openSUSE-SU-2024:0135-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0135-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2024:0135-1
Related
Published
2024-05-22T06:28:38Z
Modified
2024-05-22T06:28:38Z
Summary
Security update for gitui
Details

This update for gitui fixes the following issues:

  • update to version 0.26.2:
    • respect configuration for remote when fetching (also applies to pulling)
    • add : character to sign-off trailer to comply with Conventional Commits standard
    • support overriding build_date for reproducible builds

  • update vendored dependencies for CVE-2023-48795 (boo#1218264)

  • Update to version 0.26.1: Added:

    • sign commits using openpgp
    • support ssh commit signing (when user.signingKey and gpg.format = ssh of gitconfig are set; ssh-agent isn't yet supported)
    • provide nightly builds (see NIGHTLIES.md)
    • more version info in gitui -V and help popup (including git hash)
    • support core.commitChar filtering
    • allow reset in branch popup
    • respect configuration for remote when pushing Changed:
    • Make info and error message popups scrollable
    • clarify x8664 linux binary in artifact names: gitui-linux-x8664.tar.gz (formerly known as musl) Fixes:
    • add syntax highlighting support for more file types, e.g. Typescript, TOML, etc.

  • Update to version 0.25.1: Added:

    • support for new-line in text-input (e.g. commit message editor)
    • add syntax highlighting for blame view
    • allow aborting pending commit log search
    • theme.ron now supports customizing line break symbol
    • add confirmation for dialog for undo commit
    • support prepare-commit-msg hook
    • new style blocktitlefocused to allow customizing title text of focused frame/block
    • allow fetch command in both tabs of branchlist popup
    • check branch name validity while typing Changed:
    • do not allow tagging when tag.gpgsign enabled until gpg-signing is supported Fixes:
    • bump yanked dependency bumpalo to fix build from source
    • pin ratatui version to fix building without locked cargo install gitui
    • stash window empty after file history popup closes
    • allow push to empty remote
    • better diagnostics for theme file loading
    • fix ordering of commits in diff view

  • Update to version 0.24.3:

    • log: fix major lag when going beyond last search hit
    • parallelise log search - performance gain ~100%
    • search message body/summary separately
    • fix commit log not updating after branch switch
    • fix stashlist not updating after pop/drop
    • fix commit log corruption when tabbing in/out while parsing log
    • fix performance problem in big repo with a lot of incoming commits
    • fix error switching to a branch with '/' in the name
    • search commits by message, author or files in diff
    • support 'n'/'p' key to move to the next/prev hunk in diff component
    • simplify theme overrides
    • support for sign-off of commits
    • switched from textwrap to bwrap for text wrapping
    • more logging diagnostics when a repo cannot be
    • added to anaconda
    • visualize empty line substituted with content in diff better
    • checkout branch works with non-empty status report
    • jump to commit by SHA
    • fix commit dialog char count for multibyte characters
    • fix wrong hit highlighting in fuzzy find popup
    • fix symlink support for configuration files
    • fix expansion of ~ in commit.template
    • fix hunk (un)staging/reset for # of context lines != 3
    • fix delay when opening external editor

  • Update to version 0.23.0

    • Breaking Change
      • focusXYZ key bindings are merged into the moveXYZ set, so only one way to bind arrow-like keys from now on
    • Added
      • allow reset (soft,mixed,hard) from commit log
      • support reword of commit from log
      • fuzzy find branch
      • list changes in commit message inside external editor
      • allow detaching HEAD and checking out specific commit from log view
      • add no-verify option on commits to not run hooks
      • allow fetch on status tab
      • allow copy file path on revision files and status tree
      • print message of where log will be written if -l is set
      • show remote branches in log
    • Fixes
      • fixed side effect of crossterm 0.26 on windows that caused double input of all keys
      • commit msg history ordered the wrong way
      • improve help documentation for amend cmd
      • lag issue when showing files tab
      • fix key binding shown in bottom bar for stashopen
      • --bugreport does not require param
      • edit-file command shown on commits msg
      • crash on branches popup in small terminal
      • edit command duplication
      • syntax errors in keybindings.ron will be logged
      • Fix UI freeze when copying with xclip installed on Linux
      • Fix UI freeze when copying with wl-copy installed on Linux
      • commit hooks report 'command not found' on Windows with wsl2 installed
      • crashes on entering submodules
      • fix race issue: revlog messages sometimes appear empty
      • default to tick-based updates
      • add support for options handling in log and stashes views
    • Changed
      • minimum supported rust version bumped to 1.65 (thank you time crate)
References

Affected packages

SUSE:Package Hub 15 SP5 / gitui

Package

Name
gitui
Purl
purl:rpm/suse/gitui&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.26.2-bp155.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "gitui": "0.26.2-bp155.2.3.1"
        }
    ]
}

openSUSE:Leap 15.5 / gitui

Package

Name
gitui
Purl
purl:rpm/suse/gitui&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.26.2-bp155.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "gitui": "0.26.2-bp155.2.3.1"
        }
    ]
}