Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id D8F897A16D for ; Wed, 11 Jan 2017 00:11:25 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 4688B85793; Wed, 11 Jan 2017 00:11:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id CBF8C85786 for ; Wed, 11 Jan 2017 00:11:24 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id ZEvTBN3vZQSm for ; Wed, 11 Jan 2017 00:11:24 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 4492085581 for ; Wed, 11 Jan 2017 00:11:24 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 3F40BFBA6; Wed, 11 Jan 2017 00:11:24 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1484093484214730" MIME-Version: 1.0 Date: Wed, 11 Jan 2017 00:11:24 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/devel/libgit2 To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20170111001124.3F40BFBA6@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk This is a multi-part message in MIME format. --_----------=_1484093484214730 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Wed Jan 11 00:11:24 UTC 2017 Modified Files: pkgsrc/devel/libgit2: Makefile PLIST distinfo Log Message: Update libgit2 to 0.25.1, it includes security problem. For full changes, please refer CHANGESLOG.md file. * libgit2 v0.24.6 and libgit2 v0.25.1, January 9th, 2017 Includes two fixes, one performs extra sanitization for some edge cases in the Git Smart Protocol which can lead to attempting to parse outside of the buffer. The second fix affects the certificate check callback. It provides a valid parameter to indicate whether the native cryptographic library considered the certificate to be correct. This parameter is always 1/true before these releases leading to a possible MITM. This does not affect you if you do not use the custom certificate callback or if you do not take this value into account. This does affect you if you use pygit2 or git2go regardless of whether you specify a certificate check callback. To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/libgit2/Makefile cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/libgit2/PLIST cvs rdiff -u -r1.7 -r1.8 pkgsrc/devel/libgit2/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1484093484214730 Content-Disposition: inline Content-Length: 2969 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/devel/libgit2/Makefile diff -u pkgsrc/devel/libgit2/Makefile:1.15 pkgsrc/devel/libgit2/Makefile:1.16 --- pkgsrc/devel/libgit2/Makefile:1.15 Sun Jan 1 16:06:09 2017 +++ pkgsrc/devel/libgit2/Makefile Wed Jan 11 00:11:24 2017 @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.15 2017/01/01 16:06:09 adam Exp $ +# $NetBSD: Makefile,v 1.16 2017/01/11 00:11:24 taca Exp $ -DISTNAME= libgit2-0.24.1 -PKGREVISION= 2 +DISTNAME= libgit2-0.25.1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_GITHUB:=libgit2/} GITHUB_TAG= v${PKGVERSION_NOREV} Index: pkgsrc/devel/libgit2/PLIST diff -u pkgsrc/devel/libgit2/PLIST:1.5 pkgsrc/devel/libgit2/PLIST:1.6 --- pkgsrc/devel/libgit2/PLIST:1.5 Tue Aug 30 10:24:40 2016 +++ pkgsrc/devel/libgit2/PLIST Wed Jan 11 00:11:24 2017 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.5 2016/08/30 10:24:40 jperkin Exp $ +@comment $NetBSD: PLIST,v 1.6 2017/01/11 00:11:24 taca Exp $ include/git2.h include/git2/annotated_commit.h include/git2/attr.h @@ -35,6 +35,7 @@ include/git2/oidarray.h include/git2/pack.h include/git2/patch.h include/git2/pathspec.h +include/git2/proxy.h include/git2/rebase.h include/git2/refdb.h include/git2/reflog.h @@ -59,13 +60,16 @@ include/git2/sys/filter.h include/git2/sys/hashsig.h include/git2/sys/index.h include/git2/sys/mempack.h +include/git2/sys/merge.h include/git2/sys/odb_backend.h include/git2/sys/openssl.h include/git2/sys/refdb_backend.h include/git2/sys/reflog.h include/git2/sys/refs.h +include/git2/sys/remote.h include/git2/sys/repository.h include/git2/sys/stream.h +include/git2/sys/time.h include/git2/sys/transport.h include/git2/tag.h include/git2/trace.h @@ -75,6 +79,6 @@ include/git2/tree.h include/git2/types.h include/git2/version.h lib/libgit2.so -lib/libgit2.so.0.24.0 -lib/libgit2.so.24 +lib/libgit2.so.0.25.1 +lib/libgit2.so.25 lib/pkgconfig/libgit2.pc Index: pkgsrc/devel/libgit2/distinfo diff -u pkgsrc/devel/libgit2/distinfo:1.7 pkgsrc/devel/libgit2/distinfo:1.8 --- pkgsrc/devel/libgit2/distinfo:1.7 Tue Aug 30 10:24:40 2016 +++ pkgsrc/devel/libgit2/distinfo Wed Jan 11 00:11:24 2017 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.7 2016/08/30 10:24:40 jperkin Exp $ +$NetBSD: distinfo,v 1.8 2017/01/11 00:11:24 taca Exp $ -SHA1 (libgit2-0.24.1.tar.gz) = 198ac53d713c521d940951ab5d6b90b75b941918 -RMD160 (libgit2-0.24.1.tar.gz) = c9c75373fedb66c1732d472dda05dfc4fe40d5fa -SHA512 (libgit2-0.24.1.tar.gz) = 7ad06cef694a293eb90569b042270425f1d012c1c9de8db595dd841942072110bc5342f0d9782479abbba355f5db170b9dad778e79dd23857003e9668cdc1e13 -Size (libgit2-0.24.1.tar.gz) = 4173317 bytes +SHA1 (libgit2-0.25.1.tar.gz) = c65238d0e0a698b202a3a886d003228cac6dacc3 +RMD160 (libgit2-0.25.1.tar.gz) = a9f3315d22f79e1955761f156117105781aea442 +SHA512 (libgit2-0.25.1.tar.gz) = bbd0d27c95406b548185ce02e2a9288a9dcb8c3b28476ba20f4f4917f6bd67f1ddee80de3054d30b79cdb9d973c3061a15ea7847c79bfa4e0c62e41d5195cb99 +Size (libgit2-0.25.1.tar.gz) = 4252130 bytes --_----------=_1484093484214730--