Update version9.{txt,jax}

Author: h-east

doc/version9.jax

@@ -1,4 +1,4 @@
-*version9.txt*	For Vim バージョン 9.1.  Last change: 2026 Feb 04
+*version9.txt*	For Vim バージョン 9.1.  Last change: 2026 Feb 09
 
 
 		  VIM リファレンスマニュアル	by Bram Moolenaar
@@ -52461,8 +52461,79 @@ Solution: Fix incorrect return value of pagescroll(). Also invert the
           match comments (zeertzjq).
 
 Patch 9.1.2131
-
 Problem:  tests: Test_diff_screen() fails on BSD
 Solution: Use gdiff on BSD systems if available (zeertzjq).
 
+Patch 9.1.2132
+Problem:  [security]: buffer-overflow in 'helpfile' option handling by
+          using strcpy without bound checks (Rahul Hoysala)
+Solution: Limit strncpy to the length of the buffer (MAXPATHL)
+
+Patch 9.1.2133
+Problem:  Another case of buffer overflow with 'helpfile'.
+Solution: Leave room for "tags" in the buffer (zeertzjq).
+
+Patch 9.1.2134
+Problem:  Terminal doesn't handle split UTF-8 sequence after ASCII.
+Solution: Only use one UTF-8 encoding state per vterm state (zeertzjq).
+
+Patch 9.1.2135
+Problem:  search() is used to check for the message from tar that
+          indicates leading slashes found in the tar archive, or to
+          check for the leading slashes themselves. However, if
+          'nowrapscan' is in effect these searches are limited to the
+          last line and don't find any results. This causes the warning
+          message from tar to be seen in the buffer, the "Path Traversal
+          Attack Detected" message to be omitted, and editing actions
+          can fail. This can be seen, for example, when editing
+          src/testdir/samples/evil.tar.
+Solution: Use the 'w' flag for search() (Kevin Goodsell)
+
+Patch 9.1.2136
+Problem:  :tab sbuffer may close old tabpage if BufLeave autocommand
+          splits window (after 9.1.0143).
+Solution: Only close other windows if the buffer will be unloaded (zeertzjq).
+
+Patch 9.1.2137
+Problem:  Some tests are not valid on OpenBSD.
+Solution: Add CheckNotOpenBSD, use it to skip certain tests
+          (Kevin Goodsell).
+
+Patch 9.1.2138
+Problem:  With 'autochdir' win_execute() can corrupt the buffer name, causing
+          :write to use wrong path.
+Solution: Save and restore b_fname when 'autochdir' is active (Ingo Karkat).
+
+Patch 9.1.2139
+Problem:  Buffer overflow in :wlrestore command, caused by assuming
+          wrong buffer length in vwl_log_handler() (Seungyeon Park)
+Solution: Use correct buffer size (512 bytes) in vim_vsnprintf()
+          to properly truncate long messages.
+
+Patch 9.1.2140
+Problem:  tests: Test_wayland_protocol_error_overflow() fails
+          (after v9.1.2139)
+Solution: try/catch the expected error
+
+Patch 9.1.2141
+Problem:  Truncation when serializing libsodium encryption parameters.
+Solution: Correctly cast to long long type (Yasuhiro Matsumoto).
+
+Patch 9.1.2142
+Problem:  MS-Windows: mouse scroll events not handled for popups
+Solution: Do not return early (Mao-Yining)
+
+Patch 9.1.2143
+Problem:  When a popup window partially overlaps a wide character
+          it results in truncated or garbage display.
+Solution: When a wide character is partially blocked by a popup, clear both
+          cells in the screen buffer to prevent garbage (Yasuhiro Matsumoto).
+
+Patch 9.1.2144
+Problem:  When garbage collection runs, the list of recorded buffer
+	  changes may be incorrectly freed (Sainnhe Park). 
+Solution: In garbage_collect(), iterate through all buffers and call
+          set_ref_in_list() for b_recorded_changes to ensure the list
+          and its contents are marked as reachable (Paul Ollis).
+
  vim:tw=78:ts=8:noet:ft=help:norl:fdm=manual:nofoldenable

en/version9.txt

@@ -1,4 +1,4 @@
-*version9.txt*	For Vim version 9.1.  Last change: 2026 Feb 04
+*version9.txt*	For Vim version 9.1.  Last change: 2026 Feb 09
 
 
 		  VIM REFERENCE MANUAL	  by Bram Moolenaar
@@ -52474,8 +52474,79 @@ Solution: Fix incorrect return value of pagescroll(). Also invert the
           match comments (zeertzjq).
 
