Problem: No guidance for AI coding agents working in the Vim
repository.
Solution: Add AGENTS.md to the repository documenting build
and test commands, repository layout, commit format,
C and Vim9-script conventions, test conventions, help
file style, and release policy, so that AI agents can
produce patches that match project expectations.
CI: Bump the github-actions group across 1 directory with 3 updates
Bumps the github-actions group with 3 updates in the / directory: [msys2/setup-msys2](https://github.com/msys2/setup-msys2), [actions/cache](https://github.com/actions/cache) and [github/codeql-action](https://github.com/github/codeql-action).
Updates `msys2/setup-msys2` from 2.31.0 to 2.31.1
- [Release notes](https://github.com/msys2/setup-msys2/releases)
- [Changelog](https://github.com/msys2/setup-msys2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/msys2/setup-msys2/compare/v2.31.0...v2.31.1)
Updates `actions/cache` from 5.0.4 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v5.0.4...v5.0.5)
Updates `github/codeql-action` from 4.35.1 to 4.35.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v4.35.1...v4.35.2)
patch 9.2.0393: MS-Windows: link error with XPM support on UCRT64
Problem: MS-Windows: link error with XPM support on UCRT64
Solution: Make_cyg_ming.mak: allow XPM to point to system layout with
X11/ headers (Yasuhiro Matsumoto)
When XPM is set to a system prefix such as /msys64/ucrt64 (where xpm.h
lives in include/X11/), the existing -I flags miss the header. Add
-I $(XPM)/include/X11 so both the bundled layout (xpm/include/xpm.h)
and the system layout (include/X11/xpm.h) work.
closes: #20064
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0391: tests: Comment in test_vim9_cmd breaks syntax highlighting
Problem: tests: Comment in test_vim9_cmd breaks syntax highlighting
Solution: Move the comment into the function and use the # as comment
marker instead
patch 9.2.0389: DECRQM still leaves stray "pp" on Apple Terminal.app
Problem: DECRQM was still sent to Apple Terminal.app before its DA2
reply was processed, leaving a literal "pp" on screen.
may_req_decrqm() was called from vim_main2()
right after may_req_termresponse(), at which point
term_props[TPR_DECRQM].tpr_status was still TPR_UNKNOWN, so
the `!= TPR_NO` guard let the request through (after v9.2.0387)
Solution: Send DECRQM from handle_version_response() once
term_props[TPR_DECRQM].tpr_status == TPR_YES, the same
pattern already used for t_RS (TPR_CURSOR_STYLE) and t_RC
(TPR_CURSOR_BLINK), which deliberately wait for the DA2
reply to avoid the same echo-on-screen issue on Apple
Terminal.app and Gnome terminal. Drop the now-unused
may_req_decrqm() helper and its call site in vim_main2()
(Hirohito Higashi).
fixes: #19852
related: #19938
closes: #20038
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-Authored-By: John Marriott <basilisk@internode.on.net> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0387: DECRQM request may leave stray chars in terminal
Problem: Sending DECRQM from handle_version_response() caused DECRPM
responses to arrive during user input processing, leaving
bytes in typebuf when clear_showcmd() ran. This made
visual-mode showcmd (e.g. "7" line count after V<C-D><C-D>)
intermittently disappear, failing many screendump tests on CI.
Solution: Move DECRQM request out of handle_version_response() and send
it at startup via may_req_decrqm(), following the existing
may_req_termresponse() and may_req_bg_color() pattern.
Add TPR_DECRQM property set per terminal from the DA2 reply,
and route DECRQM sends through a may_req_decrqm() helper using
the termrequest_T pattern, skipping terminals known to
mishandle it (Foxe Chen, Hirohito Higashi).
fixes: #19852
closes: #19938
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-Authored-By: Hirohito Higashi <h.east.727@gmail.com> Co-Authored-By: Foxe Chen <chen.foxe@gmail.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Foxe Chen <chen.foxe@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
D. Ben Knoble [Tue, 21 Apr 2026 19:59:07 +0000 (19:59 +0000)]
runtime(sh): allow "#" in special derefs
Code like ${!#} flags the "#" as shDerefWordError [1]; the "!prefix"
syntax region delegates to one of the shDerefSpecial handlers via
@shDerefList, but it misses the "#" case as valid for ${##} and ${!#}.
