Security update for neovim (important)

An update that fixes one vulnerability is now available.

Description:

This update for neovim fixes the following issues:

neovim was updated to version 0.3.7:

• CVE-2019-12735: source should check sandbox (boo#1137443)
• genappimage.sh: migrate to linuxdeploy

Version Update to version 0.3.5:

• options: properly reset directories on ‘autochdir’
• Remove MSVC optimization workaround for SHM_ALL
• Make SHM_ALL to a variable instead of a compound literal #define
• doc: mention “pynvim” module rename
• screen: don’t crash when drawing popupmenu with ‘rightleft’ option
• look-behind match may use the wrong line number
• :terminal : set topline based on window height
• :recover : Fix crash on non-existent *.swp

Version Update to version 0.3.4:

• test: add tests for conceal cursor movement
• display: unify ursorline and concealcursor redraw logic

Version Update to version 0.3.3:

• health/provider: Check for available pynvim when neovim mod is missing
• python#CheckForModule: Use the given module string instead of
  hard-coding pynvim
• (health.provider)/python: Import the neovim, rather than pynvim, module
• TUI: Konsole DECSCUSR fixup

Version Update to version 0.3.2:-

• Features

  • clipboard: support Custom VimL functions (#9304)
  • win/TUI: improve terminal/console support (#9401)
  • startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077)
  • support mapping in more places (#9299)
  • diff/highlight: show underline for low-priority CursorLine (#9028)
  • signs: Add “nuhml” argument (#9113)
  • clipboard: support Wayland (#9230)
  • TUI: add support for undercurl and underline color (#9052)
  • man.vim: soft (dynamic) wrap (#9023)

• API

  • API: implement object namespaces (#6920)
  • API: implement nvim_win_set_buf() (#9100)
  • API: virtual text annotations (nvim_buf_set_virtual_text) (#8180)
  • API: add nvim_buf_is_loaded() (#8660)
  • API: nvm_buf_get_offset_for_line (#8221)
  • API/UI: ext_newgrid, ext_histate (#8221)

• UI

  • TUI: use BCE again more often (smoother resize) (#8806)
  • screen: add missing status redraw when redraw_later(CLEAR) was used
    (#9315)
  • TUI: clip invalid regions on resize (#8779)
  • TUI: improvements for scrolling and clearing (#9193)
  • TUI: disable clearing almost everywhere (#9143)
  • TUI: always use safe cursor movement after resize (#9079)
  • ui_options: also send when starting or from OptionSet (#9211)
  • TUI: Avoid reset_color_cursor_color in old VTE (#9191)
  • Don’t erase screen on :hi Normal during startup (#9021)
  • TUI: Hint wrapped lines to terminals (#8915)

• FIXES

  • RPC: turn errors from async calls into notifications
  • TUI: Restore terminal title via “title stacking” (#9407)
  • genappimage: Unset $ARGV0 at invocation (#9376)
  • TUI: Konsole 18.07.70 supports DECSCUSR (#9364)
  • provider: improve error message (#9344)
  • runtime/syntax: Fix highlighting of autogroup contents (#9328)
  • VimL/confirm(): Show dialog even if :silent (#9297)
  • clipboard: prefer xclip (#9302)
  • provider/nodejs: fix npm, yarn detection
  • channel: avoid buffering output when only terminal is active (#9218)
  • ruby: detect rbenv shims for other versions (#8733)
  • third party/unibilium: Fix parsing of extended capabilitiy entries
    (#9123)
  • jobstart(): Fix hang on non-executable cwd (#9204)
  • provide/nodejs: Simultaneously query npm and yarn (#9054)
  • undo: Fix infinite loop if undo_read_byte returns EOF (#2880)
  • ‘swapfile: always show dialog’ (#9034)

• Add to the system-wide configuration file extension of runtimepath by
  /usr/share/vim/site, so that neovim uses other Vim plugins installed
  from packages.

• Add /usr/share/vim/site tree of directories to be owned by neovim as
  well.

This update was imported from the openSUSE:Leap:15.1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Backports SLE-15-SP1:

  zypper in -t patch openSUSE-2019-1997=1