Merging debian version 2:8.1.0875-5+deb10u5.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

50 files changed, 402 insertions, 314 deletions

diff --git a/debian/changelog b/debian/changelog
index 559d764..49cb672 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+vim (2:8.1.0875-5+deb10u5) buster-security; urgency=high
+
+  * Non-maintainer upload by the LTS team.
+  * Fix CVE-2022-4141, CVE-2023-0054, CVE-2023-1175, CVE-2023-2610:
+    Multiple security vulnerabilities have been discovered in vim, an enhanced
+    vi editor. Buffer overflows and out-of-bounds reads may lead to a
+    denial-of-service (application crash) or other unspecified impact.
+
+ -- Markus Koschany <apo@debian.org>  Mon, 12 Jun 2023 16:23:03 +0200
+
 vim (2:8.1.0875-5+deb10u4progress5u1) engywuck-security; urgency=medium
 
   * Uploading to engywuck-security, remaining changes:
diff --git a/debian/patches/CVE-2022-0318.patch b/debian/patches/CVE-2022-0318.patch
index b2005a7..efe9eca 100644
--- a/debian/patches/CVE-2022-0318.patch
+++ b/debian/patches/CVE-2022-0318.patch
@@ -20,8 +20,6 @@ Backport:
    fc6ccebea668c49e9e617e0657421b6a8ed9df1e.
  * Replace expr-.. by expr-.
 
-diff --git a/src/ops.c b/src/ops.c
-index a9968024901e..e0fa344d8ee6 100644
 --- a/src/ops.c
 +++ b/src/ops.c
 @@ -629,24 +629,12 @@ block_insert(
@@ -32,6 +30,9 @@ index a9968024901e..e0fa344d8ee6 100644
 -	    int off;
 +	    /* avoid copying part of a multi-byte character */
 +	    offset -= (*mb_head_off)(oldp, oldp + offset);
++
++	if (spaces < 0)  // can happen when the cursor was moved
++	    spaces = 0;
  
 -	    /* Avoid starting halfway a multi-byte character. */
 -	    if (b_insert)
@@ -48,17 +49,12 @@ index a9968024901e..e0fa344d8ee6 100644
 -		offset -= off;
 -	    }
 -	}
-+	if (spaces < 0)  // can happen when the cursor was moved
-+	    spaces = 0;
-+
  	// Make sure the allocated size matches what is actually copied below.
  	newp = alloc_check((unsigned)(STRLEN(oldp)) + spaces + s_len
  		    + (spaces > 0 && !bdp->is_short ? p_ts - spaces : 0)
-diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
-index b438fa1e66c6..a187aa8e085e 100644
 --- a/src/testdir/test_visual.vim
 +++ b/src/testdir/test_visual.vim
-@@ -417,6 +417,15 @@
+@@ -417,6 +417,15 @@ func Test_visual_block_append_invalid_ch
    bwipe!
  endfunc
  
@@ -74,8 +70,6 @@ index b438fa1e66c6..a187aa8e085e 100644
  " CVE-2022-0361
  func Test_visual_ex_copy_line()
    new
-diff --git a/src/testdir/test_utf8.vim b/src/testdir/test_utf8.vim
-index 0210ce63c..862e73b9a 100644
 --- a/src/testdir/test_utf8.vim
 +++ b/src/testdir/test_utf8.vim
 @@ -6,7 +6,7 @@ func Test_visual_block_insert()
@@ -87,18 +81,16 @@ index 0210ce63c..862e73b9a 100644
    bwipeout!
  endfunc
  
-diff --git a/src/version.c b/src/version.c
-index 53f1619f94d4..227eaa958e2b 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -797,6 +797,10 @@ static char *(features[]) =
-     5024,
+@@ -798,6 +798,10 @@ static int included_patches[] =
  /**/
      4214,
-+/**/
+ /**/
 +    4152,
 +/**/
 +    4151,
- /**/
++/**/
      4120,
  /**/
+     1401,
diff --git a/debian/patches/CVE-2022-0319.patch b/debian/patches/CVE-2022-0319.patch
index f8c0add..680eddc 100644
--- a/debian/patches/CVE-2022-0319.patch
+++ b/debian/patches/CVE-2022-0319.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2
  src/window.c                |  5 +++++
  2 files changed, 15 insertions(+)
 
-diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
-index afeb4da..0841952 100644
 --- a/src/testdir/test_visual.vim
 +++ b/src/testdir/test_visual.vim
 @@ -3,6 +3,16 @@ if !has('visual')
@@ -29,8 +27,6 @@ index afeb4da..0841952 100644
  
  func Test_block_shift_multibyte()
    " Uses double-wide character.
-diff --git a/src/window.c b/src/window.c
-index f78fcca..7c7f580 100644
 --- a/src/window.c
 +++ b/src/window.c
 @@ -1576,6 +1576,11 @@ win_exchange(long Prenum)
diff --git a/debian/patches/CVE-2022-0351.patch b/debian/patches/CVE-2022-0351.patch
index 59d38ae..cdce98c 100644
--- a/debian/patches/CVE-2022-0351.patch
+++ b/debian/patches/CVE-2022-0351.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b8
  src/testdir/test_eval_stuff.vim |  5 +++++
  2 files changed, 15 insertions(+)
 
-diff --git a/src/eval.c b/src/eval.c
-index 3f9db7d..00c73a6 100644
 --- a/src/eval.c
 +++ b/src/eval.c
 @@ -4159,6 +4159,7 @@ eval7(
@@ -43,8 +41,6 @@ index 3f9db7d..00c73a6 100644
      return ret;
  }
  
-diff --git a/src/testdir/test_eval_stuff.vim b/src/testdir/test_eval_stuff.vim
-index f4b3598..6c48c48 100644
 --- a/src/testdir/test_eval_stuff.vim
 +++ b/src/testdir/test_eval_stuff.vim
 @@ -94,3 +94,8 @@ func Test_let_errmsg()
diff --git a/debian/patches/CVE-2022-0359.patch b/debian/patches/CVE-2022-0359.patch
index e2b8ff3..6ca8edf 100644
--- a/debian/patches/CVE-2022-0359.patch
+++ b/debian/patches/CVE-2022-0359.patch
@@ -9,8 +9,6 @@ Origin: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6c
  src/version.c                 | 2 ++
  3 files changed, 12 insertions(+), 1 deletion(-)
 
-diff --git a/src/ex_getln.c b/src/ex_getln.c
-index cba082a..328450c 100644
 --- a/src/ex_getln.c
 +++ b/src/ex_getln.c
 @@ -898,7 +898,7 @@ getcmdline_int(
@@ -22,8 +20,6 @@ index cba082a..328450c 100644
      if (ccline.cmdbuff == NULL)
  	goto theend;	// out of memory
      ccline.cmdlen = ccline.cmdpos = 0;
-diff --git a/src/testdir/test_ex_equal.vim b/src/testdir/test_ex_equal.vim
-index 03cfc46..fa00072 100644
 --- a/src/testdir/test_ex_equal.vim
 +++ b/src/testdir/test_ex_equal.vim
 @@ -43,3 +43,12 @@ func Test_open_command_flush_line()
@@ -39,16 +35,14 @@ index 03cfc46..fa00072 100644
 +  set ts=8 noai
 +  bwipe!
 +endfunc
-diff --git a/src/version.c b/src/version.c
-index 0a29ebb..586e9ca 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -791,6 +791,8 @@ static char *(features[]) =
- 
+@@ -792,6 +792,8 @@ static char *(features[]) =
  static int included_patches[] =
  {   /* Add new patch number below this line */
-+/**/
-+    4214,
  /**/
++    4214,
++/**/
      4120,
  /**/
+     1401,
diff --git a/debian/patches/CVE-2022-0361.patch b/debian/patches/CVE-2022-0361.patch
index d1354ed..dae21d1 100644
--- a/debian/patches/CVE-2022-0361.patch
+++ b/debian/patches/CVE-2022-0361.patch
@@ -8,11 +8,9 @@ Origin: https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f3
  src/testdir/test_visual.vim | 11 +++++++++++
  2 files changed, 13 insertions(+)
 
-diff --git a/src/ex_cmds.c b/src/ex_cmds.c
-index 0b732c2..b18f58c 100644
 --- a/src/ex_cmds.c
 +++ b/src/ex_cmds.c
-@@ -1074,6 +1074,8 @@ ex_copy(linenr_T line1, linenr_T line2, linenr_T n)
+@@ -1074,6 +1074,8 @@ ex_copy(linenr_T line1, linenr_T line2,
      }
  
      appended_lines_mark(n, count);
@@ -21,11 +19,9 @@ index 0b732c2..b18f58c 100644
  
      msgmore((long)count);
  }
-diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
-index 0841952..e361f97 100644
 --- a/src/testdir/test_visual.vim
 +++ b/src/testdir/test_visual.vim
-@@ -417,3 +417,14 @@ func Test_visual_block_append_invalid_char()
+@@ -417,3 +417,14 @@ func Test_visual_block_append_invalid_ch
    bwipe!
  endfunc
  
diff --git a/debian/patches/CVE-2022-0368.patch b/debian/patches/CVE-2022-0368.patch
index 23b8f91..883c57a 100644
--- a/debian/patches/CVE-2022-0368.patch
+++ b/debian/patches/CVE-2022-0368.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33b
  src/undo.c                  |  2 ++
  2 files changed, 16 insertions(+)
 
-diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
-index e361f97..1454877 100644
 --- a/src/testdir/test_visual.vim
 +++ b/src/testdir/test_visual.vim
 @@ -428,3 +428,17 @@ func Test_visual_ex_copy_line()
@@ -30,8 +28,6 @@ index e361f97..1454877 100644
 + bwipe!
 +endfunc
 +
-diff --git a/src/undo.c b/src/undo.c
-index 6b6dd47..6da9c1a 100644
 --- a/src/undo.c
 +++ b/src/undo.c
 @@ -2965,6 +2965,8 @@ u_undo_end(
diff --git a/debian/patches/CVE-2022-0392.patch b/debian/patches/CVE-2022-0392.patch
index e410044..fb8d96a 100644
--- a/debian/patches/CVE-2022-0392.patch
+++ b/debian/patches/CVE-2022-0392.patch
@@ -45,11 +45,9 @@ Solution:   When :normal runs out of characters in bracketed paste mode break
 