[1]: https://vi.stackexchange.com/q/48617/10604
Correct that. Indirection is only valid in Bash in Ksh, so rearrange the
"!" handling to be conditional.
closes: #20016
Helped-by: Christian Brabandt <cb@256bit.org> Signed-off-by: D. Ben Knoble <ben.knoble+github@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Jon Parise [Tue, 21 Apr 2026 19:25:54 +0000 (19:25 +0000)]
runtime(graphql): Update syntax script to September 2025 spec
A new graphqlEscape syntax graph has been introduced to represent escape
sequences within strings, including the braced unicode form (\u{H+})
added in the September 2025 specification.
See: https://spec.graphql.org/September2025/
closes: #20030
Signed-off-by: Jon Parise <jon@indelible.org> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0384: stale Insstart after <Cmd> cursor move breaks undo
Problem: A <Cmd> command executed from Insert mode can sync undo and
move the cursor before the next edit. stop_arrow() saved the
new cursor line for undo, but left Insstart at the previous
insertion point. A line-start backspace could then delete
lines above the saved line without saving the joined range,
leaving a pending undo entry whose bottom resolved above
its top and raising E340.
Solution: Update Insstart and Insstart_textlen after the pending undo
save so the next edit starts from the command-updated cursor
position (Jaehwang Jung).
closes: #20031
AI-assisted: Codex
Signed-off-by: Jaehwang Jung <tomtomjhj@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0382: Wayland: focus-stealing is non-working
Problem: Wayland: focus-stealing is non-working
Solution: Remove it, the feature could be re-implemented using
clipboard-providers feature, see :h wayland-primary-selection
(Foxe Chen).
closes: #19984
Signed-off-by: Foxe Chen <chen.foxe@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0380: completion: a few issues in completion code
Problem: ins_compl_stop() sets compl_best_matches = 0, but that's a
pointer, should reset compl_num_bests instead,
find_common_prefix() reads cpt_sources_array[cur_source] without
checking cur_source != -1 which causes an OOB for -1,
find_next_completion_match(): second `if` in the pending loop
should be `else if`. Forward paging only moves one step per call.
Solution: Reset compl_num_bests instead, add a check for cur_source not
equal -1, change if to else if (glepnir)
closes: #20000
Signed-off-by: glepnir <glephunter@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: gui.color_approx in gui_T has not been assigned anywhere since
patch 7.4.2094 ("The color allocation in X11 is overly
complicated", 2016), which dropped the single "gui.color_approx = TRUE;"
site. Because the member is zero-initialized and never written, the
check "if (gui.color_approx)" in gui_mch_init() is always false and the
"E458: Cannot allocate colormap entry, ..." warning can never be
emitted.
Solution: Remove the struct member and the unreachable branch. The E458
error definition is removed. Update the example error code
"E458" in the ex_eval.c comment to "E457" accordingly.
closes: #20007
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0378: Using int as bool type in win_T struct
Problem: Several win_T fields are declared as "int" or "char" but are
used strictly as boolean flags with TRUE/FALSE values. The
integer types obscure the boolean intent and are wider than
needed.
Solution: Change the following win_T members to bool (stdbool.h) and
update their assignments from TRUE/FALSE to true/false
accordingly.
The following conversions have been done:
- int -> bool (10 members):
w_set_curswant, w_botfill, w_old_botfill, w_do_win_fix_cursor,
w_popup_fixed, w_border_highlight_isset, w_cline_folded,
w_redr_status, w_arg_idx_invalid, w_has_scrollbar
- char -> bool (4 members):
w_topline_was_set, w_ru_empty, w_fold_manual, w_foldinvalid
No existing code compares these members against TRUE/FALSE explicitly or
uses ++/-- / bitwise ops on them, so only plain assignments are
affected.
