pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/devel/libgit2 Update to 0.26.3



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a0bd9aae9695
branches:  trunk
changeset: 377968:a0bd9aae9695
user:      ryoon <ryoon%pkgsrc.org@localhost>
date:      Sun Mar 25 08:23:50 2018 +0000

description:
Update to 0.26.3

* Fix some security bugs

Changelog:
0.26.3
This is a bugfix release. It includes the following non-exclusive list of
improvements, which have been backported from the master branch:

    Fix cloning of the libgit2 project with git clone --recursive by removing an
    invalid submodule from our testing data.

    Fix endianness of the port in p_getaddrinfo().

    Fix handling of negative gitignore rules with wildcards.

    Fix handling of case-insensitive negative gitignore rules.

    Fix resolving references to a tag if the reference is stored with its fully
    resolved OID in the packed-refs file.

    Fix checkout not treating worktree files as modified when only their mode has
    changed.

    Fix rename detection with GIT_DIFF_FIND_RENAMES_FROM_REWRITES.

    Enable Windows 7 and earlier to use TLS 1.2.

0.26.2
This is a security release fixing memory handling issues when reading crafted
repository index files. The issues allow for possible denial of service due to
allocation of large memory and out-of-bound reads.

As the index is never transferred via the network, exploitation requires an
attacker to have access to the local repository.

0.26.1
This is a security release that includes an update to the bundled zlib
to update it to 1.2.11. Users who build the bundled zlib are vulnerable
to security issues in the prior version.

This does not affect you if you rely on a system-installed version of zlib.
All users of v0.26.0 who use the bundled zlib should upgrade to this release.

diffstat:

 devel/libgit2/Makefile |   5 ++---
 devel/libgit2/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 8 deletions(-)

diffs (28 lines):

diff -r c22ff8f82983 -r a0bd9aae9695 devel/libgit2/Makefile
--- a/devel/libgit2/Makefile    Sun Mar 25 08:02:58 2018 +0000
+++ b/devel/libgit2/Makefile    Sun Mar 25 08:23:50 2018 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.22 2018/01/01 21:18:21 adam Exp $
+# $NetBSD: Makefile,v 1.23 2018/03/25 08:23:50 ryoon Exp $
 
-DISTNAME=      libgit2-0.26.0
-PKGREVISION=   2
+DISTNAME=      libgit2-0.26.3
 CATEGORIES=    devel
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=libgit2/}
 GITHUB_TAG=    v${PKGVERSION_NOREV}
diff -r c22ff8f82983 -r a0bd9aae9695 devel/libgit2/distinfo
--- a/devel/libgit2/distinfo    Sun Mar 25 08:02:58 2018 +0000
+++ b/devel/libgit2/distinfo    Sun Mar 25 08:23:50 2018 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.9 2017/07/31 14:18:20 taca Exp $
+$NetBSD: distinfo,v 1.10 2018/03/25 08:23:50 ryoon Exp $
 
-SHA1 (libgit2-0.26.0.tar.gz) = 7e9792e3d2ee88719f0d7cb59737256bfc1cddbb
-RMD160 (libgit2-0.26.0.tar.gz) = f2c7a593ffeed7cfd25593d35f585a2e2a7eb2cc
-SHA512 (libgit2-0.26.0.tar.gz) = 988c616c99637f2c1f80c498de34820296b78c0601669475eba9d194490cfd2047131987e63a799599277893e5741f9bcc226ffa594327356047ed563f07d346
-Size (libgit2-0.26.0.tar.gz) = 4697149 bytes
+SHA1 (libgit2-0.26.3.tar.gz) = 5eaa62b5842bee9048465452fe640c93fc79ca7d
+RMD160 (libgit2-0.26.3.tar.gz) = f5a9a6d72e55a0f9b59842773e525b5426b5c2ef
+SHA512 (libgit2-0.26.3.tar.gz) = abcd3a904bed05c1f200be2ffbc2c44cebd1b548459ee834d5635c5eaf7bcd551a4993bcc1cb9fbeae9ea990c5ebc07655007ff4e623fa7c697f326c0ce12c3e
+Size (libgit2-0.26.3.tar.gz) = 4728289 bytes



Home | Main Index | Thread Index | Old Index