Adding debian version 2:8.1.0875-5+deb10u2.debian/2%8.1.0875-5+deb10u2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

9 files changed, 1169 insertions, 0 deletions

diff --git a/debian/patches/upstream/Support-defining-compilation-date-in-SOURCE_DATE_EPOCH.patch b/debian/patches/upstream/Support-defining-compilation-date-in-SOURCE_DATE_EPOCH.patch
new file mode 100644
index 0000000..f26c02a
--- /dev/null
+++ b/debian/patches/upstream/Support-defining-compilation-date-in-SOURCE_DATE_EPOCH.patch
@@ -0,0 +1,89 @@
+From: James McCoy <jamessan@jamessan.com>
+Date: Thu, 28 Jan 2016 10:55:11 -0500
+Subject: Support defining compilation date in $SOURCE_DATE_EPOCH
+
+There is an ongoing effort[0] to make FOSS software reproducibly
+buildable.  In order to make Vim build reproducibly, it is necessary to
+allow defining the date/time that is part of VIM_VERSION_LONG as part of
+the build process.
+
+This commit enables that by adding support for the SOURCE_DATE_EPOCH
+spec[1].  When the $SOURCE_DATE_EPOCH environment variable is defined,
+it will be used to populate the BUILD_DATE preprocessor define.
+
+If BUILD_DATE is not defined, the existing behavior of relying on the
+preprocessor's __DATE__/__TIME__ symbols will be used.
+
+[0]: https://reproducible-builds.org/
+[1]: https://reproducible-builds.org/specs/source-date-epoch/
+---
+ src/config.h.in  |  3 +++
+ src/configure.ac | 10 ++++++++++
+ src/version.c    |  8 ++++++++
+ 3 files changed, 21 insertions(+)
+
+diff --git a/src/config.h.in b/src/config.h.in
+index d1aaf70..78cf319 100644
+--- a/src/config.h.in
++++ b/src/config.h.in
+@@ -30,6 +30,9 @@
+ /* Define when __DATE__ " " __TIME__ can be used */
+ #undef HAVE_DATE_TIME
+ 
++/* Defined as the date of last modification */
++#undef BUILD_DATE
++
+ /* Define when __attribute__((unused)) can be used */
+ #undef HAVE_ATTRIBUTE_UNUSED
+ 
+diff --git a/src/configure.ac b/src/configure.ac
+index 2b7725b..21ca7a1 100644
+--- a/src/configure.ac
++++ b/src/configure.ac
+@@ -62,6 +62,16 @@ if test x"$ac_cv_prog_cc_c99" != xno; then
+   fi
+ fi
+ 
++dnl If $SOURCE_DATE_EPOCH is present in the environment, use that as the
++dnl "compiled" timestamp in :version's output.  Attempt to get the formatted
++dnl date using GNU date syntax, BSD date syntax, and finally falling back to
++dnl just using the current time.
++if test -n "$SOURCE_DATE_EPOCH"; then
++  DATE_FMT="%b %d %Y %H:%M:%S"
++  BUILD_DATE=$(LC_ALL=C date -u -d "@$SOURCE_DATE_EPOCH" "+$DATE_FMT" 2>/dev/null || LC_ALL=C date -u -r "$SOURCE_DATE_EPOCH" "+$DATE_FMT" 2>/dev/null || LC_ALL=C date -u "+$DATE_FMT")
++  AC_DEFINE_UNQUOTED(BUILD_DATE, ["$BUILD_DATE"])
++fi
++
+ dnl Check for the flag that fails if stuff are missing.
+ 
+ AC_MSG_CHECKING(--enable-fail-if-missing argument)
+diff --git a/src/version.c b/src/version.c
+index 9b2e7c9..0b86826 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -44,9 +44,13 @@ init_longVersion(void)
+      * VAX C can't catenate strings in the preprocessor.
+      */
+     strcpy(longVersion, VIM_VERSION_LONG_DATE);
++#ifdef BUILD_DATE
++    strcat(longVersion, BUILD_DATE);
++#else
+     strcat(longVersion, __DATE__);
+     strcat(longVersion, " ");
+     strcat(longVersion, __TIME__);
++#endif
+     strcat(longVersion, ")");
+ }
+ 
+@@ -54,7 +58,11 @@ init_longVersion(void)
+     void
+ init_longVersion(void)
+ {
++#ifdef BUILD_DATE
++    char *date_time = BUILD_DATE;
++#else
+     char *date_time = __DATE__ " " __TIME__;
++#endif
+     char *msg = _("%s (%s, compiled %s)");
+     size_t len = strlen(msg)
+ 		+ strlen(VIM_VERSION_LONG_ONLY)
diff --git a/debian/patches/upstream/deb-release-names.patch b/debian/patches/upstream/deb-release-names.patch
new file mode 100644
index 0000000..42b72dd
--- /dev/null
+++ b/debian/patches/upstream/deb-release-names.patch
@@ -0,0 +1,58 @@
+From: James McCoy <jamessan@debian.org>
+Date: Sun, 21 Apr 2019 23:12:18 -0400
+Subject: Add Ubuntu's eoan and Debian's buster, bullseye, bookworm releases
+
+Signed-off-by: James McCoy <jamessan@debian.org>
+---
+ runtime/syntax/debchangelog.vim | 4 ++--
+ runtime/syntax/debsources.vim   | 7 ++++---
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/runtime/syntax/debchangelog.vim b/runtime/syntax/debchangelog.vim
+index 4ca4c29..9d6dfe9 100644
+--- a/runtime/syntax/debchangelog.vim
++++ b/runtime/syntax/debchangelog.vim
+@@ -3,7 +3,7 @@
+ " Maintainer:  Debian Vim Maintainers
+ " Former Maintainers: Gerfried Fuchs <alfie@ist.org>
+ "                     Wichert Akkerman <wakkerma@debian.org>
+-" Last Change: 2019 Jan 26
++" Last Change: 2019 Apr 21
+ " URL: https://salsa.debian.org/vim-team/vim-debian/blob/master/syntax/debchangelog.vim
+ 
+ " Standard syntax initialization
+@@ -21,7 +21,7 @@ let s:binNMU='binary-only=yes'
