Foxe Chen [Sat, 23 May 2026 15:55:28 +0000 (15:55 +0000)]
patch 9.2.0516: socketserver: spurious error when servername is taken
Problem: socketserver: when searching for a free socket path,
socketserver_get_path() emits an error for each name that is
already in use (after v9.2.0512).
Solution: Add an "ignore" argument to socketserver_get_path() to
suppress the error (Foxe Chen).
Signed-off-by: Foxe Chen <chen.foxe@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org> Signed-off-by: Foxe Chen <chen.foxe@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0513: [security]: memory safety issues in spellfile.c
Problem: [security]: memory safety issues in spellfile.c
(tacdm)
Solution: Add recursion limit to read_tree_node(), add length limit
check in tree_count_words(), use alloc_clear() in
spell_read_tree().
Foxe Chen [Fri, 22 May 2026 18:30:52 +0000 (18:30 +0000)]
patch 9.2.0512: clientserver uses binary protocol
Problem: clientserver feature uses binary protocol and is hard
to understand
Solution: Rewrite the code based on channels and JSON messages
(Foxe Chen).
closes: #19782
Signed-off-by: Foxe Chen <chen.foxe@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0511: configure: when GTK4 is used also links in X11 libs
Problem: configure: when GTK4 is used also links in X11 libs
(Reilly Brogan)
Solution: Disable linking against X11 libraries when GTK4 GUI is to be
used (Yasuhiro Matsumoto)
GTK4 does not use any X11 APIs directly; the X11 backend is loaded by
GTK4 at runtime. Force with_x=no when --enable-gui=gtk4 so configure
does not probe for libICE/libSM/libX11/libXt/libXdmcp/libXpm, and so
packagers do not pull those into build dependencies. Also skip the
XSMP X11/SM/SMlib.h header check when X11 is disabled, since USE_XSMP
itself requires HAVE_X11.
fixes: #20268
closes: #20289
Co-authored-by: Claude <noreply@anthropic.com> Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
glepnir [Fri, 22 May 2026 17:59:23 +0000 (17:59 +0000)]
patch 9.2.0510: setline() mapping may trigger autoindent
Problem: setline() insert mode mapping may trigger autoindent,
corrupting the newly inserted line content (Evgeni Chasnovski)
Solution: Only strip autoindent whitespace when the rest of the line is
all whitespace (glepnir).
fixes: #19363
closes: #20290
Signed-off-by: glepnir <glephunter@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0508: completion: cannot complete user cmd :K with 'ignorecase'
Problem: completion: cannot complete user cmd :K with 'ignorecase'
(rendcrx)
Solution: Skip the short-circuit when 'ignorecase' is set
(Yasuhiro Matsumoto)
The set_cmd_index() short-circuit for the :k command treats ":k<X>" as
":k {X}" (mark argument), which makes ":kz<Tab>" never reach the
command-name expansion path. With 'ignorecase' the same prefix on other
letters (":gz<Tab>") completes a user command like :Gz, so the result is
inconsistent. Skip the short-circuit when 'ignorecase' is set; default
behaviour is preserved so the existing :k tests still pass.
Hirohito Higashi [Thu, 21 May 2026 19:45:59 +0000 (19:45 +0000)]
patch 9.2.0507: Vim9 class: public/protected member name clash uses same error
Problem: When a public member and a protected member in a Vim9
class have the same name (differing only in the leading '_'),
Vim reports E1369 "Duplicate variable", which is also used for
plain duplicate definitions. Users cannot tell from the
message whether the conflict is the public/protected naming
rule or a real duplicate.
Solution: Add a dedicated error E1406 "Public and protected member
have the same name" and emit it only when the name clash is
between a public and a protected member. Keep E1369 for
genuine duplicate variable definitions (Hirohito Higashi).
fixes: #20240
closes: #20277
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Hirohito Higashi [Thu, 21 May 2026 19:03:50 +0000 (19:03 +0000)]
runtime(doc): fix help tags for removed/reused error codes
Problem: Several error codes (E614, E1319, E1321, E1323, E1400, E1401,
E1402, E1406) were removed from errors.h in v9.1.0600 but
their *Ennn* tags remained in the help files, so :help Ennn
jumps to obsolete locations. E1395 was later reused with a
new meaning ("Using a null class") in v9.1.1119, but its tag
is still placed in the type-alias section.
