commit: 1b09be3a529bb6950072367492c59ba476f340c0 Author: Haelwenn (lanodan) Monnier <contact <AT> hacktivis <DOT> me> AuthorDate: Thu Jul 7 07:24:34 2022 +0000 Commit: Haelwenn Monnier <contact <AT> hacktivis <DOT> me> CommitDate: Thu Jul 7 07:25:50 2022 +0000 URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=1b09be3a
app-misc/mat2: Security version bump, 0.13.0 Security issue is allowing path traversal when dealing with archives, allowing to extract data from the system on file cleanup. Details: https://dustri.org/b/mat2-0130.html Signed-off-by: Haelwenn (lanodan) Monnier <contact <AT> hacktivis.me> app-misc/mat2/Manifest | 3 ++- app-misc/mat2/{mat2-0.12.4.ebuild => mat2-0.13.0.ebuild} | 9 +++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/app-misc/mat2/Manifest b/app-misc/mat2/Manifest index 9fb45e9e8..df8d9cf93 100644 --- a/app-misc/mat2/Manifest +++ b/app-misc/mat2/Manifest @@ -1 +1,2 @@ -DIST mat2-0.12.4.tar.gz 10464411 BLAKE2B 161d92dfea16c7ab5a09e9271b5cd4fbd64ddeaca18187395ff3ffb5671d5fc5d98c70d2a081c566148cbed7b6c9923ca87f732552d0172cb841030edbf70192 SHA512 20936c80d0fa31dae9ee14c3d853c0e63a87b2d3ad5838a17bdbbc3e7cb4cf73462c9a9573d2aeab6e4ab0d6c18ce24c63a80e1a7cd044724c8ecc639d13da80 +DIST mat2-0.13.0.tar.gz 11784441 BLAKE2B 5f864a1b2dcce8d6e466fccfc66ad42ac079443b6668daaaf82c2870cddfa1b1227ed842431b2550e8e9435a58831b5b97782c89ac8e55da6573f2087cace09d SHA512 398732e2093c3167a2bb30325bbe5c738f8ac1c36213c63163a02a45b1005cde912f88318655e79276fac8df63c8fee41772eb0e3a53895c20d9c7ba3be16c6c +DIST mat2-0.13.0.tar.gz.asc 833 BLAKE2B d9219377efcb3283965e55b0e60809381e285371466b48ed3bf344b34204885e0f1ac1360ae49a2b550774f051689624310a58259a5053ff7bb25616a667525d SHA512 6a2fb2a672a91f6eaa45d53d6c17bed888ee7c7e1c5d01a5830c5394881593662596a853da2d46ab1eec4b0e87aff902b8af97c042b6429889042c95c58c0bf7 diff --git a/app-misc/mat2/mat2-0.12.4.ebuild b/app-misc/mat2/mat2-0.13.0.ebuild similarity index 74% rename from app-misc/mat2/mat2-0.12.4.ebuild rename to app-misc/mat2/mat2-0.13.0.ebuild index b85df8ffc..c842d5b91 100644 --- a/app-misc/mat2/mat2-0.12.4.ebuild +++ b/app-misc/mat2/mat2-0.13.0.ebuild @@ -6,11 +6,14 @@ EAPI=8 PYTHON_COMPAT=(python3_{8..11}) PYTHON_REQ_USE="xml(+)" -inherit distutils-r1 optfeature +inherit distutils-r1 optfeature verify-sig DESCRIPTION="Metadata Anonymisation Toolkit: handy tool to trash your metadata" HOMEPAGE="https://0xacab.org/jvoisin/mat2" -SRC_URI="https://0xacab.org/jvoisin/${PN}/-/archive/${PV}/${P}.tar.gz" +SRC_URI=" + https://0xacab.org/jvoisin/${PN}/-/archive/${PV}/${P}.tar.gz + verify-sig? ( https://0xacab.org/jvoisin/mat2/uploads/b8b7bce2a45aa6c1b2b48432025b2fef/mat2-0.13.0.tar.gz.asc ) +" LICENSE="LGPL-3" SLOT="0" @@ -22,12 +25,14 @@ RDEPEND=" media-libs/mutagen:0[${PYTHON_USEDEP}] " BDEPEND=" + verify-sig? ( sec-keys/openpgp-keys-jvoisin ) test? ( media-libs/exiftool:* media-video/ffmpeg[mp3,vorbis] x11-libs/gdk-pixbuf:2[jpeg,tiff] ) " +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/jvoisin.asc DOCS=( doc {CHANGELOG,CONTRIBUTING,INSTALL,README}.md )