+ syn match debchangelogName	contained "^[[:alnum:]][[:alnum:].+-]\+ "
+ exe 'syn match debchangelogFirstKV	contained "; \('.s:urgency.'\|'.s:binNMU.'\)"'
+ exe 'syn match debchangelogOtherKV	contained ", \('.s:urgency.'\|'.s:binNMU.'\)"'
+-syn match debchangelogTarget	contained "\v %(frozen|unstable|sid|%(testing|%(old)=stable)%(-proposed-updates|-security)=|experimental|squeeze-%(backports%(-sloppy)=|volatile|lts|security)|%(wheezy|jessie)%(-backports%(-sloppy)=|-security)=|stretch%(-backports|-security)=|%(devel|precise|trusty|vivid|wily|xenial|yakkety|zesty|artful|bionic|cosmic|disco)%(-%(security|proposed|updates|backports|commercial|partner))=)+"
++syn match debchangelogTarget	contained "\v %(frozen|unstable|sid|%(testing|%(old)=stable)%(-proposed-updates|-security)=|experimental|%(squeeze|wheezy|jessie)-%(backports%(-sloppy)=|lts|security)|stretch%(-backports%(-sloppy)=|-security)=|buster%(-backports|-security)=|bullseye|%(devel|precise|trusty|vivid|wily|xenial|yakkety|zesty|artful|bionic|cosmic|disco|eoan)%(-%(security|proposed|updates|backports|commercial|partner))=)+"
+ syn match debchangelogVersion	contained "(.\{-})"
+ syn match debchangelogCloses	contained "closes:\_s*\(bug\)\=#\=\_s\=\d\+\(,\_s*\(bug\)\=#\=\_s\=\d\+\)*"
+ syn match debchangelogLP	contained "\clp:\s\+#\d\+\(,\s*#\d\+\)*"
+diff --git a/runtime/syntax/debsources.vim b/runtime/syntax/debsources.vim
+index 4b21941..f90476f 100644
+--- a/runtime/syntax/debsources.vim
++++ b/runtime/syntax/debsources.vim
+@@ -2,7 +2,7 @@
+ " Language:     Debian sources.list
+ " Maintainer:   Debian Vim Maintainers
+ " Former Maintainer: Matthijs Mohlmann <matthijs@cacholong.nl>
+-" Last Change: 2018 Oct 30
++" Last Change: 2019 Apr 21
+ " URL: https://salsa.debian.org/vim-team/vim-debian/blob/master/syntax/debsources.vim
+ 
+ " Standard syntax initialization
+@@ -23,9 +23,10 @@ let s:cpo = &cpo
+ set cpo-=C
+ let s:supported = [
+       \ 'oldstable', 'stable', 'testing', 'unstable', 'experimental',
+-      \ 'wheezy', 'jessie', 'stretch', 'sid', 'rc-buggy',
++      \ 'wheezy', 'jessie', 'stretch', 'buster', 'bullseye', 'bookworm',
++      \ 'sid', 'rc-buggy',
+       \
+-      \ 'trusty', 'xenial', 'bionic', 'cosmic', 'disco', 'devel'
++      \ 'trusty', 'xenial', 'bionic', 'cosmic', 'disco', 'eoan', 'devel'
+       \ ]
+ let s:unsupported = [
+       \ 'buzz', 'rex', 'bo', 'hamm', 'slink', 'potato',
diff --git a/debian/patches/upstream/patch-8.1.0881-can-execute-shell-commands-in-rvim-through.patch b/debian/patches/upstream/patch-8.1.0881-can-execute-shell-commands-in-rvim-through.patch
new file mode 100644
index 0000000..01e9ad7
--- /dev/null
+++ b/debian/patches/upstream/patch-8.1.0881-can-execute-shell-commands-in-rvim-through.patch
@@ -0,0 +1,378 @@
+From: Bram Moolenaar <Bram@vim.org>
+Date: Fri, 8 Feb 2019 14:34:10 +0100
+Subject: patch 8.1.0881: can execute shell commands in rvim through
+ interfaces
+
+Problem:    Can execute shell commands in rvim through interfaces.
+Solution:   Disable using interfaces in restricted mode. Allow for writing
+            file with writefile(), histadd() and a few others.
+(cherry picked from commit 8c62a08faf89663e5633dc5036cd8695c80f1075)
+---
+ runtime/doc/starting.txt        |  14 ++++--
+ src/evalfunc.c                  |  22 +++++++--
+ src/ex_cmds.c                   |   2 +-
+ src/ex_docmd.c                  |   7 ++-
+ src/if_perl.xs                  |  13 ++---
+ src/testdir/Make_all.mak        |   2 +
+ src/testdir/test_restricted.vim | 107 ++++++++++++++++++++++++++++++++++++++++
+ src/version.c                   |   2 +
+ 8 files changed, 151 insertions(+), 18 deletions(-)
+ create mode 100644 src/testdir/test_restricted.vim
+
+diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt
+index 711a487..6289e9c 100644
+--- a/runtime/doc/starting.txt
++++ b/runtime/doc/starting.txt
+@@ -248,12 +248,18 @@ a slash.  Thus "-R" means recovery and "-/R" readonly.
+ 		changes and writing.
+ 		{not in Vi}
+ 
+-						*-Z* *restricted-mode* *E145*
++					*-Z* *restricted-mode* *E145* *E981*
+ -Z		Restricted mode.  All commands that make use of an external
+ 		shell are disabled.  This includes suspending with CTRL-Z,
+-		":sh", filtering, the system() function, backtick expansion,
+-		delete(), rename(), mkdir(), writefile(), libcall(),
+-		job_start(), etc.
++		":sh", filtering, the system() function, backtick expansion
++		and libcall().
++		Also disallowed are delete(), rename(), mkdir(), job_start(),
++		etc.
++		Interfaces, such as Python, Ruby and Lua, are also disabled,
++		since they could be used to execute shell commands.  Perl uses
++		the Safe module.
++		Note that the user may still find a loophole to execute a
++		shell command, it has only been made difficult.
