!725 fix some tests failed

From: @fwo 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

backport-CVE-2025-1215.patch

@@ -0,0 +1,124 @@
+From c5654b84480822817bb7b69ebc97c174c91185e9 Mon Sep 17 00:00:00 2001
+From: Hirohito Higashi <h.east.727@gmail.com>
+Date: Mon, 10 Feb 2025 20:55:17 +0100
+Subject: [PATCH] patch 9.1.1097: --log with non-existent path causes a crash
+
+Problem:  --log with non-existent path causes a crash
+          (Ekkosun)
+Solution: split initialization phase and init the execution stack
+          earlier (Hirohito Higashi)
+
+fixes: #16606
+closes: #16610
+
+Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ src/main.c                   | 21 +++++++++++++++++----
+ src/message_test.c           |  3 ++-
+ src/proto/main.pro           |  3 ++-
+ src/testdir/test_startup.vim |  7 +++++++
+ 4 files changed, 28 insertions(+), 6 deletions(-)
+
+diff --git a/src/main.c b/src/main.c
+index ecc61f4d0be886..f603a52a52e09d 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -144,6 +144,11 @@ main
+     atexit(vim_mem_profile_dump);
+ #endif
+ 
++    /*
++     * Various initialisations #1 shared with tests.
++     */
++    common_init_1();
++
+ #if defined(STARTUPTIME) || defined(FEAT_JOB_CHANNEL)
+     // Need to find "--startuptime" and "--log" before actually parsing
+     // arguments.
+@@ -185,9 +190,9 @@ main
+ #endif
+ 
+     /*
+-     * Various initialisations shared with tests.
++     * Various initialisations #2 shared with tests.
+      */
+-    common_init(&params);
++    common_init_2(&params);
+ 
+ #ifdef VIMDLL
+     // Check if the current executable file is for the GUI subsystem.
+@@ -900,10 +905,10 @@ vim_main2(void)
+ }
+ 
+ /*
+- * Initialisation shared by main() and some tests.
++ * Initialisation #1 shared by main() and some tests.
+  */
+     void
+-common_init(mparm_T *paramp)
++common_init_1(void)
+ {
+     estack_init();
+     cmdline_init();
+@@ -925,7 +930,15 @@ common_init(mparm_T *paramp)
+ 	    || (NameBuff = alloc(MAXPATHL)) == NULL)
+ 	mch_exit(0);
+     TIME_MSG("Allocated generic buffers");
++}
++
+ 
++/*
++ * Initialisation #2 shared by main() and some tests.
++ */
++    void
++common_init_2(mparm_T *paramp)
++{
+ #ifdef NBDEBUG
+     // Wait a moment for debugging NetBeans.  Must be after allocating
+     // NameBuff.
+diff --git a/src/message_test.c b/src/message_test.c
+index 62f7772470d0e4..83767ece930899 100644
+--- a/src/message_test.c
++++ b/src/message_test.c
+@@ -508,7 +508,8 @@ main(int argc, char **argv)
+     CLEAR_FIELD(params);
+     params.argc = argc;
+     params.argv = argv;
+-    common_init(&params);
++    common_init_1();
++    common_init_2(&params);
+ 
+     set_option_value_give_err((char_u *)"encoding", 0, (char_u *)"utf-8", 0);
+     init_chartab();
+diff --git a/src/proto/main.pro b/src/proto/main.pro
+index 496fe66be6950d..7e4c50803e8ef2 100644
+--- a/src/proto/main.pro
++++ b/src/proto/main.pro
+@@ -1,6 +1,7 @@
+ /* main.c */
+ int vim_main2(void);
+-void common_init(mparm_T *paramp);
++void common_init_1(void);
++void common_init_2(mparm_T *paramp);
+ int is_not_a_term(void);
+ int is_not_a_term_or_gui(void);
+ void free_vbuf(void);
+diff --git a/src/testdir/test_startup.vim b/src/testdir/test_startup.vim
+index 7c703916045e70..c16e4ae27de3b2 100644
+--- a/src/testdir/test_startup.vim
++++ b/src/testdir/test_startup.vim
+@@ -734,6 +734,13 @@ func Test_log()
+   call delete('Xlogfile')
+ endfunc
+ 
++func Test_log_nonexistent()
++  " this used to crash Vim
++  CheckFeature channel
++  let result = join(systemlist(GetVimCommand() .. ' --log /X/Xlogfile -c qa!'))
++  call assert_match("E484: Can't open file", result)
++endfunc
++
+ func Test_read_stdin()
+   let after =<< trim [CODE]
+     write Xtestout

backport-CVE-2025-22134.patch

@@ -0,0 +1,126 @@
+From c9a1e257f1630a0866447e53a564f7ff96a80ead Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Sat, 11 Jan 2025 15:25:00 +0100
+Subject: [PATCH] patch 9.1.1003: [security]: heap-buffer-overflow with visual
+ mode
+
+Problem:  [security]: heap-buffer-overflow with visual mode when
+          using :all, causing Vim trying to access beyond end-of-line
+          (gandalf)
+Solution: Reset visual mode on :all, validate position in gchar_pos()
+          and charwise_block_prep()
+
+This fixes CVE-2025-22134
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8
+
+Co-authored-by: zeertzjq <zeertzjq@outlook.com>
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ src/arglist.c               |  4 ++++
+ src/misc1.c                 |  4 ++++
+ src/testdir/test_visual.vim | 26 ++++++++++++++++++++++----
+ 3 files changed, 30 insertions(+), 4 deletions(-)
+
+diff --git a/src/arglist.c b/src/arglist.c
+index 8825c8e252ccc5..4eec079df438a3 100644
+--- a/src/arglist.c
++++ b/src/arglist.c
+@@ -1248,6 +1248,10 @@ do_arg_all(
+ 
+     tabpage_T *new_lu_tp = curtab;
+ 
++    // Stop Visual mode, the cursor and "VIsual" may very well be invalid after
++    // switching to another buffer.
++    reset_VIsual_and_resel();
++
+     // Try closing all windows that are not in the argument list.
+     // Also close windows that are not full width;
+     // When 'hidden' or "forceit" set the buffer becomes hidden.
+diff --git a/src/misc1.c b/src/misc1.c
+index 90cf914742b115..142a6161ea6c8a 100644
+--- a/src/misc1.c
++++ b/src/misc1.c
+@@ -535,11 +535,15 @@ plines_m_win(win_T *wp, linenr_T first, linenr_T last, int limit_winheight)
+ gchar_pos(pos_T *pos)
+ {
+     char_u	*ptr;
++    int		ptrlen;
+ 
+     // When searching columns is sometimes put at the end of a line.
+     if (pos->col == MAXCOL)
+ 	return NUL;
++    ptrlen = STRLEN(ml_get(pos->lnum));
+     ptr = ml_get_pos(pos);
++    if (pos->col > ptrlen)
++	return NUL;
+     if (has_mbyte)
+ 	return (*mb_ptr2char)(ptr);
+     return (int)*ptr;
+diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
+index 0be73ecc1342b9..03335a464d62f3 100644
+--- a/src/testdir/test_visual.vim
++++ b/src/testdir/test_visual.vim
+@@ -469,7 +469,7 @@ func Test_Visual_Block()
+ 	      \ "\t{",
+ 	      \ "\t}"], getline(1, '$'))
+ 
+-  close!
++  bw!
+ endfunc
+ 
+ " Test for 'p'ut in visual block mode
+@@ -1079,7 +1079,7 @@ func Test_star_register()
+ 
+   delmarks < >
+   call assert_fails('*yank', 'E20:')
+-  close!
++  bw!
+ endfunc
+ 
+ " Test for changing text in visual mode with 'exclusive' selection
+@@ -1095,7 +1095,7 @@ func Test_exclusive_selection()
+   call assert_equal('l      one', getline(1))
+   set virtualedit&
+   set selection&
+-  close!
++  bw!
+ endfunc
+ 
+ " Test for starting linewise visual with a count.
+@@ -1152,7 +1152,7 @@ func Test_visual_inner_block()
+   8,9d
+   call cursor(5, 1)
+   call assert_beeps('normal ViBiB')
+-  close!
++  bw!
+ endfunc
+ 
+ func Test_visual_put_in_block()
+@@ -1587,4 +1587,22 @@ func Test_Visual_r_CTRL_C()
+   bw!
+ endfu
+ 
++" the following caused a Heap-Overflow, because Vim was accessing outside of a
++" line end
++func Test_visual_pos_buffer_heap_overflow()
++  set virtualedit=all
++  args Xa Xb
++  all
++  call setline(1, ['', '', ''])
++  call cursor(3, 1)
++  wincmd w
++  call setline(1, 'foobar')
++  normal! $lv0
++  all
++  call setreg('"', 'baz')
++  normal! [P
++  set virtualedit=
++  bw! Xa Xb
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+-- 
+2.43.0
+

backport-CVE-2025-24014.patch

@@ -0,0 +1,42 @@
+From 9d1bed5eccdbb46a26b8a484f5e9163c40e63919 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Mon, 20 Jan 2025 22:55:57 +0100
+Subject: [PATCH] patch 9.1.1043: [security]: segfault in win_line()
+
+Problem:  [security]: segfault in win_line()
+          (fizz-is-on-the-way)
+Solution: Check that ScreenLines is not NULL
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ src/gui.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/gui.c b/src/gui.c
+index 8e7b079a5a4ea4..86c40de632aa1e 100644
+--- a/src/gui.c
++++ b/src/gui.c
+@@ -4471,13 +4471,15 @@ gui_do_scroll(void)
+     /*
+      * Don't call updateWindow() when nothing has changed (it will overwrite
+      * the status line!).
++     *
++     * Check for ScreenLines, because in ex-mode, we don't have a valid display.
+      */
+-    if (old_topline != wp->w_topline
++    if (ScreenLines != NULL && (old_topline != wp->w_topline
+ 	    || wp->w_redr_type != 0
+ #ifdef FEAT_DIFF
+ 	    || old_topfill != wp->w_topfill
+ #endif
+-	    )
++	    ))
+     {
+ 	int type = UPD_VALID;
+ 
+-- 
+2.43.0
+

backport-CVE-2025-26603.patch

@@ -0,0 +1,62 @@
+From c0f0e2380e5954f4a52a131bf6b8499838ad1dae Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Sun, 16 Feb 2025 16:06:38 +0100
+Subject: [PATCH] patch 9.1.1115: [security]: use-after-free in str_to_reg()
+
+Problem:  [security]: use-after-free in str_to_reg()
+          (fizz-is-on-the-way)
+Solution: when redirecting the :display command, check that one
+          does not output to the register being displayed
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-63p5-mwg2-787v
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ src/register.c                 |  3 ++-
+ src/testdir/test_registers.vim | 20 ++++++++++++++++++++
+ 2 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/src/register.c b/src/register.c
+index 0df05054ca7229..a9630f8ef5db93 100644
+--- a/src/register.c
++++ b/src/register.c
+@@ -2405,7 +2405,8 @@ ex_display(exarg_T *eap)
+ 
+ #ifdef FEAT_EVAL
+ 	if (name == MB_TOLOWER(redir_reg)
+-		|| (redir_reg == '"' && yb == y_previous))
++		|| (vim_strchr((char_u *)"\"*+", redir_reg) != NULL &&
++		    (yb == y_previous || yb == &y_regs[0])))
+ 	    continue;	    // do not list register being written to, the
+ 			    // pointer can be freed
+ #endif
+diff --git a/src/testdir/test_registers.vim b/src/testdir/test_registers.vim
+index 1177c2395d3f09..13127022666e04 100644
+--- a/src/testdir/test_registers.vim
++++ b/src/testdir/test_registers.vim
+@@ -929,4 +929,24 @@ func Test_register_y_append_reset()
+   bwipe!
+ endfunc
+ 
++" This caused use-after-free
++func Test_register_redir_display()
++  " don't touch the clipboard, so only perform this, when the clipboard is not working
++  if has("clipboard_working")
++    throw "Skipped: skip touching the clipboard register!"
++  endif
++  let @"=''
++  redir @+>
++  disp +"
++  redir END
++  call assert_equal("\nType Name Content", getreg('+'))
++  let a = [getreg('1'), getregtype('1')]
++  let @1='register 1'
++  redir @+
++  disp 1
++  redir END
++  call assert_equal("register 1", getreg('1'))
++  call setreg(1, a[0], a[1])
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab

backport-CVE-2025-29768.patch

@@ -0,0 +1,44 @@
+From f209dcd3defb95bae21b2740910e6aa7bb940531 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Wed, 12 Mar 2025 22:04:01 +0100
+Subject: [PATCH] patch 9.1.1198: [security]: potential data loss with zip.vim
+
+Problem:  [security]: potential data loss with zip.vim and special
+          crafted zip files (RyotaK)
+Solution: use glob '[-]' to protect filenames starting with '-'
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ runtime/autoload/zip.vim | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/runtime/autoload/zip.vim b/runtime/autoload/zip.vim
+index 4a53fc5f28656..dae4ddeb9921e 100644
+--- a/runtime/autoload/zip.vim
++++ b/runtime/autoload/zip.vim
+@@ -8,6 +8,7 @@
+ " 2024 Aug 04 by Vim Project: escape '[' in name of file to be extracted
+ " 2024 Aug 05 by Vim Project: workaround for the FreeBSD's unzip
+ " 2024 Aug 18 by Vim Project: correctly handle special globbing chars
++" 2025 Mar 11 by Vim Project: handle filenames with leading '-' correctly
+ " License:	Vim License  (see vim's :help license)
+ " Copyright:    Copyright (C) 2005-2019 Charles E. Campbell {{{1
+ "               Permission is hereby granted to use and distribute this code,
+@@ -414,6 +415,11 @@ fun! zip#Extract()
+     return
+    endif
+    let target = fname->substitute('\[', '[[]', 'g')
++   " unzip 6.0 does not support -- to denote end-of-arguments
++   " unzip 6.1 (2010) apparently supports, it, but hasn't been released
++   " so the workaround is to use glob '[-]' so that it won't be considered an argument
++   " else, it would be possible to use 'unzip -o <file.zip> '-d/tmp' to extract the whole archive
++   let target = target->substitute('^-', '[&]', '')
+    if &shell =~ 'cmd' && (has("win32") || has("win64"))
+      let target = target
+  		\ ->substitute('[?*]', '[&]', 'g')
+-- 
+2.43.0
+

backport-patch-9.1.0038-Unnecessary-loop-in-getvcol.patch

@@ -0,0 +1,91 @@
+From 4ea37f88e8345ca830271636a2e197a1a46114d2 Mon Sep 17 00:00:00 2001
+From: zeertzjq <zeertzjq@outlook.com>
+Date: Wed, 17 Jan 2024 20:52:13 +0100
+Subject: [PATCH] patch 9.1.0038: Unnecessary loop in getvcol()
+
+Problem:  Unnecessary loop in getvcol().
+Solution: Compare next char position with pos->col directly.
+          (zeertzjq)
+
+The loop below already handles end of line before checking for posptr,
+and the next char is after pos->col whether pos->col is at the start or
+in the middle of the char in question, so neither the NUL check nor the
+mb_head_off() are needed when comparing the position of the next char
+with pos->col directly.
+
+closes: #13878
+
+Signed-off-by: zeertzjq <zeertzjq@outlook.com>
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ src/charset.c | 30 ++++++------------------------
+ 1 files changed, 6 insertions(+), 24 deletions(-)
+
+diff --git a/src/charset.c b/src/charset.c
+index 3ea2ecb8e216c2..eef2e8983c280e 100644
+--- a/src/charset.c
++++ b/src/charset.c
+@@ -1482,7 +1482,6 @@ getvcol(
+ {
+     colnr_T	vcol;
+     char_u	*ptr;		// points to current char
+-    char_u	*posptr;	// points to char at pos->col
+     char_u	*line;		// start of the line
+     int		incr;
+     int		head;
+@@ -1498,24 +1497,6 @@ getvcol(
+ 
+     vcol = 0;
+     line = ptr = ml_get_buf(wp->w_buffer, pos->lnum, FALSE);
+-    if (pos->col == MAXCOL)
+-	posptr = NULL;  // continue until the NUL
+-    else
+-    {
+-	colnr_T i;
+-
+-	// In a few cases the position can be beyond the end of the line.
+-	for (i = 0; i < pos->col; ++i)
+-	    if (ptr[i] == NUL)
+-	    {
+-		pos->col = i;
+-		break;
+-	    }
+-	posptr = ptr + pos->col;
+-	if (has_mbyte)
+-	    // always start on the first byte
+-	    posptr -= (*mb_head_off)(line, posptr);
+-    }
+ 
+     init_chartabsize_arg(&cts, wp, pos->lnum, 0, line, line);
+     cts.cts_max_head_vcol = -1;
+@@ -1577,11 +1558,12 @@ getvcol(
+ 		    incr = g_chartab[c] & CT_CELL_MASK;
+ 	    }
+ 
+-	    if (posptr != NULL && ptr >= posptr) // character at pos->col
++	    char_u *next_ptr = ptr + (*mb_ptr2len)(ptr);
++	    if (next_ptr - line > pos->col) // character at pos->col
+ 		break;
+ 
+ 	    vcol += incr;
+-	    MB_PTR_ADV(ptr);
++	    ptr = next_ptr;
+ 	}
+     }
+     else
+@@ -1609,12 +1591,12 @@ getvcol(
+ 		wp->w_virtcol_first_char = cts.cts_first_char;
+ #endif
+ 
+-	    if (posptr != NULL && cts.cts_ptr >= posptr)
+-		// character at pos->col
++	    char_u *next_ptr = cts.cts_ptr + (*mb_ptr2len)(cts.cts_ptr);
++	    if (next_ptr - line > pos->col) // character at pos->col
+ 		break;
+ 
+ 	    cts.cts_vcol += incr;
+-	    MB_PTR_ADV(cts.cts_ptr);
++	    cts.cts_ptr = next_ptr;
+ 	}
+ 	vcol = cts.cts_vcol;
+ 	ptr = cts.cts_ptr;

backport-patch-9.1.0606-generated-files-may-cause-failure-in-test_codestyle.patch

@@ -0,0 +1,49 @@
+From c8a582aad5bd22eaf852e82d07ea91fe183b4cc6 Mon Sep 17 00:00:00 2001
+From: Ken Takata <kentkt@csc.jp>
+Date: Sat, 20 Jul 2024 11:55:13 +0200
+Subject: [PATCH] patch 9.1.0606: tests: generated files may cause failure in
+ test_codestyle
+
+Problem:  tests: generated files may cause failure in test_codestyle
+Solution: Exclude OLE-related generated files from style checks.
+          (Ken Takata)
+
+Some OLE-related auto-generated files may contain space errors:
+https://ci.appveyor.com/project/chrisbra/vim-win32-installer/builds/50248542/job/w45ve9yd6qmmws8t#L11475
+```
+	From test_codestyle.vim:
+	Found errors in Test_source_files():
+	command line..script C:/projects/vim-win32-installer/vim/src/testdir/runtest.vim[607]..function RunTheTest[57]..Test_source_files[8]..<SNR>8_PerformCheck[11]..<SNR>8_ReportError line 2: ../dlldata.c line 2: trailing white space
+	command line..script C:/projects/vim-win32-installer/vim/src/testdir/runtest.vim[607]..function RunTheTest[57]..Test_source_files[8]..<SNR>8_PerformCheck[11]..<SNR>8_ReportError line 2: ../iid_ole.c line 12: trailing white space
+	command line..script C:/projects/vim-win32-installer/vim/src/testdir/runtest.vim[607]..function RunTheTest[57]..Test_source_files[6]..<SNR>8_PerformCheck[11]..<SNR>8_ReportError line 2: ../if_ole.h line 60: space before Tab
+	command line..script C:/projects/vim-win32-installer/vim/src/testdir/runtest.vim[607]..function RunTheTest[57]..Test_source_files[8]..<SNR>8_PerformCheck[11]..<SNR>8_ReportError line 2: ../if_ole.h line 10: trailing white space
+```
+
+Exclude them from style checking.
+
+closes: #15309
+
+Signed-off-by: Ken Takata <kentkt@csc.jp>
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ src/testdir/test_codestyle.vim | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/testdir/test_codestyle.vim b/src/testdir/test_codestyle.vim
+index 58ccb6abba66f..83f52ef34cd60 100644
+--- a/src/testdir/test_codestyle.vim
++++ b/src/testdir/test_codestyle.vim
+@@ -24,6 +24,13 @@ def Test_source_files()
+     g:ignoreSwapExists = 'e'
+     exe 'edit ' .. fname
+ 
++    # Some files are generated files and may contain space errors.
++    if fname =~ 'dlldata.c'
++        || fname =~ 'if_ole.h'
++        || fname =~ 'iid_ole.c'
++      continue
++    endif
++
+     PerformCheck(fname, ' \t', 'space before Tab', '')
+ 
+     PerformCheck(fname, '\s$', 'trailing white space', '')

backport-patch-9.1.0671-crash-with-WinNewPre-autocommand.patch

@@ -0,0 +1,35 @@
+From fb3f9699362f8d51c3b48fcaea1eb2ed16c81454 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Sun, 11 Aug 2024 20:09:17 +0200
+Subject: [PATCH] Problem:  crash with WinNewPre autocommand
+
+Problem:  crash with WinNewPre autocommand, because window
+          structures are not yet safe to use
+Solution: Don't trigger WinNewPre on :tabnew
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ src/testdir/test_autocmd.vim | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/testdir/test_autocmd.vim b/src/testdir/test_autocmd.vim
+index e251112..3df3af1 100644
+--- a/src/testdir/test_autocmd.vim
++++ b/src/testdir/test_autocmd.vim
+@@ -14,6 +14,13 @@ func s:cleanup_buffers() abort
+   endfor
+ endfunc
+ 
++func CleanUpTestAuGroup()
++  augroup testing
++    au!
++  augroup END
++  augroup! testing
++endfunc
++
+ func Test_vim_did_enter()
+   call assert_false(v:vim_did_enter)
+ 
+-- 
+2.33.0
+

