[ubuntu/resolute-proposed] vim 2:9.1.1882-1ubuntu1 (Accepted)
Nadzeya Hutsko
nadzeya.hutsko at canonical.com
Wed Dec 10 15:01:17 UTC 2025
vim (2:9.1.1882-1ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2130146). Remaining changes:
- d/p/0001-fix-flaky-terminal-mode-test.vim:
Fix flaky Vim terminal mode test
- d/p/0002-disable-failing-tests-on-ppc64.patch:
Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
- d/p/0003-skip-test-failing-on-s390x-only.patch:
Skip test failing on s390x
- d/p/increase_timeout.diff: Increase timeout for the
Test_pattern_compile_speed patch.
- d/p/debian/ubuntu-grub-syntax.patch: Add Ubuntu-specific "quiet" keyword.
- d/runtime/vimrc: "syntax on" is a sane default for non-tiny Vim.
Dropping changes applied in upstream:
- SECURITY UPDATE: Path traversal when opening specially crafted tar/zip
archives.
+ d/p/CVE-2025-53905.patch: Replace "echohl Error" with call,
remove leading slashes from name, replace tar_secure with g:tar_secure in
runtime/autoload/tar.vim.
+ d/p/CVE-2025-53906.patch: Add need_rename, replace w! with w,
call warning for path traversal attack, and escape leading "../" in
runtime/autoload/zip.vim.
+ CVE-2025-53905
+ CVE-2025-53906
- SECURITY UPDATE: Data loss when extracting special zip files.
+ d/p/CVE-2025-29768.patch: Substitute special characters in
./runtime/autoload/zip.vim.
+ CVE-2025-29768
- SECURITY UPDATE: Code execution when editing tar files.
+ d/p/CVE-2025-27423.patch: Use escape_file instead of fname in
./runtime/autoload/tar.vim.
+ CVE-2025-27423
- SECURITY UPDATE: Use after free when redirecting display command to
register.
+ d/p/CVE-2025-26603.patch: Change redir_reg check to use
vim_strchr command check in ./src/register.c.
+ CVE-2025-26603
- SECURITY UPDATE: Denial of service.
+ d/p/CVE-2025-24014.patch: fix a segfault in win_line()
in files src/gui.c, src/testdir/crash/ex_redraw_crash,
src/testdir/test_crash.vim.
+ CVE-2025-24014
- SECURITY UPDATE: Crash when file is inaccessible with log option.
+ d/p/CVE-2025-1215.patch: Split common_init to common_init_1
and common_init_2 in ./src/main.c.
+ CVE-2025-1215
- SECURITY UPDATE: Heap-buffer-overflow when switching buffers.
+ d/p/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to
src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.
+ CVE-2025-22134
Dropping changes applied in Debian:
- Revert "patch 9.1.0949: popups inconsistently shifted to the left",
since it breaks vim-youcompleteme's autopkgtests. (Closes: #1091729)
Dropping changes that are no longer needed in Ubuntu:
- d/p/ubuntu-mouse-off.patch: Mouse mode is actively harmful in some chroots.
Dropping since it causes many issues with the test suite
- d/p/ubuntu-disable-mouse-popup-test.patch: Disable mouse popup test
Is related to ubuntu-mouse-off.patch
- d/s/include-binaries: Add heap_overflow3 test file to include-binaries
Dropping since it was originally added for testdata coming from a security
update, but now the orig tarball actually contains this testdata
* d/p/0002-disable-failing-tests-on-ppc64.patch: Skip
Test_autocmd_SafeState
* d/p/0003-skip-test-failing-on-s390x-only.patch: Skip
Test_linematch_diff_grouping and
Test_diff_overlapped_diff_blocks_will_be_merged
vim (2:9.1.1882-1) unstable; urgency=medium
* Merge upstream patch v9.1.1882
* Build without wayland on hurd
vim (2:9.1.1846-1) unstable; urgency=medium
* Merge upstream tag v9.1.1845
+ 9.1.1843: Extend searchcount() timeout if the test is being re-run due
to flakiness, fixes test failure on slower architectures.
