Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 921596 - www-apps/hugo-0.121.2 version bump for security fix
Summary: www-apps/hugo-0.121.2 version bump for security fix
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: tea
URL:
Whiteboard:
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2024-01-08 06:26 UTC by Rahil Bhimjiani
Modified: 2024-02-07 13:59 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rahil Bhimjiani 2024-01-08 06:26:37 UTC 
The main motivation behind this release is a security fix in the upstream golang.org/x/crypto library. We don't see how that CVE could be exploited via Hugo, but we do appreciate that many want to have a clean security report.

https://github.com/gohugoio/hugo/releases/tag/v0.121.2
Comment 1 Larry the Git Cow gentoo-dev 2024-02-07 13:59:34 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97897d332341edc4ef5e556ba5152a3bb341e0fc

commit 97897d332341edc4ef5e556ba5152a3bb341e0fc
Author:     tastytea <gentoo@tastytea.de>
AuthorDate: 2024-01-13 13:14:15 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2024-02-07 13:59:31 +0000

    www-apps/hugo: add 0.121.2
    
    bumped dev-lang/go dependency to 1.21.5 (although 1.20.12 should work)
    because that's the version upstream uses and it's stable in ::gentoo
    
    Closes: https://bugs.gentoo.org/921596
    Signed-off-by: tastytea <gentoo@tastytea.de>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-apps/hugo/Manifest            |   2 +
 www-apps/hugo/hugo-0.121.2.ebuild | 101 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 103 insertions(+)