An update that fixes two vulnerabilities is now available.
Description:
This update for neomutt fixes the following issues:
neomutt was updated to 20220429:
- Bug Fixes
- Do not crash on an invalid use_threads/sort combination
- Fix: stuck browser cursor
- Resolve (move) the cursor after <edit-label>
- Index: fix menu size on new mail
- Don’t overlimit LMDB mmap size
- OpenBSD y/n translation fix
- Generic: split out OP_EXIT binding
- Fix parsing of sendmail cmd
- Fix: crash with menu_move_off=no
- Newsrc: bugfix; nntp_user and nntp_pass ignored
- Menu: ensure config changes cause a repaint
- Mbox: fix sync duplicates
- Make sure the index redraws all that’s needed
- Translations
- 100% Chinese (Simplified)
- 100% Czech
- 100% German
- 100% Hungarian
- 100% Lithuanian
- 100% Serbian
- 100% Turkish
- Docs
- add missing pattern modifier ~I for external_search_command
- Code
- menu: eliminate custom_redraw()
- modernise mixmaster
- Kill global and Propagate display attach status through State-
neomutt was updated to 20220415:
- Security
- Fix uudecode buffer overflow (CVE-2022-1328)
- Features
- Colours, colours, colours
- Bug Fixes
- Pager: fix pager_stop
- Merge colours with normal
- Color: disable mono command
- Fix forwarding text attachments when honor_disposition is set
- Pager: drop the nntp change-group bindings
- Use mailbox_check flags coherently, add IMMEDIATE flag
- Fix: tagging in attachment list
- Fix: misalignment of mini-index
- Make sure to update the menu size after a resort
- Translations
- 100% Hungarian
- Build
- Update acutest
- Code
- Unify pipe functions
- Index: notify if navigation fails
- Gui: set colour to be merged with normal
- Fix: leak in tls_check_one_certificate()
- Upstream
- Flush iconv() in mutt_convert_string()
- Fix integer overflow in mutt_convert_string()
- Fix uudecode cleanup on unexpected eof
update to 20220408:
- Compose multipart emails
- Fix screen mode after attempting decryption
- imap: increase max size of oauth2 token
- Fix autocrypt
- Unify Alias/Query workflow
- Fix colours
- Say which file exists when saving attachments
- Force SMTP authentication if
smtp_user
is set
- Fix selecting the right email after limiting
- Make sure we have enough memory for a new email
- Don’t overwrite with zeroes after unlinking the file
- Fix crash when forwarding attachments
- Fix help reformatting on window resize
- Fix poll to use PollFdsCount and not PollFdsLen
- regex: range check arrays strictly
- Fix Coverity defects
- Fix out of bounds write with long log lines
- Apply
fast_reply
to ‘to’, ‘cc’, or ‘bcc’
- Prevent warning on empty emails
- New default:
set rfc2047_parameters = yes
- 100% German
- 100% Lithuanian
- 100% Serbian
- 100% Czech
- 100% Turkish
- 72% Hungarian
- Improve header cache explanation
- Improve description of some notmuch variables
- Explain how timezones and
!
s work inside %{}
, %[]
and %()
- Document config synonyms and deprecations
- Create lots of GitHub Actions
- Drop TravisCI
- Add automated Fuzzing tests
- Add automated ASAN tests
- Create Dockers for building Centos/Fedora
- Build fixes for Solaris 10
- New libraries: browser, enter, envelope
- New configure options:
--fuzzing
--debug-color
--debug-queue
- Split Index/Pager GUIs/functions
- Add lots of function dispatchers
- Eliminate
menu_loop()
- Refactor function opcodes
- Refactor cursor setting
- Unify Alias/Query functions
- Refactor Compose/Envelope functions
- Modernise the Colour handling
- Refactor the Attachment View
- Eliminate the global
Context
- Upgrade
mutt_get_field()
- Refactor the
color quoted
code
- Fix lots of memory leaks
- Refactor Index resolve code
- Refactor PatternList parsing
- Refactor Mailbox freeing
- Improve key mapping
- Factor out charset hooks
- Expose mutt_file_seek API
- Improve API of
strto*
wrappers
- imap QRESYNC fixes
- Allow an empty To: address prompt
- Fix argc==0 handling
- Don’t queue IMAP close commands
- Fix IMAP UTF-7 for code points >= U+10000
- Don’t include inactive messages in msgset generation
update to 20211029 (boo#1185705, CVE-2021-32055):
- Notmuch: support separate database and mail roots without .notmuch
- fix notmuch crash on open failure
- fix crypto crash handling pgp keys
- fix ncrypt/pgp file_get_size return check
- fix restore case-insensitive header sort
- fix pager redrawing of long lines
- fix notmuch: check database dir for xapian dir
- fix notmuch: update index count after <entire-thread>
- fix protect hash table against empty keys
- fix prevent real_subj being set but empty
- fix leak when saving fcc
- fix leak after <edit-or-view-raw-message>
- fix leak after trash to hidden mailbox
- fix leak restoring postponed emails
- fix new mail notifications
- fix pattern compilation error for ( !>(~P) )
- fix menu display on window resize
- Stop batch mode emails with no argument or recipients
- Add sanitize call in print mailcap function
- fix hdr_order to use the longest match
- fix (un)setenv to not return an error with unset env vars
- fix Imap sync when closing a mailbox
- fix segfault on OpenBSD current
- sidebar: restore sidebar_spoolfile colour
- fix assert when displaying a file from the browser
- fix exec command in compose
- fix check_stats for Notmuch mailboxes
- Fallback: Open Notmuch database without config
- fix gui hook commands on startup
- threads: implement the $use_threads feature
- https://neomutt.org/feature/use-threads
- hooks: allow a -noregex param to folder and mbox hooks
- mailing lists: implement list-(un)subscribe using RFC2369 headers
- mailcap: implement x-neomutt-nowrap flag
- pager: add $local_date_header option
- imap, smtp: add support for authenticating using XOAUTH2
- Allow <sync-mailbox> to fail quietly
- imap: speed up server-side searches
- pager: improve skip-quoted and skip-headers
- notmuch: open database with user’s configuration
- notmuch: implement <vfolder-window-reset>
- config: allow += modification of my_ variables
- notmuch: tolerate file renames behind neomutt’s back
- pager: implement $pager_read_delay
- notmuch: validate nm_query_window_timebase
- notmuch: make $nm_record work in non-notmuch mailboxes
- compose: add $greeting - a welcome message on top of emails
- notmuch: show additional mail in query windows
- imap: fix crash on external IMAP events
- notmuch: handle missing libnotmuch version bumps
- imap: add sanity check for qresync
- notmuch: allow windows with 0 duration
- index: fix index selection on <collapse-all>
- imap: fix crash when sync’ing labels
- search: fix searching by Message-Id in <mark-message>
- threads: fix double sorting of threads
- stats: don’t check mailbox stats unless told
- alias: fix crash on empty query
- pager: honor mid-message config changes
- mailbox: don’t propagate read-only state across reopens
- hcache: fix caching new labels in the header cache
- crypto: set invalidity flags for gpgme/smime keys
- notmuch: fix parsing of multiple type=
- notmuch: validate $nm_default_url
- messages: avoid unnecessary opening of messages
- imap: fix seqset iterator when it ends in a comma
- build: refuse to build without pcre2 when pcre2 is linked in ncurses
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: