pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/devel git: Update to 2.26.2



details:   https://anonhg.NetBSD.org/pkgsrc/rev/3cf224e9e2b4
branches:  trunk
changeset: 427794:3cf224e9e2b4
user:      leot <leot%pkgsrc.org@localhost>
date:      Mon Apr 20 20:03:32 2020 +0000

description:
git: Update to 2.26.2

Changes:
2.26.2
------
This release is to address the security issue: CVE-2020-11008

 * With a crafted URL that contains a newline or empty host, or lacks
   a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the
   protocol in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Credit for finding the vulnerability goes to Carlo Arenas.

diffstat:

 devel/git-base/distinfo    |  10 +++++-----
 devel/git/Makefile.version |   4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (31 lines):

diff -r 21296f9cb812 -r 3cf224e9e2b4 devel/git-base/distinfo
--- a/devel/git-base/distinfo   Mon Apr 20 19:51:50 2020 +0000
+++ b/devel/git-base/distinfo   Mon Apr 20 20:03:32 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.99 2020/04/14 18:27:31 leot Exp $
+$NetBSD: distinfo,v 1.100 2020/04/20 20:03:32 leot Exp $
 
-SHA1 (git-2.26.1.tar.xz) = 9ec4ef53d157cb376aaedc0ca529d3857c3f8bf6
-RMD160 (git-2.26.1.tar.xz) = a5ec065b66bfc3bb8baa42f7f864e73595d99fc6
-SHA512 (git-2.26.1.tar.xz) = 1defa0d94e26e474abd47ec8a0c43c05152e10a5aca5f1aee7480ef0db9f5abd03275fefb7c4e0ee816199c87c0b2a13c164c5f7aa5ff36cafdacf27b3573785
-Size (git-2.26.1.tar.xz) = 6006104 bytes
+SHA1 (git-2.26.2.tar.xz) = bdb5eb6c014d7c372be70782a5155d964abe2c08
+RMD160 (git-2.26.2.tar.xz) = d73cfb9020e0a346c954d607b5301e2dd0d9b818
+SHA512 (git-2.26.2.tar.xz) = 5d92d07b171c5cd6e89a29c1211c73c1c900cd51c74d690aebfb4a3d0e93b541b09b42b6d6a1a82f5c3d953096771f9a8605c63be139f559f58698c1a0eabcfc
+Size (git-2.26.2.tar.xz) = 6007864 bytes
 SHA1 (patch-Documentation_Makefile) = 6025adac0fbb4b403f3954e6dac9d690dfb22daa
 SHA1 (patch-Makefile) = 73741b9d9a1b32bb47db48a7c546c4ff10fb41d6
 SHA1 (patch-builtin_receive-pack.c) = 271df08d874a11b41f33aade64352040bc028fa2
diff -r 21296f9cb812 -r 3cf224e9e2b4 devel/git/Makefile.version
--- a/devel/git/Makefile.version        Mon Apr 20 19:51:50 2020 +0000
+++ b/devel/git/Makefile.version        Mon Apr 20 20:03:32 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile.version,v 1.87 2020/04/14 18:27:31 leot Exp $
+# $NetBSD: Makefile.version,v 1.88 2020/04/20 20:03:32 leot Exp $
 #
 # used by devel/git/Makefile.common
 # used by devel/git-cvs/Makefile
 # used by devel/git-svn/Makefile
 
-GIT_VERSION=   2.26.1
+GIT_VERSION=   2.26.2



Home | Main Index | Thread Index | Old Index