vim (2:9.1.1829-1) unstable; urgency=medium
* Upload to unstable
* Merge upstream tag v9.1.1829
* Remove src/LICENSE, src/README.txt, and runtime/doc/tags.ref during clean
* Skip tests for termdebug, since they currently fail on 32-bit
architectures
vim (2:9.1.1766-1) experimental; urgency=medium
* Merge upstream tag v9.1.1766 (Closes: #1115819)
+ Security fixes:
- 9.1.1400: use-after-free when evaluating tuple fails, (Closes:
#1110898, CVE-2025-55157)
- 9.1.1406: crash when importing invalid tuple, CVE-2025-55158
- 9.1.1551: path traversal issue in zip.vim if files have leading '../',
(Closes: #1109374, CVE-2025-53906)
- 9.1.1552: path traversal issue in tar.vim if files have leading '/',
CVE-2025-53905
- 9.1.1616: xxd: possible buffer overflow with bitwise output,
CVE-2025-9390
* Enable socketserver for vim-nox, vim-basic, and vim-gtk3
* Enable wayland support only for GUI builds
* Drop obsolete transitional package, vim-athena
vim (2:9.1.1385-1) experimental; urgency=medium
[ James McCoy ]
* Merge upstream tag v9.1.1385
[ Kirill Rekhov ]
* d/upstream/metadata: add metadata
* Fix day-of-week for changelog entries 1:6.3-015+1, 1:6.3-010+1, 4.6-2.
vim (2:9.1.1230-2) unstable; urgency=medium
* Backport v9.1.1242 and v9.1.1244 to fix crash when evaluating a variable
name. (Closes: #1106133)
vim (2:9.1.1230-1) unstable; urgency=medium
* Merge upstream tag v9.1.1230
+ Security fixes:
- 9.1.1115: use-after-free in str_to_reg(), CVE-2025-26603
- 9.1.1164: editing a specially crafted tar file allows code execution,
(Closes: #1099610, CVE-2025-27423)
- 9.1.1198: potential data loss with zip.vim and crafted zip files,
(Closes: #1101016, CVE-2025-29768)
vim (2:9.1.1113-1) unstable; urgency=medium
[ James McCoy ]
* Merge upstream tag v9.1.1113
+ Security fixes:
- 9.1.1003: heap-buffer overflow with visual mode when using :all,
CVE-2025-22134
- 9.1.1043: segfault in win_line(), CVE-2025-24014
- 9.1.1097: crash when using --log with non-existent path, CVE-2025-1215
[ Andrea Pappacoda ]
* Drop backspace and history from debian.vim (Closes: #1095155)
vim (2:9.1.0967-2) unstable; urgency=medium
* Revert "patch 9.1.0949: popups inconsistently shifted to the left",
since it breaks vim-youcompleteme's autopkgtests. (Closes: #1091729)
Date: Fri, 28 Nov 2025 14:26:41 +0100
Changed-By: Nadzeya Hutsko <nadzeya.hutsko at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Nick Rosbrook <nick.rosbrook at canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:9.1.1882-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 28 Nov 2025 14:26:41 +0100
Source: vim
Built-For-Profiles: noudeb
Architecture: source
Version: 2:9.1.1882-1ubuntu1
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nadzeya Hutsko <nadzeya.hutsko at canonical.com>
Closes: 1091729 1095155 1099610 1101016 1106133 1109374 1110898 1115819
Launchpad-Bugs-Fixed: 2130146
Changes:
vim (2:9.1.1882-1ubuntu1) resolute; urgency=medium
.
* Merge with Debian unstable (LP: #2130146). Remaining changes:
- d/p/0001-fix-flaky-terminal-mode-test.vim:
Fix flaky Vim terminal mode test
- d/p/0002-disable-failing-tests-on-ppc64.patch:
Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
- d/p/0003-skip-test-failing-on-s390x-only.patch:
Skip test failing on s390x
- d/p/increase_timeout.diff: Increase timeout for the
Test_pattern_compile_speed patch.
- d/p/debian/ubuntu-grub-syntax.patch: Add Ubuntu-specific "quiet" keyword.
- d/runtime/vimrc: "syntax on" is a sane default for non-tiny Vim.
