vim (2:7.4.1689-3ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2019-12735.patch: disallow
      sourcing a file in the sandbox in src/getchar.c
    - CVE-2019-12735
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2017-5953.patch: check for an
      invalid length in order to avoid a overflow in
      src/spell.c.
    - CVE-2017-5953

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Fri, 07 Jun 2019 12:35:43 -0300

vim (2:7.4.1689-3ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: arbitrary shell execution via modelines
    - debian/patches/upstream/CVE-2016-1248.patch: Only allow valid
      characters in 'filetype', 'syntax' and 'keymap'. Tests adapted
      back to vim 7.4 by James McCoy of Debian, thanks!
    - CVE-2016-1248

 -- Steve Beattie <sbeattie@ubuntu.com>  Thu, 24 Nov 2016 08:44:48 -0800

vim (2:7.4.1689-3ubuntu1.1) xenial; urgency=medium

  * debian/rules: Specify python3 setup correctly (LP: #1574897)

 -- Adam Conrad <adconrad@ubuntu.com>  Thu, 16 Jun 2016 04:50:38 -0600

vim (2:7.4.1689-3ubuntu1) xenial; urgency=medium

    - debian/runtime/vimrc:
      + "syntax on" is a sane default for non-tiny vim
    - debian/patches/debian/ubuntu-grub-syntax.patch:
      + Add Ubuntu-specific "quiet" keyword.
    - debian/patches/debian/update-upstart-syntax.patch:
      + Add setuid and setgid to syntax file.
    - debian/patches/debian/ubuntu-releases.patch:
      + Add support for xenial, drop utopic to unsupported.
    - debian/rules: Stop ignoring failures from flaky test86.
    - Build using Python3.
    - Build python2 variants for gtk, gtk3, gnome, athena, nox.

 -- Matthias Klose <doko@ubuntu.com>  Fri, 08 Apr 2016 13:38:28 +0200

vim (2:7.4.1689-3) unstable; urgency=medium

  * helpztags: Fix regression in previous upload where the doc file isn't
    opened, so no tags file is generated.  (Closes: #820313)

 -- James McCoy <jamessan@debian.org>  Thu, 07 Apr 2016 22:37:20 -0400

vim (2:7.4.1689-2ubuntu1) xenial; urgency=medium

  * Merge with Debian; remaining changes:
    - debian/runtime/vimrc:
      + "syntax on" is a sane default for non-tiny vim
    - debian/patches/debian/ubuntu-grub-syntax.patch:
      + Add Ubuntu-specific "quiet" keyword.
    - debian/patches/debian/update-upstart-syntax.patch:
      + Add setuid and setgid to syntax file.
    - debian/patches/debian/ubuntu-releases.patch:
      + Add support for xenial, drop utopic to unsupported.
    - debian/rules: Stop ignoring failures from flaky test86.
    - Build using Python3.
    - Build python2 variants for gtk, gnome, athena, nox.
  * Build a vim-gtk3-py2 package.

 -- Matthias Klose <doko@ubuntu.com>  Tue, 05 Apr 2016 17:22:10 +0200

vim (2:7.4.1689-2) unstable; urgency=medium

  * Stop installing a dangling symlink at
    /usr/share/vim/addons/doc/matchit.txt.  (Closes: #819796)
  * Lintian:
    + Provide more details in vim-doc's long description.  Thanks to Elimar
      Riesebieter for the patch.  (Closes: #819733)
  * helpztags:
    + Don't try to read a file if it can't be opened.  (Closes: #819764)
    + Don't error if the specified directory doesn't exist.  (Closes: #819809)
  * Generate vim-policy in a consistent locale.

 -- James McCoy <jamessan@debian.org>  Sun, 03 Apr 2016 09:25:18 -0400

vim (2:7.4.1689-1) unstable; urgency=medium

  * Merge upstream tag v7.4.1689.
    + Highlighted changes:
      - 7.4.1142: “:syn iskeyword” command to define the set of keyword
        characters for syntax highlighting, rather than changing the buffer's
        'iskeyword' option.
      - 7.4.1154 et.al.: Support converting between JSON
        and VimL.  See json_decode(), json_encode(), js_decode(), and
        js_encode().
      - 7.4.1169 et.al.: Support async communication with external processes
        using the new channel and job features.
      - 7.4.1384 et.al.: Provide native support for managing Vim
        addons/packages with the :packadd command and 'packpath' option.
      - 7.4.1402: GTK3 GUI support
      - 7.4.1578: Support running a function on a periodic basis with the
        timer_start()/timer_start() functions.
      - runtime/syntax/sh.vim
        + Fix incorrect highlighting when case/esac are embedded in a word.
          (Closes: #818137)
      - runtime/syntax/sshdconfig.vim
        + Update with recent keywords, including VersionAddendum.  (Closes:
          #776834)
  * Add a vim-gtk3 package.  (Closes: #815750)
  * Improve reproducibility of Vim builds.  (Closes: #787327)
    + Use $SOURCE_DATE_EPOCH to set the compilation time displayed in :version
    + Set a static value for configure's --with-compiledby argument
  * Migrate to automatic -dbgsym packages
  * Declare compliance with Policy 3.9.7, no changes needed.
  * Stop installing empty icon directories in vim-common.  Thanks to Elimar
    Riesebieter for the patch.  (Closes: #819653)

 -- James McCoy <jamessan@debian.org>  Thu, 31 Mar 2016 21:57:48 -0400

vim (2:7.4.963-1ubuntu5) xenial; urgency=medium

  * No-change rebuild for ruby2.3-only support.

 -- Matthias Klose <doko@ubuntu.com>  Sun, 13 Mar 2016 21:18:03 +0000

vim (2:7.4.963-1ubuntu4) xenial; urgency=medium

  * Build python2 variants for gtk, gnome, athena, nox.

 -- Matthias Klose <doko@ubuntu.com>  Thu, 18 Feb 2016 11:32:30 +0100

# For older changelog entries, run 'apt-get changelog vim-common'