Solution: Remove the stale *Ennn* tags from the help files. Move
*E1395* to the vim9.txt null-values section to match its
current meaning. Also fix the indentation of *E1411*.
Regenerate runtime/doc/tags.
closes: #20279
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
John Marriott [Wed, 20 May 2026 18:38:55 +0000 (18:38 +0000)]
patch 9.2.0506: home_replace() function can be improved
Problem: home_replace() function can be improved
Solution: Refactor home_replace() to return the length of the string
(John Marriott).
In addition:
- in function set_b0_fname() move ulen into the block where it is used.
- In function findswapname() rework logic around displaying "swap file
already exists" dialogue so that literal message text is set once.
closes: #20249
Signed-off-by: John Marriott <basilisk@internode.on.net> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0505: GTK4: text looks blurry on HiDPI displays
Problem: GTK4: text looks blurry on HiDPI displays
(Foxe Chen, after v9.2.0501)
Solution: Allocate the cairo surface at physical resolution and set the
device scale, recreate it on scale-factor changes
(Yasuhiro Matsumoto).
The backing cairo image surface was created at logical pixel size, so
GTK4 upscaled it when blitting to the physical framebuffer. Allocate
the surface at width*scale x height*scale and apply
cairo_surface_set_device_scale() so drawing code keeps using logical
coordinates while the surface itself has full physical resolution.
Also recreate the surface on notify::scale-factor when the window
moves between monitors with different scales.
fixes: #20252
closes: #20258
Co-authored-by: Claude <noreply@anthropic.com> Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0504: configure: requires X11 libraries for GTK4 build
Problem: configure: requires X11 libraries for GTK4 build
(after v9.2.0501)
Solution: Allow to build GTK4 even when no X11 libraries are present
(Yasuhiro Matsumoto)
GTK4 does not use X11 APIs directly; the X11 backend is loaded by
GTK4 at runtime. Skip the X11 dependency enforcement when the user
explicitly passes --enable-gui=gtk4 so the build can succeed on
systems without X11 development headers.
closes: #20265
Co-authored-by: Claude <noreply@anthropic.com> Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0503: Makefile: Missing dependencies for new GTK4 source files
Problem: Makefile: Missing dependencies for new GTK4 source files
(Reilly Brogan, after v9.2.0501)
Solution: Re-run make depend, clean the result up and include the
missing dependencies for the GTK4 source files
J. Paulo Seibt [Tue, 19 May 2026 18:51:14 +0000 (18:51 +0000)]
patch 9.2.0502: runtime(netrw): bookmark handling can be improved
Problem: To goto or delete a bookmark, one needs to prefix a count
for the bookmark number (e.g., "2gb" to open bookmark#2).
As the bookmark list gets or deletes entries, the numbers
keep changing, requiring listing the bookmarks with qb to
discover the desired bookmark number. Typing gb or mB
without a count targets g:netrw_bookmarklist[-1].
Solution: If no count is given to gb or mB, list all bookmarks and
prompt for a number using inputlist(), similar to tag jump
with g].
closes: #20211
Signed-off-by: J. Paulo Seibt <jpseibt@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0501: GTK4: there is no GTK4 UI available
Problem: GTK4: there is no GTK4 UI available
Solution: Implement GTK4 UI (Yasuhiro Matsumoto).
To enable, use the --enable-gui=gtk4 configure switch. Configure
currently favors GTK3 over GTK4 if no explicit --enable-gui switch has
been given and both libraries are present
closes: #19815
Co-authored-by: Claude <noreply@anthropic.com> Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
tecis [Mon, 18 May 2026 21:46:24 +0000 (21:46 +0000)]
runtime(htmldjango): Remove unnecessary code.
I submitted the PR #20232 to resolve an undesired behavior in with the
highlighter inheriting from "django.vim" and "html.vim". After
further testing I noticed the re-declaration of `djangoOperators` in
"htmldjango" is not necessary, and my conclusions where a mistake from a
not-clean test environment.
This PR reverses the effect of the commit #f03155a.
related: #20232
closes: #20248
Signed-off-by: tecis <67809811+tecis@users.noreply.github.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
K.Takata [Mon, 18 May 2026 21:19:27 +0000 (21:19 +0000)]
CI: Stop using AppVeyor
We started the Windows CI with AppVeyor (v7.4.872), but nowadays, GitHub Actions
supports Windows, and the performance is better than AppVeyor.
Especially, AppVeyor doesn't allow running multiple jobs in parallel.
Before 9.0.0529, we used VC 2010 on AppVeyor to ensure that C99 syntax
was not used.
Now we use some C99 syntax. Also, MSVC's C99 support level remains
almost the same since VS 2015. So, using VS 2015 isn't very useful.
closes: #20251
Signed-off-by: K.Takata <kentkt@csc.jp> Signed-off-by: Christian Brabandt <cb@256bit.org>
truffle [Mon, 18 May 2026 20:46:24 +0000 (20:46 +0000)]
patch 9.2.0500: filetype: some html files wrongly recognized as htmlangular
Problem: filetype: some html files are wrongly recognized as htmlangular
Solution: Use the \< atom to anchor ng-template and ng-content to start
of word (truffle)
Prevent false-positive htmlangular detection on words containing
'ng-template' or 'ng-content' as a substring (e.g. 'song-template',
'sing-content'). Anchor both branches with \< to require a word start,
matching the \<DTD\s\+XHTML\s idiom used five lines below.
related: neovim/neovim#39778.
closes: #20246
Signed-off-by: truffle <truffleagent@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
tecis [Mon, 18 May 2026 20:40:37 +0000 (20:40 +0000)]
runtime(doc): INSTALL: "libwayland-dev" is required on Ubuntu for Wayland clipboard support
In GNU/Linux distros without X11 and only depending on the Wayland
Composer as a display server I could not find official documentation on
how to compile VIM with clipbloard support.
> This will become more relevant as common distros ship with Wayland
only environments. (sources & articles bellow)
Sources.
- [Gnome Blog: X11 Session Removal FAQ.](https://blogs.gnome.org/alatiera/2025/06/23/x11-session-removal-faq/)
- [KDE Blog: Going all-in on a Wayland future 2025-11-26.](https://blogs.kde.org/2025/11/26/going-all-in-on-a-wayland-future/)
- [Gnome Blog: An update on the X11 GNOME Session Removal 2025-06-08.](https://blogs.gnome.org/alatiera/2025/06/08/the-x11-session-removal/)
Articles.
- [It’s Foss: No More Xorg! Fedora 43 Will Be Wayland-only 2025-05-21](https://itsfoss.com/news/fedora-43-wayland-only/)
- [Desde Linux: The depreciation of X11 in Fedora continues and in Fedora 41 the Gnome session in X11 will disappear.](https://blog.desdelinux.net/en/The-depreciation-of-x11-in-fedora-continues-and-in-fedora-41-the-gnome-session-in-x11-will-disappear/)
- [How-To-Geek: The writing is on the wall for X11 on Linux, here's what is replacing it 2025-12-29.](https://www.howtogeek.com/x11-is-going-away-on-linux-heres-how-to-prepare/).
- [Dev.To: GNOME 50 Removes X11: What It Means for Linux Users 2026-03-16.](https://dev.to/the_nazar/gnome-50-removes-x11-what-it-means-for-linux-users-1ike)
- [LinuxSecurity.com: GNOME 50: Wayland-Only Brings Enhanced Security and Isolation](https://linuxsecurity.com/news/desktop-security/gnome-50-wayland-linux-security)
- [XDA Developers: KDE is finally killing X11, and I'm not as sad as I thought I'd be 2026-05-14](https://www.xda-developers.com/kde-dropping-x11-support/).
closes: #20245
Signed-off-by: tecis <67809811+tecis@users.noreply.github.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Aliaksei Budavei [Mon, 18 May 2026 19:07:08 +0000 (19:07 +0000)]
tests(commondumps): Use character counts when marking columns
Continue using "strwidth" when calculating the position of
a column of interest, and start using "setcharpos" when
marking a line of interest so that paired-up marks remain
aligned columnwise across all three parts generated by
"term_dumpdiff", especially when multibyte characters are
written in the line before the marked column.
closes: #20237
Signed-off-by: Aliaksei Budavei <0x000c70@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0499: modeline: allow to disable modelines with modelinestrict
Problem: Cannot disable modeline processing when loading a file
(Mao-Yining, after v9.2.0350)
Solution: Allow to disable modeline processing even when
'modelienstrict' is in effect.
fixes: #20103
closes: #20229
Signed-off-by: Christian Brabandt <cb@256bit.org> Signed-off-by: Christian Brabandt <cb@256bit.org>
Miguel Barro [Sun, 17 May 2026 20:00:41 +0000 (20:00 +0000)]
patch 9.2.0497: Cannot jump to remote tags
Problem: Cannot jump to remote tags
(after v9.2.0405)
Solution: Add the 'tagsecure' option (Miguel Barro)
closes: #20162
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Miguel Barro <miguel.barro@live.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0495: [security]: runtime(netrw): code injection via NetrwBookHistSave()
Problem: [security]: runtime(netrw): code injection via
NetrwBookHistSave()
Solution: Properly quote the directory name using string() function
(Srinivas Piskala Ganesh Babu)
mathmil [Sun, 17 May 2026 18:08:46 +0000 (18:08 +0000)]
runtime(just): add 'suffixesadd' to ftplugin
closes: #20197
Signed-off-by: mathmil <82173590+mathmil@users.noreply.github.com> Signed-off-by: Peter Benjamin <petermbenjamin@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Aliaksei Budavei [Sun, 17 May 2026 18:05:13 +0000 (18:05 +0000)]
runtime(sh): Do not conflate empty array and function declarations in Bash
Although the "=" character is permitted in function names,
a construct that parses as a variable assignment is
preferred to it parsing as a function declaration. See the
updated test file "sh_functions_bash.sh" for details.
patch 9.2.0493: popup: missing Popup, PopupBorder and PopupTitle hi groups
Problem: popup: missing Popup, PopupBorder and PopupTitle highlight groups
Solution: add Popup, PopupBorder and PopupTitle highlight groups and
fall back to Pmenu related highlighting groups (Yasuhiro Matsumoto).
fixes: #20110
closes: #20208
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0492: popup: decoration wrongly drawn with clipping on border
Problem: popup: clipwindow popups with border and padding could still
spill into the surrounding chrome of the host window
Solution: Consume the border first, then the padding, per edge; spill
any leftover clip into the opposite edge's decoration; derive
the bottom padding row from total_height; skip the scrollbar
branch for clipwindow popups (Yasuhiro Matsumoto).
closes: #20227
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
tecis [Sun, 17 May 2026 08:44:39 +0000 (08:44 +0000)]
runtime(htmldjango): Add syntax highlighting of comparison operators
The presence `djangoOperators` in the file `syntax/django.vim` and
having the highlight function with a `match` statement leads to a
highlight spill-over with other elements defined in `syntax/html.vim`.
To avoid the highlight spill-over declare a region called
`djangoTagBlockNaive` to limit `djangoOperator` to only be matched
within.
related: #20225
closes: #20232
Signed-off-by: tecis <67809811+tecis@users.noreply.github.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
tecis [Sun, 17 May 2026 08:32:15 +0000 (08:32 +0000)]
runtime(django): Resolve FIXME of comparrison operators + localization tags
Summary: Add highlight of comparison operators resolving FIXME left by maintainer.
How it works: By creating a the variable ‘djangoOperator’ with the regex
and defining to only highlight when enclosed within ‘djangoTag’ and
‘djangoVarBlock’ the highlight works as expected.
Note: Note even though the maintainer had left the note “FIXME ==, !=,
<, >, <=, and >= should be djangoStatements” the results do work
as I think he intended even though the variable ‘djangoOperator’ had to
be created to achieve the result. By doing it this way the highlight
process does not get confused depending on the spacing of the comparison
operator. Example: {{ x>=10 }} and {{ x >= 10 }} work as expected.
orbisai0security [Sun, 17 May 2026 08:19:14 +0000 (08:19 +0000)]
ccfilter: uses unbounded strcat()/strcpy()
Problem: ccfilter.c copies compiler output into fixed-size buffers
with strcat() and strcpy(), so very long diagnostics can
overflow.
Solution: replace with snprintf() bounded by LINELENGTH.
Automated security fix generated by Orbis Security AI
closes: #20233
Signed-off-by: orbisai0security <mediratta01.pally@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
glepnir [Sat, 16 May 2026 08:36:39 +0000 (08:36 +0000)]
patch 9.2.0490: matchfuzzy() can crash on long multi-word patterns
Problem: matchfuzzy() can crash on long multi-word patterns.
Solution: Clamp pat_chars to maxMatches and stop before calling
match_positions() when the buffer is full (glepnir).
closes: #20209
Signed-off-by: glepnir <glephunter@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Keith Smiley [Sat, 16 May 2026 07:46:25 +0000 (07:46 +0000)]
patch 9.2.0489: filetype: some Objective-C files are not recognized
Problem: filetype: some Objective-C files are not recognized
Solution: Add g:filetype_mm override variable, improve the objective c
pattern detection (Keith Smiley).
closes: #20221
Signed-off-by: Keith Smiley <keithbsmiley@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
dependabot[bot] [Sat, 16 May 2026 07:40:21 +0000 (07:40 +0000)]
CI: Bump the github-actions group across 1 directory with 2 updates
Bumps the github-actions group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [actions/labeler](https://github.com/actions/labeler).
Updates `github/codeql-action` from 4.35.3 to 4.35.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v4.35.3...v4.35.4)
Updates `actions/labeler` from 6.0.1 to 6.1.0
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v6.0.1...v6.1.0)
Hirohito Higashi [Fri, 15 May 2026 16:50:27 +0000 (16:50 +0000)]
patch 9.2.0488: statusline: status line highlight blends into adjacent vsep cells
Problem: When two windows are placed side by side with vsplit and
their status lines are connected (the cell between them
is drawn with the 'stl' / 'stlnc' fillchar, not the
'vert' character), that connecting cell still uses the
VertSplit highlight. The status line bar therefore
looks broken at the separator column, and any custom
edge highlight set in 'statusline' (%#XX# / %N*) is cut
off there.
Solution: Make that connecting cell take the highlight from the
neighbouring status line edge instead of VertSplit:
- Next to the current window, use the current
window's edge highlight, so the StatusLine bar (and
any %#... at the edge) extends into the column
without a seam.
- Between two non-current windows whose status
fillchar is a space, use the left window's
right-edge highlight, so the StatusLineNC bar is
continuous across the column too.
Cells drawn with the 'vert' character (the two windows
do not share a status line) keep the VertSplit
highlight as before.
Add Test_statusline_vsep_borrow_hl with two layouts
(NC | cur | NC | NC and NC | NC | cur | NC) so all
three cases above are covered.
closes: #20182
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0487: viminfo: possible signed int overflow in register array
Problem: viminfo: possible signed int overflow in register array growth
Solution: Cast to size_t (Yasuhiro Matsumoto)
The expression `limit * 2 * sizeof(string_T)` in read_viminfo_register()
multiplies in int and overflows once limit exceeds INT_MAX/2. Cast to
size_t first so the size computation stays unsigned. Defensive only;
reaching this path requires registers consuming many gigabytes.
closes: #20207
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Foxe Chen [Fri, 15 May 2026 16:00:04 +0000 (16:00 +0000)]
patch 9.2.0485: clipboard provider callback can be called recursively
Problem: clipboard provider callback can be called recursively, leading
to E132: Function call depth is higher than 'maxfuncdepth'
Solution: Prevent recursive calls of
clip_provider_copy()/clip_provider_paste() (Foxe Chen).
closes: #20213
Signed-off-by: Foxe Chen <chen.foxe@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: TextPutPre triggers clipboard provider callback twice
when do_put() runs autocommands that themselves request
the clipboard.
Solution: Guard do_put() and put_do_autocmd() with
inc_clip_provider()/dec_clip_provider() so the provider
is queried at most once per put operation (Foxe Chen).
closes: #20215
Signed-off-by: Foxe Chen <chen.foxe@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Hirohito Higashi [Fri, 15 May 2026 15:02:48 +0000 (15:02 +0000)]
patch 9.2.0483: popup: terminal embedded in an opacity popup freezes Vim on input
Problem: When a terminal buffer is shown inside a popup with 'opacity'
set to a value other than 100, typing into it freezes Vim.
Only the first keystroke is drawn; afterwards no input is
processed and the screen stops updating.
Solution: When marking background lines for redraw to keep opacity
blend cells fresh, do not raise must_redraw. This marking
happens from inside update_screen() (via
may_update_popup_mask()), so raising must_redraw makes
terminal_loop()'s "while (must_redraw != 0) update_screen()"
loop never terminate. Add redraw_win_range_now() that
updates only the per-window state and use it from
redraw_win_under_opacity_popup() (Hirohito Higashi)
fixes: #20214
closes: #20220
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0481: runtime(netrw): command injection possible via maps
Problem: runtime(netrw): command injection possible via crafted
directory names in NetrwMaps() (Christopher Lusk)
Solution: Temporarily remove B flag in NetrwMaps() to prevent command
injection
patch 9.2.0480: [security]: runtime(netrw): code injection via mf command
Problem: [security]: runtime(netrw): code injection via mf command
(Christopher Lusk, Zdenek Dohnal)
Solution: Do not use string concatenation inside the filter() commands
(Zdenek Dohnal)
patch 9.2.0479: [security]: runtime(tar): command injection in tar plugin
Problem: [security]: runtime(tar): command injection in tar plugin
(Christopher Lusk)
Solution: Use the correct shellescape(args, 1) form for a :! command
patch 9.2.0477: popup: leftover content after popup_free under layout change
Problem: popup_mask still marks the freed popup's cells as covered
until may_update_popup_mask() runs inside the next
update_screen. Any screen_fill / screen_puts called in
between (for example msg_clr_eos triggered by a status message
from :copen) hits skip_for_popup() and silently drops writes
to those cells, so the popup's chars survive on screen until
those cells happen to be redrawn for another reason.
Solution: Add popup_clear_mask_for() and call it from popup_hide() and
popup_free() when the popup was visible, so the upcoming
writes take effect immediately (Yasuhiro Matsumoto)
Note: The test is limited to MS-Windows because the original report
(#20178) was reproduced there and the redraw timing required to
surface the bug differs on other platforms.
fixes: #20178
closes: #20188
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
J. Paulo Seibt [Mon, 11 May 2026 17:08:48 +0000 (17:08 +0000)]
patch 9.2.0475: runtime(netrw): bookmark paths not normalized
Problem: the bookmarks list can have duplicate entries, more often
in win32 (due to mixed slashes and capitalization) and when
g:netrw_keepdir=0 (which could introduce relative paths).
Duplicate entries could be: C:\foo\BAR\baz.file
c:\foo\bar\baz.file
c:/foo\BAR/baz.file
BAR/baz.file
Solution: Normalize the paths and make sure they are always absolute
(J. Paulo Seibt).
closes: #20194
Signed-off-by: J. Paulo Seibt <jpseibt@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
K.Takata [Mon, 11 May 2026 16:56:33 +0000 (16:56 +0000)]
patch 9.2.0474: MS-Windows: hard to tell which Visual Studio version was selected with MSVC
Problem: When running msvc*.bat there is no indication of which
Visual Studio version and target architecture got
selected.
Solution: After vcvarsall.bat returns, echo the VS version, VC
tools version and target architecture, and set the
Command Prompt title accordingly (Ken Takata).
closes: #20193
Signed-off-by: K.Takata <kentkt@csc.jp> Signed-off-by: Christian Brabandt <cb@256bit.org>
zeertzjq [Mon, 11 May 2026 16:49:19 +0000 (16:49 +0000)]
patch 9.2.0473: Pasting ". register without autocommands breaks TextPut*
Problem: Pasting ". register without TextPut* autocommands breaks
subsequent TextPut* autocommands (after 9.2.0470).
Solution: Only decrement add_last_insert if it has been incremented
(zeertzjq).
closes: #20192
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0472: popup: column jitters when scrolled outside viewport
Problem: popup: column jitters horizontally when textprop is scrolled
above the host window's top (after v9.2.0469)
Solution: Compute the virtual column from the prop's actual line via
getvcol() and translate it through prop_win's win_col_off /
leftcol / wincol (Yasuhiro Matsumoto).
popup_screenpos_above_top() probed textpos2screenpos() at
prop_win->w_topline using the prop's own tp_col, so the returned
screen_scol picked up topline's tab stops and multi-byte widths instead
of the prop line's own. Once the textprop scrolled above the host's
top, the popup's wincol jittered left/right every time a wider or
narrower line rotated into the topmost slot.
Compute the virtual column from the prop's actual line via getvcol()
and translate it through prop_win's win_col_off / leftcol / wincol.
Row extrapolation from topline is unchanged.
closes: #20187
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
John Marriott [Mon, 11 May 2026 16:22:05 +0000 (16:22 +0000)]
patch 9.2.0471: vimvars di_key initialized at runtime
Problem: evalvars_init() copies each vimvar's name into di_key at
startup and runtime-checks that the name fits in
DICTITEM16_KEY_LEN, even though all names are known at
compile time.
Solution: Embed the name in di_key via the VV_NAME macro so the
initialization happens at compile time. Drop the
runtime length check and the STRCPY loop (John Marriott).
closes: #20185
Signed-off-by: John Marriott <basilisk@internode.on.net> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0469: popup: textprop-anchored popups bleed past host window edges
Problem: A popup anchored to a text property in a split window is
positioned relative to the screen and may extend into
adjacent splits or off-screen regions. There is no way to
confine the popup to the window that contains the textprop.
Solution: Add the "clipwindow" popup option to allow clipping the text
property popup to the host window (Yasuhiro Matsumoto).
Adds a "clipwindow" boolean option to popup_create()/popup_setoptions().
When set on a textprop-anchored popup, the popup's drawn extent is
confined to its host (textprop) window's content rectangle so the popup
no longer bleeds across a horizontal split's statusline (top/bottom) or
a vsplit's separator (right) into another window.
The popup keeps its full logical size and position; only the rows or
columns that fall outside the host window's content area are skipped
during drawing, so a popup that scrolls toward the host's edge looks
visually "cut off" without its borders being relocated. popup_getoptions
and popup_getpos continue to report the unclipped geometry.
Implementation:
- w_popup_topoff / w_popup_bottomoff record how many rows of the
popup fall outside the host on each side. popup_adjust_position()
computes them from the host rectangle after the logical layout is
finalised, and update_popups() and the popup-mask builder subtract
them when emitting cells/borders/scrollbar and when marking
popup-owned cells. win_update() is bracketed by transient
w_height/w_topline/w_winrow adjustments so the buffer's drawn
content matches the visible row range.
- w_popup_rightclip is the horizontal counterpart for the host's
right edge: the right border, padding and content columns past
the host are not drawn. win_update() is bracketed by a transient
w_width reduction so the buffer text is not written past the
host's right edge either.
- When the textprop scrolls just above the host window's top, the
popup is kept visible by extending the prop search above topline
(new helper find_prop_in_lines) and synthesising a negative
screen_row so the top-clip path can roll the popup off the top.
When the textprop has scrolled far enough that even the bottom
border would overlap the host edge -- or when the popup would
overflow the host's left edge at all -- the popup is hidden, and
unhidden again once it comes back within range.
- The "reduce-height" / "clamp winrow to 0" fallbacks in
popup_adjust_position are bypassed for host-clipped popups so the
popup keeps its natural anchored position instead of being
snapped to the screen edge.
Left-edge partial clipping is intentionally not supported: it
would require shrinking the buffer width during win_update, which
reflows wrapped lines and corrupts the displayed content; the
popup is hidden instead.
closes: #20166
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0468: popups: not correctly updated from a CmdlineChanged autocommand
Problem: popup_show() from a CmdlineChanged autocommand doesn't update
the screen (Mao-Yining)
Solution: Refresh the screen when popups need redraw
(Yasuhiro Matsumoto).
popup_settext()/popup_show() called from a CmdlineChanged autocommand
did not refresh the screen because cmdline mode normally skips
update_screen(), so async info-popup updates only became visible after
a manual :redraw. Refresh the screen when popups need redrawing right
after the autocommand.
fixes: #20175
closes: #20179
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: In a multi-line statusline (and 'tabpanel'), %#XX# / %N*
set on one row do not persist on subsequent rows.
build_stl_str_hl_local() rebuilds stl_items[] from scratch
on every line break ("%@" or "\n"), so the highlight is
reset at each row boundary even though within a row it
stays until %* (or another %# / %*).
Solution: Carry the last Highlight item's stl_minwid across line
breaks via a new in/out int* parameter "carry_hl". At the
start of each row, pre-insert a Highlight item from the
carried value so the row begins under the same highlight;
before returning, update the carried value with the row's
final Highlight item. Apply the same carry to the
tabpanel rendering loop (Hirohito Higashi).
related: #19123
closes: #20180
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0466: popup: redraw can use stale blended cells
Problem: popup: redraw can use stale blended cells
Solution: Save the old popup area and redraw the newly exposed region so
opacity popups don't show stale blended cells when another
popup moves or closes. Consolidate redraw helpers so the
saved-area and exposed-area logic is shared across
move/hide/close/settext/setoptions. Refactor popup redrawing
code, add a regressions tests (Yasuhiro Matsumoto).
closes: #20172
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0463: Not able to use legacy expression evaluation in a vim9script maps
Problem: Not able to use legacy expression evaluation in a vim9script
maps
Solution: Explicitly set script version to 1 when the :legacy modifier has been
used (Yegappan Lakshmanan).
fixe: #20176
closes: #20177
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
K.Takata [Sun, 10 May 2026 16:34:01 +0000 (16:34 +0000)]
patch 9.2.0462: MS-Windows: workaround for assert error on GUI
Problem: When Vim is built with debug mode, gvim causes an assertion
error and stops working when running on Visual Studio
Debugger.
Solution: Stop calling _set_fmode() if not needed (Ken Takata).
closes: #20181
Signed-off-by: K.Takata <kentkt@csc.jp> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: The four pointer-resolution loops in u_read_undo() lack
an i != j guard, so a header whose uh_next.seq equals
its own uh_seq resolves uh_next.ptr to itself. On
buffer close, u_freeheader() sees uhp->uh_next.ptr !=
NULL and skips updating b_u_oldhead, so u_blockfree()
dereferences the freed header on the next iteration.
The same pattern applies to uh_prev, uh_alt_next and
uh_alt_prev. A crafted .un~ file in the same directory
as a text file can trigger the use-after-free and
subsequent double-free when the buffer is closed.
(Daniel Cervera)
Solution: Add an i != j guard to each of the four resolution
loops, matching the guard already present in the
duplicate-detection loop above.
zeertzjq [Sat, 9 May 2026 14:18:53 +0000 (14:18 +0000)]
patch 9.2.0460: did_set_shellpipe_redir() in wrong file
Problem: did_set_shellpipe_redir() is a callback for a string option,
but is not in optionstr.c (after 9.2.0458).
Solution: Move it to optionstr.c. Also add missing change from patch
9.2.0455 (zeertzjq).
related: #20159
related: #20164
closes: #20170
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tests: test_termcodes fails, because it disabled DECRQM, but
did not adjust the expected values in the test (after v9.2.0456)
Solution: Update the test
dependabot[bot] [Sat, 9 May 2026 13:49:43 +0000 (13:49 +0000)]
CI: Bump the github-actions group across 1 directory with 2 updates
Bumps the github-actions group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [actions/labeler](https://github.com/actions/labeler).
Updates `github/codeql-action` from 4.35.2 to 4.35.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v4.35.2...v4.35.3)
Updates `actions/labeler` from 6 to 6.0.1
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v6...v6.0.1)
projects / thirdparty / vim.git / log