 Patch 9.1.2131
-
 Problem:  tests: Test_diff_screen() fails on BSD
 Solution: Use gdiff on BSD systems if available (zeertzjq).
 
+Patch 9.1.2132
+Problem:  [security]: buffer-overflow in 'helpfile' option handling by
+          using strcpy without bound checks (Rahul Hoysala)
+Solution: Limit strncpy to the length of the buffer (MAXPATHL)
+
+Patch 9.1.2133
+Problem:  Another case of buffer overflow with 'helpfile'.
+Solution: Leave room for "tags" in the buffer (zeertzjq).
+
+Patch 9.1.2134
+Problem:  Terminal doesn't handle split UTF-8 sequence after ASCII.
+Solution: Only use one UTF-8 encoding state per vterm state (zeertzjq).
+
+Patch 9.1.2135
+Problem:  search() is used to check for the message from tar that
+          indicates leading slashes found in the tar archive, or to
+          check for the leading slashes themselves. However, if
+          'nowrapscan' is in effect these searches are limited to the
+          last line and don't find any results. This causes the warning
+          message from tar to be seen in the buffer, the "Path Traversal
+          Attack Detected" message to be omitted, and editing actions
+          can fail. This can be seen, for example, when editing
+          src/testdir/samples/evil.tar.
+Solution: Use the 'w' flag for search() (Kevin Goodsell)
+
+Patch 9.1.2136
+Problem:  :tab sbuffer may close old tabpage if BufLeave autocommand
+          splits window (after 9.1.0143).
+Solution: Only close other windows if the buffer will be unloaded (zeertzjq).
+
+Patch 9.1.2137
+Problem:  Some tests are not valid on OpenBSD.
+Solution: Add CheckNotOpenBSD, use it to skip certain tests
+          (Kevin Goodsell).
+
+Patch 9.1.2138
+Problem:  With 'autochdir' win_execute() can corrupt the buffer name, causing
+          :write to use wrong path.
+Solution: Save and restore b_fname when 'autochdir' is active (Ingo Karkat).
+
+Patch 9.1.2139
+Problem:  Buffer overflow in :wlrestore command, caused by assuming
+          wrong buffer length in vwl_log_handler() (Seungyeon Park)
+Solution: Use correct buffer size (512 bytes) in vim_vsnprintf()
+          to properly truncate long messages.
+
+Patch 9.1.2140
+Problem:  tests: Test_wayland_protocol_error_overflow() fails
+          (after v9.1.2139)
+Solution: try/catch the expected error
+
+Patch 9.1.2141
+Problem:  Truncation when serializing libsodium encryption parameters.
+Solution: Correctly cast to long long type (Yasuhiro Matsumoto).
+
+Patch 9.1.2142
+Problem:  MS-Windows: mouse scroll events not handled for popups
+Solution: Do not return early (Mao-Yining)
+
+Patch 9.1.2143
+Problem:  When a popup window partially overlaps a wide character
+          it results in truncated or garbage display.
+Solution: When a wide character is partially blocked by a popup, clear both
+          cells in the screen buffer to prevent garbage (Yasuhiro Matsumoto).
+
+Patch 9.1.2144
+Problem:  When garbage collection runs, the list of recorded buffer
+	  changes may be incorrectly freed (Sainnhe Park). 
+Solution: In garbage_collect(), iterate through all buffers and call
+          set_ref_in_list() for b_recorded_changes to ensure the list
+          and its contents are marked as reachable (Paul Ollis).
+
  vim:tw=78:ts=8:noet:ft=help:norl:fdm=manual:nofoldenable