Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 921596

Summary: www-apps/hugo-0.121.2 version bump for security fix
Product: Gentoo Linux Reporter: Rahil Bhimjiani <me>
Component: Current packagesAssignee: tea <tea+gentoo>
Status: RESOLVED FIXED    
Severity: normal CC: proxy-maint
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/34782
Whiteboard:
Package list:
Runtime testing required: ---

Description Rahil Bhimjiani 2024-01-08 06:26:37 UTC 
The main motivation behind this release is a security fix in the upstream golang.org/x/crypto library. We don't see how that CVE could be exploited via Hugo, but we do appreciate that many want to have a clean security report.

https://github.com/gohugoio/hugo/releases/tag/v0.121.2
Comment 1 Larry the Git Cow gentoo-dev 2024-02-07 13:59:34 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97897d332341edc4ef5e556ba5152a3bb341e0fc

commit 97897d332341edc4ef5e556ba5152a3bb341e0fc
Author:     tastytea <gentoo@tastytea.de>
AuthorDate: 2024-01-13 13:14:15 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2024-02-07 13:59:31 +0000

    www-apps/hugo: add 0.121.2
    
    bumped dev-lang/go dependency to 1.21.5 (although 1.20.12 should work)
    because that's the version upstream uses and it's stable in ::gentoo
    
    Closes: https://bugs.gentoo.org/921596
    Signed-off-by: tastytea <gentoo@tastytea.de>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-apps/hugo/Manifest            |   2 +
 www-apps/hugo/hugo-0.121.2.ebuild | 101 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 103 insertions(+)