CVS commit: pkgsrc/devel/libgit2

["Ryo ONODERA" <ryoon%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   ryoon
Date:           Sun Mar 25 08:23:50 UTC 2018

Modified Files:
        pkgsrc/devel/libgit2: Makefile distinfo

Log Message:
Update to 0.26.3

* Fix some security bugs

Changelog:
0.26.3
This is a bugfix release. It includes the following non-exclusive list of
improvements, which have been backported from the master branch:

    Fix cloning of the libgit2 project with git clone --recursive by removing an
    invalid submodule from our testing data.

    Fix endianness of the port in p_getaddrinfo().

    Fix handling of negative gitignore rules with wildcards.

    Fix handling of case-insensitive negative gitignore rules.

    Fix resolving references to a tag if the reference is stored with its fully
    resolved OID in the packed-refs file.

    Fix checkout not treating worktree files as modified when only their mode has
    changed.

    Fix rename detection with GIT_DIFF_FIND_RENAMES_FROM_REWRITES.

    Enable Windows 7 and earlier to use TLS 1.2.

0.26.2
This is a security release fixing memory handling issues when reading crafted
repository index files. The issues allow for possible denial of service due to
allocation of large memory and out-of-bound reads.

As the index is never transferred via the network, exploitation requires an
attacker to have access to the local repository.

0.26.1
This is a security release that includes an update to the bundled zlib
to update it to 1.2.11. Users who build the bundled zlib are vulnerable
to security issues in the prior version.

This does not affect you if you rely on a system-installed version of zlib.
All users of v0.26.0 who use the bundled zlib should upgrade to this release.


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 pkgsrc/devel/libgit2/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/libgit2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/libgit2/Makefile
diff -u pkgsrc/devel/libgit2/Makefile:1.22 pkgsrc/devel/libgit2/Makefile:1.23
--- pkgsrc/devel/libgit2/Makefile:1.22  Mon Jan  1 21:18:21 2018
+++ pkgsrc/devel/libgit2/Makefile       Sun Mar 25 08:23:50 2018
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.22 2018/01/01 21:18:21 adam Exp $
+# $NetBSD: Makefile,v 1.23 2018/03/25 08:23:50 ryoon Exp $
 
-DISTNAME=      libgit2-0.26.0
-PKGREVISION=   2
+DISTNAME=      libgit2-0.26.3
 CATEGORIES=    devel
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=libgit2/}
 GITHUB_TAG=    v${PKGVERSION_NOREV}

Index: pkgsrc/devel/libgit2/distinfo
diff -u pkgsrc/devel/libgit2/distinfo:1.9 pkgsrc/devel/libgit2/distinfo:1.10
--- pkgsrc/devel/libgit2/distinfo:1.9   Mon Jul 31 14:18:20 2017
+++ pkgsrc/devel/libgit2/distinfo       Sun Mar 25 08:23:50 2018
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.9 2017/07/31 14:18:20 taca Exp $
+$NetBSD: distinfo,v 1.10 2018/03/25 08:23:50 ryoon Exp $
 
-SHA1 (libgit2-0.26.0.tar.gz) = 7e9792e3d2ee88719f0d7cb59737256bfc1cddbb
-RMD160 (libgit2-0.26.0.tar.gz) = f2c7a593ffeed7cfd25593d35f585a2e2a7eb2cc
-SHA512 (libgit2-0.26.0.tar.gz) = 988c616c99637f2c1f80c498de34820296b78c0601669475eba9d194490cfd2047131987e63a799599277893e5741f9bcc226ffa594327356047ed563f07d346
-Size (libgit2-0.26.0.tar.gz) = 4697149 bytes
+SHA1 (libgit2-0.26.3.tar.gz) = 5eaa62b5842bee9048465452fe640c93fc79ca7d
+RMD160 (libgit2-0.26.3.tar.gz) = f5a9a6d72e55a0f9b59842773e525b5426b5c2ef
+SHA512 (libgit2-0.26.3.tar.gz) = abcd3a904bed05c1f200be2ffbc2c44cebd1b548459ee834d5635c5eaf7bcd551a4993bcc1cb9fbeae9ea990c5ebc07655007ff4e623fa7c697f326c0ce12c3e
+Size (libgit2-0.26.3.tar.gz) = 4728289 bytes