Summary: | <dev-vcs/fossil-2.12.1: Multiple vulnerabilities (CVE-2020-24614) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak, arfrever.fta, rafaelmartins, titanofold |
Priority: | Normal | Keywords: | CC-ARCHES |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2020/08/20/1 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
dev-vcs/fossil-2.12.1 amd64 arm x86
dev-db/sqlite-3.33.0 arm arm64 hppa s390 sparc
|
Runtime testing required: | No |
Bug Depends on: | 738912, 738914 | ||
Bug Blocks: | 675778, 690828, 724272 |
Description
Sam James
2020-08-20 15:20:44 UTC
Maintainers, please bump to 2.12.1 immediately. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fdd530e64ec81f3c15358ae287fa1145219c79fe commit fdd530e64ec81f3c15358ae287fa1145219c79fe Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-08-22 01:33:21 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-08-22 01:35:25 +0000 dev-vcs/fossil: security bump to 2.12.1 Bug: https://bugs.gentoo.org/738220 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Requested-by: Rafael G. Martins <rafaelmartins@gentoo.org> Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-vcs/fossil/Manifest | 1 + dev-vcs/fossil/fossil-2.12.1.ebuild | 72 +++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) Maintainers, let us know when ready to stable. please stabilize ppc64 stable ppc stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e716de587da3cd501a0c83259d0e1a14771b3d24 commit e716de587da3cd501a0c83259d0e1a14771b3d24 Author: Aaron W. Swenson <titanofold@gentoo.org> AuthorDate: 2020-09-23 10:36:03 +0000 Commit: Aaron W. Swenson <titanofold@gentoo.org> CommitDate: 2020-09-23 10:39:16 +0000 dev-vcs/fossil: Bump sqlite dep, drop legacy-mv-rm Fossil 2.12 requires SQLite 3.33.0 when using the system installation. Dropped the legacy-mv-rm use flag as upstream removed it in 2.12.1. Further, it has always been enabled since 2.7, but still requires mv-rm to be activated in each repo. Reverted ppc and ppc64 stabilizations given the two previous items would prevent successful emerging if enabled, so need to be rechecked. Bug: https://bugs.gentoo.org/738220 Closes: https://bugs.gentoo.org/738914 Closes: https://bugs.gentoo.org/738912 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Aaron W. Swenson <titanofold@gentoo.org> dev-vcs/fossil/fossil-2.12.1.ebuild | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) Sanity check failed:
> dev-vcs/fossil-2.12.1
> depend amd64 stable profile default/linux/amd64/17.0 (59 total)
> >=dev-db/sqlite-3.33.0:3
> depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (35 total)
> >=dev-db/sqlite-3.33.0:3
> rdepend amd64 stable profile default/linux/amd64/17.0 (59 total)
> >=dev-db/sqlite-3.33.0:3
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (35 total)
> >=dev-db/sqlite-3.33.0:3
ppc/ppc64 stable x86 stable arm64 done sparc stable arm done amd64 done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f16b344c51b67da95e31e077c4b5a2092788ef0f commit f16b344c51b67da95e31e077c4b5a2092788ef0f Author: Aaron W. Swenson <titanofold@gentoo.org> AuthorDate: 2020-10-02 03:37:22 +0000 Commit: Aaron W. Swenson <titanofold@gentoo.org> CommitDate: 2020-10-02 03:37:22 +0000 dev-vcs/fossil: Cleanup Bug: https://bugs.gentoo.org/738220 Closes: https://bugs.gentoo.org/724272 Closes: https://bugs.gentoo.org/675778 Closes: https://bugs.gentoo.org/690828 Signed-off-by: Aaron W. Swenson <titanofold@gentoo.org> dev-vcs/fossil/Manifest | 1 - dev-vcs/fossil/fossil-2.11.1.ebuild | 72 ------------------------------------- dev-vcs/fossil/metadata.xml | 3 -- 3 files changed, 76 deletions(-) @hppa, s390: stable if you wish? s390 stable hppa done. All arches done. This issue was resolved and addressed in GLSA 202011-04 at https://security.gentoo.org/glsa/202011-04 by GLSA coordinator Sam James (sam_c). |