pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/devel/libgit2 Update libgit2 to 0.25.1, it includes se...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/c92ccbf22014
branches:  trunk
changeset: 357015:c92ccbf22014
user:      taca <taca%pkgsrc.org@localhost>
date:      Wed Jan 11 00:11:24 2017 +0000

description:
Update libgit2 to 0.25.1, it includes security problem.

For full changes, please refer CHANGESLOG.md file.

* libgit2 v0.24.6 and libgit2 v0.25.1, January 9th, 2017

Includes two fixes, one performs extra sanitization for some edge cases in
the Git Smart Protocol which can lead to attempting to parse outside of the
buffer.

The second fix affects the certificate check callback. It provides a valid
parameter to indicate whether the native cryptographic library considered
the certificate to be correct. This parameter is always 1/true before these
releases leading to a possible MITM.

This does not affect you if you do not use the custom certificate callback
or if you do not take this value into account. This does affect you if you
use pygit2 or git2go regardless of whether you specify a certificate check
callback.

diffstat:

 devel/libgit2/Makefile |   5 ++---
 devel/libgit2/PLIST    |  10 +++++++---
 devel/libgit2/distinfo |  10 +++++-----
 3 files changed, 14 insertions(+), 11 deletions(-)

diffs (71 lines):

diff -r 444cadb1302e -r c92ccbf22014 devel/libgit2/Makefile
--- a/devel/libgit2/Makefile    Tue Jan 10 23:10:01 2017 +0000
+++ b/devel/libgit2/Makefile    Wed Jan 11 00:11:24 2017 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.15 2017/01/01 16:06:09 adam Exp $
+# $NetBSD: Makefile,v 1.16 2017/01/11 00:11:24 taca Exp $
 
-DISTNAME=      libgit2-0.24.1
-PKGREVISION=   2
+DISTNAME=      libgit2-0.25.1
 CATEGORIES=    devel
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=libgit2/}
 GITHUB_TAG=    v${PKGVERSION_NOREV}
diff -r 444cadb1302e -r c92ccbf22014 devel/libgit2/PLIST
--- a/devel/libgit2/PLIST       Tue Jan 10 23:10:01 2017 +0000
+++ b/devel/libgit2/PLIST       Wed Jan 11 00:11:24 2017 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.5 2016/08/30 10:24:40 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.6 2017/01/11 00:11:24 taca Exp $
 include/git2.h
 include/git2/annotated_commit.h
 include/git2/attr.h
@@ -35,6 +35,7 @@
 include/git2/pack.h
 include/git2/patch.h
 include/git2/pathspec.h
+include/git2/proxy.h
 include/git2/rebase.h
 include/git2/refdb.h
 include/git2/reflog.h
@@ -59,13 +60,16 @@
 include/git2/sys/hashsig.h
 include/git2/sys/index.h
 include/git2/sys/mempack.h
+include/git2/sys/merge.h
 include/git2/sys/odb_backend.h
 include/git2/sys/openssl.h
 include/git2/sys/refdb_backend.h
 include/git2/sys/reflog.h
 include/git2/sys/refs.h
+include/git2/sys/remote.h
 include/git2/sys/repository.h
 include/git2/sys/stream.h
+include/git2/sys/time.h
 include/git2/sys/transport.h
 include/git2/tag.h
 include/git2/trace.h
@@ -75,6 +79,6 @@
 include/git2/types.h
 include/git2/version.h
 lib/libgit2.so
-lib/libgit2.so.0.24.0
-lib/libgit2.so.24
+lib/libgit2.so.0.25.1
+lib/libgit2.so.25
 lib/pkgconfig/libgit2.pc
diff -r 444cadb1302e -r c92ccbf22014 devel/libgit2/distinfo
--- a/devel/libgit2/distinfo    Tue Jan 10 23:10:01 2017 +0000
+++ b/devel/libgit2/distinfo    Wed Jan 11 00:11:24 2017 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.7 2016/08/30 10:24:40 jperkin Exp $
+$NetBSD: distinfo,v 1.8 2017/01/11 00:11:24 taca Exp $
 
-SHA1 (libgit2-0.24.1.tar.gz) = 198ac53d713c521d940951ab5d6b90b75b941918
-RMD160 (libgit2-0.24.1.tar.gz) = c9c75373fedb66c1732d472dda05dfc4fe40d5fa
-SHA512 (libgit2-0.24.1.tar.gz) = 7ad06cef694a293eb90569b042270425f1d012c1c9de8db595dd841942072110bc5342f0d9782479abbba355f5db170b9dad778e79dd23857003e9668cdc1e13
-Size (libgit2-0.24.1.tar.gz) = 4173317 bytes
+SHA1 (libgit2-0.25.1.tar.gz) = c65238d0e0a698b202a3a886d003228cac6dacc3
+RMD160 (libgit2-0.25.1.tar.gz) = a9f3315d22f79e1955761f156117105781aea442
+SHA512 (libgit2-0.25.1.tar.gz) = bbd0d27c95406b548185ce02e2a9288a9dcb8c3b28476ba20f4f4917f6bd67f1ddee80de3054d30b79cdb9d973c3061a15ea7847c79bfa4e0c62e41d5195cb99
+Size (libgit2-0.25.1.tar.gz) = 4252130 bytes



Home | Main Index | Thread Index | Old Index