Excluded:
- w_locked (recursion counter with ++/--),
- w_want_scrollbar (may hold -1 from dict_get_bool),
- w_winbar_height (used in arithmetic and exposed as number via
getwininfo()).
related: #20005
closes: #20008
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0377: Using int as bool type in gui_T struct
Problem: Several gui_T fields are declared as "int" or "char" but are
used strictly as boolean flags with TRUE/FALSE values. The
integer types obscure the boolean intent and are wider than
needed.
Solution: Change the following gui_T members to bool (stdbool.h) and
update their assignments from TRUE/FALSE to true/false
accordingly (Hirohito Higashi)
The following conversions have been done:
- int -> bool (11 members):
in_focus, in_use, starting, dying, dofork, dospawn,
pointer_hidden, force_redraw, directx_enabled, font_can_bold,
which_scrollbars[3]
- char -> bool (2 members):
cursor_is_valid, menu_is_active
No existing code compares these members against TRUE/FALSE explicitly
(e.g. "== TRUE"), so only plain assignments are affected.
gui_init() used counter-style "--gui.starting" / "++gui.starting" to
temporarily clear the flag across a call to gui_mch_enable_menu().
With gui.starting now bool this triggers -Werror=bool-operation, so
replace it with an explicit save/restore.
X11 Bool members (rsrc_rev_video, color_approx) are intentionally left
unchanged: rsrc_rev_video is registered as an X Toolkit resource with
XtRBool / sizeof(Bool) and must keep the int-sized X11 Bool type.
closes: #20005
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0376: Vim9: elseif condition compiled in dead branch
Problem: When an `if` condition is constant true, the `else` block is
skipped during compilation. However, any `elseif` condition
within that skipped block was still compiled. This caused
errors when the condition referenced variables only declared
in the skipped block or when it checked for missing features
(like `has('clipboard')`) (Coacher)
Solution: In compile_elseif(), when scope->se_skip_save is
already SKIP_YES, skip compiling the elseif condition
expression using skip_expr_cctx() (Furkan Sahin)
fixes: #19160
closes: #20021
Signed-off-by: Furkan Sahin <furkan-dev@proton.me> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0375: prop_find() does not find a virt text in starting line
Problem: prop_find() does not find a virt text in the starting line
(@rickhowe, after v9.2.0320)
Solution: Do not skip virtual text properties with tp_col == MAXCOL on
the starting line (Furkan Sahin)
The column matching logic incorrectly skipped virtual text properties
with tp_col == MAXCOL on the starting line. Exclude such properties
from the column range check so they are always found.
fixes: #20013
closes: #20019
Signed-off-by: Furkan Sahin <furkan-dev@proton.me> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0374: c_CTRL-{G,T} does not handle offset
Problem: c_CTRL-{G,T} does not handle offset, when cycling between
matches
Solution: Refactor parsing logic into parse_search_pattern_offset() and
handle offsets, note: highlighting does not handle offsets
yet (Barrett Ruth).
fixes: #19991
closes: #19998
Signed-off-by: Barrett Ruth <br.barrettruth@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0372: pum: rendering issues with multibyte text and opacity
Problem: pum: rendering issues with multibyte text and opacity
Solution: Fix trailing-cell handling near popup text boundary,
use popup attrs on opaque popup text,
preserve right border when bg wide char spills,
blend popup text bg with underlying bg,
fix wide background char corruption
(Yasuhiro Matsumoto)
closes: #20017
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Bez Hermoso [Mon, 20 Apr 2026 14:47:58 +0000 (14:47 +0000)]
patch 9.2.0371: filetype: ghostty config files are not recognized
Problem: filetype: ghostty config files are not recognized
Solution: Detect ghostty configuration files as ghostty filetype,
include a simple ghostty filetype plugin (Bez Hermoso)
closes: #20002
Co-authored-by: Christian Brabandt <cb@256bit.org> Signed-off-by: Bez Hermoso <me@bez.dev> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0369: multiple definitions of STRING_INIT macro
Problem: multiple definitions of STRING_INIT macro
Solution: Refactor use of STRING_INIT and use a single
STR_LITERAL_INIT() macro instead
(Hirohito Higashi)
Consolidate the ad-hoc STRING_INIT() macros that were defined and used
locally in multiple source files. Define a single STR_LITERAL_INIT()
macro in macros.h and replace all previous STRING_INIT() usages with it.
No functional change.
related: #19999
closes: #20023
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
John Marriott [Sun, 19 Apr 2026 20:58:33 +0000 (20:58 +0000)]
patch 9.2.0368: too many strlen() calls when adding strings to dicts
Problem: too many strlen() calls when adding strings to dicts
Solution: Refactor code to use string_T, use dict_add_string_len()
instead of dict_add_string() (John Marriott)
Additionally:
- In textprop.c, in function prop_fill_dict() use a string_T to store
local variable text_align.
- In popupwin.c, use a string_T to store struct member pp_name in struct
poppos_entry_T.
- In mark.c, refactor function add_mark() to pass in the length of
argument mname.
- In insexpand.c:
->Use a string_T to store the elements of static array
ctrl_x_mode_names.
->Refactor function trigger_complete_done_event():
->->change type of argument char_u *word to string_T *word.
->->make one access of array ctrl_x_mode_names instead of two.
->Refactor function ins_compl_mode() to accept a string_T to return the
resulting string.
- In fileio.c:
->Refactor function getftypewfd() to accept a string_T to return the
resulting string.
->In function create_readdirex_item() use a string_T to store local
variable q.
- In cmdexpand.c, store global cmdline_orig as a string_T.
- In autocmd.c, in function f_autocmd_get() use a string_T to store local
variables event_name and group_name. Measure their lengths once when
they are assigned so they are not remeasured on each call to
dict_add_string() in the subsequent for loop.
- In channel.c, in function channel_part_info() drop local variable status
and use s instead. Make s a string_T.
closes: #19999
Signed-off-by: John Marriott <basilisk@internode.on.net> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0367: runtime(netrw): ~ note expanded on MS Windows
Problem: runtime(netrw): ~ note expanded on MS Windows
(Tom Vamvanij)
Solution: Expand ~ on MS Windows (Yasuhiro Matsumoto)
On Windows, ":Explore ~" did nothing because the tilde expansion was
gated to Unix/Cygwin only. Additionally, substitute() interprets
backslashes in the replacement string specially (e.g. \U as a case
modifier), which would corrupt $HOME values like C:\Users\name even
if the branch were taken.
Include has("win32") in the guard, anchor the pattern to the start of
the string, and escape backslashes, ampersands and tildes in $HOME
before substituting.
fixes: #20003
closes: #20014
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0366: pum: flicker when updating pum in place
Problem: pum: flicker when updating pum in place
Solution: Skip update_screen() when the popup menu is redrawn
at the same position (Yasuhiro Matsumoto).
closes: #20015
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: using int as bool
Solution: refactor: use bool type for internal flags in buf_T
(Hirohito Higashi)
Change the type of 23 internal state flag fields in buf_T from int
to bool for improved type clarity and code readability.
These fields are pure boolean flags that are never accessed via the
option system's varp (which uses *(int *)varp = value), never compared
with int fields holding non-0/1 values, and never use tristate values.
All TRUE/FALSE assignments to these fields have been updated to
true/false accordingly. The type of temporary save variables
(e.g. help_save in tag.c) has also been adjusted to bool.
Option value fields (b_p_XXX) are kept as int because they are
accessed via the option system and some use tristate (-1) semantics.
Fields compared with int option values (b_start_eof, b_start_eol,
b_start_bomb) are also kept as int to preserve comparison integrity.
closes: #20020
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0362: division by zero with smoothscroll and small windows
Problem: Resizing a smoothscrolled wrapped window to its textoff width
with 'showbreak' can leave wrapped continuation lines with
zero text width. win_lbr_chartabsize() still runs the partial max_head_vcol calculation in
that state and divides by width2, crashing during redraw.
Solution: Skip that partial head calculation when the wrapped
continuation width is zero, matching the other width2 guards
in charset.c (Jaehwang Jung)
closes: #20012
AI-assisted: Codex
Signed-off-by: Jaehwang Jung <tomtomjhj@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
CI: Bump the github-actions group across 2 directories with 4 updates
Bumps the github-actions group with 3 updates in the / directory: [msys2/setup-msys2](https://github.com/msys2/setup-msys2), [actions/cache](https://github.com/actions/cache) and [github/codeql-action](https://github.com/github/codeql-action).
Bumps the github-actions group with 1 update in the /.github/actions/test_artifacts directory: [actions/github-script](https://github.com/actions/github-script).
Updates `msys2/setup-msys2` from 2 to 2.31.0
- [Release notes](https://github.com/msys2/setup-msys2/releases)
- [Changelog](https://github.com/msys2/setup-msys2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/msys2/setup-msys2/compare/v2...v2.31.0)
Updates `actions/cache` from 5 to 5.0.4
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v5...v5.0.4)
Updates `github/codeql-action` from 4 to 4.35.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v4...v4.35.1)
Updates `actions/github-script` from 8 to 9
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v8...v9)
Keith Smiley [Fri, 17 Apr 2026 15:02:39 +0000 (15:02 +0000)]
runtime(vim9): remove extra escaping in Open
Before 71fd19d7ac9e83bf63d7bad337f43cd830a5b5bd this function went
through a `:!` command on all platforms, so it needed special escaping for `#` and
others. After that commit it doesn't go through that path on unix
platforms. Then with 48581f2ba96550f5499cc322647b2ff1df5ad4ed this
escaping was re-added on unix and it's needs since it goes through
`sh -c`, but it should not have the extra escaping specific to `:!`.
runtime(django): Removed unsupported template statements and filters by current LTS.
Removed djangoStatement:
- ifequal: Depricated version 4.0.
- endifequal: Depricated version 4.0.
- ifnotequal: Depricated version 4.0.
- endifnotequal: Depricated version 4.0.
- parsed
- trans: Renamed to `translate` in version 4.0.
- blocktrans: Renamed to `blocktranslate` in version 4.0.
- endblocktrans: Renamed to `endblocktranslate` in version 4.0.
Removed djangoFilter:
- fix_ampersands: Removed in version 1.8.
- length_is: Removed in version 5.1.
sources:
- Current LTS is version [5.2](https://www.djangoproject.com/download/#supported-versions).
- Documentation template builtins [5.2](https://docs.djangoproject.com/en/5.2/ref/templates/builtins/#truncatechars-html).
- Documentation template builtins [6](https://docs.djangoproject.com/en/6.0/ref/templates/builtins).
- [Django Deprecation Timeline](https://docs.djangoproject.com/en/6.0/internals/deprecation)
closes: #19994
Signed-off-by: tecis <67809811+tecis@users.noreply.github.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
runtime(django): Add missing statements and filters.
Added the fallowing.
djangoStatement:
- querystring: Added in version Django 5.2.
- lorem: Added in version Django 1.8.
- verbatim: Added in version Django 1.10.
djangoFilter:
- force_escape: Added in version Django 1.8.
- iriencode: Added in version Django 1.8.
- json_script: Added in version 2.1.
- truncatechars_html: Added in version 1.7.
> According to current documentation the added keywords are supported [Django version 6](https://docs.djangoproject.com/en/6.0/ref/templates/builtins).
related: #19994
Signed-off-by: tecis <67809811+tecis@users.noreply.github.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0360: Cannot handle mouse-clicks in the tabpanel
Problem: Cannot handle mouse-clicks in the tabpanel
Solution: Add support using the %[FuncName] atom for the tabpanel
(Yasuhiro Matsumoto)
Extend the statusline/tabline click region mechanism to work with
'tabpanel'. The callback receives a dict with "area" set to "tabpanel"
and a "tabnr" key indicating which tab page label was clicked.
closes: #19960
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0359: wrong VertSplitNC highlighting on winbar
Problem: wrong VertSplitNC highlighting on winbar
(Maxim Kim, after v9.2.0349)
Solution: Use VertSplit instead of VertSplitNC for winbar rows
(Hirohito Higashi).
vsep_row_is_curwin() and right_neighbor_at_row() used W_WINROW() which
excludes winbar rows from the window's range. This caused the vertical
separator at winbar rows to use VertSplitNC even when curwin is adjacent.
Use w_winrow directly so winbar rows are included in the range check.
fixes: #19985
closes: #19987
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0358: runtime(vimball): still path traversal attacks possible
Problem: runtime(vimball): still path traversal attacks possible
Solution: block Windows driver letter paths (Yasuhiro Matsumoto)
The path traversal check in vimball#Vimball() did not reject file
names starting with a Windows drive letter (e.g. "C:/foo"). Backslashes
are normalized to forward slashes earlier, so UNC paths are caught by
the leading-slash check, but absolute drive-letter paths slipped
through and could write outside of g:vimball_home on Windows.
Add a "^\a:" check next to the existing "^/" check, and cover it with
a new test.
closes: #19989
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0357: [security]: command injection via backticks in tag files
Problem: [security]: command injection via backticks in tag files
(Srinivas Piskala Ganesh Babu, Andy Ngo)
Solution: Disallow backticks before attempting to expand filenames.
patch 9.2.0356: Cannot apply 'scrolloff' context lines at end of file
Problem: Cannot apply 'scrolloff' context lines at end of file
Solution: Add the 'scrolloffpad' option to keep 'scrolloff' context even
when at the end of the file (McAuley Penney).
closes: #19040
Signed-off-by: McAuley Penney <jacobmpenney@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0355: runtime(tar): missing path traversal checks in tar#Extract()
Problem: runtime(tar): missing path traversal checks in tar#Extract()
Solution: Add check for leading slash, however gnu tar should already
detect this (q1uf3ng)
tar#Extract() did not check for ../ sequences or absolute paths,
unlike zip#Extract() which was patched in recent commits. Add the
same checks: ../ (relative traversal), leading slash (Unix), drive
letter and UNC/leading slash (Windows).
closes: #19981
Signed-off-by: q1uf3ng <q1uf3ng@protone.me> Signed-off-by: Christian Brabandt <cb@256bit.org>
Martin Schwan [Wed, 15 Apr 2026 18:07:18 +0000 (18:07 +0000)]
runtime(bitbake): support forward-slashes in bitbake varflags
Enable syntax highlighting for forward-slashes in Bitbake variables with
varflags. Bitbake allows for forward-slashes in both the variable name
and their potential varflags. E.g. the following should match:
runtime(zip): also block single leading slash and absolute paths in Extract
zip#Write(): the Windows path check did not match a single leading
slash (/path), which resolves to the current drive root on Windows.
Simplify the regex to match any leading slash or backslash.
zip#Extract(): add absolute path checks for both Unix and Windows,
matching the existing checks in zip#Write().
closes: #19976
Signed-off-by: q1uf3ng <glna9@protonmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Enabling modelines poses a risk, cannot whitelist specific
modelines
Solution: Include the 'modelinestrict' option, enabled by default, that
allows only a few very specific modelines, all others will be
ignored
When set (which it is by default), only the following settings will be
applied, all others will be ignored:
Problem: cannot style non-current window separator
Solution: Add the VertSplitNC highlighting group
(Hirohito Higashi).
Add VertSplitNC highlight group for vertical separators of non-current
windows, similar to StatusLine/StatusLineNC distinction. The separator
adjacent to the current window uses VertSplit, others use VertSplitNC.