backport-patch-9.1.0918-tiny-vim-crashes-with-fuzzy-buffer-completion.patch

@@ -0,0 +1,103 @@
+From dff3c9c1a789351a741b6a430862c8b2a0eff383 Mon Sep 17 00:00:00 2001
+From: 826814741_6 <44406129+826814741-6@users.noreply.github.com>
+Date: Tue, 10 Dec 2024 17:15:14 +0100
+Subject: [PATCH] patch 9.1.0918: tiny Vim crashes with fuzzy buffer completion
+
+Problem:  tiny Vim crashes with fuzzy buffer completion
+Solution: Adjust #ifdefs in ExpandBufnames() (826814741_6)
+
+closes: #16200
+
+Signed-off-by: h-east <h.east.727@gmail.com>
+Signed-off-by: 826814741_6 <44406129+826814741-6@users.noreply.github.com>
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ src/buffer.c             |  4 ++--
+ src/testdir/Make_all.mak |  6 ++++--
+ src/testdir/test29.in    | 14 ++++++++++++++
+ src/testdir/test29.ok    |  1 +
+ 4 files changed, 21 insertions(+), 4 deletions(-)
+ create mode 100644 src/testdir/test29.in
+ create mode 100644 src/testdir/test29.ok
+
+diff --git a/src/buffer.c b/src/buffer.c
+index 3b05f25d7f705b..147d20dc78f0ff 100644
+--- a/src/buffer.c
++++ b/src/buffer.c
+@@ -2956,9 +2956,9 @@ ExpandBufnames(
+     if (!fuzzy && patc != pat)
+ 	vim_free(patc);
+ 
+-#ifdef FEAT_VIMINFO
+     if (!fuzzy)
+     {
++#ifdef FEAT_VIMINFO
+ 	if (matches != NULL)
+ 	{
+ 	    int i;
+@@ -2978,13 +2978,13 @@ ExpandBufnames(
+ 	    }
+ 	    vim_free(matches);
+ 	}
++#endif
+     }
+     else
+     {
+ 	if (fuzzymatches_to_strmatches(fuzmatch, file, count, FALSE) == FAIL)
+ 	    return FAIL;
+     }
+-#endif
+ 
+     *num_file = count;
+     return (count == 0 ? FAIL : OK);
+diff --git a/src/testdir/Make_all.mak b/src/testdir/Make_all.mak
+index bdf058c1ec43a1..7285354838805a 100644
+--- a/src/testdir/Make_all.mak
++++ b/src/testdir/Make_all.mak
+@@ -20,7 +20,8 @@ SCRIPTS_TINY = \
+ 	test24 \
+ 	test25 \
+ 	test26 \
+-	test27
++	test27 \
++	test29
+ 
+ SCRIPTS_TINY_OUT = \
+ 	test10.out \
+@@ -31,7 +32,8 @@ SCRIPTS_TINY_OUT = \
+ 	test24.out \
+ 	test25.out \
+ 	test26.out \
+-	test27.out
++	test27.out \
++	test29.out
+ 
+ # Tests for Vim9 script.
+ TEST_VIM9 = \
+diff --git a/src/testdir/test29.in b/src/testdir/test29.in
+new file mode 100644
+index 00000000000000..047803c60ff7bd
+--- /dev/null
++++ b/src/testdir/test29.in
+@@ -0,0 +1,14 @@
++Test for buffer name completion when 'wildoptions' contains "fuzzy"
++(Confirm that Vim does not crash)
++
++STARTTEST
++:set wildoptions=fuzzy
++:new buf_a
++:b buf_a
++:q!
++:set wildoptions&
++:$w! test.out
++:qa!
++ENDTEST
++
++I'm alive!
+diff --git a/src/testdir/test29.ok b/src/testdir/test29.ok
+new file mode 100644
+index 00000000000000..6a0a7c94510a8e
+--- /dev/null
++++ b/src/testdir/test29.ok
+@@ -0,0 +1 @@
++I'm alive!

backport-patch-9.1.1120-Test_registers-fails.patch

@@ -0,0 +1,26 @@
+From 44c1c04ddb000bd03c6e8851dcdef07fd8c329ff Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Mon, 17 Feb 2025 22:26:00 +0100
+Subject: [PATCH] patch 9.1.1120: tests: Test_registers fails
+
+Problem:  tests: Test_registers fails
+          (T.J. Townsend, after v9.1.1115)
+Solution: require clipboard feature
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ src/testdir/test_registers.vim | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/testdir/test_registers.vim b/src/testdir/test_registers.vim
+index 13127022666e04..ee59ecb3042300 100644
+--- a/src/testdir/test_registers.vim
++++ b/src/testdir/test_registers.vim
+@@ -931,6 +931,7 @@ endfunc
+ 
+ " This caused use-after-free
+ func Test_register_redir_display()
++  CheckFeature clipboard
+   " don't touch the clipboard, so only perform this, when the clipboard is not working
+   if has("clipboard_working")
+     throw "Skipped: skip touching the clipboard register!"

backport-runtime-Fix-for-FreeBSD-unzip-command.patch

@@ -0,0 +1,63 @@
+From f0e9b72c8fdd47b9b410a11edf7479953cb2aed9 Mon Sep 17 00:00:00 2001
+From: Damien <141588647+xrandomname@users.noreply.github.com>
+Date: Mon, 5 Aug 2024 20:21:18 +0200
+Subject: [PATCH] runtime(zip): Fix for FreeBSD's unzip command
+
+Problem:  Cannot browse zipfiles with the unzip program found
+	  on FreeBSD.
+Solution: Adjust command arguments.
+
+Unzip found on FreeBSD complain about missing argument with the
+zipinfo modifier '-Z -1'. Joining arguments seems to work
+for both implementations.
+
+Also change `:sil!` to `:sil` so that error messages are properly
+reported (per review of Christian Brabandt).
+
+related: #15411
+
+Signed-off-by: Damien <141588647+xrandomname@users.noreply.github.com>
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ runtime/autoload/zip.vim | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/runtime/autoload/zip.vim b/runtime/autoload/zip.vim
+index e8973e3c80cc8a..8876ef08e60500 100644
+--- a/runtime/autoload/zip.vim
++++ b/runtime/autoload/zip.vim
+@@ -1,11 +1,12 @@
+ " zip.vim: Handles browsing zipfiles
+ "            AUTOLOAD PORTION
+-" Date:		Jul 23, 2024
++" Date:		Aug 05, 2024
+ " Version:	33
+ " Maintainer:	Charles E Campbell <NcampObell@SdrPchip.AorgM-NOSPAM>
+ " Last Change:
+ " 2024 Jul 23 by Vim Project: fix 'x' command
+ " 2024 Aug 04 by Vim Project: escape '[' in name of file to be extracted
++" 2024 Aug 05 by Vim Project: workaround for the FreeBSD's unzip
+ " License:	Vim License  (see vim's :help license)
+ " Copyright:    Copyright (C) 2005-2019 Charles E. Campbell {{{1
+ "               Permission is hereby granted to use and distribute this code,
+@@ -138,7 +139,7 @@ fun! zip#Browse(zipfile)
+   keepj $
+ 
+ "  call Decho("exe silent r! ".g:zip_unzipcmd." -l -- ".s:Escape(a:zipfile,1))
+-  exe "keepj sil! r! ".g:zip_unzipcmd." -Z -1 -- ".s:Escape(a:zipfile,1)
++  exe $"keepj sil r! {g:zip_unzipcmd} -Z1 -- {s:Escape(a:zipfile, 1)}"
+   if v:shell_error != 0
+    redraw!
+    echohl WarningMsg | echo "***warning*** (zip#Browse) ".fnameescape(a:zipfile)." is not a zip file" | echohl None
+@@ -246,7 +247,7 @@ fun! zip#Read(fname,mode)
+   let temp = tempname()
+ "  call Decho("using temp file<".temp.">")
+   let fn   = expand('%:p')
+-  exe "sil! !".g:zip_unzipcmd." -p -- ".s:Escape(zipfile,1)." ".s:Escape(fnameescape(fname),1).' > '.temp
++  exe "sil !".g:zip_unzipcmd." -p -- ".s:Escape(zipfile,1)." ".s:Escape(fname,1).' > '.temp
+ "  call Decho("exe sil! !".g:zip_unzipcmd." -p -- ".s:Escape(zipfile,1)." ".s:Escape(fnameescape(fname),1).' > '.temp)
+   sil exe 'keepalt file '.temp
+   sil keepj e!
+-- 
+2.43.0
+

backport-runtime-correctly-extract-file-from-zip-browser.patch

@@ -0,0 +1,45 @@
+From 38ce71c1c323716cc4b130dbb3e8837a8b9a710b Mon Sep 17 00:00:00 2001
+From: Damien <141588647+xrandomname@users.noreply.github.com>
+Date: Tue, 23 Jul 2024 19:56:54 +0200
+Subject: [PATCH] runtime(zip): correctly extract file from zip browser
+
+Problem:  Enter 'x' in zip browser fail with E121
+Solution: Fix typo in zip#Extract()
+
+closes: #15321
+
+Signed-off-by: Damien <141588647+xrandomname@users.noreply.github.com>
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ runtime/autoload/zip.vim | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/runtime/autoload/zip.vim b/runtime/autoload/zip.vim
+index d0e706e83ac24..34bcad3368d13 100644
+--- a/runtime/autoload/zip.vim
++++ b/runtime/autoload/zip.vim
+@@ -1,8 +1,10 @@
+ " zip.vim: Handles browsing zipfiles
+ "            AUTOLOAD PORTION
+-" Date:		Mar 12, 2023
++" Date:		Jul 23, 2024
+ " Version:	33
+ " Maintainer:	Charles E Campbell <NcampObell@SdrPchip.AorgM-NOSPAM>
++" Last Change:
++" 2024 Jul 23 by Vim Project: fix 'x' command
+ " License:	Vim License  (see vim's :help license)
+ " Copyright:    Copyright (C) 2005-2019 Charles E. Campbell {{{1
+ "               Permission is hereby granted to use and distribute this code,
+@@ -401,8 +403,7 @@ fun! zip#Extract()
+   endif
+ 
+   " extract the file mentioned under the cursor
+-"  call Decho("system(".g:zip_extractcmd." ".shellescape(b:zipfile)." ".shellescape(shell).")")
+-  call system(g:zip_extractcmd." ".shellescape(b:zipfile)." ".shellescape(shell))
++  call system($"{g:zip_extractcmd} {shellescape(b:zipfile)} {shellescape(fname)}")
+ "  call Decho("zipfile<".b:zipfile.">")
+   if v:shell_error != 0
+    echohl Error | echo "***error*** ".g:zip_extractcmd." ".b:zipfile." ".fname.": failed!" | echohl NONE
+-- 
+2.43.0
+

backport-runtime-escape-on-Unix-as-well.patch

@@ -0,0 +1,57 @@
+From c5bdd66558b14f04424a22d9714a9b7d0c277dac Mon Sep 17 00:00:00 2001
+From: zeertzjq <zeertzjq@outlook.com>
+Date: Sun, 4 Aug 2024 18:35:50 +0200
+Subject: [PATCH] runtime(zip): escape '[' on Unix as well
+
+Problem:  After 6f1cbfc9ab483a09877e153ad130164875c40b1d fnameescape()
+          is no longer called on the name of the file to be extracted.
+          However, while spaces indeed don't need to be escaped, unzip
+          treats '[' as a wildcard character, so it need to be escaped.
+Solution: Escape '[' on both MS-Windows and Unix.
+
+From the docs it seems '*' and '?' also need escaping, but they seem to
+actually work without escaping.
+
+fixes: neovim/neovim#29977
+closes: #15427
+
+Signed-off-by: zeertzjq <zeertzjq@outlook.com>
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ runtime/autoload/zip.vim | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/runtime/autoload/zip.vim b/runtime/autoload/zip.vim
+index f77d729f036557..e8973e3c80cc8a 100644
+--- a/runtime/autoload/zip.vim
++++ b/runtime/autoload/zip.vim
+@@ -5,6 +5,7 @@
+ " Maintainer:	Charles E Campbell <NcampObell@SdrPchip.AorgM-NOSPAM>
+ " Last Change:
+ " 2024 Jul 23 by Vim Project: fix 'x' command
++" 2024 Aug 04 by Vim Project: escape '[' in name of file to be extracted
+ " License:	Vim License  (see vim's :help license)
+ " Copyright:    Copyright (C) 2005-2019 Charles E. Campbell {{{1
+ "               Permission is hereby granted to use and distribute this code,
+@@ -225,8 +226,8 @@ fun! zip#Read(fname,mode)
+   else
+    let zipfile = substitute(a:fname,'^.\{-}zipfile://\(.\{-}\)::[^\\].*$','\1','')
+    let fname   = substitute(a:fname,'^.\{-}zipfile://.\{-}::\([^\\].*\)$','\1','')
+-   let fname   = substitute(fname, '[', '[[]', 'g')
+   endif
++  let fname   = substitute(fname, '[', '[[]', 'g')
+ "  call Decho("zipfile<".zipfile.">")
+ "  call Decho("fname  <".fname.">")
+   " sanity check
+@@ -240,7 +241,7 @@ fun! zip#Read(fname,mode)
+   endif
+ 
+   " the following code does much the same thing as
+-  "   exe "keepj sil! r! ".g:zip_unzipcmd." -p -- ".s:Escape(zipfile,1)." ".s:Escape(fnameescape(fname),1)
++  "   exe "keepj sil! r! ".g:zip_unzipcmd." -p -- ".s:Escape(zipfile,1)." ".s:Escape(fname,1)
+   " but allows zipfile://... entries in quickfix lists
+   let temp = tempname()
+ "  call Decho("using temp file<".temp.">")
+-- 
+2.43.0
+