Dropping changes applied in upstream:
- SECURITY UPDATE: Path traversal when opening specially crafted tar/zip
archives.
+ d/p/CVE-2025-53905.patch: Replace "echohl Error" with call,
remove leading slashes from name, replace tar_secure with g:tar_secure in
runtime/autoload/tar.vim.
+ d/p/CVE-2025-53906.patch: Add need_rename, replace w! with w,
call warning for path traversal attack, and escape leading "../" in
runtime/autoload/zip.vim.
+ CVE-2025-53905
+ CVE-2025-53906
- SECURITY UPDATE: Data loss when extracting special zip files.
+ d/p/CVE-2025-29768.patch: Substitute special characters in
./runtime/autoload/zip.vim.
+ CVE-2025-29768
- SECURITY UPDATE: Code execution when editing tar files.
+ d/p/CVE-2025-27423.patch: Use escape_file instead of fname in
./runtime/autoload/tar.vim.
+ CVE-2025-27423
- SECURITY UPDATE: Use after free when redirecting display command to
register.
+ d/p/CVE-2025-26603.patch: Change redir_reg check to use
vim_strchr command check in ./src/register.c.
+ CVE-2025-26603
- SECURITY UPDATE: Denial of service.
+ d/p/CVE-2025-24014.patch: fix a segfault in win_line()
in files src/gui.c, src/testdir/crash/ex_redraw_crash,
src/testdir/test_crash.vim.
+ CVE-2025-24014
- SECURITY UPDATE: Crash when file is inaccessible with log option.
+ d/p/CVE-2025-1215.patch: Split common_init to common_init_1
and common_init_2 in ./src/main.c.
+ CVE-2025-1215
- SECURITY UPDATE: Heap-buffer-overflow when switching buffers.
+ d/p/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to
src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.
+ CVE-2025-22134
Dropping changes applied in Debian:
- Revert "patch 9.1.0949: popups inconsistently shifted to the left",
since it breaks vim-youcompleteme's autopkgtests. (Closes: #1091729)
Dropping changes that are no longer needed in Ubuntu:
- d/p/ubuntu-mouse-off.patch: Mouse mode is actively harmful in some chroots.
Dropping since it causes many issues with the test suite
- d/p/ubuntu-disable-mouse-popup-test.patch: Disable mouse popup test
Is related to ubuntu-mouse-off.patch
- d/s/include-binaries: Add heap_overflow3 test file to include-binaries
Dropping since it was originally added for testdata coming from a security
update, but now the orig tarball actually contains this testdata
* d/p/0002-disable-failing-tests-on-ppc64.patch: Skip
Test_autocmd_SafeState
* d/p/0003-skip-test-failing-on-s390x-only.patch: Skip
Test_linematch_diff_grouping and
Test_diff_overlapped_diff_blocks_will_be_merged
.
vim (2:9.1.1882-1) unstable; urgency=medium
.
* Merge upstream patch v9.1.1882
* Build without wayland on hurd
.
vim (2:9.1.1846-1) unstable; urgency=medium
.
* Merge upstream tag v9.1.1845
+ 9.1.1843: Extend searchcount() timeout if the test is being re-run due
to flakiness, fixes test failure on slower architectures.
.
vim (2:9.1.1829-1) unstable; urgency=medium
.
* Upload to unstable
* Merge upstream tag v9.1.1829
* Remove src/LICENSE, src/README.txt, and runtime/doc/tags.ref during clean
* Skip tests for termdebug, since they currently fail on 32-bit
architectures
.
vim (2:9.1.1766-1) experimental; urgency=medium
.
* Merge upstream tag v9.1.1766 (Closes: #1115819)
+ Security fixes:
- 9.1.1400: use-after-free when evaluating tuple fails, (Closes:
#1110898, CVE-2025-55157)
- 9.1.1406: crash when importing invalid tuple, CVE-2025-55158
- 9.1.1551: path traversal issue in zip.vim if files have leading '../',
(Closes: #1109374, CVE-2025-53906)
- 9.1.1552: path traversal issue in tar.vim if files have leading '/',
CVE-2025-53905
- 9.1.1616: xxd: possible buffer overflow with bitwise output,
CVE-2025-9390
* Enable socketserver for vim-nox, vim-basic, and vim-gtk3
* Enable wayland support only for GUI builds
* Drop obsolete transitional package, vim-athena
.
vim (2:9.1.1385-1) experimental; urgency=medium
.
