Summary: | dev-cvs/mercurial-9999 - certificates issue | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | nevermind <codecaves> |
Component: | Default Configs | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | djc, junghans, nelchael, skrattaren |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 429470 | ||
Bug Blocks: |
Description
nevermind
2012-10-11 11:57:24 UTC
*** This bug has been marked as a duplicate of bug 429470 *** Ah, sorry, didn't see that this was a security bug. We could install `/etc/mercurial/hgrc.d/cacerts.rc`: [web] cacerts = /etc/ssl/certs/ca-certificates.crt This makes Mercurial use system certificates. Strange, mercurial.eclass (source of src_unpack) uses: [[ -f ${EPREFIX}/etc/ssl/certs/ca-certificates.crt ]] && cert_opt=( --config "web.cacerts=${EPREFIX}/etc/ssl/certs/ca-certificates.crt" ) This issue is resolved at this point through changes to both mercurial eclass and default .hgrc in mercurial package itself. Not a glsa issue. |