+ 		{not in Vi}
+ 
+ 							*-g*
+diff --git a/src/evalfunc.c b/src/evalfunc.c
+index fa7ed9b..eb082b7 100644
+--- a/src/evalfunc.c
++++ b/src/evalfunc.c
+@@ -6817,7 +6817,7 @@ f_histadd(typval_T *argvars UNUSED, typval_T *rettv)
+ #endif
+ 
+     rettv->vval.v_number = FALSE;
+-    if (check_restricted() || check_secure())
++    if (check_secure())
+ 	return;
+ #ifdef FEAT_CMDHIST
+     str = tv_get_string_chk(&argvars[0]);	/* NULL on type error */
+@@ -7898,6 +7898,9 @@ f_luaeval(typval_T *argvars, typval_T *rettv)
+     char_u	*str;
+     char_u	buf[NUMBUFLEN];
+ 
++    if (check_restricted() || check_secure())
++	return;
++
+     str = tv_get_string_buf(&argvars[0], buf);
+     do_luaeval(str, argvars + 1, rettv);
+ }
+@@ -8644,6 +8647,8 @@ f_mzeval(typval_T *argvars, typval_T *rettv)
+     char_u	*str;
+     char_u	buf[NUMBUFLEN];
+ 
++    if (check_restricted() || check_secure())
++	return;
+     str = tv_get_string_buf(&argvars[0], buf);
+     do_mzeval(str, rettv);
+ }
+@@ -8932,6 +8937,9 @@ f_py3eval(typval_T *argvars, typval_T *rettv)
+     char_u	*str;
+     char_u	buf[NUMBUFLEN];
+ 
++    if (check_restricted() || check_secure())
++	return;
++
+     if (p_pyx == 0)
+ 	p_pyx = 3;
+ 
+@@ -8950,6 +8958,9 @@ f_pyeval(typval_T *argvars, typval_T *rettv)
+     char_u	*str;
+     char_u	buf[NUMBUFLEN];
+ 
++    if (check_restricted() || check_secure())
++	return;
++
+     if (p_pyx == 0)
+ 	p_pyx = 2;
+ 
+@@ -8965,6 +8976,9 @@ f_pyeval(typval_T *argvars, typval_T *rettv)
+     static void
+ f_pyxeval(typval_T *argvars, typval_T *rettv)
+ {
++    if (check_restricted() || check_secure())
++	return;
++
+ # if defined(FEAT_PYTHON) && defined(FEAT_PYTHON3)
+     init_pyxversion();
+     if (p_pyx == 2)
+@@ -10819,7 +10833,7 @@ f_setbufvar(typval_T *argvars, typval_T *rettv UNUSED)
+     typval_T	*varp;
+     char_u	nbuf[NUMBUFLEN];
+ 
+-    if (check_restricted() || check_secure())
++    if (check_secure())
+ 	return;
+     (void)tv_get_number(&argvars[0]);	    /* issue errmsg if type error */
+     varname = tv_get_string_chk(&argvars[1]);
+@@ -11341,7 +11355,7 @@ f_settabvar(typval_T *argvars, typval_T *rettv)
+ 
+     rettv->vval.v_number = 0;
+ 
+-    if (check_restricted() || check_secure())
++    if (check_secure())
+ 	return;
+ 
+     tp = find_tabpage((int)tv_get_number_chk(&argvars[0], NULL));
+@@ -14714,7 +14728,7 @@ f_writefile(typval_T *argvars, typval_T *rettv)
+     blob_T	*blob = NULL;
+ 
+     rettv->vval.v_number = -1;
+-    if (check_restricted() || check_secure())
++    if (check_secure())
+ 	return;
+ 
+     if (argvars[0].v_type == VAR_LIST)
+diff --git a/src/ex_cmds.c b/src/ex_cmds.c
+index a3974c1..681ef42 100644
+--- a/src/ex_cmds.c
++++ b/src/ex_cmds.c
+@@ -4775,7 +4775,7 @@ check_restricted(void)
+ {
+     if (restricted)
+     {
+-	emsg(_("E145: Shell commands not allowed in rvim"));
++	emsg(_("E145: Shell commands and some functionality not allowed in rvim"));
+ 	return TRUE;
+     }
+     return FALSE;
+diff --git a/src/ex_docmd.c b/src/ex_docmd.c
+index b90ea7b..ccca2f9 100644
+--- a/src/ex_docmd.c
++++ b/src/ex_docmd.c
+@@ -2007,11 +2007,16 @@ do_one_cmd(
+ #ifdef HAVE_SANDBOX
+ 	if (sandbox != 0 && !(ea.argt & SBOXOK))
+ 	{
+-	    /* Command not allowed in sandbox. */
++	    // Command not allowed in sandbox.
+ 	    errormsg = _(e_sandbox);
+ 	    goto doend;
+ 	}
+ #endif
++	if (restricted != 0 && (ea.argt & RESTRICT))
++	{
++	    errormsg = _("E981: Command not allowed in rvim");
++	    goto doend;
++	}
+ 	if (!curbuf->b_p_ma && (ea.argt & MODIFY))
+ 	{
+ 	    /* Command not allowed in non-'modifiable' buffer */
+diff --git a/src/if_perl.xs b/src/if_perl.xs
+index 203bb6a..67d0b94 100644
+--- a/src/if_perl.xs
++++ b/src/if_perl.xs
+@@ -971,6 +971,7 @@ VIM_init(void)
+ #ifdef DYNAMIC_PERL
+ static char *e_noperl = N_("Sorry, this command is disabled: the Perl library could not be loaded.");
+ #endif
++static char *e_perlsandbox = N_("E299: Perl evaluation forbidden in sandbox without the Safe module");
+ 
+ /*
+  * ":perl"
+@@ -1019,13 +1020,12 @@ ex_perl(exarg_T *eap)
+ 	vim_free(script);
+     }
+ 
+-#ifdef HAVE_SANDBOX
+-    if (sandbox)
++    if (sandbox || secure)
+     {
+ 	safe = perl_get_sv("VIM::safe", FALSE);
+ # ifndef MAKE_TEST  /* avoid a warning for unreachable code */
+ 	if (safe == NULL || !SvTRUE(safe))
+-	    emsg(_("E299: Perl evaluation forbidden in sandbox without the Safe module"));
++	    emsg(_(e_perlsandbox));
+ 	else
+ # endif
+ 	{
+@@ -1037,7 +1037,6 @@ ex_perl(exarg_T *eap)
+ 	}
+     }
+     else
+-#endif
+ 	perl_eval_sv(sv, G_DISCARD | G_NOARGS);
+ 
+     SvREFCNT_dec(sv);
+@@ -1298,13 +1297,12 @@ do_perleval(char_u *str, typval_T *rettv)
+ 	ENTER;
+ 	SAVETMPS;
+ 
+-#ifdef HAVE_SANDBOX
+-	if (sandbox)
++	if (sandbox || secure)
+ 	{
+ 	    safe = get_sv("VIM::safe", FALSE);
+ # ifndef MAKE_TEST  /* avoid a warning for unreachable code */
+ 	    if (safe == NULL || !SvTRUE(safe))
+-		emsg(_("E299: Perl evaluation forbidden in sandbox without the Safe module"));
++		emsg(_(e_perlsandbox));