[ James McCoy ]
* Merge upstream tag v9.1.1385
.
[ Kirill Rekhov ]
* d/upstream/metadata: add metadata
* Fix day-of-week for changelog entries 1:6.3-015+1, 1:6.3-010+1, 4.6-2.
.
vim (2:9.1.1230-2) unstable; urgency=medium
.
* Backport v9.1.1242 and v9.1.1244 to fix crash when evaluating a variable
name. (Closes: #1106133)
.
vim (2:9.1.1230-1) unstable; urgency=medium
.
* Merge upstream tag v9.1.1230
+ Security fixes:
- 9.1.1115: use-after-free in str_to_reg(), CVE-2025-26603
- 9.1.1164: editing a specially crafted tar file allows code execution,
(Closes: #1099610, CVE-2025-27423)
- 9.1.1198: potential data loss with zip.vim and crafted zip files,
(Closes: #1101016, CVE-2025-29768)
.
vim (2:9.1.1113-1) unstable; urgency=medium
.
[ James McCoy ]
* Merge upstream tag v9.1.1113
+ Security fixes:
- 9.1.1003: heap-buffer overflow with visual mode when using :all,
CVE-2025-22134
- 9.1.1043: segfault in win_line(), CVE-2025-24014
- 9.1.1097: crash when using --log with non-existent path, CVE-2025-1215
.
[ Andrea Pappacoda ]
* Drop backspace and history from debian.vim (Closes: #1095155)
.
vim (2:9.1.0967-2) unstable; urgency=medium
.
* Revert "patch 9.1.0949: popups inconsistently shifted to the left",
since it breaks vim-youcompleteme's autopkgtests. (Closes: #1091729)
Checksums-Sha1:
f063d6bbf55f648fd730874768d619d5eb7d8437 3039 vim_9.1.1882-1ubuntu1.dsc
a5cdc3d78a62c1e3e875c1c76f327f9dd6346e52 12850936 vim_9.1.1882.orig.tar.xz
d26e197765c2c27a11868db7e03d03b322a30563 208272 vim_9.1.1882-1ubuntu1.debian.tar.xz
92cc3f4747d60a72c3b5f4f76e0c252c78a49792 8222 vim_9.1.1882-1ubuntu1_source.buildinfo
Checksums-Sha256:
7e3e14919abbc112af25cc44eb9c3f34767368b3456248913447fb442ca9863c 3039 vim_9.1.1882-1ubuntu1.dsc
25026cc9cf7d87797534ce1ace58e427ebfd76e39be78cad013d1525b6bf631a 12850936 vim_9.1.1882.orig.tar.xz
6ac26fe0d9c7e3ab034b6325b085e4519eef6e27e1e8fcb4802c75f949cf44d0 208272 vim_9.1.1882-1ubuntu1.debian.tar.xz
14535f0de52003a03b76440a0a2bd4ec6d305e70071376ee7850389840d295cb 8222 vim_9.1.1882-1ubuntu1_source.buildinfo
Files:
62213a7348c1c5a8b659f4ad0f5c2092 3039 editors optional vim_9.1.1882-1ubuntu1.dsc
4f2eacd1c05446e5f863a0c47429ed1b 12850936 editors optional vim_9.1.1882.orig.tar.xz
83d8e38f291caed78580ea6cb8c92326 208272 editors optional vim_9.1.1882-1ubuntu1.debian.tar.xz
0e776574d5db349aed7858a49aba160f 8222 editors optional vim_9.1.1882-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Vim Maintainers <team+vim at tracker.debian.org>
Vcs-Git: https://git.launchpad.net/~nadzeya/ubuntu/+source/vim
Vcs-Git-Commit: 84a0f6654c40ee7e9b9f09e32281b0a22737b136
Vcs-Git-Ref: refs/heads/merge-9.1.1882-9.1.0967-resolute
More information about the Resolute-changes
mailing list