openSUSE Security Update: Security update for gitui ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0135-1 Rating: moderate References: #1218264 Cross-References: CVE-2023-48795 CVSS scores: CVE-2023-48795 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2023-48795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gitui fixes the following issues: - update to version 0.26.2: * respect configuration for remote when fetching (also applies to pulling) * add : character to sign-off trailer to comply with Conventional Commits standard * support overriding build_date for reproducible builds - update vendored dependencies for CVE-2023-48795 (boo#1218264) - Update to version 0.26.1: Added: * sign commits using openpgp * support ssh commit signing (when user.signingKey and gpg.format = ssh of gitconfig are set; ssh-agent isn't yet supported) * provide nightly builds (see NIGHTLIES.md) * more version info in gitui -V and help popup (including git hash) * support core.commitChar filtering * allow reset in branch popup * respect configuration for remote when pushing Changed: * Make info and error message popups scrollable * clarify x86_64 linux binary in artifact names: gitui-linux-x86_64.tar.gz (formerly known as musl) Fixes: * add syntax highlighting support for more file types, e.g. Typescript, TOML, etc. - Update to version 0.25.1: Added: * support for new-line in text-input (e.g. commit message editor) * add syntax highlighting for blame view * allow aborting pending commit log search * theme.ron now supports customizing line break symbol * add confirmation for dialog for undo commit * support prepare-commit-msg hook * new style block_title_focused to allow customizing title text of focused frame/block * allow fetch command in both tabs of branchlist popup * check branch name validity while typing Changed: * do not allow tagging when tag.gpgsign enabled until gpg-signing is supported Fixes: * bump yanked dependency bumpalo to fix build from source * pin ratatui version to fix building without locked cargo install gitui * stash window empty after file history popup closes * allow push to empty remote * better diagnostics for theme file loading * fix ordering of commits in diff view - Update to version 0.24.3: * log: fix major lag when going beyond last search hit * parallelise log search - performance gain ~100% * search message body/summary separately * fix commit log not updating after branch switch * fix stashlist not updating after pop/drop * fix commit log corruption when tabbing in/out while parsing log * fix performance problem in big repo with a lot of incoming commits * fix error switching to a branch with '/' in the name * search commits by message, author or files in diff * support 'n'/'p' key to move to the next/prev hunk in diff component * simplify theme overrides * support for sign-off of commits * switched from textwrap to bwrap for text wrapping * more logging diagnostics when a repo cannot be * added to anaconda * visualize empty line substituted with content in diff better * checkout branch works with non-empty status report * jump to commit by SHA * fix commit dialog char count for multibyte characters * fix wrong hit highlighting in fuzzy find popup * fix symlink support for configuration files * fix expansion of ~ in commit.template * fix hunk (un)staging/reset for # of context lines != 3 * fix delay when opening external editor - Update to version 0.23.0 - Breaking Change * focus_XYZ key bindings are merged into the move_XYZ set, so only one way to bind arrow-like keys from now on - Added * allow reset (soft,mixed,hard) from commit log * support reword of commit from log * fuzzy find branch * list changes in commit message inside external editor * allow detaching HEAD and checking out specific commit from log view * add no-verify option on commits to not run hooks * allow fetch on status tab * allow copy file path on revision files and status tree * print message of where log will be written if -l is set * show remote branches in log - Fixes * fixed side effect of crossterm 0.26 on windows that caused double input of all keys * commit msg history ordered the wrong way * improve help documentation for amend cmd * lag issue when showing files tab * fix key binding shown in bottom bar for stash_open * --bugreport does not require param * edit-file command shown on commits msg * crash on branches popup in small terminal * edit command duplication * syntax errors in key_bindings.ron will be logged * Fix UI freeze when copying with xclip installed on Linux * Fix UI freeze when copying with wl-copy installed on Linux * commit hooks report "command not found" on Windows with wsl2 installed * crashes on entering submodules * fix race issue: revlog messages sometimes appear empty * default to tick-based updates * add support for options handling in log and stashes views - Changed * minimum supported rust version bumped to 1.65 (thank you time crate) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-135=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): gitui-0.26.2-bp155.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-48795.html https://bugzilla.suse.com/1218264