backport-runtime-zip-plugin-has-problems-with-special.patch

@@ -0,0 +1,100 @@
+From 7790ea0c680a9f951a86066e5940ec16b2333c9a Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Tue, 20 Aug 2024 22:41:52 +0200
+Subject: [PATCH] patch 9.1.0686: zip-plugin has problems with special
+ characters
+
+Problem:  zip-plugin has problems with special characters
+          (user202729)
+Solution: escape '*?[\' on Unix and handle those chars
+          a bit differently on MS-Windows, add a test, check
+          before overwriting files
+
+runtime(zip): small fixes for zip plugin
+
+This does the following:
+- verify the unzip plugin is executable when loading the autoload plugin
+- handle extracting file names with '[*?\' in its name correctly by
+  escaping those characters for the unzip command (and handle those
+  characters a bit differently on MS-Windows, since the quoting is different)
+- verify, that the extract plugin is not overwriting a file (could cause
+  a hang, because unzip asking for confirmation)
+- add a test zip file which contains those special file names
+
+fixes: #15505
+closes: #15519
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ runtime/autoload/zip.vim | 27 ++++++++++++++++++++++++---
+ 1 file changed, 24 insertions(+), 3 deletions(-)
+
+diff --git a/runtime/autoload/zip.vim b/runtime/autoload/zip.vim
+index 31fb32779f86d8..a7a7e579a2f319 100644
+--- a/runtime/autoload/zip.vim
++++ b/runtime/autoload/zip.vim
+@@ -1,12 +1,13 @@
+ " zip.vim: Handles browsing zipfiles
+ "            AUTOLOAD PORTION
+-" Date:		Aug 05, 2024
++" Date:		Aug 18, 2024
+ " Version:	33
+ " Maintainer:	Charles E Campbell <NcampObell@SdrPchip.AorgM-NOSPAM>
+ " Last Change:
+ " 2024 Jul 23 by Vim Project: fix 'x' command
+ " 2024 Aug 04 by Vim Project: escape '[' in name of file to be extracted
+ " 2024 Aug 05 by Vim Project: workaround for the FreeBSD's unzip
++" 2024 Aug 18 by Vim Project: correctly handle special globbing chars
+ " License:	Vim License  (see vim's :help license)
+ " Copyright:    Copyright (C) 2005-2019 Charles E. Campbell {{{1
+ "               Permission is hereby granted to use and distribute this code,
+@@ -61,6 +62,11 @@ if !exists("g:zip_extractcmd")
+  let g:zip_extractcmd= g:zip_unzipcmd
+ endif
+ 
++" sanity checks
++ if !executable(g:zip_unzipcmd)
++  echohl Error | echo "***error*** (zip#Browse) unzip not available on your system" | echohl None
++  finish
++ endif
+ if !dist#vim#IsSafeExecutable('zip', g:zip_unzipcmd)
+  echoerr "Warning: NOT executing " .. g:zip_unzipcmd .. " from current directory!"
+  finish
+@@ -228,7 +234,7 @@ fun! zip#Read(fname,mode)
+    let zipfile = substitute(a:fname,'^.\{-}zipfile://\(.\{-}\)::[^\\].*$','\1','')
+    let fname   = substitute(a:fname,'^.\{-}zipfile://.\{-}::\([^\\].*\)$','\1','')
+   endif
+-  let fname   = substitute(fname, '[', '[[]', 'g')
++  let fname    = fname->substitute('[', '[[]', 'g')->escape('?*\\')
+ "  call Decho("zipfile<".zipfile.">")
+ "  call Decho("fname  <".fname.">")
+   " sanity check
+@@ -403,9 +409,24 @@ fun! zip#Extract()
+ "   call Dret("zip#Extract")
+    return
+   endif
++  if filereadable(fname)
++    echohl Error | echo "***error*** (zip#Extract) <".fname."> already exists in directory, not overwriting!" | echohl None
++    return
++   endif
++   let target = fname->substitute('\[', '[[]', 'g')
++   if &shell =~ 'cmd' && (has("win32") || has("win64"))
++     let target = target
++ 		\ ->substitute('[?*]', '[&]', 'g')
++ 		\ ->substitute('[\\]', '?', 'g')
++ 		\ ->shellescape()
++     " there cannot be a file name with '\' in its name, unzip replaces it by _
++     let fname = fname->substitute('[\\?*]', '_', 'g')
++   else
++     let target = target->escape('*?\\')->shellescape()
++   endif
+ 
+   " extract the file mentioned under the cursor
+-  call system($"{g:zip_extractcmd} {shellescape(b:zipfile)} {shellescape(fname)}")
++  call system($"{g:zip_extractcmd} -o {shellescape(b:zipfile)} {target}")
+ "  call Decho("zipfile<".b:zipfile.">")
+   if v:shell_error != 0
+    echohl Error | echo "***error*** ".g:zip_extractcmd." ".b:zipfile." ".fname.": failed!" | echohl NONE
+-- 
+2.43.0
+