+ 	    else
+ # endif
+ 	    {
+@@ -1320,7 +1318,6 @@ do_perleval(char_u *str, typval_T *rettv)
+ 	    }
+ 	}
+ 	else
+-#endif /* HAVE_SANDBOX */
+ 	    sv = eval_pv((char *)str, 0);
+ 
+ 	if (sv) {
+diff --git a/src/testdir/Make_all.mak b/src/testdir/Make_all.mak
+index 5857a22..2ca5f2b 100644
+--- a/src/testdir/Make_all.mak
++++ b/src/testdir/Make_all.mak
+@@ -213,6 +213,7 @@ NEW_TESTS = \
+ 	test_regexp_utf8 \
+ 	test_registers \
+ 	test_reltime \
++	test_restricted \
+ 	test_retab \
+ 	test_ruby \
+ 	test_scriptnames \
+@@ -375,6 +376,7 @@ NEW_TESTS_RES = \
+ 	test_quotestar.res \
+ 	test_regex_char_classes.res \
+ 	test_registers.res \
++	test_restricted.res \
+ 	test_retab.res \
+ 	test_ruby.res \
+ 	test_scriptnames.res \
+diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
+new file mode 100644
+index 0000000..9dd937c
+--- /dev/null
++++ b/src/testdir/test_restricted.vim
+@@ -0,0 +1,107 @@
++" Test for "rvim" or "vim -Z"
++
++source shared.vim
++
++func Test_restricted()
++  let cmd = GetVimCommand('Xrestricted')
++  if cmd == ''
++    return
++  endif
++
++  call writefile([
++	\ "silent !ls",
++	\ "call writefile([v:errmsg], 'Xrestrout')",
++	\ "qa!",
++	\ ], 'Xrestricted')
++  call system(cmd . ' -Z')
++  call assert_match('E145:', join(readfile('Xrestrout')))
++
++  call delete('Xrestricted')
++  call delete('Xrestrout')
++endfunc
++
++func Run_restricted_test(ex_cmd, error)
++  let cmd = GetVimCommand('Xrestricted')
++  if cmd == ''
++    return
++  endif
++
++  call writefile([
++	\ a:ex_cmd,
++	\ "call writefile([v:errmsg], 'Xrestrout')",
++	\ "qa!",
++	\ ], 'Xrestricted')
++  call system(cmd . ' -Z')
++  call assert_match(a:error, join(readfile('Xrestrout')))
++
++  call delete('Xrestricted')
++  call delete('Xrestrout')
++endfunc
++
++func Test_restricted_lua()
++  if !has('lua')
++    throw 'Skipped: Lua is not supported'
++  endif
++  call Run_restricted_test('lua print("Hello, Vim!")', 'E981:')
++  call Run_restricted_test('luado return "hello"', 'E981:')
++  call Run_restricted_test('luafile somefile', 'E981:')
++  call Run_restricted_test('call luaeval("expression")', 'E145:')
++endfunc
++
++func Test_restricted_mzscheme()
++  if !has('mzscheme')
++    throw 'Skipped: MzScheme is not supported'
++  endif
++  call Run_restricted_test('mzscheme statement', 'E981:')
++  call Run_restricted_test('mzfile somefile', 'E981:')
++  call Run_restricted_test('call mzeval("expression")', 'E145:')
++endfunc
++
++func Test_restricted_perl()
++  if !has('perl')
++    throw 'Skipped: Perl is not supported'
++  endif
++  " TODO: how to make Safe mode fail?
++  " call Run_restricted_test('perl system("ls")', 'E981:')
++  " call Run_restricted_test('perldo system("hello")', 'E981:')
++  " call Run_restricted_test('perlfile somefile', 'E981:')
++  " call Run_restricted_test('call perleval("system(\"ls\")")', 'E145:')
++endfunc
++
++func Test_restricted_python()
++  if !has('python')
++    throw 'Skipped: Python is not supported'
++  endif
++  call Run_restricted_test('python print "hello"', 'E981:')
++  call Run_restricted_test('pydo return "hello"', 'E981:')
++  call Run_restricted_test('pyfile somefile', 'E981:')
++  call Run_restricted_test('call pyeval("expression")', 'E145:')
++endfunc
++
++func Test_restricted_python3()
++  if !has('python3')
++    throw 'Skipped: Python3 is not supported'
++  endif
++  call Run_restricted_test('py3 print "hello"', 'E981:')
++  call Run_restricted_test('py3do return "hello"', 'E981:')
++  call Run_restricted_test('py3file somefile', 'E981:')
++  call Run_restricted_test('call py3eval("expression")', 'E145:')
++endfunc
++
++func Test_restricted_ruby()
++  if !has('ruby')
++    throw 'Skipped: Ruby is not supported'
++  endif
++  call Run_restricted_test('ruby print "Hello"', 'E981:')
++  call Run_restricted_test('rubydo print "Hello"', 'E981:')
++  call Run_restricted_test('rubyfile somefile', 'E981:')
++endfunc
++
++func Test_restricted_tcl()
++  if !has('tcl')
++    throw 'Skipped: Tcl is not supported'
++  endif
++  call Run_restricted_test('tcl puts "Hello"', 'E981:')
++  call Run_restricted_test('tcldo puts "Hello"', 'E981:')
++  call Run_restricted_test('tclfile somefile', 'E981:')
++endfunc
+diff --git a/src/version.c b/src/version.c
+index 1b5d863..adb3441 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -809,6 +809,8 @@ static int included_patches[] =
+     948,
+ /**/
+     884,
++/**/
++    881,
+ /**/
+     878,
+ /**/
diff --git a/debian/patches/upstream/patch-8.1.0883-missing-some-changes-for-Ex-commands.patch b/debian/patches/upstream/patch-8.1.0883-missing-some-changes-for-Ex-commands.patch
new file mode 100644
index 0000000..6f2d6eb
--- /dev/null
+++ b/debian/patches/upstream/patch-8.1.0883-missing-some-changes-for-Ex-commands.patch
@@ -0,0 +1,150 @@
+From: Bram Moolenaar <Bram@vim.org>
+Date: Fri, 8 Feb 2019 16:50:26 +0100
+Subject: patch 8.1.0883: missing some changes for Ex commands
+
+Problem:    Missing some changes for Ex commands.
+Solution:   Add mising changes in header file.