 Backport: drop included_patches 135 due to version bump
 
-diff --git a/src/edit.c b/src/edit.c
-index ee3caf0dad50..2b5301100ddb 100644
 --- a/src/edit.c
 +++ b/src/edit.c
-@@ -9183,7 +9183,7 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
+@@ -9183,7 +9183,7 @@ bracketed_paste(paste_mode_T mode, int d
      int		save_paste = p_paste;
  
      /* If the end code is too long we can't detect it, read everything. */
@@ -58,7 +56,7 @@ index ee3caf0dad50..2b5301100ddb 100644
  	end = NULL;
      ++no_mapping;
      allow_keys = 0;
-@@ -9201,9 +9201,9 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
+@@ -9201,9 +9201,9 @@ bracketed_paste(paste_mode_T mode, int d
  	{
  	    c = vgetc();
  	} while (c == K_IGNORE || c == K_VER_SCROLLBAR || c == K_HOR_SCROLLBAR);
@@ -70,7 +68,7 @@ index ee3caf0dad50..2b5301100ddb 100644
  	    break;
  
  	if (has_mbyte)
-@@ -9226,7 +9226,8 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
+@@ -9226,7 +9226,8 @@ bracketed_paste(paste_mode_T mode, int d
  		    break;
  
  		case PASTE_EX:
@@ -80,11 +78,9 @@ index ee3caf0dad50..2b5301100ddb 100644
  		    {
  			mch_memmove((char *)gap->ga_data + gap->ga_len,
  							     buf, (size_t)idx);
-diff --git a/src/testdir/test_paste.vim b/src/testdir/test_paste.vim
-index c94fe7c357ed..5b8d8a0e3e2d 100644
 --- a/src/testdir/test_paste.vim
 +++ b/src/testdir/test_paste.vim
-@@ -84,6 +84,16 @@
+@@ -84,6 +84,16 @@ func Test_paste_cmdline()
    call assert_equal("\"afoo\<CR>barb", getreg(':'))
  endfunc
  
@@ -101,11 +97,9 @@ index c94fe7c357ed..5b8d8a0e3e2d 100644
  func Test_paste_visual_mode()
    new
    call setline(1, 'here are some words')
-diff --git a/src/testdir/test_search.vim b/src/testdir/test_search.vim
-index 60152f602..89ca6e131 100644
 --- a/src/testdir/test_search.vim
 +++ b/src/testdir/test_search.vim
-@@ -1187,3 +1187,9 @@
+@@ -1187,3 +1187,9 @@ func Test_search_Ctrl_L_combining()
    call assert_equal(bufcontent[1], @/)
    call Incsearch_cleanup()
  endfunc
@@ -115,16 +109,14 @@ index 60152f602..89ca6e131 100644
 +  set t_PE=
 +  exe "norm /\x80PS"
 +endfunc
-diff --git a/src/version.c b/src/version.c
-index 6685b554f537..9dcf34928f8d 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -795,6 +795,8 @@ static char *(features[]) =
-     805,
+@@ -796,6 +796,8 @@ static int included_patches[] =
  /**/
      5024,
-+/**/
-+    4218,
  /**/
++    4218,
++/**/
      4214,
  /**/
+     4152,
diff --git a/debian/patches/CVE-2022-0408.patch b/debian/patches/CVE-2022-0408.patch
index dc496c3..c3b596e 100644
--- a/debian/patches/CVE-2022-0408.patch
+++ b/debian/patches/CVE-2022-0408.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f
  src/testdir/test_spell.vim | 10 ++++++++++
  2 files changed, 25 insertions(+), 2 deletions(-)
 
-diff --git a/src/spell.c b/src/spell.c
-index 05756eb..758a12e 100644
 --- a/src/spell.c
 +++ b/src/spell.c
 @@ -4191,7 +4191,7 @@ suggest_try_change(suginfo_T *su)
@@ -64,8 +62,6 @@ index 05756eb..758a12e 100644
  	    }
  	}
      }
-diff --git a/src/testdir/test_spell.vim b/src/testdir/test_spell.vim
-index 6fccc0e..0a7d8d4 100644
 --- a/src/testdir/test_spell.vim
 +++ b/src/testdir/test_spell.vim
 @@ -388,6 +388,16 @@ func Test_zeq_crash()
diff --git a/debian/patches/CVE-2022-0413.patch b/debian/patches/CVE-2022-0413.patch
index f3daa2e..208446b 100644
--- a/debian/patches/CVE-2022-0413.patch
+++ b/debian/patches/CVE-2022-0413.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e5
  src/testdir/test_substitute.vim | 17 +++++++++++++++++
  2 files changed, 32 insertions(+), 4 deletions(-)
 
-diff --git a/src/ex_cmds.c b/src/ex_cmds.c
-index b18f58c..5ad8913 100644
 --- a/src/ex_cmds.c
 +++ b/src/ex_cmds.c
 @@ -4857,6 +4857,7 @@ do_sub(exarg_T *eap)
@@ -53,8 +51,6 @@ index b18f58c..5ad8913 100644
  
      /* Restore the flag values, they can be used for ":&&". */
      subflags.do_all = save_do_all;
-diff --git a/src/testdir/test_substitute.vim b/src/testdir/test_substitute.vim
-index d84daa7..c1e8f30 100644
 --- a/src/testdir/test_substitute.vim
 +++ b/src/testdir/test_substitute.vim
 @@ -500,3 +500,20 @@ func Test_sub_cmd_8()
diff --git a/debian/patches/CVE-2022-0417.patch b/debian/patches/CVE-2022-0417.patch
index d5a99e0..0229c69 100644
--- a/debian/patches/CVE-2022-0417.patch
+++ b/debian/patches/CVE-2022-0417.patch
@@ -9,8 +9,6 @@ Origin: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f555
  src/vim.h                    |  2 ++
  3 files changed, 13 insertions(+), 7 deletions(-)
 
-diff --git a/src/option.c b/src/option.c
-index 12d903f..f7643eb 100644
 --- a/src/option.c
 +++ b/src/option.c
 @@ -9371,6 +9371,11 @@ set_num_option(
@@ -60,8 +58,6 @@ index 12d903f..f7643eb 100644
  #endif
  	}
  
-diff --git a/src/testdir/test_options.vim b/src/testdir/test_options.vim
-index 83b315d..50aae7c 100644
 --- a/src/testdir/test_options.vim
 +++ b/src/testdir/test_options.vim
 @@ -234,6 +234,8 @@ func Test_set_errors()
@@ -73,8 +69,6 @@ index 83b315d..50aae7c 100644
    call assert_fails('set textwidth=-1', 'E487:')
    call assert_fails('set timeoutlen=-1', 'E487:')
    call assert_fails('set updatecount=-1', 'E487:')
-diff --git a/src/vim.h b/src/vim.h
-index 7ee164a..dfc96bc 100644
 --- a/src/vim.h
 +++ b/src/vim.h
 @@ -1988,6 +1988,8 @@ typedef int sock_T;
diff --git a/debian/patches/CVE-2022-0443.patch b/debian/patches/CVE-2022-0443.patch
index fdf2329..aad8d0e 100644
--- a/debian/patches/CVE-2022-0443.patch
+++ b/debian/patches/CVE-2022-0443.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d4
  src/testdir/test_quickfix.vim | 16 ++++++++++++++++
  2 files changed, 26 insertions(+), 5 deletions(-)
 
-diff --git a/src/buffer.c b/src/buffer.c
-index 590a63c..4cac106 100644
 --- a/src/buffer.c
 +++ b/src/buffer.c
 @@ -1627,6 +1627,7 @@ set_curbuf(buf_T *buf, int action)
@@ -53,8 +51,6 @@ index 590a63c..4cac106 100644
      clear_string_option(&buf->b_p_vts);
      VIM_CLEAR(buf->b_p_vts_array);
  #endif
-diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
-index e7aa41e..8668224 100644
 --- a/src/testdir/test_quickfix.vim
 +++ b/src/testdir/test_quickfix.vim
 @@ -3899,3 +3899,19 @@ func Test_viscol()
diff --git a/debian/patches/CVE-2022-0554.patch b/debian/patches/CVE-2022-0554.patch
index ac5038e..9599a1b 100644
--- a/debian/patches/CVE-2022-0554.patch
+++ b/debian/patches/CVE-2022-0554.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461
  src/testdir/test_quickfix.vim | 25 +++++++++++++++++++++++++
  2 files changed, 47 insertions(+), 4 deletions(-)
 
-diff --git a/src/buffer.c b/src/buffer.c
-index 4cac106..912ace9 100644
 --- a/src/buffer.c
 +++ b/src/buffer.c
 @@ -1471,8 +1471,14 @@ do_buffer(
diff --git a/debian/patches/CVE-2022-0572.patch b/debian/patches/CVE-2022-0572.patch
index 0121992..ba05e16 100644
--- a/debian/patches/CVE-2022-0572.patch
+++ b/debian/patches/CVE-2022-0572.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa
  src/testdir/test_retab.vim | 19 +++++++++++++++++++
  2 files changed, 23 insertions(+)
 
-diff --git a/src/ex_cmds.c b/src/ex_cmds.c
-index 5ad8913..b3be24e 100644
 --- a/src/ex_cmds.c
 +++ b/src/ex_cmds.c
 @@ -821,6 +821,10 @@ ex_retab(exarg_T *eap)
diff --git a/debian/patches/CVE-2022-0629.patch b/debian/patches/CVE-2022-0629.patch
index b3348ef..7c32714 100644
--- a/debian/patches/CVE-2022-0629.patch
+++ b/debian/patches/CVE-2022-0629.patch
@@ -12,8 +12,6 @@ Solution:   Use mb_cptr2char_adv() instead of mb_ptr2char_adv().
  src/version.c               | 2 ++
  3 files changed, 11 insertions(+), 1 deletion(-)
 
-diff --git a/src/testdir/test_assert.vim b/src/testdir/test_assert.vim
-index 8987f3f8dfcd..27b2d73fbfc8 100644
 --- a/src/testdir/test_assert.vim
 +++ b/src/testdir/test_assert.vim
 @@ -35,6 +35,14 @@ func Test_assert_equal()
@@ -31,11 +29,9 @@ index 8987f3f8dfcd..27b2d73fbfc8 100644
  endfunc
  
  func Test_assert_equalfile()
-diff --git a/src/testing.c b/src/testing.c
-index 448c01c1e964..48ba14d2cafd 100644
 --- a/src/eval.c
 +++ b/src/eval.c
-@@ -101,7 +101,7 @@ ga_concat_shorten_esc(garray_T *gap, char_u *str)
+@@ -9558,7 +9558,7 @@ ga_concat_shorten_esc(garray_T *gap, cha
      {
  	same_len = 1;
  	s = p;
@@ -44,16 +40,14 @@ index 448c01c1e964..48ba14d2cafd 100644
  	clen = s - p;
  	while (*s != NUL && c == mb_ptr2char(s))
  	{
-diff --git a/src/version.c b/src/version.c
-index fb1b8476e1a6..b4983661cadc 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -795,6 +795,8 @@ static char *(features[]) =
-     805,
+@@ -796,6 +796,8 @@ static int included_patches[] =
  /**/
      5024,
-+/**/
-+    4397,
  /**/
++    4397,
++/**/
      4218,
  /**/
+     4214,
diff --git a/debian/patches/CVE-2022-0685.patch b/debian/patches/CVE-2022-0685.patch
index 14e5210..054765b 100644
--- a/debian/patches/CVE-2022-0685.patch
+++ b/debian/patches/CVE-2022-0685.patch
@@ -10,25 +10,21 @@ Origin: https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f
  src/version.c                  | 2 ++
  4 files changed, 18 insertions(+), 1 deletion(-)
 
-diff --git a/src/charset.c b/src/charset.c
-index 1fbbaee..427686d 100644
 --- a/src/charset.c
 +++ b/src/charset.c
-@@ -1672,6 +1672,12 @@ vim_isupper(int c)
-     return isupper(c);
+@@ -1673,6 +1673,12 @@ vim_isupper(int c)
  }
  
-+    int
+     int
 +vim_isalpha(int c)
 +{
 +    return vim_islower(c) || vim_isupper(c);
 +}
 +
-     int
++    int
  vim_toupper(int c)
  {
-diff --git a/src/proto/charset.pro b/src/proto/charset.pro
-index bb4132f..c078ff6 100644
+     if (c <= '@')
 --- a/src/proto/charset.pro
 +++ b/src/proto/charset.pro
 @@ -48,6 +48,7 @@ int vim_isxdigit(int c);
diff --git a/debian/patches/CVE-2022-0696.patch b/debian/patches/CVE-2022-0696.patch
index 0e1491e..95ee4cd 100644
--- a/debian/patches/CVE-2022-0696.patch
+++ b/debian/patches/CVE-2022-0696.patch
@@ -18,21 +18,17 @@ Backport: Since the old version dosn't do command line completion
 correctly, those parts are dropped and we only forbid switching the tab
 page.
 
-diff --git a/src/version.c b/src/version.c
-index c5f5c22f90ac..777476d80dce 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -795,6 +795,8 @@ static char *(features[]) =
-     805,
+@@ -796,6 +796,8 @@ static int included_patches[] =
  /**/
      5024,
-+/**/
-+    4428,
  /**/
++    4428,
++/**/
      4397,
  /**/
-diff --git a/src/window.c b/src/window.c
-index 1f5e7096047c..b00ed977fc04 100644
+     4218,
 --- a/src/window.c
 +++ b/src/window.c
 @@ -3656,6 +3656,14 @@ win_new_tabpage(int after)
diff --git a/debian/patches/CVE-2022-0714.patch b/debian/patches/CVE-2022-0714.patch
index 1b86d51..459f7fd 100644
--- a/debian/patches/CVE-2022-0714.patch
+++ b/debian/patches/CVE-2022-0714.patch
@@ -7,8 +7,6 @@ Origin: https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fd
  src/edit.c | 2 ++
  1 file changed, 2 insertions(+)
 
-diff --git a/src/edit.c b/src/edit.c
-index eac4803..df84631 100644
 --- a/src/edit.c
 +++ b/src/edit.c
 @@ -2113,6 +2113,8 @@ change_indent(
diff --git a/debian/patches/CVE-2022-0729.patch b/debian/patches/CVE-2022-0729.patch
index 7333268..79c810a 100644
--- a/debian/patches/CVE-2022-0729.patch
+++ b/debian/patches/CVE-2022-0729.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff
  src/testdir/test_regexp_utf8.vim | 8 ++++++++
  2 files changed, 13 insertions(+)
 
-diff --git a/src/regexp.c b/src/regexp.c
-index 6ad928d..33414ce 100644
 --- a/src/regexp.c
 +++ b/src/regexp.c
 @@ -5575,6 +5575,11 @@ regmatch(
@@ -24,8 +22,6 @@ index 6ad928d..33414ce 100644
  				--rex.lnum;
  				rex.line = reg_getline(rex.lnum);
  				/* Just in case regrepeat() didn't count
-diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim
-index 75485dc..378bc21 100644
 --- a/src/testdir/test_regexp_utf8.vim
 +++ b/src/testdir/test_regexp_utf8.vim
 @@ -215,4 +215,12 @@ func Test_match_invalid_byte()
diff --git a/debian/patches/CVE-2022-0943.patch b/debian/patches/CVE-2022-0943.patch
index b4870dc..b9851cd 100644
--- a/debian/patches/CVE-2022-0943.patch
+++ b/debian/patches/CVE-2022-0943.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653
  src/testdir/test_spell.vim | 17 +++++++++++++++++
  2 files changed, 21 insertions(+)
 
-diff --git a/src/spell.c b/src/spell.c
-index 758a12e..2d36953 100644
 --- a/src/spell.c
 +++ b/src/spell.c
 @@ -3259,6 +3259,10 @@ spell_suggest(int count)
@@ -23,8 +21,6 @@ index 758a12e..2d36953 100644
      }
      /* Find the start of the badly spelled word. */
      else if (spell_move_to(curwin, FORWARD, TRUE, TRUE, NULL) == 0
-diff --git a/src/testdir/test_spell.vim b/src/testdir/test_spell.vim
-index 0a7d8d4..50e2d54 100644
 --- a/src/testdir/test_spell.vim
 +++ b/src/testdir/test_spell.vim
 @@ -126,6 +126,23 @@ func Test_spellreall()
diff --git a/debian/patches/CVE-2022-1154.patch b/debian/patches/CVE-2022-1154.patch
index 42799a0..99b4175 100644
--- a/debian/patches/CVE-2022-1154.patch
+++ b/debian/patches/CVE-2022-1154.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1
  src/testdir/test_regexp_latin.vim | 14 ++++++++++++++
  2 files changed, 22 insertions(+)
 
-diff --git a/src/regexp.c b/src/regexp.c
-index 33414ce..4345df9 100644
 --- a/src/regexp.c
 +++ b/src/regexp.c
 @@ -4322,8 +4322,16 @@ regmatch(
diff --git a/debian/patches/CVE-2022-1616.patch b/debian/patches/CVE-2022-1616.patch
index 85a2ed0..512bf5e 100644
--- a/debian/patches/CVE-2022-1616.patch
+++ b/debian/patches/CVE-2022-1616.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc
  src/testdir/test_cmdline.vim | 12 ++++++++++++
  2 files changed, 15 insertions(+), 1 deletion(-)
 
-diff --git a/src/ex_docmd.c b/src/ex_docmd.c
-index 1dfa95d..bb8d719 100644
 --- a/src/ex_docmd.c
 +++ b/src/ex_docmd.c
 @@ -3116,7 +3116,7 @@ append_command(char_u *cmd)
@@ -30,8 +28,6 @@ index 1dfa95d..bb8d719 100644
  	else
  	    MB_COPY_CHAR(s, d);
      }
-diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim
-index 02eeb6b..46f18dc 100644
 --- a/src/testdir/test_cmdline.vim
 +++ b/src/testdir/test_cmdline.vim
 @@ -609,4 +609,16 @@ func Test_cmdline_overstrike()
diff --git a/debian/patches/CVE-2022-1619.patch b/debian/patches/CVE-2022-1619.patch
index 121a1b7..1015395 100644
--- a/debian/patches/CVE-2022-1619.patch
+++ b/debian/patches/CVE-2022-1619.patch
@@ -13,11 +13,9 @@ Solution:   Check already being at the start of the command line.
  src/version.c                |  2 ++
  3 files changed, 12 insertions(+), 4 deletions(-)
 
-diff --git a/src/ex_getln.c b/src/ex_getln.c
-index a97024b35171..7020f5143a01 100644
 --- a/src/ex_getln.c
 +++ b/src/ex_getln.c
-@@ -1635,10 +1635,13 @@
+@@ -1635,10 +1635,13 @@ getcmdline_int(
  		    {
  			while (p > ccline.cmdbuff && vim_isspace(p[-1]))
  			    --p;
@@ -35,15 +33,12 @@ index a97024b35171..7020f5143a01 100644
  		    }
  		    else
  			--p;
-diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim
-index 474638fb00d6..5a849f77f755 100644
 --- a/src/testdir/test_cmdline.vim
 +++ b/src/testdir/test_cmdline.vim
-@@ -641,6 +641,19 @@
-   let &lines = lines
+@@ -642,5 +642,18 @@ func Test_cmdwin_split_often()
    let &columns = columns
  endfunc
-+
+ 
 +func Test_cmdline_remove_char()
 +  let encoding_save = &encoding
 +
@@ -56,19 +51,17 @@ index 474638fb00d6..5a849f77f755 100644
 +
 +  let &encoding = encoding_save
 +endfunc
-
-
++
+ 
  set cpo&
-diff --git a/src/version.c b/src/version.c
-index 201d26f06eb9..05888c722e8e 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -795,6 +795,8 @@ static char *(features[]) =
-     805,
+@@ -796,6 +796,8 @@ static int included_patches[] =
  /**/
      5024,
-+/**/
-+    4899,
  /**/
++    4899,
++/**/
      4428,
  /**/
+     4397,
diff --git a/debian/patches/CVE-2022-1621.patch b/debian/patches/CVE-2022-1621.patch
index 29f8532..62b4eec 100644
--- a/debian/patches/CVE-2022-1621.patch
+++ b/debian/patches/CVE-2022-1621.patch
@@ -26,11 +26,9 @@ Solution:   Remove the test.
  src/version.c              | 2 ++
  2 files changed, 2 insertions(+), 8 deletions(-)
 
-diff --git a/src/mbyte.c b/src/mbyte.c
-index 2b7f9991ae14..a01a05140207 100644
 --- a/src/mbyte.c
 +++ b/src/mbyte.c
-@@ -4047,7 +4047,7 @@ utf_find_illegal(void)
+@@ -4047,7 +4047,7 @@ theend:
      convert_setup(&vimconv, NULL, NULL);
  }
  
@@ -39,8 +37,6 @@ index 2b7f9991ae14..a01a05140207 100644
  /*
   * Return TRUE if string "s" is a valid utf-8 string.
   * When "end" is NULL stop at the first NUL.
-diff --git a/src/spellfile.c b/src/spellfile.c
-index 22cf82da0872..f0d6d96a47f0 100644
 --- a/src/spellfile.c
 +++ b/src/spellfile.c
 @@ -4361,6 +4361,10 @@ store_word(
@@ -67,11 +63,9 @@ index 22cf82da0872..f0d6d96a47f0 100644
      if (idx == 0)	    /* use internal wordlist */
      {
  	if (int_wordlist == NULL)
-diff --git a/src/testdir/test_spell_utf8.vim b/src/testdir/test_spell_utf8.vim
-index 79dc3e4a4a62..17fa23555818 100644
 --- a/src/testdir/test_spell.vim
 +++ b/src/testdir/test_spell.vim
-@@ -476,16 +476,6 @@
+@@ -476,16 +476,6 @@ func RunGoodBad(good, bad, expected_word
    bwipe!
  endfunc
  
@@ -88,27 +82,25 @@ index 79dc3e4a4a62..17fa23555818 100644
  let g:test_data_aff1 = [
        \"SET ISO8859-1",
        \"TRY esianrtolcdugmphbyfvkwjkqxz-\xEB\xE9\xE8\xEA\xEF\xEE\xE4\xE0\xE2\xF6\xFC\xFB'ESIANRTOLCDUGMPHBYFVKWJKQXZ",
-@@ -936,3 +926,8 @@
+@@ -936,3 +926,8 @@ let g:test_data_aff_sal = [
        \"SAL Z                    S",
        \ ]
-
+ 
 +" Invalid bytes may cause trouble when creating the word list.
 +func Test_check_for_valid_word()
 +  call assert_fails("spellgood! 0\xac", 'E1280:')
 +endfunc
 +
-diff --git a/src/version.c b/src/version.c
-index f949dd6d7ed0..c4f5655bf6c2 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -795,6 +795,10 @@ static char *(features[]) =
-     805,
+@@ -796,6 +796,10 @@ static int included_patches[] =
  /**/
      5024,
-+/**/
+ /**/
 +    4921,
 +/**/
 +    4919,
- /**/
++/**/
      4899,
  /**/
+     4428,
diff --git a/debian/patches/CVE-2022-1720.patch b/debian/patches/CVE-2022-1720.patch
index 80855fb..71479e0 100644
--- a/debian/patches/CVE-2022-1720.patch
+++ b/debian/patches/CVE-2022-1720.patch
@@ -7,8 +7,6 @@ Origin: https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab9
  src/normal.c | 14 +++++++++++---
  1 file changed, 11 insertions(+), 3 deletions(-)
 
-diff --git a/src/normal.c b/src/normal.c
-index 2c36c15..ebda136 100644
 --- a/src/normal.c
 +++ b/src/normal.c
 @@ -5777,9 +5777,17 @@ get_visual_text(
diff --git a/debian/patches/CVE-2022-1785.patch b/debian/patches/CVE-2022-1785.patch
index 1d3817f..d3789a3 100644
--- a/debian/patches/CVE-2022-1785.patch
+++ b/debian/patches/CVE-2022-1785.patch
@@ -15,11 +15,9 @@ Solution:   Disallow changing window in substitute expression.
 Backport: Use textlock instead of textwinlock. In this version, textwinlock
  wasn't yet split out from textlock and it'll get merged back later.
 
-diff --git a/src/ex_cmds.c b/src/ex_cmds.c
-index 7e730becb48f..210e21fe7a5b 100644
 --- a/src/ex_cmds.c
 +++ b/src/ex_cmds.c
-@@ -5576,12 +5576,17 @@ ex_substitute(exarg_T *eap)
+@@ -5576,12 +5576,17 @@ do_sub(exarg_T *eap)
  		/* Save flags for recursion.  They can change for e.g.
  		 * :s/^/\=execute("s#^##gn") */
  		subflags_save = subflags;
@@ -37,7 +35,7 @@ index 7e730becb48f..210e21fe7a5b 100644
  		/* Don't keep flags set by a recursive call. */
  		subflags = subflags_save;
  		if (subflags.do_count)
-@@ -5670,9 +5675,15 @@ ex_substitute(exarg_T *eap)
+@@ -5670,9 +5675,15 @@ do_sub(exarg_T *eap)
  		mch_memmove(new_end, sub_firstline + copycol, (size_t)copy_len);
  		new_end += copy_len;
  
@@ -53,8 +51,6 @@ index 7e730becb48f..210e21fe7a5b 100644
  		sub_nsubs++;
  		did_sub = TRUE;
  
-diff --git a/src/testdir/test_substitute.vim b/src/testdir/test_substitute.vim
-index f3fd7ab1ce77..a1c324ed8d20 100644
 --- a/src/testdir/test_substitute.vim
 +++ b/src/testdir/test_substitute.vim
 @@ -517,3 +517,16 @@ func Test_using_old_sub()
@@ -74,16 +70,14 @@ index f3fd7ab1ce77..a1c324ed8d20 100644
 +  delfunc Repl
 +endfunc
 +
-diff --git a/src/version.c b/src/version.c
-index 4c63ea0771ad..782642b5d5a1 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -795,6 +795,8 @@ static char *(features[]) =
-     805,
+@@ -796,6 +796,8 @@ static int included_patches[] =
  /**/
      5024,
-+/**/
-+    4977,
  /**/
++    4977,
++/**/
      4921,
  /**/
+     4919,
diff --git a/debian/patches/CVE-2022-1851.patch b/debian/patches/CVE-2022-1851.patch
index 1b84df9..d129df1 100644
--- a/debian/patches/CVE-2022-1851.patch
+++ b/debian/patches/CVE-2022-1851.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9
  src/testdir/test_textformat.vim | 12 ++++++++++++
  2 files changed, 15 insertions(+)
 
-diff --git a/src/ops.c b/src/ops.c
-index 4c81922..84b5f90 100644
 --- a/src/ops.c
 +++ b/src/ops.c
 @@ -4778,6 +4778,9 @@ op_format(
@@ -22,8 +20,6 @@ index 4c81922..84b5f90 100644
      }
  
      if (oap->is_VIsual)
-diff --git a/src/testdir/test_textformat.vim b/src/testdir/test_textformat.vim
-index 13fb50b..508e18b 100644
 --- a/src/testdir/test_textformat.vim
 +++ b/src/testdir/test_textformat.vim
 @@ -489,3 +489,15 @@ func Test_format_list_auto()
diff --git a/debian/patches/CVE-2022-1897.patch b/debian/patches/CVE-2022-1897.patch
index 1a44481..e14fb46 100644
--- a/debian/patches/CVE-2022-1897.patch
+++ b/debian/patches/CVE-2022-1897.patch
@@ -12,15 +12,12 @@ Solution:   Disallow undo when in a substitute command.
  src/version.c                   |  2 ++
  4 files changed, 51 insertions(+), 21 deletions(-)
 
-diff --git a/src/normal.c b/src/normal.c
-index bc3e29e1abaa..53c50dc8b368 100644
 --- a/src/normal.c
 +++ b/src/normal.c
-@@ -514,6 +514,22 @@ find_command(int cmdchar)
-     return idx;
+@@ -515,6 +515,22 @@ find_command(int cmdchar)
  }
  
-+/*
+ /*
 + * If currently editing a cmdline or text is locked: beep and give an error
 + * message, return TRUE.
 + */
@@ -36,10 +33,11 @@ index bc3e29e1abaa..53c50dc8b368 100644
 +    return FALSE;
 +}
 +
- /*
++/*
   * Execute a command in Normal mode.
   */
-@@ -775,14 +791,9 @@ normal_cmd(
+     void
+@@ -775,14 +791,9 @@ getcount:
  	goto normal_end;
      }
  
@@ -57,7 +55,7 @@ index bc3e29e1abaa..53c50dc8b368 100644
  	goto normal_end;
  
      /*
-@@ -6164,12 +6175,8 @@ nv_gotofile(cmdarg_T *cap)
+@@ -6162,12 +6173,8 @@ nv_gotofile(cmdarg_T *cap)
      char_u	*ptr;
      linenr_T	lnum = -1;
  
@@ -71,7 +69,7 @@ index bc3e29e1abaa..53c50dc8b368 100644
      if (curbuf_locked())
      {
  	clearop(cap->oap);
-@@ -8330,14 +8337,7 @@ nv_g_cmd(cmdarg_T *cap)
+@@ -8328,14 +8335,7 @@ nv_g_cmd(cmdarg_T *cap)
  
      /* "gQ": improved Ex mode */
      case 'Q':
@@ -87,8 +85,6 @@ index bc3e29e1abaa..53c50dc8b368 100644
  	    do_exmode(TRUE);
  	break;
  
-diff --git a/src/testdir/test_substitute.vim b/src/testdir/test_substitute.vim
-index a1c324ed8d20..c8df09f4ec1e 100644
 --- a/src/testdir/test_substitute.vim
 +++ b/src/testdir/test_substitute.vim
 @@ -530,3 +530,25 @@ func Test_sub_change_window()
@@ -117,8 +113,6 @@ index a1c324ed8d20..c8df09f4ec1e 100644
 +  delfunc Repl
 +endfunc
 +
-diff --git a/src/undo.c b/src/undo.c
-index cac09f0f58df..81cc28e8b801 100644
 --- a/src/undo.c
 +++ b/src/undo.c
 @@ -2278,6 +2278,12 @@ undo_time(
@@ -134,16 +128,14 @@ index cac09f0f58df..81cc28e8b801 100644
      /* First make sure the current undoable change is synced. */
      if (curbuf->b_u_synced == FALSE)
  	u_sync(TRUE);
-diff --git a/src/version.c b/src/version.c
-index 9751865c7adf..cd6c33162204 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -795,6 +795,8 @@ static char *(features[]) =
-     805,
+@@ -796,6 +796,8 @@ static int included_patches[] =
  /**/
      5024,
-+/**/
-+    5023,
  /**/
++    5023,
++/**/
      4977,
  /**/
+     4921,
diff --git a/debian/patches/CVE-2022-1898.patch b/debian/patches/CVE-2022-1898.patch
index c5817ba..60ca549 100644
--- a/debian/patches/CVE-2022-1898.patch
+++ b/debian/patches/CVE-2022-1898.patch
@@ -9,8 +9,6 @@ Origin: https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc98067
  src/version.c                | 2 ++
  3 files changed, 14 insertions(+)
 
-diff --git a/src/normal.c b/src/normal.c
-index ebda136..c3b6897 100644
 --- a/src/normal.c
 +++ b/src/normal.c
 @@ -6426,6 +6426,11 @@ nv_brackets(cmdarg_T *cap)
@@ -33,8 +31,6 @@ index ebda136..c3b6897 100644
  	    curwin->w_set_curswant = TRUE;
  	}
      }
-diff --git a/src/testdir/test_tagjump.vim b/src/testdir/test_tagjump.vim
-index ae47a69..da4af2f 100644
 --- a/src/testdir/test_tagjump.vim
 +++ b/src/testdir/test_tagjump.vim
 @@ -255,6 +255,12 @@ func Test_tagjump_etags()
@@ -50,16 +46,14 @@ index ae47a69..da4af2f 100644
  endfunc
  
  " Test for getting and modifying the tag stack
-diff --git a/src/version.c b/src/version.c
-index 586e9ca..cd174b0 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -791,6 +791,8 @@ static char *(features[]) =
- 
+@@ -792,6 +792,8 @@ static char *(features[]) =
  static int included_patches[] =
  {   /* Add new patch number below this line */
-+/**/
-+    5024,
  /**/
++    5024,
++/**/
      4214,
  /**/
+     4120,
diff --git a/debian/patches/CVE-2022-1942.patch b/debian/patches/CVE-2022-1942.patch
index e2f5b9c..7b91963 100644
--- a/debian/patches/CVE-2022-1942.patch
+++ b/debian/patches/CVE-2022-1942.patch
@@ -20,8 +20,6 @@ Backport: Drop test case, because the expected E565 was only introduced in
  8.2.0670 and the testcase does not otherwise fail or issue messages in
  valgrind.
 
-diff --git a/src/buffer.c b/src/buffer.c
-index efec431c822d..e775398d0294 100644
 --- a/src/buffer.c
 +++ b/src/buffer.c
 @@ -2297,12 +2297,7 @@ buflist_getfile(
@@ -38,15 +36,12 @@ index efec431c822d..e775398d0294 100644
  	return FAIL;
  
      /* altfpos may be changed by getfile(), get it now */
-diff --git a/src/ex_getln.c b/src/ex_getln.c
-index 9dadfbf2fabe..623bd1d4984a 100644
 --- a/src/ex_getln.c
 +++ b/src/ex_getln.c
-@@ -2589,6 +2589,21 @@ get_text_locked_msg(void)
-     return e_secure;
+@@ -2590,6 +2590,21 @@ get_text_locked_msg(void)
  }
  
-+/*
+ /*
 + * Check for text, window or buffer locked.
 + * Give an error message and return TRUE if something is locked.
 + */
@@ -61,9 +56,10 @@ index 9dadfbf2fabe..623bd1d4984a 100644
 +    return curbuf_locked();
 +}
 +
- /*
++/*
   * Check if "curbuf_lock" or "allbuf_lock" is set and return TRUE when it is
   * and give an error message.
+  */
 @@ -7188,6 +7203,10 @@ open_cmdwin(void)
      int			save_KeyTyped;
  #endif
@@ -75,11 +71,9 @@ index 9dadfbf2fabe..623bd1d4984a 100644
      /* Can't do this recursively.  Can't do it when typing a password. */
      if (cmdwin_type != 0
  # if defined(FEAT_CRYPT) || defined(FEAT_EVAL)
-diff --git a/src/proto/ex_getln.pro b/src/proto/ex_getln.pro
-index 8c8bd0ebd4cd..bcc310c7dd0e 100644
 --- a/src/proto/ex_getln.pro
 +++ b/src/proto/ex_getln.pro
-@@ -5,6 +5,7 @@
+@@ -5,6 +5,7 @@ char_u *getcmdline_prompt(int firstc, ch
  int text_locked(void);
  void text_locked_msg(void);
  char *get_text_locked_msg(void);
@@ -87,27 +81,23 @@ index 8c8bd0ebd4cd..bcc310c7dd0e 100644
  int curbuf_locked(void);
  int allbuf_locked(void);
  char_u *getexline(int c, void *cookie, int indent);
-diff --git a/src/version.c b/src/version.c
-index 18a1fdb41cb6..a15bb3ed8d6a 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -791,6 +791,8 @@ static char *(features[]) =
- 
+@@ -792,6 +792,8 @@ static char *(features[]) =
  static int included_patches[] =
  {   /* Add new patch number below this line */
-+/**/
-+    5043,
  /**/
++    5043,
++/**/
      805,
  /**/
-diff --git a/src/window.c b/src/window.c
-index f2913d4a76ef..9b5ac97286cd 100644
+     5024,
 --- a/src/window.c
 +++ b/src/window.c
 @@ -4173,14 +4173,11 @@ win_goto(win_T *wp)
      win_T	*owp = curwin;
  #endif
-
+ 
 -    if (text_locked())
 +    if (text_or_buf_locked())
      {
diff --git a/debian/patches/CVE-2022-2000.patch b/debian/patches/CVE-2022-2000.patch
index 7f1a1e6..e3fa6e2 100644
--- a/debian/patches/CVE-2022-2000.patch
+++ b/debian/patches/CVE-2022-2000.patch
@@ -12,11 +12,9 @@ Solution:   Truncate the message.
  src/version.c                |  2 ++
  3 files changed, 17 insertions(+), 2 deletions(-)
 
-diff --git a/src/ex_docmd.c b/src/ex_docmd.c
-index cfb40e8d5cfa..634a1bcef566 100644
 --- a/src/ex_docmd.c
 +++ b/src/ex_docmd.c
-@@ -3111,9 +3111,17 @@ parse_cmd_address(exarg_T *eap, char **errormsg, int silent)
+@@ -3111,9 +3111,17 @@ checkforcmd(
      static void
  append_command(char_u *cmd)
  {
@@ -36,13 +34,11 @@ index cfb40e8d5cfa..634a1bcef566 100644
      STRCAT(IObuff, ": ");
      d = IObuff + STRLEN(IObuff);
      while (*s != NUL && d - IObuff + 5 < IOSIZE)
-diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim
-index 77965b3f65a3..2289c343e9f8 100644
 --- a/src/testdir/test_cmdline.vim
 +++ b/src/testdir/test_cmdline.vim
-@@ -657,3 +657,9 @@
-
-
+@@ -657,3 +657,9 @@ endfunc
+ 
+ 
  set cpo&
 +
 +func Test_long_error_message()
@@ -50,16 +46,14 @@ index 77965b3f65a3..2289c343e9f8 100644
 +  silent! norm Q00000000000000     000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000                                                                                                                                                                                                                        
 +endfunc
 +
-diff --git a/src/version.c b/src/version.c
-index 542028606dde..dd585c81afe9 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -791,6 +791,8 @@ static char *(features[]) =
- 
+@@ -792,6 +792,8 @@ static char *(features[]) =
  static int included_patches[] =
  {   /* Add new patch number below this line */
-+/**/
-+    5063,
  /**/
++    5063,
++/**/
      5043,
  /**/
+     805,
diff --git a/debian/patches/CVE-2022-2129.patch b/debian/patches/CVE-2022-2129.patch
index 70bdd57..96e8d05 100644
--- a/debian/patches/CVE-2022-2129.patch
+++ b/debian/patches/CVE-2022-2129.patch
@@ -11,8 +11,6 @@ Solution:   Disallow switching buffers in a substitute expression.
  src/version.c                   |  2 ++
  3 files changed, 19 insertions(+), 3 deletions(-)
 
-diff --git a/src/ex_docmd.c b/src/ex_docmd.c
-index fed9330b52e9..1185cd1550a6 100644
 --- a/src/ex_docmd.c
 +++ b/src/ex_docmd.c
 @@ -8778,9 +8778,10 @@ do_exedit(
@@ -29,11 +27,9 @@ index fed9330b52e9..1185cd1550a6 100644
  	    return;
  
  	n = readonlymode;
-diff --git a/src/testdir/test_substitute.vim b/src/testdir/test_substitute.vim
-index 46ea95513192..c056fa965692 100644
 --- a/src/testdir/test_substitute.vim
 +++ b/src/testdir/test_substitute.vim
-@@ -552,3 +552,16 @@
+@@ -552,3 +552,16 @@ func Test_sub_undo_change()
    delfunc Repl
  endfunc
  
@@ -50,16 +46,14 @@ index 46ea95513192..c056fa965692 100644
 +  bwipe!
 +endfunc
 +
-diff --git a/src/version.c b/src/version.c
-index 82ac4eaf2dd9..2f397ae315f7 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -791,6 +791,8 @@ static char *(features[]) =
- 
+@@ -792,6 +792,8 @@ static char *(features[]) =
  static int included_patches[] =
  {   /* Add new patch number below this line */
-+/**/
-+    5126,
  /**/
++    5126,
++/**/
      5063,
  /**/
+     5043,
diff --git a/debian/patches/CVE-2022-2285.patch b/debian/patches/CVE-2022-2285.patch
index 5105f02..db103c6 100644
--- a/debian/patches/CVE-2022-2285.patch
+++ b/debian/patches/CVE-2022-2285.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036
  src/testdir/test_mapping.vim | 10 ++++++++++
  2 files changed, 11 insertions(+)
 
-diff --git a/src/term.c b/src/term.c
-index 47d2bda..bc46ed9 100644
 --- a/src/term.c
 +++ b/src/term.c
 @@ -4440,6 +4440,7 @@ check_termcode(
@@ -20,8 +18,6 @@ index 47d2bda..bc46ed9 100644
  	key_name[0] = NUL;	/* no key name found yet */
  	key_name[1] = NUL;	/* no key name found yet */
  	modifiers = 0;		/* no modifiers yet */
-diff --git a/src/testdir/test_mapping.vim b/src/testdir/test_mapping.vim
-index c454fc0..3c81bb5 100644
 --- a/src/testdir/test_mapping.vim
 +++ b/src/testdir/test_mapping.vim
 @@ -318,3 +318,13 @@ func Test_motionforce_omap()
diff --git a/debian/patches/CVE-2022-2304.patch b/debian/patches/CVE-2022-2304.patch
index a76927d..4ba628d 100644
--- a/debian/patches/CVE-2022-2304.patch
+++ b/debian/patches/CVE-2022-2304.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e709
  src/testdir/test_spell.vim | 14 ++++++++++++++
  2 files changed, 17 insertions(+), 2 deletions(-)
 
-diff --git a/src/spell.c b/src/spell.c
-index 2d36953..3d9e7c8 100644
 --- a/src/spell.c
 +++ b/src/spell.c
 @@ -8505,9 +8505,10 @@ spell_dump_compl(
@@ -25,8 +23,6 @@ index 2d36953..3d9e7c8 100644
  			 * Don't use keep-case words in the fold-case tree,
  			 * they will appear in the keep-case tree.
  			 * Only use the word when the region matches. */
-diff --git a/src/testdir/test_spell.vim b/src/testdir/test_spell.vim
-index 50e2d54..afbb6d8 100644
 --- a/src/testdir/test_spell.vim
 +++ b/src/testdir/test_spell.vim
 @@ -260,6 +260,19 @@ func Test_zz_compound()
diff --git a/debian/patches/CVE-2022-2598.patch b/debian/patches/CVE-2022-2598.patch
index d7732d4..a4d6886 100644
--- a/debian/patches/CVE-2022-2598.patch
+++ b/debian/patches/CVE-2022-2598.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf0554
  src/testdir/test_diffmode.vim | 15 +++++++++++++++
  2 files changed, 21 insertions(+), 3 deletions(-)
 
-diff --git a/src/diff.c b/src/diff.c
-index d368f96..745cb87 100644
 --- a/src/diff.c
 +++ b/src/diff.c
 @@ -451,7 +451,10 @@ diff_mark_adjust_tp(
@@ -35,8 +33,6 @@ index d368f96..745cb87 100644
  	    }
  	    for (i = 0; i < dp->df_count[idx_from] - start_skip - end_skip; ++i)
  	    {
-diff --git a/src/testdir/test_diffmode.vim b/src/testdir/test_diffmode.vim
-index 84fb451..3ced8cd 100644
 --- a/src/testdir/test_diffmode.vim
 +++ b/src/testdir/test_diffmode.vim
 @@ -913,3 +913,18 @@ func Test_diff_of_diff()
diff --git a/debian/patches/CVE-2022-2946.patch b/debian/patches/CVE-2022-2946.patch
index b3dadb9..05aa8c1 100644
--- a/debian/patches/CVE-2022-2946.patch
+++ b/debian/patches/CVE-2022-2946.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e751576
  src/testdir/test_tagcase.vim | 12 ++++++++++++
  2 files changed, 20 insertions(+), 1 deletion(-)
 
-diff --git a/src/tag.c b/src/tag.c
-index b1915e1..4e96da3 100644
 --- a/src/tag.c
 +++ b/src/tag.c
 @@ -146,6 +146,7 @@ do_tag(
diff --git a/debian/patches/CVE-2022-3099.patch b/debian/patches/CVE-2022-3099.patch
index 1dd5203..aecab0b 100644
--- a/debian/patches/CVE-2022-3099.patch
+++ b/debian/patches/CVE-2022-3099.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c589
  src/testdir/test_eval_stuff.vim | 14 ++++++++++++++
  2 files changed, 15 insertions(+), 1 deletion(-)
 
-diff --git a/src/ex_docmd.c b/src/ex_docmd.c
-index bb8d719..5321962 100644
 --- a/src/ex_docmd.c
 +++ b/src/ex_docmd.c
 @@ -1109,7 +1109,7 @@ do_cmdline(
diff --git a/debian/patches/CVE-2022-3134.patch b/debian/patches/CVE-2022-3134.patch
index 16f8949..e7eaae6 100644
--- a/debian/patches/CVE-2022-3134.patch
+++ b/debian/patches/CVE-2022-3134.patch
@@ -7,8 +7,6 @@ Origin: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b8
  src/tag.c | 9 +++++++++
  1 file changed, 9 insertions(+)
 
-diff --git a/src/tag.c b/src/tag.c
-index 4e96da3..6fcd6ee 100644
 --- a/src/tag.c
 +++ b/src/tag.c
 @@ -539,6 +539,15 @@ do_tag(
diff --git a/debian/patches/CVE-2022-3234.patch b/debian/patches/CVE-2022-3234.patch
index 16207d5..28e5d63 100644
--- a/debian/patches/CVE-2022-3234.patch
+++ b/debian/patches/CVE-2022-3234.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e
  src/testdir/test_virtualedit.vim | 14 ++++++++++++++
  2 files changed, 24 insertions(+), 2 deletions(-)
 
-diff --git a/src/ops.c b/src/ops.c
-index 84b5f90..c2319b1 100644
 --- a/src/ops.c
 +++ b/src/ops.c
 @@ -2295,6 +2295,8 @@ op_replace(oparg_T *oap, int c)
@@ -47,8 +45,6 @@ index 84b5f90..c2319b1 100644
  	    {
  		int virtcols = oap->end.coladd;
  
-diff --git a/src/testdir/test_virtualedit.vim b/src/testdir/test_virtualedit.vim
-index 67adede..6b8fdfd 100644
 --- a/src/testdir/test_virtualedit.vim
 +++ b/src/testdir/test_virtualedit.vim
 @@ -73,3 +73,17 @@ func Test_edit_CTRL_G()
diff --git a/debian/patches/CVE-2022-3235.patch b/debian/patches/CVE-2022-3235.patch
index fc3e20e..d18b7a1 100644
--- a/debian/patches/CVE-2022-3235.patch
+++ b/debian/patches/CVE-2022-3235.patch
@@ -14,8 +14,6 @@ Solution:   Make sure pointer to b_p_iminsert is still valid.
 
 Backport: rewrote b_im_ptr handling
 
-diff --git a/src/ex_getln.c b/src/ex_getln.c
-index 70436b31f05e..a4fb61145c96 100644
 --- a/src/ex_getln.c
 +++ b/src/ex_getln.c
 @@ -858,6 +858,7 @@ getcmdline_int(
@@ -67,7 +65,7 @@ index 70436b31f05e..a4fb61145c96 100644
  		{
  		    if (b_im_ptr == &curbuf->b_p_iminsert)
  			set_iminsert_global();
-@@ -2476,7 +2478,8 @@ getcmdline_int(
+@@ -2476,7 +2478,8 @@ returncmd:
  
      State = save_State;
  #ifdef HAVE_INPUT_METHOD
@@ -77,11 +75,9 @@ index 70436b31f05e..a4fb61145c96 100644
  	im_save_status(b_im_ptr);
      im_set_active(FALSE);
  #endif
-diff --git a/src/testdir/test_cmdwin.vim b/src/testdir/test_cmdwin.vim
-index d62673aba254..fe849bcc1686 100644
 --- /dev/null
 +++ b/src/testdir/test_cmdwin.vim
-@@ -0,0 +0,12 @@
+@@ -0,0 +1,12 @@
 +" This was using a pointer to a freed buffer
 +func Test_cmdwin_freed_buffer_ptr()
 +  au BufEnter * next 0| file 
@@ -96,7 +92,7 @@ index d62673aba254..fe849bcc1686 100644
 +" vim: shiftwidth=2 sts=2 expandtab
 --- a/src/testdir/Make_all.mak
 +++ b/src/testdir/Make_all.mak
-@@ -89,6 +89,7 @@
+@@ -89,6 +89,7 @@ NEW_TESTS = \
  	test_clientserver \
  	test_close_count \
  	test_cmdline \
@@ -106,7 +102,7 @@ index d62673aba254..fe849bcc1686 100644
  	test_compiler \
 --- a/src/version.c
 +++ b/src/version.c
-@@ -2618,6 +2618,7 @@
+@@ -2618,6 +2618,7 @@ static char *(extra_patches[]) =
      "8.2.3403",
      "8.2.3409",
      "8.2.3428",
diff --git a/debian/patches/CVE-2022-3256.patch b/debian/patches/CVE-2022-3256.patch
index ab1abab..9cbaf88 100644
--- a/debian/patches/CVE-2022-3256.patch
+++ b/debian/patches/CVE-2022-3256.patch
@@ -11,8 +11,6 @@ Solution:   Copy the mark before editing another buffer.
  src/version.c              |  2 ++
  3 files changed, 22 insertions(+), 5 deletions(-)
 
