pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/devel/py-dulwich
Module Name: pkgsrc
Committed By: adam
Date: Mon Jun 22 09:56:51 UTC 2026
Modified Files:
pkgsrc/devel/py-dulwich: Makefile distinfo
Log Message:
py-dulwich: updated to 1.2.6
1.2.6 2026-05-31
* SECURITY: Honor ``core.protectNTFS``/``core.protectHFS`` on all
work-tree updates. The 1.2.5 path hardening (CVE-2026-42305) only
reached ``checkout`` and ``reset``; ``update_working_tree`` (used by
``merge``, ``pull`` and others) fell back to the default validator, so
a crafted branch could still check out an NTFS-unsafe name such as
``git~2`` even with ``core.protectNTFS=true``.
(Jelmer Vernooij; reported by donovan-jasper)
* SECURITY: Reject patch target paths that escape the work tree in
``apply_patches``. Patch headers are untrusted (e.g. ``git am`` of a
mailbox), so a ``+++``/rename path such as ``../../etc/cron.d/x`` or an
absolute path was joined onto the repo path and written outside the
working tree. Such paths are now refused.
(netliomax25-code)
* ``porcelain``: Validate caller-supplied paths in ``checkout``,
``restore`` and ``reset_file`` before writing, as defense in depth, so a
``.git`` or ``..`` component (including NTFS/HFS ``.git`` aliases) cannot
escape the work tree or write into the control directory.
(Jelmer Vernooij)
* Remove the ``force_remove_untracked`` argument from
``index.update_working_tree``. It had been a no-op since the function
was rewritten to apply changes from a diff iterator, and removing
untracked files is not part of ``reset --hard`` semantics.
(Jelmer Vernooij)
To generate a diff of this commit:
cvs rdiff -u -r1.81 -r1.82 pkgsrc/devel/py-dulwich/Makefile
cvs rdiff -u -r1.76 -r1.77 pkgsrc/devel/py-dulwich/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/devel/py-dulwich/Makefile
diff -u pkgsrc/devel/py-dulwich/Makefile:1.81 pkgsrc/devel/py-dulwich/Makefile:1.82
--- pkgsrc/devel/py-dulwich/Makefile:1.81 Fri May 29 10:17:51 2026
+++ pkgsrc/devel/py-dulwich/Makefile Mon Jun 22 09:56:51 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.81 2026/05/29 10:17:51 adam Exp $
+# $NetBSD: Makefile,v 1.82 2026/06/22 09:56:51 adam Exp $
-DISTNAME= dulwich-1.2.5
+DISTNAME= dulwich-1.2.6
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
CATEGORIES= devel python
MASTER_SITES= ${MASTER_SITE_PYPI:=d/dulwich/}
Index: pkgsrc/devel/py-dulwich/distinfo
diff -u pkgsrc/devel/py-dulwich/distinfo:1.76 pkgsrc/devel/py-dulwich/distinfo:1.77
--- pkgsrc/devel/py-dulwich/distinfo:1.76 Fri May 29 10:17:51 2026
+++ pkgsrc/devel/py-dulwich/distinfo Mon Jun 22 09:56:51 2026
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.76 2026/05/29 10:17:51 adam Exp $
+$NetBSD: distinfo,v 1.77 2026/06/22 09:56:51 adam Exp $
BLAKE2s (bstr-1.12.1.crate) = bf738250e22e04ffa6d9ae59e16bec4997bc7307983bb39e1672cea8cba81d6f
SHA512 (bstr-1.12.1.crate) = 63a1e62d43c4dce00f287421b1ec76accbbab7f0897c8df26227f533af325896c0c8921a873f4125381e7b89fbb69a4358a96698ec6ee61191955464ff1c84ac
Size (bstr-1.12.1.crate) = 354916 bytes
-BLAKE2s (dulwich-1.2.5.tar.gz) = a7866afef015c15ae8e885263b018eed2c03c3ac2a6d493dd65c8fa4142032e9
-SHA512 (dulwich-1.2.5.tar.gz) = 60a4bded1e8cb8cbb3139b74fdc3f0610398cd41337b3076728e3b9b9977416731149b7945ca8422c43c0c426870efc609dae3a1008083478edcec5df4e6232a
-Size (dulwich-1.2.5.tar.gz) = 1253230 bytes
+BLAKE2s (dulwich-1.2.6.tar.gz) = 30d41edf19c8c70191ffdfce505e21ccda278287ab70a7a8136c8ef726b83374
+SHA512 (dulwich-1.2.6.tar.gz) = 5be90b5fa1d806970e6fd3c5a70749e48c9639d614b199b25afd5f3725d8fe201b43cfd69a8f45840bf883df3f0e4f5db1bf54ebf3b6dab3caf1373e265eab7d
+Size (dulwich-1.2.6.tar.gz) = 1257895 bytes
BLAKE2s (heck-0.5.0.crate) = 0bc71a5746c9d1e7c913d096fb68f1d422464744e18adc592540b291882f5660
SHA512 (heck-0.5.0.crate) = f044fc9c3d22466629fd8f772ec0555350fd611c0cfadca51d99a3d2f10e155f77c1091916c8a95a6b9b499f366c2e99a5fbf45b010f988bfb9b2501bf9f6a76
Size (heck-0.5.0.crate) = 11517 bytes
Home |
Main Index |
Thread Index |
Old Index