+(cherry picked from commit 54d6fe5e60c0c488a424c078963ead40ae7dc397)
+---
+ src/ex_cmds.h | 45 +++++++++++++++++++++++----------------------
+ src/version.c |  2 ++
+ 2 files changed, 25 insertions(+), 22 deletions(-)
+
+diff --git a/src/ex_cmds.h b/src/ex_cmds.h
+index 07afb00..eed4ce2 100644
+--- a/src/ex_cmds.h
++++ b/src/ex_cmds.h
+@@ -57,6 +57,7 @@
+ 				 * curbuf_lock is set */
+ #define MODIFY       0x200000L	/* forbidden in non-'modifiable' buffer */
+ #define EXFLAGS      0x400000L	/* allow flags after count in argument */
++#define RESTRICT     0x800000L	/* forbidden in restricted mode */
+ #define FILES	(XFILE | EXTRA)	/* multiple extra files allowed */
+ #define WORD1	(EXTRA | NOSPC)	/* one extra word allowed */
+ #define FILE1	(FILES | NOSPC)	/* 1 file allowed, defaults to current file */
+@@ -861,13 +862,13 @@ EX(CMD_lunmap,		"lunmap",	ex_unmap,
+ 			EXTRA|TRLBAR|NOTRLCOM|USECTRLV|CMDWIN,
+ 			ADDR_LINES),
+ EX(CMD_lua,		"lua",		ex_lua,
+-			RANGE|EXTRA|NEEDARG|CMDWIN,
++			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_luado,		"luado",	ex_luado,
+-			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
++			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_luafile,		"luafile",	ex_luafile,
+-			RANGE|FILE1|NEEDARG|CMDWIN,
++			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_lvimgrep,	"lvimgrep",	ex_vimgrep,
+ 			RANGE|NOTADR|BANG|NEEDARG|EXTRA|NOTRLCOM|TRLBAR|XFILE,
+@@ -930,10 +931,10 @@ EX(CMD_mode,		"mode",		ex_mode,
+ 			WORD1|TRLBAR|CMDWIN,
+ 			ADDR_LINES),
+ EX(CMD_mzscheme,	"mzscheme",	ex_mzscheme,
+-			RANGE|EXTRA|DFLALL|NEEDARG|CMDWIN|SBOXOK,
++			RANGE|EXTRA|DFLALL|NEEDARG|CMDWIN|SBOXOK|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_mzfile,		"mzfile",	ex_mzfile,
+-			RANGE|FILE1|NEEDARG|CMDWIN,
++			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_next,		"next",		ex_next,
+ 			RANGE|NOTADR|BANG|FILES|EDITCMD|ARGOPT|TRLBAR,
+@@ -1116,37 +1117,37 @@ EX(CMD_pwd,		"pwd",		ex_pwd,
+ 			TRLBAR|CMDWIN,
+ 			ADDR_LINES),
+ EX(CMD_python,		"python",	ex_python,
+-			RANGE|EXTRA|NEEDARG|CMDWIN,
++			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_pydo,		"pydo",		ex_pydo,
+-			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
++			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_pyfile,		"pyfile",	ex_pyfile,
+-			RANGE|FILE1|NEEDARG|CMDWIN,
++			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_py3,		"py3",		ex_py3,
+-			RANGE|EXTRA|NEEDARG|CMDWIN,
++			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_py3do,		"py3do",	ex_py3do,
+-			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
++			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_python3,		"python3",	ex_py3,
+-			RANGE|EXTRA|NEEDARG|CMDWIN,
++			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_py3file,		"py3file",	ex_py3file,
+-			RANGE|FILE1|NEEDARG|CMDWIN,
++			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_pyx,		"pyx",		ex_pyx,
+-			RANGE|EXTRA|NEEDARG|CMDWIN,
++			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_pyxdo,		"pyxdo",	ex_pyxdo,
+-			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
++			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_pythonx,		"pythonx",	ex_pyx,
+-			RANGE|EXTRA|NEEDARG|CMDWIN,
++			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_pyxfile,		"pyxfile",	ex_pyxfile,
+-			RANGE|FILE1|NEEDARG|CMDWIN,
++			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_quit,		"quit",		ex_quit,
+ 			BANG|RANGE|COUNT|NOTADR|TRLBAR|CMDWIN,
+@@ -1203,13 +1204,13 @@ EX(CMD_runtime,		"runtime",	ex_runtime,
+ 			BANG|NEEDARG|FILES|TRLBAR|SBOXOK|CMDWIN,
+ 			ADDR_LINES),
+ EX(CMD_ruby,		"ruby",		ex_ruby,
+-			RANGE|EXTRA|NEEDARG|CMDWIN,
++			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_rubydo,		"rubydo",	ex_rubydo,
+-			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
++			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_rubyfile,	"rubyfile",	ex_rubyfile,
+-			RANGE|FILE1|NEEDARG|CMDWIN,
++			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_rundo,		"rundo",	ex_rundo,
+ 			NEEDARG|FILE1,
+@@ -1476,13 +1477,13 @@ EX(CMD_tabs,		"tabs",		ex_tabs,
+ 			TRLBAR|CMDWIN,
+ 			ADDR_TABS),
+ EX(CMD_tcl,		"tcl",		ex_tcl,
+-			RANGE|EXTRA|NEEDARG|CMDWIN,
++			RANGE|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_tcldo,		"tcldo",	ex_tcldo,
+-			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN,
++			RANGE|DFLALL|EXTRA|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_tclfile,		"tclfile",	ex_tclfile,
+-			RANGE|FILE1|NEEDARG|CMDWIN,
++			RANGE|FILE1|NEEDARG|CMDWIN|RESTRICT,
+ 			ADDR_LINES),
+ EX(CMD_tearoff,		"tearoff",	ex_tearoff,
+ 			NEEDARG|EXTRA|TRLBAR|NOTRLCOM|CMDWIN,
+diff --git a/src/version.c b/src/version.c
+index adb3441..6d29f39 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -809,6 +809,8 @@ static int included_patches[] =
+     948,
+ /**/
+     884,
++/**/
++    883,
+ /**/
+     881,
+ /**/
diff --git a/debian/patches/upstream/patch-8.1.0936-may-leak-memory-when-using-vartabstop.patch b/debian/patches/upstream/patch-8.1.0936-may-leak-memory-when-using-vartabstop.patch
new file mode 100644
index 0000000..8d1eebc
--- /dev/null
+++ b/debian/patches/upstream/patch-8.1.0936-may-leak-memory-when-using-vartabstop.patch
@@ -0,0 +1,95 @@
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sat, 16 Feb 2019 19:05:11 +0100
+Subject: patch 8.1.0936: may leak memory when using 'vartabstop'
+
+Problem:    May leak memory when using 'vartabstop'. (Kuang-che Wu)
+Solution:   Fix handling allocated memory for 'vartabstop'. (closes #3976)
+(cherry picked from commit 55c77cf2ea9c15e1ec75d1faf702ec3c9e325271)
+---
+ src/buffer.c  |  4 +---
+ src/option.c  | 13 +++++++++----
+ src/version.c |  2 ++
+ 3 files changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/src/buffer.c b/src/buffer.c
+index 2c5c282..590a63c 100644
+--- a/src/buffer.c
++++ b/src/buffer.c
+@@ -2170,9 +2170,7 @@ free_buf_options(
+ 	vim_free(buf->b_p_vsts_array);
+     buf->b_p_vsts_array = NULL;
+     clear_string_option(&buf->b_p_vts);