Default: linked to VertSplit.
At the current window's status line rows, the separator cell is drawn as
a space with the StatusLine highlight so it blends into the status line
without a stray fillchar glyph.
Also:
- :redrawstatus[!] now also redraws vertical separators.
- statusline height changes trigger vsep redraw.
closes: #19951
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0347: Vim9: script-local variable not found
Problem: Vim9: script-local variable not found after function call
(Mao-Yining)
Solution: Accept a script local variable in a function which overrides a
previous block-scope variable (Yegappan Lakshmanan)
fixes: #19959
closes: #19963
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0346: Wrong cursor position when entering command line window
Problem: Wrong cursor position when entering command line window
Solution: Add check_cursor() command to verify the cursor position
(Hirohito Higashi).
When opening the command-line window with CTRL-F after typing a command
that fills the screen width, the cursor was placed past the end of the
line. Add check_cursor() after setting State to MODE_NORMAL so the
cursor is adjusted to the last character.
Also fix the cmdwin prefix character (e.g. ':') being drawn on wrapped
continuation rows. Draw an empty space instead so that the text
alignment is preserved.
closes: #19964
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0345: Wrong autoformatting with 'autocomplete'
Problem: Wrong autoformatting with 'autocomplete'.
Solution: Don't trigger autoformatting when ending autocompletion
without selecting an item (zeertzjq).
fixes: #19954
closes: #19970
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0339: regexp: nfa_regmatch() allocates and frees too often
Problem: nfa_regmatch() allocates and frees two list buffers on every
call, causing unnecessary memory allocation overhead for
frequently used patterns.
Solution: Cache the list buffers in the regprog struct and reuse them
on subsequent top-level calls. Recursive calls still allocate
their own buffers. Free cached buffers in nfa_regfree()
(Yasuhiro Matsumoto).
Benchmark: 10K lines, `:%s` x50 iterations
| Pattern | Before | After | Improvement |
|---|---|---|---|
| `\<\(\w\+\%(ing\|tion\|ed\|ly\)\|\w\{3,}\)\>` (many matches) | 4.384s | 4.299s | -2% |
| `\(foo\|bar\|baz\)\{3,}\(qux\|quux\|corge\)\{2,}...` (no match, high nstate) | 16.927s | 3.015s | -82% |
closes: #19956
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0338: Cannot handle mouseclicks in the tabline
Problem: Cannot handle mouseclicks in the tabline
Solution: Support %[FuncName] click regions in 'tabline', add "area" key
to the click info dict (Yasuhiro Matsumoto).
The previous implementation resolved and stored click regions only for
per-window statuslines; the tabline path in win_redr_custom() (wp==NULL)
parsed %[FuncName] but discarded the regions, and tabline clicks were
dispatched via TabPageIdxs[] which didn't know about them.
Add a global tabline_stl_click array populated from the tabline path,
refactor stl_click_handler() to take the regions directly, and dispatch
matching clicks from do_mouse() before falling through to tab selection.
The winid entry in the callback dict is 0 for tabline clicks.
related: #19841
closes: #19950
Supported by AI.
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
James McCoy [Sat, 11 Apr 2026 15:00:50 +0000 (15:00 +0000)]
patch 9.2.0337: list indexing broken on big-endian 32-bit platforms
Problem: check_range_index_one() expects a long * but n1 is a
varnumber_T. Casting varnumber_T * to long * is undefined
behaviour and reads the wrong bytes on big-endian platforms
(John Paul Adrian Glaubitz)
Solution: Use a local long variable and pass that pointer to
check_range_index_one() (James McCoy)
fixes: #19798
closes: #19952
Signed-off-by: James McCoy <jamessan@jamessan.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: json_encode() uses recursive algorithm
Solution: Convert from recursive to iterative algorithm to prevent
stack overflow on deep recursive levels
(Yasuhiro Matsumoto).
closes: #19839
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Gary Johnson [Fri, 10 Apr 2026 21:23:38 +0000 (21:23 +0000)]
patch 9.2.0334: GTK: window geometry shrinks with with client-side decorations
Problem: On GTK3 with client-side decorations the window opens with
wrong &columns/&lines, and each :tabnew/:tabclose cycle
shrinks the size further.
