executable override to spare-manual-page
+ Override repeated-path-segment for dvorak plugin
+ Add package-contains-documentation-outside-usr-share-doc override for
rgb.txt
[ Pino Toscano ]
* Remove unused XPM icons.
* Remove do not ship gvim.svg in /usr/share/pixmaps.
-- James McCoy <jamessan@debian.org> Tue, 27 Oct 2020 21:38:24 -0400
vim (2:8.2.0716-3ubuntu2) groovy; urgency=medium
* Disable tests on riscv64
-- Balint Reczey <rbalint@ubuntu.com> Tue, 11 Aug 2020 19:00:59 +0200
vim (2:8.2.0716-3ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/debian/update-upstart-syntax.patch:
+ Add setuid and setgid to syntax file.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- Increase Test_mode_message_at_leaving_insert_with_esc_mapped timeout
for riscv64.
* Dropped changes, included upstream:
- debian/patches/ubuntu-series-support.patch:
+ Drop vivid, wily, yakkety, zesty, artful, cosmic, disco.
+ Add groovy
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 20 May 2020 16:08:14 -0700
vim (2:8.2.0716-3) unstable; urgency=medium
* Version the vim/gvim/etc Provides for the vim binary packages. This
allows versioned Depends on vim to be satisfied by any of the binary
packages instead of trying to install Package: vim. (Closes: #960119)
-- James McCoy <jamessan@debian.org> Mon, 11 May 2020 22:37:13 -0400
vim (2:8.2.0716-2) unstable; urgency=medium
* Build vim-basic for arch-all builds, needed for install targets
-- James McCoy <jamessan@debian.org> Sat, 09 May 2020 11:27:39 -0400
vim (2:8.2.0716-1) unstable; urgency=medium
* Merge upstream tag v8.2.0716
+ syntax/make.vim: Fix mis-highlighting of targets that start with the
word "overrule". (Closes: #958993)
* rules: Switch to dh
* Remove src/po/vim.pot during clean
-- James McCoy <jamessan@debian.org> Sat, 09 May 2020 09:20:09 -0400
vim (2:8.2.0510-1) unstable; urgency=medium
* Merge upstream tag v8.2.0510
+ 8.2.0444: Improve reliability of Test_swap_prompt_splitwin
+ 8.2.0447: Improve reliability of Test_terminal_scroll
+ 8.2.0454: Improve reliability of Test_state
+ 8.2.0456, 8.2.0461, 8.2.0470: Improve reliability of Test_confirm_cmd
+ 8.2.0462: Fix invalid assertion in Test_popup_and_previewwindow_dump
+ 8.2.0474: Allow ":write" to overwrite an existing file when used via
BufWriteCmd, fixing breakage of plugins like vim-gnupg
* Add lintian overrides for manpage-without-executable
* Remove obsolete vim-common.preinst
-- James McCoy <jamessan@debian.org> Sat, 04 Apr 2020 23:20:13 -0400
vim (2:8.2.0439-1) unstable; urgency=medium
* Merge upstream tag v8.2.0439
+ 8.2.0398: Fix FTBFS due to Test_profile_func() failure
+ 8.2.0436: Fix FTBFS in test_vim9_disassemble.vim due to type mismatches
in format strings
-- James McCoy <jamessan@debian.org> Mon, 23 Mar 2020 23:21:40 -0400
vim (2:8.2.0397-1) unstable; urgency=medium
* Merge upstream tag v8.2.0397
+ 8.2.0382: Fix Test_terminal_in_popup failures by disabling the ruler
+ syntax/resolv.vim: Refresh list of known options. (Closes: #626371)
-- James McCoy <jamessan@debian.org> Tue, 17 Mar 2020 08:31:45 -0400
vim (2:8.2.0378-1) unstable; urgency=medium
* Merge upstream tag v8.2.0378
+ 8.2.0374: Fix test failures on 32-bit archs. (Closes: #953742)
-- James McCoy <jamessan@debian.org> Fri, 13 Mar 2020 23:40:47 -0400
vim (2:8.2.0368-1) unstable; urgency=medium
* Merge upstream patch v8.2.0368
+ New "vim9script" syntax available for scripts, c.f. ":help vim9-script"
+ syntax/debchangelog.vim: Stop highlighting space before "UNRELEASED" as
an error (Closes: #944781)
+ syntax/markdown.vim: Don't treat a bare "<" as the start of an HTML tag.
(Closes: #892172)
+ syntax/resolv.vim: Highlight IPv6 addresses (Closes: #626371)
+ 8.2.0271: Correctly format 64-bit numbers for status messages in
vim-tiny on 32-bit systems (Closes: #951380)
* Declare compliance with Policy 4.5.0, no changes needed
* Build-Depend on debhelper-compat (= 12)
-- James McCoy <jamessan@debian.org> Tue, 10 Mar 2020 22:54:00 -0400
vim (2:8.1.2269-1ubuntu6) groovy; urgency=medium
* Add "groovy" to the list of supported Ubuntu releases.
-- Simon Quigley <tsimonq2@ubuntu.com> Wed, 29 Apr 2020 01:56:34 -0500
vim (2:8.1.2269-1ubuntu5) focal; urgency=medium
* Increase Test_mode_message_at_leaving_insert_with_esc_mapped timeout for
riscv64.
