openSUSE-SU-2024:0135-1: moderate: Security update for gitui
openSUSE-SU-2024:0135-1: moderate: Security update for gitui
openSUSE Security Update: Security update for gitui
_______________________________
Announcement ID: openSUSE-SU-2024:0135-1
Rating: moderate
References: #1218264
Cross-References: CVE-2023-48795
CVSS scores:
CVE-2023-48795 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2023-48795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for gitui fixes the following issues:
- update to version 0.26.2:
* respect configuration for remote when fetching (also applies to
pulling)
* add : character to sign-off trailer to comply with Conventional
Commits standard
* support overriding build_date for reproducible builds
- update vendored dependencies for CVE-2023-48795 (boo#1218264)
- Update to version 0.26.1: Added:
* sign commits using openpgp
* support ssh commit signing (when user.signingKey and gpg.format = ssh
of gitconfig are set; ssh-agent isn't yet supported)
* provide nightly builds (see NIGHTLIES.md)
* more version info in gitui -V and help popup (including git hash)
* support core.commitChar filtering
* allow reset in branch popup
* respect configuration for remote when pushing Changed:
* Make info and error message popups scrollable
* clarify x86_64 linux binary in artifact names:
gitui-linux-x86_64.tar.gz (formerly known as musl) Fixes:
* add syntax highlighting support for more file types, e.g. Typescript,
TOML, etc.
- Update to version 0.25.1: Added:
* support for new-line in text-input (e.g. commit message editor)
* add syntax highlighting for blame view
* allow aborting pending commit log search
* theme.ron now supports customizing line break symbol
* add confirmation for dialog for undo commit
* support prepare-commit-msg hook
* new style block_title_focused to allow customizing title text
of focused frame/block
* allow fetch command in both tabs of branchlist popup
* check branch name validity while typing Changed:
* do not allow tagging when tag.gpgsign enabled until gpg-signing is
supported Fixes:
* bump yanked dependency bumpalo to fix build from source
* pin ratatui version to fix building without locked cargo install gitui
* stash window empty after file history popup closes
* allow push to empty remote
* better diagnostics for theme file loading
* fix ordering of commits in diff view
- Update to version 0.24.3:
* log: fix major lag when going beyond last search hit
* parallelise log search - performance gain ~100%
* search message body/summary separately
* fix commit log not updating after branch switch
* fix stashlist not updating after pop/drop
* fix commit log corruption when tabbing in/out while parsing log
* fix performance problem in big repo with a lot of incoming commits
* fix error switching to a branch with '/' in the name
* search commits by message, author or files in diff
* support 'n'/'p' key to move to the next/prev hunk in diff component
* simplify theme overrides
* support for sign-off of commits
* switched from textwrap to bwrap for text wrapping
* more logging diagnostics when a repo cannot be
* added to anaconda
* visualize empty line substituted with content in diff better
* checkout branch works with non-empty status report
* jump to commit by SHA
* fix commit dialog char count for multibyte characters
* fix wrong hit highlighting in fuzzy find popup
* fix symlink support for configuration files
* fix expansion of ~ in commit.template
* fix hunk (un)staging/reset for # of context lines != 3
* fix delay when opening external editor
- Update to version 0.23.0
- Breaking Change
* focus_XYZ key bindings are merged into the move_XYZ set, so only one
way to bind arrow-like keys from now on
- Added
* allow reset (soft,mixed,hard) from commit log
* support reword of commit from log
* fuzzy find branch
* list changes in commit message inside external editor
* allow detaching HEAD and checking out specific commit from log view
* add no-verify option on commits to not run hooks
* allow fetch on status tab
* allow copy file path on revision files and status tree
* print message of where log will be written if -l is set
* show remote branches in log
- Fixes
* fixed side effect of crossterm 0.26 on windows that caused double
input of all keys
* commit msg history ordered the wrong way
* improve help documentation for amend cmd
* lag issue when showing files tab
* fix key binding shown in bottom bar for stash_open
* --bugreport does not require param
* edit-file command shown on commits msg
* crash on branches popup in small terminal
* edit command duplication
* syntax errors in key_bindings.ron will be logged
* Fix UI freeze when copying with xclip installed on Linux
* Fix UI freeze when copying with wl-copy installed on Linux
* commit hooks report "command not found" on Windows with wsl2
installed
* crashes on entering submodules
* fix race issue: revlog messages sometimes appear empty
* default to tick-based updates
* add support for options handling in log and stashes views
- Changed
* minimum supported rust version bumped to 1.65 (thank you time crate)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-135=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
gitui-0.26.2-bp155.2.3.1
References:
https://www.suse.com/security/cve/CVE-2023-48795.html
https://bugzilla.suse.com/1218264