Solution: Measure and compensate for the CSD frame offset, discard
spurious configure events from tabline show/hide
(Gary Johnson).
closes: #19853
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Gary Johnson <garyjohn@spocom.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0332: popup: still opacity rendering issues
Problem: popup: still opacity rendering issues
Solution: Fix remaining issues, see below
(Yasuhiro Matsumoto).
This PR fixes the following issues:
- Padding blend hole at wide char boundary: when a padding cell overlaps
the second half of a wide character, the right half's attr value is
unreliable. Use the left half's saved attr for blending instead.
- Wide char background split at popup boundary: when a wide character in
an upper popup straddles the edge of a lower opacity popup, both
halves got different background colors. Since terminals cannot render
different left/right background colors for a wide character, detect
the lower popup with popup_is_over_opacity() and use the non-popup
side's underlying attr for both halves.
- Wrong blend color with cterm-only highlights under 'termguicolors':
when a popup highlight has ctermbg but no guibg, bg_rgb is set to
CTERMCOLOR (not INVALCOLOR). hl_blend_attr() used this value as a real
RGB color, producing gray instead of the intended color. Use
COLOR_INVALID() to detect both INVALCOLOR and CTERMCOLOR, and fall back
to converting the cterm color number to RGB.
closes: #19943
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0331: spellfile: stack buffer overflows in spell file generation
Problem: spell_read_aff() uses sprintf() into a fixed-size stack buffer
without bounds checking. store_aff_word() uses STRCAT() to
append attacker-controlled strings into newword[MAXWLEN] without
checking remaining space. Both are reachable via :mkspell with
crafted .aff/.dic files (xinyi234)
Solution: Replace sprintf() with vim_snprintf() in spell_read_aff().
Replace STRCAT() with STRNCAT() with explicit remaining-space
calculation in store_aff_word().
patch 9.2.0330: tests: some patterns in tar and zip plugin tests not strict enough
Problem: Some patterns in tar and zip plugin tests not strict enough.
Solution: Use assert_equal() for lines that should match exactly. Match
a literal dot properly (zeertzjq).
closes: #19946
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0328: Cannot handle mouseclicks in the statusline
Problem: Cannot handle mouseclicks in the statusline
Solution: Add the %[FuncName] statusline item to define clickable
regions with a callback function. (Yasuhiro Matsumoto)
closes: #19841
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0327: filetype: uv scripts are not detected
Problem: filetype: uv scripts are not detected
(Asger Hautop Drewsen)
Solution: Detect uv scripts as python filetype if the shebang line
contains "uv run"
runtime(jjdescription): Anchor status matches to start of line
The regex for status line highlighting was too broad, `jjComment` lines
containing e.g. the letter 'A' followed by a space anywhere in the line
were highlighted.
related: #19879
Signed-off-by: Joël Stemmer <jstemmer@google.com> Signed-off-by: Gregory Anders <greg@gpanders.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0326: runtime(tar): but with dotted path
Problem: runtime(tar): but with dotted path
Solution: Do not strip everything after the first dot
(Aaron Burrow)
tar#Extract was getting the extensionless basename by
stripping away everything starting with the leftmost
dot. So if a directory had a dot or the file had an
'extra' dot then the code did the wrong thing. For
example, if it was given:
/tmp/foo.bar/baz.tar.gz
Then it would treat /tmp/foo as the extensionless
basename, but it actually should have grabbed:
/tmp/foo.bar/baz
This patch fixes the issue by instead looking at the
rightmost dot(s).
This bug was discovered by ChatGPT 5.4. I wrote the
patch and tested vim.
closes: #19930
Signed-off-by: Aaron Burrow <burrows@fastmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
projects / thirdparty / vim.git / log
