openSUSE Security Update: Security update for gitui
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2024:0135-1
Rating:             moderate
References:         #1218264 
Cross-References:   CVE-2023-48795
CVSS scores:
                    CVE-2023-48795 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2023-48795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:
                    openSUSE Backports SLE-15-SP5
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for gitui fixes the following issues:

   - update to version 0.26.2:
     * respect configuration for remote when fetching (also applies to
       pulling)
     * add : character to sign-off trailer to comply with Conventional
       Commits standard
     * support overriding build_date for reproducible builds
   - update vendored dependencies for CVE-2023-48795 (boo#1218264)

   - Update to version 0.26.1: Added:
     * sign commits using openpgp
     * support ssh commit signing (when user.signingKey and gpg.format = ssh
       of gitconfig are set; ssh-agent isn't yet supported)
     * provide nightly builds (see NIGHTLIES.md)
     * more version info in gitui -V and help popup (including git hash)
     * support core.commitChar filtering
     * allow reset in branch popup
     * respect configuration for remote when pushing Changed:
     * Make info and error message popups scrollable
     * clarify x86_64 linux binary in artifact names:
       gitui-linux-x86_64.tar.gz (formerly known as musl) Fixes:
     * add syntax highlighting support for more file types, e.g. Typescript,
       TOML, etc.

   - Update to version 0.25.1: Added:
     * support for new-line in text-input (e.g. commit message editor)
     * add syntax highlighting for blame view
     * allow aborting pending commit log search
     * theme.ron now supports customizing line break symbol
     * add confirmation for dialog for undo commit
     * support prepare-commit-msg hook
     * new style block_title_focused to allow customizing title text
       of focused frame/block
     * allow fetch command in both tabs of branchlist popup
     * check branch name validity while typing Changed:
     * do not allow tagging when tag.gpgsign enabled until gpg-signing is
       supported Fixes:
     * bump yanked dependency bumpalo to fix build from source
     * pin ratatui version to fix building without locked cargo install gitui
     * stash window empty after file history popup closes
     * allow push to empty remote
     * better diagnostics for theme file loading
     * fix ordering of commits in diff view

   - Update to version 0.24.3:
     * log: fix major lag when going beyond last search hit
     * parallelise log search - performance gain ~100%
     * search message body/summary separately
     * fix commit log not updating after branch switch
     * fix stashlist not updating after pop/drop
     * fix commit log corruption when tabbing in/out while parsing log
     * fix performance problem in big repo with a lot of incoming commits
     * fix error switching to a branch with '/' in the name
     * search commits by message, author or files in diff
     * support 'n'/'p' key to move to the next/prev hunk in diff component
     * simplify theme overrides
     * support for sign-off of commits
     * switched from textwrap to bwrap for text wrapping
     * more logging diagnostics when a repo cannot be
     * added to anaconda
     * visualize empty line substituted with content in diff better
     * checkout branch works with non-empty status report
     * jump to commit by SHA
     * fix commit dialog char count for multibyte characters
     * fix wrong hit highlighting in fuzzy find popup
     * fix symlink support for configuration files
     * fix expansion of ~ in commit.template
     * fix hunk (un)staging/reset for # of context lines != 3
     * fix delay when opening external editor

   - Update to version 0.23.0
     - Breaking Change
       * focus_XYZ key bindings are merged into the move_XYZ set, so only one
         way to bind arrow-like keys from now on
     - Added
       * allow reset (soft,mixed,hard) from commit log
       * support reword of commit from log
       * fuzzy find branch
       * list changes in commit message inside external editor
       * allow detaching HEAD and checking out specific commit from log view
       * add no-verify option on commits to not run hooks
       * allow fetch on status tab
       * allow copy file path on revision files and status tree
       * print message of where log will be written if -l is set
       * show remote branches in log
     - Fixes
       * fixed side effect of crossterm 0.26 on windows that caused double
         input of all keys
       * commit msg history ordered the wrong way
       * improve help documentation for amend cmd
       * lag issue when showing files tab
       * fix key binding shown in bottom bar for stash_open
       * --bugreport does not require param
       * edit-file command shown on commits msg
       * crash on branches popup in small terminal
       * edit command duplication
       * syntax errors in key_bindings.ron will be logged
       * Fix UI freeze when copying with xclip installed on Linux
       * Fix UI freeze when copying with wl-copy installed on Linux
       * commit hooks report "command not found" on Windows with wsl2
         installed
       * crashes on entering submodules
       * fix race issue: revlog messages sometimes appear empty
       * default to tick-based updates
       * add support for options handling in log and stashes views
     - Changed
       * minimum supported rust version bumped to 1.65 (thank you time crate)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP5:

      zypper in -t patch openSUSE-2024-135=1



Package List:

   - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):

      gitui-0.26.2-bp155.2.3.1


References:

   https://www.suse.com/security/cve/CVE-2023-48795.html
   https://bugzilla.suse.com/1218264

openSUSE: 2024:0135-1 moderate: gitui Advisory Security Update

May 22, 2024
An update that fixes one vulnerability is now available

Description

This update for gitui fixes the following issues: - update to version 0.26.2: * respect configuration for remote when fetching (also applies to pulling) * add : character to sign-off trailer to comply with Conventional Commits standard * support overriding build_date for reproducible builds - update vendored dependencies for CVE-2023-48795 (boo#1218264) - Update to version 0.26.1: Added: * sign commits using openpgp * support ssh commit signing (when user.signingKey and gpg.format = ssh of gitconfig are set; ssh-agent isn't yet supported) * provide nightly builds (see NIGHTLIES.md) * more version info in gitui -V and help popup (including git hash) * support core.commitChar filtering * allow reset in branch popup * respect configuration for remote when pushing Changed: * Make info and error message popups scrollable * clarify x86_64 linux binary in artifact names: gitui-linux-x86_64.tar.gz (formerly known as musl) Fixes: * add syntax highlighting support for more file types, e.g. Typescript, TOML, etc. - Update to version 0.25.1: Added: * support for new-line in text-input (e.g. commit message editor) * add syntax highlighting for blame view * allow aborting pending commit log search * theme.ron now supports customizing line break symbol * add confirmation for dialog for undo commit * support prepare-commit-msg hook * new style block_title_focused to allow customizing title text of focused frame/block * allow fetch command in both tabs of branchlist popup * check branch name validity while typing Changed: * do not allow tagging when tag.gpgsign enabled until gpg-signing is supported Fixes: * bump yanked dependency bumpalo to fix build from source * pin ratatui version to fix building without locked cargo install gitui * stash window empty after file history popup closes * allow push to empty remote * better diagnostics for theme file loading * fix ordering of commits in diff view - Update to version 0.24.3: * log: fix major lag when going beyond last search hit * parallelise log search - performance gain ~100% * search message body/summary separately * fix commit log not updating after branch switch * fix stashlist not updating after pop/drop * fix commit log corruption when tabbing in/out while parsing log * fix performance problem in big repo with a lot of incoming commits * fix error switching to a branch with '/' in the name * search commits by message, author or files in diff * support 'n'/'p' key to move to the next/prev hunk in diff component * simplify theme overrides * support for sign-off of commits * switched from textwrap to bwrap for text wrapping * more logging diagnostics when a repo cannot be * added to anaconda * visualize empty line substituted with content in diff better * checkout branch works with non-empty status report * jump to commit by SHA * fix commit dialog char count for multibyte characters * fix wrong hit highlighting in fuzzy find popup * fix symlink support for configuration files * fix expansion of ~ in commit.template * fix hunk (un)staging/reset for # of context lines != 3 * fix delay when opening external editor - Update to version 0.23.0 - Breaking Change * focus_XYZ key bindings are merged into the move_XYZ set, so only one way to bind arrow-like keys from now on - Added * allow reset (soft,mixed,hard) from commit log * support reword of commit from log * fuzzy find branch * list changes in commit message inside external editor * allow detaching HEAD and checking out specific commit from log view * add no-verify option on commits to not run hooks * allow fetch on status tab * allow copy file path on revision files and status tree * print message of where log will be written if -l is set * show remote branches in log - Fixes * fixed side effect of crossterm 0.26 on windows that caused double input of all keys * commit msg history ordered the wrong way * improve help documentation for amend cmd * lag issue when showing files tab * fix key binding shown in bottom bar for stash_open * --bugreport does not require param * edit-file command shown on commits msg * crash on branches popup in small terminal * edit command duplication * syntax errors in key_bindings.ron will be logged * Fix UI freeze when copying with xclip installed on Linux * Fix UI freeze when copying with wl-copy installed on Linux * commit hooks report "command not found" on Windows with wsl2 installed * crashes on entering submodules * fix race issue: revlog messages sometimes appear empty * default to tick-based updates * add support for options handling in log and stashes views - Changed * minimum supported rust version bumped to 1.65 (thank you time crate)

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-135=1


Package List

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): gitui-0.26.2-bp155.2.3.1


References

https://www.suse.com/security/cve/CVE-2023-48795.html https://bugzilla.suse.com/1218264


Severity
Announcement ID: openSUSE-SU-2024:0135-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP5 .

Related News

19.Laptop Bed Esm H170
2 - 4 min read
Wordfence security researchers recently shed light on an infamous supply chain attack that may have affected as many as 36,000 WordPress websites.
32.Lock Code Circular Esm H170
3 - 5 min read
In the ever-evolving cybersecurity landscape, a new concern has come to light for Linux admins—a claimed zero-day vulnerability for Local Privilege
34.Key AbstractDigital Esm H170
2 - 4 min read
RansomHub, a Ransomware-as-a-Service (RaaS) platform, has emerged as a significant threat to organizations around the globe. Targeting Windows,
1.Penguin Landscape Esm H170
2 - 4 min read
As digital privacy and security evolves, anonymity cannot be overemphasized. Tails is a live operating system designed to keep its focus on privacy
32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
6.EmailConnection Touch Esm H170
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
20.Lock AbstractDigital Circular Esm H170
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server (apache2) impacting versions

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved