pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2020Q1] pkgsrc/devel
Module Name: pkgsrc
Committed By: bsiegert
Date: Wed May 6 09:53:00 UTC 2020
Modified Files:
pkgsrc/devel/git [pkgsrc-2020Q1]: Makefile.version
pkgsrc/devel/git-base [pkgsrc-2020Q1]: distinfo
Log Message:
Pullup ticket #6181 - requested by leot
devel/git-base: security fix
(via patch)
---
git: Update to 2.25.4
Changes:
2.25.4
------
This release is to address the security issue: CVE-2020-11008
* With a crafted URL that contains a newline or empty host, or lacks
a scheme, the credential helper machinery can be fooled into
providing credential information that is not appropriate for the
protocol in use and host being contacted.
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
credentials are not for a host of the attacker's choosing; instead,
they are for some unspecified host (based on how the configured
credential helper handles an absent "host" parameter).
The attack has been made impossible by refusing to work with
under-specified credential patterns.
Credit for finding the vulnerability goes to Carlo Arenas.
To generate a diff of this commit:
cvs rdiff -u -r1.85.2.1 -r1.85.2.2 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.97.2.1 -r1.97.2.2 pkgsrc/devel/git-base/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/devel/git/Makefile.version
diff -u pkgsrc/devel/git/Makefile.version:1.85.2.1 pkgsrc/devel/git/Makefile.version:1.85.2.2
--- pkgsrc/devel/git/Makefile.version:1.85.2.1 Fri Apr 17 12:20:47 2020
+++ pkgsrc/devel/git/Makefile.version Wed May 6 09:53:00 2020
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile.version,v 1.85.2.1 2020/04/17 12:20:47 bsiegert Exp $
+# $NetBSD: Makefile.version,v 1.85.2.2 2020/05/06 09:53:00 bsiegert Exp $
#
# used by devel/git/Makefile.common
# used by devel/git-cvs/Makefile
# used by devel/git-svn/Makefile
-GIT_VERSION= 2.25.3
+GIT_VERSION= 2.25.4
Index: pkgsrc/devel/git-base/distinfo
diff -u pkgsrc/devel/git-base/distinfo:1.97.2.1 pkgsrc/devel/git-base/distinfo:1.97.2.2
--- pkgsrc/devel/git-base/distinfo:1.97.2.1 Fri Apr 17 12:20:48 2020
+++ pkgsrc/devel/git-base/distinfo Wed May 6 09:53:00 2020
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.97.2.1 2020/04/17 12:20:48 bsiegert Exp $
+$NetBSD: distinfo,v 1.97.2.2 2020/05/06 09:53:00 bsiegert Exp $
-SHA1 (git-2.25.3.tar.xz) = 925036762cefe2da375cc458e93ed346b4504eeb
-RMD160 (git-2.25.3.tar.xz) = 8490494c86a60a3d4f144740cc46fe16a00abc6a
-SHA512 (git-2.25.3.tar.xz) = 1ea2f0727baa29200f33469463c3b6db04a2e228e83ff552faa47fefe31063d92966d7502b2f13546c36cfc2756d42d71a26e41141c0fb972af9d6760f3aa471
-Size (git-2.25.3.tar.xz) = 5878708 bytes
+SHA1 (git-2.25.4.tar.xz) = 7fb514cf5682b21fc0829428ceae0ff1544b7dfa
+RMD160 (git-2.25.4.tar.xz) = a04c830a714df73e777d0c84ae5bb32fe18e8a82
+SHA512 (git-2.25.4.tar.xz) = ca2ecc561d06dbb393fe47d445f0d69423d114766d9bcc125ef1d6d37e350ad903c456540cea420c1a51635b750cde3901e4196f29ce95b315fda11270173450
+Size (git-2.25.4.tar.xz) = 5880976 bytes
SHA1 (patch-Documentation_Makefile) = 6025adac0fbb4b403f3954e6dac9d690dfb22daa
SHA1 (patch-Makefile) = 73741b9d9a1b32bb47db48a7c546c4ff10fb41d6
SHA1 (patch-builtin_receive-pack.c) = 271df08d874a11b41f33aade64352040bc028fa2
Home |
Main Index |
Thread Index |
Old Index