A bug introduced in version 3.7.0 of Rebar, an Erlang dependency manager and build tool, broke certificate validation when fetching packages from the hex.pm repository.
Sorry for the noise, but I submitted to soon: Our dev-util/rebar package isn't affected because it was never updated to version 3. dev-util/rebar-bin is affected, and the fix has landed in versions 3.16.1 and 3.15.2.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac2512786881302c1e98643515c2c7094cb3cec8 commit ac2512786881302c1e98643515c2c7094cb3cec8 Author: Matt Smith <matt@offtopica.uk> AuthorDate: 2021-05-19 06:47:26 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-05-25 11:12:35 +0000 dev-util/rebar-bin: Bump to 3.16.1 Bug: https://bugs.gentoo.org/791862 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Matt Smith <matt@offtopica.uk> Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-util/rebar-bin/Manifest | 1 + dev-util/rebar-bin/rebar-bin-3.16.1.ebuild | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+)
All done, thanks! (~arch only => trivial 'priority' and noglsa)