+-    if (buf->b_p_vts_array)
+-	vim_free(buf->b_p_vts_array);
+-    buf->b_p_vts_array = NULL;
++    VIM_CLEAR(buf->b_p_vts_array);
+ #endif
+ #ifdef FEAT_KEYMAP
+     clear_string_option(&buf->b_p_keymap);
+diff --git a/src/option.c b/src/option.c
+index e3f5f5d..4d067c0 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -5611,7 +5611,9 @@ didset_options2(void)
+     (void)check_clipboard_option();
+ #endif
+ #ifdef FEAT_VARTABS
++    vim_free(curbuf->b_p_vsts_array);
+     tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
++    vim_free(curbuf->b_p_vts_array);
+     tabstop_set(curbuf->b_p_vts,  &curbuf->b_p_vts_array);
+ #endif
+ }
+@@ -7587,14 +7589,14 @@ did_set_string_option(
+ 	    if (errmsg == NULL)
+ 	    {
+ 		int *oldarray = curbuf->b_p_vts_array;
++
+ 		if (tabstop_set(*varp, &(curbuf->b_p_vts_array)))
+ 		{
+-		    if (oldarray)
+-			vim_free(oldarray);
++		    vim_free(oldarray);
+ #ifdef FEAT_FOLDING
+ 		    if (foldmethodIsIndent(curwin))
+ 			foldUpdateAll(curwin);
+-#endif /* FEAT_FOLDING */
++#endif
+ 		}
+ 		else
+ 		    errmsg = e_invarg;
+@@ -12800,10 +12802,11 @@ check_ff_value(char_u *p)
+     return check_opt_strings(p, p_ff_values, FALSE);
+ }
+ 
+-#ifdef FEAT_VARTABS
++#if defined(FEAT_VARTABS) || defined(PROTO)
+ 
+ /*
+  * Set the integer values corresponding to the string setting of 'vartabstop'.
++ * "array" will be set, caller must free it if needed.
+  */
+     int
+ tabstop_set(char_u *var, int **array)
+@@ -12846,6 +12849,8 @@ tabstop_set(char_u *var, int **array)
+     }
+ 
+     *array = (int *)alloc((unsigned) ((valcount + 1) * sizeof(int)));
++    if (*array == NULL)
++	return FALSE;
+     (*array)[0] = valcount;
+ 
+     t = 1;
+diff --git a/src/version.c b/src/version.c
+index 6d29f39..6bac28e 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -807,6 +807,8 @@ static int included_patches[] =
+     1046,
+ /**/
+     948,
++/**/
++    936,
+ /**/
+     884,
+ /**/
diff --git a/debian/patches/upstream/patch-8.2.3402-invalid-memory-access-when-using-retab-wit.patch b/debian/patches/upstream/patch-8.2.3402-invalid-memory-access-when-using-retab-wit.patch
new file mode 100644
index 0000000..ca826e0
--- /dev/null
+++ b/debian/patches/upstream/patch-8.2.3402-invalid-memory-access-when-using-retab-wit.patch
@@ -0,0 +1,196 @@
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sat, 4 Sep 2021 18:47:28 +0200
+Subject: patch 8.2.3402: invalid memory access when using :retab with large
+ value
+
+Problem:    Invalid memory access when using :retab with large value.
+Solution:   Check the number is positive.
+(cherry picked from commit b7081e135a16091c93f6f5f7525a5c58fb7ca9f9)
+---
+ src/ex_cmds.c              |  2 +-
+ src/option.c               | 46 +++++++++++++++++++++++++++-------------------
+ src/testdir/test_retab.vim |  3 +++
+ src/version.c              |  1 +
+ 4 files changed, 32 insertions(+), 20 deletions(-)
+
+diff --git a/src/ex_cmds.c b/src/ex_cmds.c
+index 681ef42..08d71e4 100644
+--- a/src/ex_cmds.c
++++ b/src/ex_cmds.c
+@@ -698,7 +698,7 @@ ex_retab(exarg_T *eap)
+ 
+ #ifdef FEAT_VARTABS
+     new_ts_str = eap->arg;
+-    if (!tabstop_set(eap->arg, &new_vts_array))
++    if (tabstop_set(eap->arg, &new_vts_array) == FAIL)
+ 	return;
+     while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',')
+ 	++(eap->arg);
+diff --git a/src/option.c b/src/option.c
+index 4d067c0..3ebd443 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -5612,9 +5612,9 @@ didset_options2(void)
+ #endif
+ #ifdef FEAT_VARTABS
+     vim_free(curbuf->b_p_vsts_array);
+-    tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
++    (void)tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
+     vim_free(curbuf->b_p_vts_array);
+-    tabstop_set(curbuf->b_p_vts,  &curbuf->b_p_vts_array);
++    (void)tabstop_set(curbuf->b_p_vts,  &curbuf->b_p_vts_array);
+ #endif
+ }
+ 
+@@ -7551,7 +7551,7 @@ did_set_string_option(
+ 	    if (errmsg == NULL)
+ 	    {
+ 		int *oldarray = curbuf->b_p_vsts_array;
+-		if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)))
++		if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)) == OK)
+ 		{
+ 		    if (oldarray)
+ 			vim_free(oldarray);
+@@ -7590,7 +7590,7 @@ did_set_string_option(
+ 	    {
+ 		int *oldarray = curbuf->b_p_vts_array;
+ 
+-		if (tabstop_set(*varp, &(curbuf->b_p_vts_array)))
++		if (tabstop_set(*varp, &(curbuf->b_p_vts_array)) == OK)
+ 		{
+ 		    vim_free(oldarray);
+ #ifdef FEAT_FOLDING
+@@ -11395,7 +11395,7 @@ buf_copy_options(buf_T *buf, int flags)
+ #ifdef FEAT_VARTABS
+ 	    buf->b_p_vsts = vim_strsave(p_vsts);
+ 	    if (p_vsts && p_vsts != empty_option)
+-		tabstop_set(p_vsts, &buf->b_p_vsts_array);
++		(void)tabstop_set(p_vsts, &buf->b_p_vsts_array);
+ 	    else
+ 		buf->b_p_vsts_array = 0;
+ 	    buf->b_p_vsts_nopaste = p_vsts_nopaste
+@@ -11524,7 +11524,7 @@ buf_copy_options(buf_T *buf, int flags)
+ 		buf->b_p_isk = save_p_isk;
+ #ifdef FEAT_VARTABS
+ 		if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
+-		    tabstop_set(p_vts, &buf->b_p_vts_array);
++		    (void)tabstop_set(p_vts, &buf->b_p_vts_array);
+ 		else
+ 		    buf->b_p_vts_array = NULL;
+ #endif
+@@ -11537,7 +11537,7 @@ buf_copy_options(buf_T *buf, int flags)
+ #ifdef FEAT_VARTABS
+ 		buf->b_p_vts = vim_strsave(p_vts);
+ 		if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
+-		    tabstop_set(p_vts, &buf->b_p_vts_array);
++		    (void)tabstop_set(p_vts, &buf->b_p_vts_array);
+ 		else
+ 		    buf->b_p_vts_array = NULL;
+ #endif
+@@ -12435,7 +12435,7 @@ paste_option_changed(void)
+ 	    if (buf->b_p_vsts_array)
+ 		vim_free(buf->b_p_vsts_array);
+ 	    if (buf->b_p_vsts && buf->b_p_vsts != empty_option)
+-		tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
++		(void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
+ 	    else
+ 		buf->b_p_vsts_array = 0;
+ #endif
+@@ -12807,18 +12807,19 @@ check_ff_value(char_u *p)
+ /*
+  * Set the integer values corresponding to the string setting of 'vartabstop'.
+  * "array" will be set, caller must free it if needed.
++ * Return FAIL for an error.
+  */
+     int
+ tabstop_set(char_u *var, int **array)
+ {
+-    int valcount = 1;
+-    int t;
+-    char_u *cp;
++    int		valcount = 1;
++    int		t;
++    char_u	*cp;
+ 
+     if (var[0] == NUL || (var[0] == '0' && var[1] == NUL))
+     {
+ 	*array = NULL;
+-	return TRUE;
++	return OK;
+     }
+ 
+     for (cp = var; *cp != NUL; ++cp)
+@@ -12832,8 +12833,8 @@ tabstop_set(char_u *var, int **array)
+ 		if (cp != end)
+ 		    emsg(_(e_positive));
+ 		else
+-		    emsg(_(e_invarg));
+-		return FALSE;
++		    semsg(_(e_invarg2), cp);
++		return FAIL;
+ 	    }
+ 	}
+ 
+@@ -12844,26 +12845,33 @@ tabstop_set(char_u *var, int **array)
+ 	    ++valcount;
+ 	    continue;
+ 	}
+-	emsg(_(e_invarg));
+-	return FALSE;
++	semsg(_(e_invarg2), var);
++	return FAIL;
+     }
+ 
+     *array = (int *)alloc((unsigned) ((valcount + 1) * sizeof(int)));
+     if (*array == NULL)
+-	return FALSE;
++	return FAIL;
+     (*array)[0] = valcount;
+ 
+     t = 1;
+     for (cp = var; *cp != NUL;)
+     {
+-	(*array)[t++] = atoi((char *)cp);
++	int n = atoi((char *)cp);
++
++	if (n < 0 || n > 9999)
++	{
++	    semsg(_(e_invarg2), cp);
++	    return FAIL;
++	}
++	(*array)[t++] = n;
+ 	while (*cp  != NUL && *cp != ',')
+ 	    ++cp;
+ 	if (*cp != NUL)
+ 	    ++cp;
+     }
+ 
+-    return TRUE;
++    return OK;
+ }
+ 
+ /*
+diff --git a/src/testdir/test_retab.vim b/src/testdir/test_retab.vim
+index f11a32b..e7b8946 100644
+--- a/src/testdir/test_retab.vim
++++ b/src/testdir/test_retab.vim
+@@ -74,4 +74,7 @@ endfunc
+ func Test_retab_error()
+   call assert_fails('retab -1',  'E487:')
+   call assert_fails('retab! -1', 'E487:')
++  call assert_fails('ret -1000', 'E487:')
++  call assert_fails('ret 10000', 'E475:')
++  call assert_fails('ret 80000000000000000000', 'E475:')
+ endfunc
+diff --git a/src/version.c b/src/version.c
+index 6bac28e..bd19aac 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -2580,6 +2580,7 @@ static int included_patches[] =
+  */
+ static char *(extra_patches[]) =
+ {   /* Add your patch description below this line */
++    "8.2.3402",
+ /**/
+     NULL
+ };
diff --git a/debian/patches/upstream/patch-8.2.3403-memory-leak-for-retab-with-invalid-argumen.patch b/debian/patches/upstream/patch-8.2.3403-memory-leak-for-retab-with-invalid-argumen.patch
new file mode 100644
index 0000000..18f205c
--- /dev/null
+++ b/debian/patches/upstream/patch-8.2.3403-memory-leak-for-retab-with-invalid-argumen.patch
@@ -0,0 +1,67 @@
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sat, 4 Sep 2021 21:20:41 +0200
+Subject: patch 8.2.3403: memory leak for :retab with invalid argument
+
+Problem:    Memory leak for :retab with invalid argument.
+Solution:   Free the memory.  Make error messages consistent.
+(cherry picked from commit 2ddb89f8a94425cda1e5491efc80c1ccccb6e08e)
+---
+ src/ex_cmds.c | 10 ++++++++--
+ src/option.c  |  3 +++
+ src/version.c |  1 +
+ 3 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/src/ex_cmds.c b/src/ex_cmds.c
+index 08d71e4..3200173 100644
+--- a/src/ex_cmds.c
++++ b/src/ex_cmds.c
+@@ -714,12 +714,18 @@ ex_retab(exarg_T *eap)
+     else
+ 	new_ts_str = vim_strnsave(new_ts_str, eap->arg - new_ts_str);
+ #else
+-    new_ts = getdigits(&(eap->arg));
+-    if (new_ts < 0)
++    ptr = eap->arg;
++    new_ts = getdigits(&ptr);
++    if (new_ts < 0 && *eap->arg == '-')
+     {
+ 	emsg(_(e_positive));
+ 	return;
+     }
++    if (new_ts < 0 || new_ts > 9999)
++    {
++	semsg(_(e_invarg2), eap->arg);
++	return;
++    }
+     if (new_ts == 0)
+ 	new_ts = curbuf->b_p_ts;
+ #endif
+diff --git a/src/option.c b/src/option.c
+index 3ebd443..12d903f 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -12859,9 +12859,12 @@ tabstop_set(char_u *var, int **array)
+     {
+ 	int n = atoi((char *)cp);
+ 
++	// Catch negative values, overflow and ridiculous big values.
+ 	if (n < 0 || n > 9999)
+ 	{
+ 	    semsg(_(e_invarg2), cp);
++	    vim_free(*array);
++	    *array = NULL;
+ 	    return FAIL;
+ 	}
+ 	(*array)[t++] = n;
+diff --git a/src/version.c b/src/version.c
+index bd19aac..cfe1486 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -2581,6 +2581,7 @@ static int included_patches[] =
+ static char *(extra_patches[]) =
+ {   /* Add your patch description below this line */
+     "8.2.3402",
++    "8.2.3403",
+ /**/
+     NULL
+ };
diff --git a/debian/patches/upstream/patch-8.2.3409-reading-beyond-end-of-line-with-invalid-ut.patch b/debian/patches/upstream/patch-8.2.3409-reading-beyond-end-of-line-with-invalid-ut.patch
new file mode 100644
index 0000000..0ad00be
--- /dev/null
+++ b/debian/patches/upstream/patch-8.2.3409-reading-beyond-end-of-line-with-invalid-ut.patch
@@ -0,0 +1,58 @@
+From: Bram Moolenaar <Bram@vim.org>
+Date: Tue, 7 Sep 2021 19:26:53 +0200
+Subject: patch 8.2.3409: reading beyond end of line with invalid utf-8
+ character
+
+Problem:    Reading beyond end of line with invalid utf-8 character.
+Solution:   Check for NUL when advancing.
+(cherry picked from commit 65b605665997fad54ef39a93199e305af2fe4d7f)
+---
+ src/regexp_nfa.c                 |  3 ++-
+ src/testdir/test_regexp_utf8.vim | 10 ++++++++++
+ src/version.c                    |  1 +
+ 3 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
+index 031a6cf..b9562c6 100644
+--- a/src/regexp_nfa.c
++++ b/src/regexp_nfa.c
+@@ -5414,7 +5414,8 @@ find_match_text(colnr_T startcol, int regstart, char_u *match_text)
+ 		match = FALSE;
+ 		break;
+ 	    }
+-	    len2 += MB_CHAR2LEN(c2);
++	    len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2)
++							     : MB_CHAR2LEN(c2);
+ 	}
+ 	if (match
+ 		/* check that no composing char follows */
+diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim
+index 98b9e73..75485dc 100644
+--- a/src/testdir/test_regexp_utf8.vim
++++ b/src/testdir/test_regexp_utf8.vim
+@@ -206,3 +206,13 @@ func Test_large_class()
+   call assert_equal(1, "\u3042" =~# '[\u3000-\u4000]')
+   set re=0
+ endfunc
++
++func Test_match_invalid_byte()
++  call writefile(0z630a.765d30aa0a.2e0a.790a.4030, 'Xinvalid')
++  new
++  source Xinvalid
++  bwipe!
++  call delete('Xinvalid')
++endfunc
++
++" vim: shiftwidth=2 sts=2 expandtab
+diff --git a/src/version.c b/src/version.c
+index cfe1486..a3eca1e 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -2582,6 +2582,7 @@ static char *(extra_patches[]) =
+ {   /* Add your patch description below this line */
+     "8.2.3402",
+     "8.2.3403",
++    "8.2.3409",
+ /**/
+     NULL
+ };
diff --git a/debian/patches/upstream/patch-8.2.3428-using-freed-memory-when-replacing.patch b/debian/patches/upstream/patch-8.2.3428-using-freed-memory-when-replacing.patch
new file mode 100644
index 0000000..16832ad
--- /dev/null
+++ b/debian/patches/upstream/patch-8.2.3428-using-freed-memory-when-replacing.patch
@@ -0,0 +1,78 @@
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sat, 11 Sep 2021 21:14:20 +0200
+Subject: patch 8.2.3428: using freed memory when replacing
+
+Problem:    Using freed memory when replacing. (Dhiraj Mishra)
+Solution:   Get the line pointer after calling ins_copychar().
+(cherry picked from commit 35a9a00afcb20897d462a766793ff45534810dc3)
+---
+ src/normal.c              | 10 +++++++---
+ src/testdir/test_edit.vim | 14 ++++++++++++++
+ src/version.c             |  1 +
+ 3 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/src/normal.c b/src/normal.c
+index 41af966..2c36c15 100644
+--- a/src/normal.c
++++ b/src/normal.c
+@@ -7056,19 +7056,23 @@ nv_replace(cmdarg_T *cap)
+ 	    {
+ 		/*
+ 		 * Get ptr again, because u_save and/or showmatch() will have
+-		 * released the line.  At the same time we let know that the
+-		 * line will be changed.
++		 * released the line.  This may also happen in ins_copychar().
++		 * At the same time we let know that the line will be changed.
+ 		 */
+-		ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
+ 		if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y)
+ 		{
+ 		  int c = ins_copychar(curwin->w_cursor.lnum
+ 					   + (cap->nchar == Ctrl_Y ? -1 : 1));
++
++		  ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
+ 		  if (c != NUL)
+ 		    ptr[curwin->w_cursor.col] = c;
+ 		}
+ 		else
++		{
++		    ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
+ 		    ptr[curwin->w_cursor.col] = cap->nchar;
++		}
+ 		if (p_sm && msg_silent == 0)
+ 		    showmatch(cap->nchar);
+ 		++curwin->w_cursor.col;
+diff --git a/src/testdir/test_edit.vim b/src/testdir/test_edit.vim
+index 9a60d01..2e050c2 100644
+--- a/src/testdir/test_edit.vim
++++ b/src/testdir/test_edit.vim
+@@ -1436,3 +1436,17 @@ func Test_leave_insert_autocmd()
+   au! InsertLeave
+   iunmap x
+ endfunc
++
++" Test for getting the character of the line below after "p"
++func Test_edit_put_CTRL_E()
++  set encoding=latin1
++  new
++  let @" = ''
++  sil! norm orggRx
++  sil! norm pr
++  call assert_equal(['r', 'r'], getline(1, 2))
++  bwipe!
++  set encoding=utf-8
++endfunc
++
++" vim: shiftwidth=2 sts=2 expandtab
+diff --git a/src/version.c b/src/version.c
+index a3eca1e..c4a502f 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -2583,6 +2583,7 @@ static char *(extra_patches[]) =
+     "8.2.3402",
+     "8.2.3403",
+     "8.2.3409",
++    "8.2.3428",
+ /**/
+     NULL
+ };