-diff --git a/src/mark.c b/src/mark.c
-index ade5a1087b7d..584db033d3ca 100644
 --- a/src/mark.c
 +++ b/src/mark.c
 @@ -252,17 +252,19 @@ movemark(int count)
@@ -40,11 +38,9 @@ index ade5a1087b7d..584db033d3ca 100644
  	    pos = (pos_T *)-1;
  	}
  	else
-diff --git a/src/testdir/test_marks.vim b/src/testdir/test_marks.vim
-index 12501a3aba07..20fb3041f244 100644
 --- a/src/testdir/test_marks.vim
 +++ b/src/testdir/test_marks.vim
-@@ -174,3 +174,16 @@ func Test_getmarklist()
+@@ -174,3 +174,16 @@ func Test_mark_error()
    call assert_fails('mark xx', 'E488:')
    call assert_fails('mark _', 'E191:')
  endfunc
@@ -63,7 +59,7 @@ index 12501a3aba07..20fb3041f244 100644
 +
 --- a/src/version.c
 +++ b/src/version.c
-@@ -2619,6 +2619,7 @@
+@@ -2619,6 +2619,7 @@ static char *(extra_patches[]) =
      "8.2.3409",
      "8.2.3428",
      "9.0.0490",
diff --git a/debian/patches/CVE-2022-3324.patch b/debian/patches/CVE-2022-3324.patch
index 59b60e6..f3e50d5 100644
--- a/debian/patches/CVE-2022-3324.patch
+++ b/debian/patches/CVE-2022-3324.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bf
  src/window.c                 |  5 ++++-
  2 files changed, 26 insertions(+), 1 deletion(-)
 
-diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim
-index 3878637..4a35201 100644
 --- a/src/testdir/test_cmdline.vim
 +++ b/src/testdir/test_cmdline.vim
 @@ -620,5 +620,27 @@ func Test_report_error_with_composing()
@@ -40,8 +38,6 @@ index 3878637..4a35201 100644
 +
  
  set cpo&
-diff --git a/src/window.c b/src/window.c
-index 7c7f580..c4d97d6 100644
 --- a/src/window.c
 +++ b/src/window.c
 @@ -1945,6 +1945,8 @@ win_equal_rec(
@@ -53,7 +49,7 @@ index 7c7f580..c4d97d6 100644
  		    new_size += next_curwin_size;
  		    room -= new_size - next_curwin_size;
  		}
-@@ -5899,7 +5901,8 @@ scroll_to_fraction(win_T *wp, int prev_height)
+@@ -5899,7 +5901,8 @@ scroll_to_fraction(win_T *wp, int prev_h
      void
  win_new_width(win_T *wp, int width)
  {
diff --git a/debian/patches/CVE-2022-3352.patch b/debian/patches/CVE-2022-3352.patch
index f55e40d..e5808ef 100644
--- a/debian/patches/CVE-2022-3352.patch
+++ b/debian/patches/CVE-2022-3352.patch
@@ -14,8 +14,6 @@ Solution:   Disallow deleting the current buffer to avoid using freed memory.
 
 Backport: src/buffer.c isn't vulnerable yet
 
-diff --git a/src/spell.c b/src/spell.c
-index 628814fe6db3..975b5a6789a9 100644
 --- a/src/spell.c
 +++ b/src/spell.c
 @@ -1813,6 +1813,10 @@ spell_load_lang(char_u *lang)
@@ -38,11 +36,9 @@ index 628814fe6db3..975b5a6789a9 100644
  }
  
  /*
-diff --git a/src/testdir/test_autocmd.vim b/src/testdir/test_autocmd.vim
-index 86732f15dbe4..70f0f553a226 100644
 --- a/src/testdir/test_autocmd.vim
 +++ b/src/testdir/test_autocmd.vim
-@@ -1416,3 +1416,14 @@
+@@ -1416,3 +1416,14 @@ func Test_Changed_FirstTime()
  endfunc
  
  " FileChangedShell tested in test_filechanged.vim
@@ -59,7 +55,7 @@ index 86732f15dbe4..70f0f553a226 100644
 +
 --- a/src/version.c
 +++ b/src/version.c
-@@ -2620,6 +2620,7 @@
+@@ -2620,6 +2620,7 @@ static char *(extra_patches[]) =
      "8.2.3428",
      "9.0.0490",
      "9.0.0530",
diff --git a/debian/patches/CVE-2022-3705.patch b/debian/patches/CVE-2022-3705.patch
index febdb59..531ba7c 100644
--- a/debian/patches/CVE-2022-3705.patch
+++ b/debian/patches/CVE-2022-3705.patch
@@ -9,11 +9,9 @@ Origin: https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e7
  src/version.c                 |  2 ++
  3 files changed, 23 insertions(+)
 
-diff --git a/src/quickfix.c b/src/quickfix.c
-index 3bfa027..d6f773b 100644
 --- a/src/quickfix.c
 +++ b/src/quickfix.c
-@@ -4274,6 +4274,9 @@ qf_update_buffer(qf_info_T *qi, qfline_T *old_last)
+@@ -4274,6 +4274,9 @@ qf_update_buffer(qf_info_T *qi, qfline_T
  	// when the added lines are not visible.
  	if ((win = qf_find_win(qi)) != NULL && old_line_count < win->w_botline)
  	    redraw_buf_later(buf, NOT_VALID);
@@ -23,7 +21,7 @@ index 3bfa027..d6f773b 100644
      }
  }
  
-@@ -4408,6 +4411,9 @@ qf_fill_buffer(qf_info_T *qi, buf_T *buf, qfline_T *old_last)
+@@ -4408,6 +4411,9 @@ qf_fill_buffer(qf_info_T *qi, buf_T *buf
  		break;
  	}
  
@@ -33,11 +31,9 @@ index 3bfa027..d6f773b 100644
  	if (old_last == NULL)
  	    // Delete the empty line which is now at the end
  	    (void)ml_delete(lnum + 1, FALSE);
-diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
-index 2e5fffa..860e417 100644
 --- a/src/testdir/test_quickfix.vim
 +++ b/src/testdir/test_quickfix.vim
-@@ -3931,3 +3931,18 @@ func Test_lopen_bwipe()
+@@ -3915,3 +3915,18 @@ func Test_lopen_bwipe()
    delfunc R
  endfunc
  
