neovim (0.1.7-4+deb9u1) stretch-security; urgency=high * Backport upstream patches to address CVE-2019-12735 (Closes: #930024) + vim-patch-8.0.0649 and vim-patch-8.0.0650: autocmd open help 2 times + vim-patch:8.1.0066: nasty autocommand causes using freed memory + vim-patch:8.1.0067: syntax highlighting not working when re-entering a buffer + vim-patch:8.1.0177: defining function in sandbox is inconsistent + vim-patch:8.1.0189: function defined in sandbox not tested + vim-patch:8.1.0205: invalid memory access with invalid modeline + vim-patch:8.1.0506: modeline test fails when run by root + vim-patch:8.1.0538: evaluating a modeline might invoke using a shell command + vim-patch:8.1.0539: cannot build without the sandbox + vim-patch:8.1.0540: may evaluate insecure value when appending to option + vim-patch:8.1.0544: setting 'filetype' in a modeline causes an error + vim-patch:8.1.0546: modeline test with keymap fails + vim-patch:8.1.0547: modeline test with keymap still fails + vim-patch:8.1.0613: when executing an insecure function the secure flag is stuck + vim-patch:8.1.1046: the "secure" variable is used inconsistently + vim-patch:8.1.1365: :source should check sandbox + vim-patch:8.1.1366: using expressions in a modeline is unsafe + vim-patch:8.1.1367: can set 'modelineexpr' in modeline + vim-patch:8.1.1368: modeline test fails with python but without pythonhome + vim-patch:8.1.1382: error when editing test file + vim-patch:8.1.1401: misspelled mkspellmem as makespellmem -- James McCoy Tue, 16 Jul 2019 01:05:10 -0400 neovim (0.1.7-4) unstable; urgency=high * Cherry-pick b338bb9d & 4af6c608 from upstream to fix buffer overflow if a spellfile has an invalid length in it. (CVE-2017-5953) * Cherry-pick fb66a7c6 & ad66826a from upstream to fix buffer overflows when reading corrupted undo files. (CVE-2017-6349 & CVE-2017-6350) -- James McCoy Mon, 10 Apr 2017 08:15:38 -0400 neovim (0.1.7-3) unstable; urgency=medium * Disable global_spec.lua since it's rather flaky. * Re-enable functional tests on mips* but disable unit tests (which require luajit) until #849769 is fixed. -- James McCoy Mon, 16 Jan 2017 07:18:35 -0500 neovim (0.1.7-2) unstable; urgency=medium * Cherry-pick 9337e98b from upstream to prevent the man ftplugin from always creating a man:// buffer if "runtime ftplugin/man.vim" is in init.vim. (Closes: #846788) * Cherry-pick 933c873c to fix tty-test test failures. * Cherry-pick upstream commits [043f8521, 97204e1c, cb589990, ea154dfd, 4abe9afb] to fix responsiveness of TUI with external commands and fix test failures due to excessive memory usage. -- James McCoy Sat, 24 Dec 2016 16:12:51 -0500 neovim (0.1.7-1) unstable; urgency=medium * New upstream release + Incrementally show the results of a :substitute command by setting the 'inccommand' option. + The 'encoding' option can no longer be set to anything other than "utf-8". -- James McCoy Fri, 02 Dec 2016 21:42:39 -0500 neovim (0.1.6-5) unstable; urgency=medium * Disable lua testing on mipsel, since lua(jit) bugs are breaking the tests. -- James McCoy Tue, 22 Nov 2016 13:58:00 -0500 neovim (0.1.6-4) unstable; urgency=high * Cherry-pick 4fad66fb and c685879e from upstream to fix an issue where malicious modelines could execute arbitrary shell commands. (CVE-2016-1248) -- James McCoy Tue, 22 Nov 2016 03:15:38 -0500 neovim (0.1.6-3) unstable; urgency=medium * Cherry-pick 5e1dc26f from upstream to remove a flaky test, which was frequently failing on the buildds. -- James McCoy Sun, 13 Nov 2016 20:45:51 -0500 neovim (0.1.6-2) unstable; urgency=medium * Cherry-pick patches from upstream + [36c0ec6d]: tui/suspend_event(): set STDIN to "blocking", fixing an issue with the terminal IO when nvim is suspended. (Closes: #840306) + [87ff2682, 37e64d79, 9b545dd3]: Various fixes for issues on big-endian platforms. -- James McCoy Wed, 02 Nov 2016 20:28:40 -0400 neovim (0.1.6-1) unstable; urgency=medium * New upstream release. + Add gperf to Build-Depends * Expand architectures which Build-Depend on luajit (powerpcspe) and lua-nvim (alpha, hppa, sparc64, x32). * Set $USERNAME/$HOSTNAME when building to improve reproducibility. -- James McCoy Sat, 29 Oct 2016 00:05:56 -0400 neovim (0.1.5-8) unstable; urgency=medium * Disable tests for "indep" builds. -- James McCoy Wed, 12 Oct 2016 16:24:00 -0400 neovim (0.1.5-7) unstable; urgency=medium * Only run tests for "arch" builds. * Use id -u/-g to get the uid/gid instead or parsing the output of id. Thanks to Jakob Haufe for the patch! (Closes: #840231) * Cherry-pick upstream patch to fix some test failures when sizeof(long) != 8. -- James McCoy Wed, 12 Oct 2016 16:15:02 -0400 neovim (0.1.5-6) unstable; urgency=medium * Fix test failures by setting id/gid properly in the passwd/group files used by libnss_wrapper. -- James McCoy Sat, 08 Oct 2016 20:35:26 -0400 neovim (0.1.5-5) unstable; urgency=medium * Run Neovim's tests during the build + Add lua-nvim, lua-busted, and libnss-wrapper to Build-Depends * Add support for the nocheck Build-Profile to exclude test-related Build-Depends. * Remove unnecessary autoconf, automake Build-Depends. * Cherry-pick df99e43b from upstream to ensure stray processes aren't lingering after running tests. * Add alternatives for ex, rvim, rview, vi, vim, view, and vimdiff. Thanks to Josh Triplett for the patch! (Closes: #830580) -- James McCoy Sat, 08 Oct 2016 15:08:57 -0400 neovim (0.1.5-4) unstable; urgency=medium * Arch-qualify (lib)luajit Build-Depends to really fix #812741. * Add xxd Recommends to neovim now that it has its own package. -- James McCoy Sat, 24 Sep 2016 21:43:06 -0400 neovim (0.1.5-3) unstable; urgency=medium * Add lua5.1 as alternative Build-Depends for luajit/libluajit-5.1-dev. This should enable building on more architectures, at the expense of less testing. (Closes: #812741) -- James McCoy Sat, 24 Sep 2016 13:43:03 -0400 neovim (0.1.5-2) unstable; urgency=medium * Upload to unstable. * Exclude libjemalloc-dev from Build-Depends on hurd. -- James McCoy Fri, 16 Sep 2016 21:53:01 -0400 neovim (0.1.5-1) experimental; urgency=medium [ upstream changes ] * Re-introduce if_ruby support, if neovim Gem is installed. * Rewritten man plugin (providing :Man command) + Enabled by default instead of requiring sourcing of ftplugin/man.vim + New features: completion, window handling, better parsing * $NVIM_TUI_ENABLE_TRUE_COLOR replaced by Vim-compatible 'termguicolors' option -- James McCoy Wed, 24 Aug 2016 21:22:40 -0400 neovim (0.1.4-1) experimental; urgency=medium * New upstream release + Replace lua-messagepack Build-Depends with lua-mpack. -- James McCoy Mon, 27 Jun 2016 23:16:22 -0400 neovim (0.1.3-1) experimental; urgency=medium * New upstream release. (Closes: #820562) * debian/control: + Remove unnecessary luarocks Build-Depends + Add libkvm-dev Build-Depends for kfreebsd-* + Add python(3)-neovim to Recommends. (Closes: #812737) + Declare compiance with policy 3.9.8, no changes needed. -- James McCoy Mon, 18 Apr 2016 21:42:19 -0400 neovim (0.1.2-1) experimental; urgency=medium * New upstream release * Disable debug logging to ~/.nvimlog -- James McCoy Sat, 20 Feb 2016 22:41:32 -0500 neovim (0.1.1-3) experimental; urgency=medium * Cherry-pick upstream patch to fix FTBFS with msgpack-c >= 1.4.0. -- James McCoy Sat, 23 Jan 2016 10:09:27 -0500 neovim (0.1.1-2) experimental; urgency=medium * Add nvim as an alternative for /usr/bin/editor. * Remove libselinux1-dev Build-Depends until upstream enables it again. * Add xsel | xclip to Recommends for X selection support. * Add a README.source -- James McCoy Sun, 17 Jan 2016 14:32:32 -0500 neovim (0.1.1-1) experimental; urgency=medium * Initial release. (Closes: #752264) -- James McCoy Sat, 16 Jan 2016 22:47:15 -0500