-- William Grant <wgrant@ubuntu.com> Wed, 15 Apr 2020 16:40:31 +1000
vim (2:8.1.2269-1ubuntu4) focal; urgency=medium
[ Rafael David Tinoco ]
* Sponsoring ruby2.7 transitions
[ Lucas Kanashiro ]
* No-change rebuild for ruby2.7
-- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Mon, 02 Mar 2020 16:35:26 +0000
vim (2:8.1.2269-1ubuntu3) focal; urgency=medium
* Update debian/patches/ubuntu-mouse-off.patch to also fix tests that
reference the mouse.
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 24 Feb 2020 17:49:38 +0000
vim (2:8.1.2269-1ubuntu2) focal; urgency=medium
* restore debian/patches/ubuntu-mouse-off.patch, wrongly dropped during
the merge. LP: #18644243
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 24 Feb 2020 07:07:25 -0800
vim (2:8.1.2269-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/debian/update-upstart-syntax.patch:
+ Add setuid and setgid to syntax file.
- debian/patches/ubuntu-series-support.patch:
+ Drop vivid, wily, yakkety, zesty, artful.
* Dropped changes, included upstream:
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- Add focal as a supported Ubuntu series.
- Remove cosmic as a supported Ubuntu series.
* Remove disco as a supported Ubuntu series.
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 17 Feb 2020 22:30:35 -0800
vim (2:8.1.2269-1) unstable; urgency=medium
* Merge upstream patch v8.1.2269
+ 8.1.2261: Disable modifyOtherKeys while in Insert mode when 'noesckeys'
is set. (Closes: #944132)
-- James McCoy <jamessan@debian.org> Sat, 09 Nov 2019 07:59:40 -0500
vim (2:8.1.2244-1) unstable; urgency=medium
* Merge upstream patch v8.1.2244
+ syntax/debchangelog.vim: Highlight unsupported releases differently than
supported releases. (Closes: #847933)
+ "mouse" feature is now always enabled.
+ Improve support for chorded mappings in xterm, when xterm's
modifyOtherKeys mode is enabled, c.f. :help modifyOtherKeys.
* Revert "Move /usr/bin/vim.* into /usr/libexec/vim/"
(Closes: #943328, #942225). The change broke user preferences for
alternatives and sensible-editor.
* Add /var/lib/addons to 'runtimepath' at build time (Closes: #943967)
* Use dh_missing instead of dh_install --list-missing (Closes: #942277)
-- James McCoy <jamessan@debian.org> Sun, 03 Nov 2019 20:52:36 -0500
vim (2:8.1.2136-1) unstable; urgency=medium
* Merge upstream patch v8.1.2136
+ Farsi support was removed
+ syntax/debcontrol.vim: Recognize "Files-Excluded(-<component>)" fields
(Closes: #932894)
+ Swap files are automatically deleted if the file was unmodified and the
process which generated the swap file isn't running. (Closes: #375989)
+ Fix incorrect over-indenting when auto-indent is enabled for XML files.
(Closes: #918672)
+ Fix indentation of bash scripts with nested if blocks. (Closes:
#939369)
+ New popup window support, via the "popup_*()" APIs
+ New sound support, via the "sound_*()" APIs
+ "localmap", "visual", "visualextra", "visualedit", "user_commands",
"multi_byte", "cmdline_compl", "insert_expand", "modify_fname",
and "comments" features are now always enabled.
+ Fix test_compiler.vim failure when locale isn't available. (Closes:
#917859)
* control:
+ Remove obsolete versioned Build-Depends on dpkg-dev
* rules:
+ Use dh_install --list-missing
* Turn vim-gtk into a transitional package to vim-gtk3 (Closes: #930576
since the IA__gdk_drawable_get_size assertions don't happen in the GTK3
build)
* Declare compliance with Policy 4.4.1, no changes needed
* Move /usr/bin/vim.* into /usr/libexec/vim/
* autopkgtest:
+ Mark the "$variant --version" tests superficial
+ Add new tests which run the build time tests against the installed
binary/runtime. Mark it flaky for now, since there are some tests which
are more prone to fail in the LXC environment.
+ Run autopkgtests as a dedicated user, to avoid false negative failures
with upstream tests which check permissions
-- James McCoy <jamessan@debian.org> Fri, 11 Oct 2019 21:37:58 -0400
vim (2:8.1.0875-5ubuntu4) focal; urgency=medium
* No-change rebuild to build with python3.8.
-- Matthias Klose <doko@ubuntu.com> Sat, 25 Jan 2020 04:41:15 +0000
vim (2:8.1.0875-5ubuntu3) focal; urgency=medium
* Add focal as a supported Ubuntu series.
* Remove cosmic as a supported Ubuntu series.
-- Simon Quigley <tsimonq2@ubuntu.com> Fri, 18 Oct 2019 15:46:24 -0500
vim (2:8.1.0875-5ubuntu2) eoan; urgency=medium
* No-change upload with strops.h and sys/strops.h removed in glibc.
-- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:15:15 +0000
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog xxd`.
Generated by dwww version 1.16 on Sat Dec 13 16:19:26 CET 2025.