@@ -56,16 +52,14 @@ index 2e5fffa..860e417 100644
 +  augroup END
 +endfunc
 +
-diff --git a/src/version.c b/src/version.c
-index cd174b0..28f8753 100644
 --- a/src/version.c
 +++ b/src/version.c
-@@ -791,6 +791,8 @@ static char *(features[]) =
- 
+@@ -792,6 +792,8 @@ static char *(features[]) =
  static int included_patches[] =
  {   /* Add new patch number below this line */
-+/**/
-+    805,
  /**/
++    805,
++/**/
      5024,
  /**/
+     4214,
diff --git a/debian/patches/CVE-2022-4141.patch b/debian/patches/CVE-2022-4141.patch
new file mode 100644
index 0000000..e537b7f
--- /dev/null
+++ b/debian/patches/CVE-2022-4141.patch
@@ -0,0 +1,140 @@
+From: Markus Koschany <apo@debian.org>
+Date: Sun, 11 Jun 2023 13:46:58 +0200
+Subject: CVE-2022-4141
+
+Bug-Debian: https://bugs.debian.org/1027146
+Origin: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5
+---
+ src/normal.c                    | 35 ++++++++++++++++++++++++++---------
+ src/proto/normal.pro            |  1 +
+ src/testdir/test_substitute.vim | 20 ++++++++++++++++++++
+ src/window.c                    |  4 +++-
+ 4 files changed, 50 insertions(+), 10 deletions(-)
+
+diff --git a/src/normal.c b/src/normal.c
+index 8f92b9c..ee2233d 100644
+--- a/src/normal.c
++++ b/src/normal.c
+@@ -523,13 +523,36 @@ check_text_locked(oparg_T *oap)
+ {
+     if (text_locked())
+     {
+-	clearopbeep(oap);
++	if (oap != NULL)
++	    clearopbeep(oap);
+ 	text_locked_msg();
+ 	return TRUE;
+     }
+     return FALSE;
+ }
+ 
++/*
++ * If text is locked, "curbuf_lock" or "allbuf_lock" is set:
++ * Give an error message, possibly beep and return TRUE.
++ * "oap" may be NULL.
++ */
++    int
++check_text_or_curbuf_locked(oparg_T *oap)
++{
++    if (check_text_locked(oap))
++	return TRUE;
++
++#ifdef FEAT_AUTOCMD
++    if (curbuf_locked())
++    {
++	if (oap != NULL)
++	    clearop(oap);
++	return TRUE;
++    }
++#endif
++    return FALSE;
++}
++
+ /*
+  * Execute a command in Normal mode.
+  */
+@@ -791,8 +814,7 @@ getcount:
+ 	goto normal_end;
+     }
+ 
+-    if ((nv_cmds[idx].cmd_flags & NV_NCW)
+-				&& (check_text_locked(oap) || curbuf_locked()))
++    if ((nv_cmds[idx].cmd_flags & NV_NCW) && check_text_or_curbuf_locked(oap))
+ 	/* this command is not allowed now */
+ 	goto normal_end;
+ 
+@@ -6173,13 +6195,8 @@ nv_gotofile(cmdarg_T *cap)
+     char_u	*ptr;
+     linenr_T	lnum = -1;
+ 
+-    if (check_text_locked(cap->oap))
++    if (check_text_or_curbuf_locked(cap->oap))
+ 	return;
+-    if (curbuf_locked())
+-    {
+-	clearop(cap->oap);
+-	return;
+-    }
+ 
+     ptr = grab_file_name(cap->count1, &lnum);
+ 
+diff --git a/src/proto/normal.pro b/src/proto/normal.pro
+index 55d12bb..cc81ff9 100644
+--- a/src/proto/normal.pro
++++ b/src/proto/normal.pro
+@@ -1,4 +1,5 @@
+ /* normal.c */
++int check_text_or_curbuf_locked(oparg_T *oap);
+ void init_normal_cmds(void);
+ void normal_cmd(oparg_T *oap, int toplevel);
+ void do_pending_operator(cmdarg_T *cap, int old_col, int gui_yank);
+diff --git a/src/testdir/test_substitute.vim b/src/testdir/test_substitute.vim
+index 9ab0adb..d78b036 100644
+--- a/src/testdir/test_substitute.vim
++++ b/src/testdir/test_substitute.vim
+@@ -565,3 +565,23 @@ func Test_sub_edit_scriptfile()
+   bwipe!
+ endfunc
+ 
++" This was editing another file from the expression.
++func Test_sub_expr_goto_other_file()
++  call writefile([''], 'Xfileone', 'D')
++  enew!
++  call setline(1, ['a', 'b', 'c', 'd',
++	\ 'Xfileone zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'])
++
++  func g:SplitGotoFile()
++    exe "sil! norm 0\<C-W>gf"
++    return ''
++  endfunc
++
++  $
++  s/\%')/\=g:SplitGotoFile()
++
++  delfunc g:SplitGotoFile
++  bwipe!
++endfunc
++
++
+diff --git a/src/window.c b/src/window.c
+index 7f51c1b..82ece3e 100644
+--- a/src/window.c
++++ b/src/window.c
+@@ -478,6 +478,8 @@ newwindow:
+     case Ctrl_F:
+ wingotofile:
+ 		CHECK_CMDWIN;
++		if (check_text_or_curbuf_locked(NULL))
++		    break;
+ 
+ 		ptr = grab_file_name(Prenum1, &lnum);
+ 		if (ptr != NULL)
+@@ -757,7 +759,7 @@ win_split(int size, int flags)
+  * When "new_wp" is NULL: split the current window in two.
+  * When "new_wp" is not NULL: insert this window at the far
+  * top/left/right/bottom.
+- * return FAIL for failure, OK otherwise
++ * Return FAIL for failure, OK otherwise.
+  */
+     int
+ win_split_ins(
diff --git a/debian/patches/CVE-2023-0054.patch b/debian/patches/CVE-2023-0054.patch
new file mode 100644
index 0000000..1bb31bb
--- /dev/null
+++ b/debian/patches/CVE-2023-0054.patch
@@ -0,0 +1,26 @@
+From: Markus Koschany <apo@debian.org>
+Date: Sun, 11 Jun 2023 13:48:33 +0200
+Subject: CVE-2023-0054
+
+Bug-Debian: https://bugs.debian.org/1031875
+Origin: https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731
+---
+ src/eval.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/eval.c b/src/eval.c
+index 659f35c..f22b0ae 100644
+--- a/src/eval.c
++++ b/src/eval.c
+@@ -10612,6 +10612,11 @@ do_string_sub(
+ 	     * - The text after the match.
+ 	     */
+ 	    sublen = vim_regsub(&regmatch, sub, expr, tail, FALSE, TRUE, FALSE);
++	    if (sublen <= 0)
++	    {
++		ga_clear(&ga);
++		break;
++	    }
+ 	    if (ga_grow(&ga, (int)((end - tail) + sublen -
+ 			    (regmatch.endp[0] - regmatch.startp[0]))) == FAIL)
+ 	    {
diff --git a/debian/patches/CVE-2023-1175.patch b/debian/patches/CVE-2023-1175.patch
new file mode 100644
index 0000000..0bc1497
--- /dev/null
+++ b/debian/patches/CVE-2023-1175.patch
@@ -0,0 +1,41 @@
+From: Markus Koschany <apo@debian.org>
+Date: Sun, 11 Jun 2023 13:56:10 +0200
+Subject: CVE-2023-1175
+
+Origin: https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba
+---
+ src/ops.c                        |  2 ++
+ src/testdir/test_virtualedit.vim | 10 ++++++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/src/ops.c b/src/ops.c
+index 50d5af9..45e6308 100644
+--- a/src/ops.c
++++ b/src/ops.c
+@@ -3119,6 +3119,8 @@ op_yank(oparg_T *oap, int deleting, int mess)
+ 				 * double-count it. */
+ 				bd.startspaces = (ce - cs + 1)
+ 							  - oap->start.coladd;
++				if (bd.startspaces < 0)
++				    bd.startspaces = 0;
+ 				startcol++;
+ 			    }
+ 			}
+diff --git a/src/testdir/test_virtualedit.vim b/src/testdir/test_virtualedit.vim
+index 6b8fdfd..c2a9403 100644
+--- a/src/testdir/test_virtualedit.vim
++++ b/src/testdir/test_virtualedit.vim
+@@ -87,3 +87,13 @@ func Test_virtualedit_replace_after_tab()
+   bwipe!
+ endfunc
+ 
++func Test_edit_special_char()
++  new
++  se ve=all
++  norm a0
++  sil! exe "norm o00000\<Nul>k<a0s"
++
++  bwipe!
++  set virtualedit=
++endfunc
++
diff --git a/debian/patches/CVE-2023-2610.patch b/debian/patches/CVE-2023-2610.patch
new file mode 100644
index 0000000..085b7b9
--- /dev/null
+++ b/debian/patches/CVE-2023-2610.patch
@@ -0,0 +1,68 @@
+From: Markus Koschany <apo@debian.org>
+Date: Sun, 11 Jun 2023 13:58:23 +0200
+Subject: CVE-2023-2610
+
+Bug-Debian: https://bugs.debian.org/1035955
+Origin: https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a
+---
+ src/regexp.c | 29 ++++++++++++++++++-----------
+ 1 file changed, 18 insertions(+), 11 deletions(-)
+
+diff --git a/src/regexp.c b/src/regexp.c
+index 6939fd1..5630364 100644
+--- a/src/regexp.c
++++ b/src/regexp.c
+@@ -7150,10 +7150,7 @@ do_Lower(int *d, int c)
+ regtilde(char_u *source, int magic)
+ {
+     char_u	*newsub = source;
+-    char_u	*tmpsub;
+     char_u	*p;
+-    int		len;
+-    int		prevlen;
+ 
+     for (p = newsub; *p; ++p)
+     {
+@@ -7162,24 +7159,34 @@ regtilde(char_u *source, int magic)
+ 	    if (reg_prev_sub != NULL)
+ 	    {
+ 		/* length = len(newsub) - 1 + len(prev_sub) + 1 */
+-		prevlen = (int)STRLEN(reg_prev_sub);
+-		tmpsub = alloc((unsigned)(STRLEN(newsub) + prevlen));
++		// Avoid making the text longer than MAXCOL, it will cause
++		// trouble at some point.
++		size_t	prevsublen = STRLEN(reg_prev_sub);
++		size_t  newsublen = STRLEN(newsub);
++		if (prevsublen > MAXCOL || newsublen > MAXCOL
++					    || newsublen + prevsublen > MAXCOL)
++		{
++		    break;
++		}
++
++		char_u *tmpsub = alloc(newsublen + prevsublen);
+ 		if (tmpsub != NULL)
+ 		{
+ 		    /* copy prefix */
+-		    len = (int)(p - newsub);	/* not including ~ */
+-		    mch_memmove(tmpsub, newsub, (size_t)len);
++		    size_t prefixlen = p - newsub;	// not including ~
++		    mch_memmove(tmpsub, newsub, prefixlen);
+ 		    /* interpret tilde */
+-		    mch_memmove(tmpsub + len, reg_prev_sub, (size_t)prevlen);
++		    mch_memmove(tmpsub + prefixlen, reg_prev_sub,
++							       prevsublen);
+ 		    /* copy postfix */
+ 		    if (!magic)
+ 			++p;			/* back off \ */
+-		    STRCPY(tmpsub + len + prevlen, p + 1);
++		    STRCPY(tmpsub + prefixlen + prevsublen, p + 1);
+ 
+-		    if (newsub != source)	/* already allocated newsub */
++		    if (newsub != source)	// allocated newsub before
+ 			vim_free(newsub);
+ 		    newsub = tmpsub;
+-		    p = newsub + len + prevlen;
++		    p = newsub + prefixlen + prevsublen;
+ 		}
+ 	    }
+ 	    else if (magic)
diff --git a/debian/patches/CVE_2022-1968.patch b/debian/patches/CVE_2022-1968.patch
index eab9980..eafcba5 100644
--- a/debian/patches/CVE_2022-1968.patch
+++ b/debian/patches/CVE_2022-1968.patch
@@ -8,8 +8,6 @@ Origin: https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e1108
  src/testdir/test_tagjump.vim | 12 ++++++++++++
  2 files changed, 30 insertions(+), 3 deletions(-)
 
-diff --git a/src/search.c b/src/search.c
-index 4b3f853..9a17918 100644
 --- a/src/search.c
 +++ b/src/search.c
 @@ -4852,6 +4852,21 @@ linewhite(linenr_T lnum)
@@ -61,8 +59,6 @@ index 4b3f853..9a17918 100644
  	}
  	already = NULL;
      }
-diff --git a/src/testdir/test_tagjump.vim b/src/testdir/test_tagjump.vim
-index da4af2f..7605730 100644
 --- a/src/testdir/test_tagjump.vim
 +++ b/src/testdir/test_tagjump.vim
 @@ -372,4 +372,16 @@ func Test_getsettagstack()
diff --git a/debian/patches/series b/debian/patches/series
index 002c7e0..1042b9d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -76,6 +76,10 @@ CVE-2022-2129.patch
 CVE-2022-3235.patch
 CVE-2022-3256.patch
 CVE-2022-3352.patch
+CVE-2022-4141.patch
+CVE-2023-0054.patch
+CVE-2023-1175.patch
+CVE-2023-2610.patch
 progress-linux/0001-syntax-debchangelog.patch
 progress-linux/0002-syntax-debsources.patch
 progress-linux/0003-disable-mouse.patch