openSUSE Security Update: Security update for neovim
______________________________________________________________________________
Announcement ID: openSUSE-SU-2019:1796-1
Rating: important
References: #1137443
Cross-References: CVE-2019-12735
Affected Products:
openSUSE Backports SLE-15
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for neovim fixes the following issues:
neovim was updated to version 0.3.7:
* CVE-2019-12735: source should check sandbox (boo#1137443)
* genappimage.sh: migrate to linuxdeploy
Version Update to version 0.3.5:
* options: properly reset directories on ‘autochdir’
* Remove MSVC optimization workaround for SHM_ALL
* Make SHM_ALL to a variable instead of a compound literal #define
* doc: mention “pynvim” module rename
* screen: don’t crash when drawing popupmenu with ‘rightleft’ option
* look-behind match may use the wrong line number
* :terminal : set topline based on window height
* :recover : Fix crash on non-existent *.swp
Version Update to version 0.3.4:
* test: add tests for conceal cursor movement
* display: unify ursorline and concealcursor redraw logic
Version Update to version 0.3.3:
* health/provider: Check for available pynvim when neovim mod is missing
* python#CheckForModule: Use the given module string instead of
hard-coding pynvim
* (health.provider)/python: Import the neovim, rather than pynvim, module
* TUI: Konsole DECSCUSR fixup
Version Update to version 0.3.2:-
* Features
– clipboard: support Custom VimL functions (#9304)
– win/TUI: improve terminal/console support (#9401)
– startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077)
– support mapping in more places (#9299)
– diff/highlight: show underline for low-priority CursorLine (#9028)
– signs: Add “nuhml” argument (#9113)
– clipboard: support Wayland (#9230)
– TUI: add support for undercurl and underline color (#9052)
– man.vim: soft (dynamic) wrap (#9023)
* API
– API: implement object namespaces (#6920)
– API: implement nvim_win_set_buf() (#9100)
– API: virtual text annotations (nvim_buf_set_virtual_text) (#8180)
– API: add nvim_buf_is_loaded() (#8660)
– API: nvm_buf_get_offset_for_line (#8221)
– API/UI: ext_newgrid, ext_histate (#8221)
* UI
– TUI: use BCE again more often (smoother resize) (#8806)
– screen: add missing status redraw when redraw_later(CLEAR) was used
(#9315)
– TUI: clip invalid regions on resize (#8779)
– TUI: improvements for scrolling and clearing (#9193)
– TUI: disable clearing almost everywhere (#9143)
– TUI: always use safe cursor movement after resize (#9079)
– ui_options: also send when starting or from OptionSet (#9211)
– TUI: Avoid reset_color_cursor_color in old VTE (#9191)
– Don’t erase screen on :hi Normal during startup (#9021)
– TUI: Hint wrapped lines to terminals (#8915)
* FIXES
– RPC: turn errors from async calls into notifications
– TUI: Restore terminal title via “title stacking” (#9407)
– genappimage: Unset $ARGV0 at invocation (#9376)
– TUI: Konsole 18.07.70 supports DECSCUSR (#9364)
– provider: improve error message (#9344)
– runtime/syntax: Fix highlighting of autogroup contents (#9328)
– VimL/confirm(): Show dialog even if :silent (#9297)
– clipboard: prefer xclip (#9302)
– provider/nodejs: fix npm, yarn detection
– channel: avoid buffering output when only terminal is active (#9218)
– ruby: detect rbenv shims for other versions (#8733)
– third party/unibilium: Fix parsing of extended capabilitiy entries
(#9123)
– jobstart(): Fix hang on non-executable cwd (#9204)
– provide/nodejs: Simultaneously query npm and yarn (#9054)
– undo: Fix infinite loop if undo_read_byte returns EOF (#2880)
– ‘swapfile: always show dialog’ (#9034)
– Add to the system-wide configuration file extension of runtimepath by
/usr/share/vim/site, so that neovim uses other Vim plugins installed
from packages.
– Add /usr/share/vim/site tree of directories to be owned by neovim as
well.
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2019-1796=1
Package List:
– openSUSE Backports SLE-15 (noarch):
neovim-lang-0.3.7-bp150.2.9.1
– openSUSE Backports SLE-15 (x86_64):
neovim-0.3.7-bp150.2.9.1
References:
https://www.suse.com/security/cve/CVE-2019-12735.html
https://bugzilla.suse.com/1137443
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org