openSUSE Security Update: Security update for neovim ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1796-1 Rating: important References: #1137443 Cross-References: CVE-2019-12735 Affected Products: openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for neovim fixes the following issues: neovim was updated to version 0.3.7: * CVE-2019-12735: source should check sandbox (boo#1137443) * genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: * options: properly reset directories on 'autochdir' * Remove MSVC optimization workaround for SHM_ALL * Make SHM_ALL to a variable instead of a compound literal #define * doc: mention "pynvim" module rename * screen: don't crash when drawing popupmenu with 'rightleft' option * look-behind match may use the wrong line number * :terminal : set topline based on window height * :recover : Fix crash on non-existent *.swp Version Update to version 0.3.4: * test: add tests for conceal cursor movement * display: unify ursorline and concealcursor redraw logic Version Update to version 0.3.3: * health/provider: Check for available pynvim when neovim mod is missing * python#CheckForModule: Use the given module string instead of hard-coding pynvim * (health.provider)/python: Import the neovim, rather than pynvim, module * TUI: Konsole DECSCUSR fixup Version Update to version 0.3.2:- * Features - clipboard: support Custom VimL functions (#9304) - win/TUI: improve terminal/console support (#9401) - startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077) - support mapping in more places (#9299) - diff/highlight: show underline for low-priority CursorLine (#9028) - signs: Add "nuhml" argument (#9113) - clipboard: support Wayland (#9230) - TUI: add support for undercurl and underline color (#9052) - man.vim: soft (dynamic) wrap (#9023) * API - API: implement object namespaces (#6920) - API: implement nvim_win_set_buf() (#9100) - API: virtual text annotations (nvim_buf_set_virtual_text) (#8180) - API: add nvim_buf_is_loaded() (#8660) - API: nvm_buf_get_offset_for_line (#8221) - API/UI: ext_newgrid, ext_histate (#8221) * UI - TUI: use BCE again more often (smoother resize) (#8806) - screen: add missing status redraw when redraw_later(CLEAR) was used (#9315) - TUI: clip invalid regions on resize (#8779) - TUI: improvements for scrolling and clearing (#9193) - TUI: disable clearing almost everywhere (#9143) - TUI: always use safe cursor movement after resize (#9079) - ui_options: also send when starting or from OptionSet (#9211) - TUI: Avoid reset_color_cursor_color in old VTE (#9191) - Don't erase screen on :hi Normal during startup (#9021) - TUI: Hint wrapped lines to terminals (#8915) * FIXES - RPC: turn errors from async calls into notifications - TUI: Restore terminal title via "title stacking" (#9407) - genappimage: Unset $ARGV0 at invocation (#9376) - TUI: Konsole 18.07.70 supports DECSCUSR (#9364) - provider: improve error message (#9344) - runtime/syntax: Fix highlighting of autogroup contents (#9328) - VimL/confirm(): Show dialog even if :silent (#9297) - clipboard: prefer xclip (#9302) - provider/nodejs: fix npm, yarn detection - channel: avoid buffering output when only terminal is active (#9218) - ruby: detect rbenv shims for other versions (#8733) - third party/unibilium: Fix parsing of extended capabilitiy entries (#9123) - jobstart(): Fix hang on non-executable cwd (#9204) - provide/nodejs: Simultaneously query npm and yarn (#9054) - undo: Fix infinite loop if undo_read_byte returns EOF (#2880) - 'swapfile: always show dialog' (#9034) - Add to the system-wide configuration file extension of runtimepath by /usr/share/vim/site, so that neovim uses other Vim plugins installed from packages. - Add /usr/share/vim/site tree of directories to be owned by neovim as well. This update was imported from the openSUSE:Leap:15.0:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-1796=1 Package List: - openSUSE Backports SLE-15 (noarch): neovim-lang-0.3.7-bp150.2.9.1 - openSUSE Backports SLE-15 (x86_64): neovim-0.3.7-bp150.2.9.1 References: https://www.suse.com/security/cve/CVE-2019-12735.html https://bugzilla.suse.com/1137443 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org