[pkgsrc/pkgsrc-2016Q4]: pkgsrc/devel/libgit2 Pullup ticket #5191 - requested ...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2016Q4]: pkgsrc/devel/libgit2 Pullup ticket #5191 - requested ...
From: bsiegert <bsiegert%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 12:52:31 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ec33371248a0
branches:  pkgsrc-2016Q4
changeset: 408712:ec33371248a0
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Fri Jan 13 20:34:41 2017 +0000

description:
Pullup ticket #5191 - requested by taca
devel/libgit2: security fix

Revisions pulled up:
- devel/libgit2/Makefile                                        1.14-1.16
- devel/libgit2/PLIST                                           1.6
- devel/libgit2/distinfo                                        1.8

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Sun Jan  1 14:44:09 UTC 2017

   Modified Files:
        [...]
        pkgsrc/devel/libgit2: Makefile
        [...]

   Log Message:
   Add python-3.6 to incompatible versions.

---
   Module Name: pkgsrc
   Committed By:        adam
   Date:                Sun Jan  1 16:06:40 UTC 2017

   Modified Files:
        [...]
        pkgsrc/devel/libgit2: Makefile
        [...]

   Log Message:
   Revbump after boost update

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Wed Jan 11 00:11:24 UTC 2017

   Modified Files:
        pkgsrc/devel/libgit2: Makefile PLIST distinfo

   Log Message:
   Update libgit2 to 0.25.1, it includes security problem.

   For full changes, please refer CHANGESLOG.md file.

   * libgit2 v0.24.6 and libgit2 v0.25.1, January 9th, 2017

   Includes two fixes, one performs extra sanitization for some edge cases in
   the Git Smart Protocol which can lead to attempting to parse outside of the
   buffer.

   The second fix affects the certificate check callback. It provides a valid
   parameter to indicate whether the native cryptographic library considered
   the certificate to be correct. This parameter is always 1/true before these
   releases leading to a possible MITM.

   This does not affect you if you do not use the custom certificate callback
   or if you do not take this value into account. This does affect you if you
   use pygit2 or git2go regardless of whether you specify a certificate check
   callback.

diffstat:

 devel/libgit2/Makefile |   7 +++----
 devel/libgit2/PLIST    |  10 +++++++---
 devel/libgit2/distinfo |  10 +++++-----
 3 files changed, 15 insertions(+), 12 deletions(-)

diffs (80 lines):

diff -r 6b9c80459b66 -r ec33371248a0 devel/libgit2/Makefile
--- a/devel/libgit2/Makefile    Fri Jan 13 20:21:02 2017 +0000
+++ b/devel/libgit2/Makefile    Fri Jan 13 20:34:41 2017 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.13 2016/10/07 18:25:43 adam Exp $
+# $NetBSD: Makefile,v 1.13.2.1 2017/01/13 20:34:41 bsiegert Exp $
 
-DISTNAME=      libgit2-0.24.1
-PKGREVISION=   1
+DISTNAME=      libgit2-0.25.1
 CATEGORIES=    devel
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=libgit2/}
 GITHUB_TAG=    v${PKGVERSION_NOREV}
@@ -16,7 +15,7 @@
 USE_CMAKE=     yes
 
 PKGCONFIG_OVERRIDE+=   libgit2.pc.in
-PYTHON_VERSIONS_INCOMPATIBLE=  34 35 # not yet ported as of 0.21.1
+PYTHON_VERSIONS_INCOMPATIBLE=  34 35 36 # not yet ported as of 0.21.1
 
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../security/libssh2/buildlink3.mk"
diff -r 6b9c80459b66 -r ec33371248a0 devel/libgit2/PLIST
--- a/devel/libgit2/PLIST       Fri Jan 13 20:21:02 2017 +0000
+++ b/devel/libgit2/PLIST       Fri Jan 13 20:34:41 2017 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.5 2016/08/30 10:24:40 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.5.4.1 2017/01/13 20:34:41 bsiegert Exp $
 include/git2.h
 include/git2/annotated_commit.h
 include/git2/attr.h
@@ -35,6 +35,7 @@
 include/git2/pack.h
 include/git2/patch.h
 include/git2/pathspec.h
+include/git2/proxy.h
 include/git2/rebase.h
 include/git2/refdb.h
 include/git2/reflog.h
@@ -59,13 +60,16 @@
 include/git2/sys/hashsig.h
 include/git2/sys/index.h
 include/git2/sys/mempack.h
+include/git2/sys/merge.h
 include/git2/sys/odb_backend.h
 include/git2/sys/openssl.h
 include/git2/sys/refdb_backend.h
 include/git2/sys/reflog.h
 include/git2/sys/refs.h
+include/git2/sys/remote.h
 include/git2/sys/repository.h
 include/git2/sys/stream.h
+include/git2/sys/time.h
 include/git2/sys/transport.h
 include/git2/tag.h
 include/git2/trace.h
@@ -75,6 +79,6 @@
 include/git2/types.h
 include/git2/version.h
 lib/libgit2.so
-lib/libgit2.so.0.24.0
-lib/libgit2.so.24
+lib/libgit2.so.0.25.1
+lib/libgit2.so.25
 lib/pkgconfig/libgit2.pc
diff -r 6b9c80459b66 -r ec33371248a0 devel/libgit2/distinfo
--- a/devel/libgit2/distinfo    Fri Jan 13 20:21:02 2017 +0000
+++ b/devel/libgit2/distinfo    Fri Jan 13 20:34:41 2017 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.7 2016/08/30 10:24:40 jperkin Exp $
+$NetBSD: distinfo,v 1.7.4.1 2017/01/13 20:34:41 bsiegert Exp $
 
-SHA1 (libgit2-0.24.1.tar.gz) = 198ac53d713c521d940951ab5d6b90b75b941918
-RMD160 (libgit2-0.24.1.tar.gz) = c9c75373fedb66c1732d472dda05dfc4fe40d5fa
-SHA512 (libgit2-0.24.1.tar.gz) = 7ad06cef694a293eb90569b042270425f1d012c1c9de8db595dd841942072110bc5342f0d9782479abbba355f5db170b9dad778e79dd23857003e9668cdc1e13
-Size (libgit2-0.24.1.tar.gz) = 4173317 bytes
+SHA1 (libgit2-0.25.1.tar.gz) = c65238d0e0a698b202a3a886d003228cac6dacc3
+RMD160 (libgit2-0.25.1.tar.gz) = a9f3315d22f79e1955761f156117105781aea442
+SHA512 (libgit2-0.25.1.tar.gz) = bbd0d27c95406b548185ce02e2a9288a9dcb8c3b28476ba20f4f4917f6bd67f1ddee80de3054d30b79cdb9d973c3061a15ea7847c79bfa4e0c62e41d5195cb99
+Size (libgit2-0.25.1.tar.gz) = 4252130 bytes

Prev by Date: [pkgsrc/pkgsrc-2016Q4]: pkgsrc/doc Record latest pullup tickets.
Next by Date: [pkgsrc/pkgsrc-2016Q4]: pkgsrc/net/bind99 Pullup ticket #5190 - requested by ...
Previous by Thread: [pkgsrc/pkgsrc-2016Q4]: pkgsrc/doc Record latest pullup tickets.
Next by Thread: [pkgsrc/pkgsrc-2016Q4]: pkgsrc/net/bind99 Pullup ticket #5190 - requested by ...
Indexes:

Home | Main Index | Thread Index | Old Index