fixed-autocmd_BufWinLeave_with_vsp.patch

@@ -0,0 +1,35 @@
+From 919addfdcd0ef3f7b662dc9e32beb1c4da3d77bf Mon Sep 17 00:00:00 2001
+From: wjiang <app@cameyan.com>
+Date: Thu, 3 Apr 2025 14:07:33 +0800
+Subject: [PATCH] fix Test_autocmd_BufWinLeave_with_vsp
+
+---
+ src/testdir/test_autocmd.vim | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/testdir/test_autocmd.vim b/src/testdir/test_autocmd.vim
+index cea5e41..580a14d 100644
+--- a/src/testdir/test_autocmd.vim
++++ b/src/testdir/test_autocmd.vim
+@@ -4325,8 +4325,6 @@ func Test_autocmd_BufWinLeave_with_vsp()
+   let dummy = 'XXXDummy.txt'
+   call writefile([], fname)
+   call writefile([], dummy)
+-  defer delete(fname)
+-  defer delete(dummy)
+   exe "e " fname
+   vsp
+   augroup testing
+@@ -4335,6 +4333,9 @@ func Test_autocmd_BufWinLeave_with_vsp()
+   bw
+   call CleanUpTestAuGroup()
+   exe "bw! " .. dummy
++
++  call delete(fname)
++  call delete(dummy)
+ endfunc
+ 
+ " vim: shiftwidth=2 sts=2 expandtab
+-- 
+2.33.0
+

fixed-test-failed-Test_register_redir_display.patch

@@ -0,0 +1,25 @@
+From d838e35ce79cf0b61e24bc417d86a449445b7a90 Mon Sep 17 00:00:00 2001
+From: wjiang <app@cameyan.com>
+Date: Fri, 25 Apr 2025 16:16:43 +0800
+Subject: [PATCH] 444444444444444
+
+---
+ src/version.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/version.c b/src/version.c
+index 286a45f..96c0e1c 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -704,7 +704,7 @@ static char *(features[]) =
+ 
+ static int included_patches[] =
+ {   /* Add new patch number below this line */
+-/**/    
++/**/
+     679,
+ /**/
+     678,
+-- 
+2.43.0
+

vim.spec

@@ -14,7 +14,7 @@
 Name:           vim
 Epoch:          2
 Version:        %{baseversion}.%{patchlevel}
-Release:        14
+Release:        19
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -52,9 +52,25 @@ Patch6017:      backport-CVE-2024-43374.patch
 Patch6018:      backport-CVE-2024-43802.patch
 Patch6019:      backport-patch-9.1.0722-crash-with-large-id-in-text_prop-interface.patch
 Patch6020:      backport-patch-9.1.0730-crash-with-cursor-screenline-and-narrow-window.patch
+Patch6021:      backport-patch-9.1.0918-tiny-vim-crashes-with-fuzzy-buffer-completion.patch
+Patch6022:      backport-patch-9.1.0038-Unnecessary-loop-in-getvcol.patch
+Patch6023:      backport-CVE-2025-22134.patch
+Patch6024:      backport-CVE-2025-24014.patch
+Patch6025:      backport-CVE-2025-1215.patch
+Patch6026:      backport-CVE-2025-26603.patch
+Patch6027:      backport-runtime-correctly-extract-file-from-zip-browser.patch
+Patch6028:      backport-runtime-escape-on-Unix-as-well.patch
+Patch6029:      backport-runtime-Fix-for-FreeBSD-unzip-command.patch
+Patch6030:      backport-runtime-zip-plugin-has-problems-with-special.patch
+Patch6031:      backport-CVE-2025-29768.patch
+Patch6032:      backport-patch-9.1.0671-crash-with-WinNewPre-autocommand.patch
+Patch6033:      backport-patch-9.1.0606-generated-files-may-cause-failure-in-test_codestyle.patch
+Patch6034:      backport-patch-9.1.1120-Test_registers-fails.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
 Patch9001:      fix-CVE-2024-47814.patch
+Patch9002:      fixed-autocmd_BufWinLeave_with_vsp.patch
+Patch9003:      fixed-test-failed-Test_register_redir_display.patch
 
 BuildRequires:  autoconf python3-devel ncurses-devel gettext perl-devel perl-generators gcc
 BuildRequires:  perl(ExtUtils::Embed) perl(ExtUtils::ParseXS) libacl-devel gpm-devel file
@@ -460,6 +476,36 @@ LC_ALL=en_US.UTF-8 make -j1 test || echo "Warning: Please check tests."
 %{_mandir}/man1/evim.*
 
 %changelog
+* Fri Apr 25 2025 wangjiang <app@cameyan.com> - 2:9.0.2092-19
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix some tests failed
+
+* Tue Mar 18 2025 wangjiang <app@cameyan.com> - 2:9.0.2092-18
+- Type:CVE
+- ID:CVE-2025-29768
+- SUG:NA
+- DESC:fix CVE-2025-29768
+
+* Tue Feb 18 2025 wangjiang <app@cameyan.com> - 2:9.0.2092-17
+- Type:CVE
+- ID:CVE-2025-1215 CVE-2025-26603
+- SUG:NA
+- DESC:fix CVE-2025-1215 CVE-2025-26603
+
+* Mon Jan 20 2025 wangjiang <app@cameyan.com> - 2:9.0.2092-16
+- Type:CVE
+- ID:CVE-2025-22134 CVE-2025-24014
+- SUG:NA
+- DESC:CVE-2025-22134 CVE-2025-24014
+
+* Fri Dec 13 2024 wangjiang <app@cameyan.com> - 2:9.0.2092-15
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix tiny-Vim crashes with fuzzy buffer completion
+
 * Tue Nov 12 2024 wangjiang <app@cameyan.com> - 2:9.0.2092-14
 - Type:bugfix
 - ID:NA