Pullup ticket #5191 - requested by taca devel/libgit2: security fix Revisions pulled up: - devel/libgit2/Makefile 1.14-1.16 - devel/libgit2/PLIST 1.6 - devel/libgit2/distinfo 1.8 --- Module Name: pkgsrc Committed By: wiz Date: Sun Jan 1 14:44:09 UTC 2017 Modified Files: [...] pkgsrc/devel/libgit2: Makefile [...] Log Message: Add python-3.6 to incompatible versions. --- Module Name: pkgsrc Committed By: adam Date: Sun Jan 1 16:06:40 UTC 2017 Modified Files: [...] pkgsrc/devel/libgit2: Makefile [...] Log Message: Revbump after boost update --- Module Name: pkgsrc Committed By: taca Date: Wed Jan 11 00:11:24 UTC 2017 Modified Files: pkgsrc/devel/libgit2: Makefile PLIST distinfo Log Message: Update libgit2 to 0.25.1, it includes security problem. For full changes, please refer CHANGESLOG.md file. * libgit2 v0.24.6 and libgit2 v0.25.1, January 9th, 2017 Includes two fixes, one performs extra sanitization for some edge cases in the Git Smart Protocol which can lead to attempting to parse outside of the buffer. The second fix affects the certificate check callback. It provides a valid parameter to indicate whether the native cryptographic library considered the certificate to be correct. This parameter is always 1/true before these releases leading to a possible MITM. This does not affect you if you do not use the custom certificate callback or if you do not take this value into account. This does affect you if you use pygit2 or git2go regardless of whether you specify a certificate check callback.diff -r1.13 -r1.13.2.1 pkgsrc/devel/libgit2/Makefile
(bsiegert)
| @@ -1,27 +1,26 @@ | @@ -1,27 +1,26 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.13 2016/10/07 18:25:43 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.13.2.1 2017/01/13 20:34:41 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= libgit2-0.24.1 | 3 | DISTNAME= libgit2-0.25.1 | |
| 4 | PKGREVISION= 1 | |||
| 5 | CATEGORIES= devel | 4 | CATEGORIES= devel | |
| 6 | MASTER_SITES= ${MASTER_SITE_GITHUB:=libgit2/} | 5 | MASTER_SITES= ${MASTER_SITE_GITHUB:=libgit2/} | |
| 7 | GITHUB_TAG= v${PKGVERSION_NOREV} | 6 | GITHUB_TAG= v${PKGVERSION_NOREV} | |
| 8 | 7 | |||
| 9 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 10 | HOMEPAGE= https://libgit2.github.com/ | 9 | HOMEPAGE= https://libgit2.github.com/ | |
| 11 | COMMENT= Portable, pure C implementation of the Git core methods | 10 | COMMENT= Portable, pure C implementation of the Git core methods | |
| 12 | LICENSE= gnu-gpl-v2 # linking exception (linking allowed in more ways) | 11 | LICENSE= gnu-gpl-v2 # linking exception (linking allowed in more ways) | |
| 13 | 12 | |||
| 14 | EXTRACT_USING= bsdtar | 13 | EXTRACT_USING= bsdtar | |
| 15 | USE_TOOLS+= pkg-config | 14 | USE_TOOLS+= pkg-config | |
| 16 | USE_CMAKE= yes | 15 | USE_CMAKE= yes | |
| 17 | 16 | |||
| 18 | PKGCONFIG_OVERRIDE+= libgit2.pc.in | 17 | PKGCONFIG_OVERRIDE+= libgit2.pc.in | |
| 19 | PYTHON_VERSIONS_INCOMPATIBLE= 34 35 # not yet ported as of 0.21.1 | 18 | PYTHON_VERSIONS_INCOMPATIBLE= 34 35 36 # not yet ported as of 0.21.1 | |
| 20 | 19 | |||
| 21 | .include "../../devel/zlib/buildlink3.mk" | 20 | .include "../../devel/zlib/buildlink3.mk" | |
| 22 | .include "../../security/libssh2/buildlink3.mk" | 21 | .include "../../security/libssh2/buildlink3.mk" | |
| 23 | .include "../../security/openssl/buildlink3.mk" | 22 | .include "../../security/openssl/buildlink3.mk" | |
| 24 | .include "../../lang/python/pyversion.mk" | 23 | .include "../../lang/python/pyversion.mk" | |
| 25 | .include "../../www/curl/buildlink3.mk" | 24 | .include "../../www/curl/buildlink3.mk" | |
| 26 | .include "../../www/http-parser/buildlink3.mk" | 25 | .include "../../www/http-parser/buildlink3.mk" | |
| 27 | .include "../../mk/bsd.pkg.mk" | 26 | .include "../../mk/bsd.pkg.mk" |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | @comment $NetBSD: PLIST,v 1.5 2016/08/30 10:24:40 jperkin Exp $ | 1 | @comment $NetBSD: PLIST,v 1.5.4.1 2017/01/13 20:34:41 bsiegert Exp $ | |
| 2 | include/git2.h | 2 | include/git2.h | |
| 3 | include/git2/annotated_commit.h | 3 | include/git2/annotated_commit.h | |
| 4 | include/git2/attr.h | 4 | include/git2/attr.h | |
| 5 | include/git2/blame.h | 5 | include/git2/blame.h | |
| 6 | include/git2/blob.h | 6 | include/git2/blob.h | |
| 7 | include/git2/branch.h | 7 | include/git2/branch.h | |
| 8 | include/git2/buffer.h | 8 | include/git2/buffer.h | |
| 9 | include/git2/checkout.h | 9 | include/git2/checkout.h | |
| 10 | include/git2/cherrypick.h | 10 | include/git2/cherrypick.h | |
| 11 | include/git2/clone.h | 11 | include/git2/clone.h | |
| 12 | include/git2/commit.h | 12 | include/git2/commit.h | |
| 13 | include/git2/common.h | 13 | include/git2/common.h | |
| 14 | include/git2/config.h | 14 | include/git2/config.h | |
| @@ -25,56 +25,60 @@ include/git2/indexer.h | @@ -25,56 +25,60 @@ include/git2/indexer.h | |||
| 25 | include/git2/inttypes.h | 25 | include/git2/inttypes.h | |
| 26 | include/git2/merge.h | 26 | include/git2/merge.h | |
| 27 | include/git2/message.h | 27 | include/git2/message.h | |
| 28 | include/git2/net.h | 28 | include/git2/net.h | |
| 29 | include/git2/notes.h | 29 | include/git2/notes.h | |
| 30 | include/git2/object.h | 30 | include/git2/object.h | |
| 31 | include/git2/odb.h | 31 | include/git2/odb.h | |
| 32 | include/git2/odb_backend.h | 32 | include/git2/odb_backend.h | |
| 33 | include/git2/oid.h | 33 | include/git2/oid.h | |
| 34 | include/git2/oidarray.h | 34 | include/git2/oidarray.h | |
| 35 | include/git2/pack.h | 35 | include/git2/pack.h | |
| 36 | include/git2/patch.h | 36 | include/git2/patch.h | |
| 37 | include/git2/pathspec.h | 37 | include/git2/pathspec.h | |
| 38 | include/git2/proxy.h | |||
| 38 | include/git2/rebase.h | 39 | include/git2/rebase.h | |
| 39 | include/git2/refdb.h | 40 | include/git2/refdb.h | |
| 40 | include/git2/reflog.h | 41 | include/git2/reflog.h | |
| 41 | include/git2/refs.h | 42 | include/git2/refs.h | |
| 42 | include/git2/refspec.h | 43 | include/git2/refspec.h | |
| 43 | include/git2/remote.h | 44 | include/git2/remote.h | |
| 44 | include/git2/repository.h | 45 | include/git2/repository.h | |
| 45 | include/git2/reset.h | 46 | include/git2/reset.h | |
| 46 | include/git2/revert.h | 47 | include/git2/revert.h | |
| 47 | include/git2/revparse.h | 48 | include/git2/revparse.h | |
| 48 | include/git2/revwalk.h | 49 | include/git2/revwalk.h | |
| 49 | include/git2/signature.h | 50 | include/git2/signature.h | |
| 50 | include/git2/stash.h | 51 | include/git2/stash.h | |
| 51 | include/git2/status.h | 52 | include/git2/status.h | |
| 52 | include/git2/stdint.h | 53 | include/git2/stdint.h | |
| 53 | include/git2/strarray.h | 54 | include/git2/strarray.h | |
| 54 | include/git2/submodule.h | 55 | include/git2/submodule.h | |
| 55 | include/git2/sys/commit.h | 56 | include/git2/sys/commit.h | |
| 56 | include/git2/sys/config.h | 57 | include/git2/sys/config.h | |
| 57 | include/git2/sys/diff.h | 58 | include/git2/sys/diff.h | |
| 58 | include/git2/sys/filter.h | 59 | include/git2/sys/filter.h | |
| 59 | include/git2/sys/hashsig.h | 60 | include/git2/sys/hashsig.h | |
| 60 | include/git2/sys/index.h | 61 | include/git2/sys/index.h | |
| 61 | include/git2/sys/mempack.h | 62 | include/git2/sys/mempack.h | |
| 63 | include/git2/sys/merge.h | |||
| 62 | include/git2/sys/odb_backend.h | 64 | include/git2/sys/odb_backend.h | |
| 63 | include/git2/sys/openssl.h | 65 | include/git2/sys/openssl.h | |
| 64 | include/git2/sys/refdb_backend.h | 66 | include/git2/sys/refdb_backend.h | |
| 65 | include/git2/sys/reflog.h | 67 | include/git2/sys/reflog.h | |
| 66 | include/git2/sys/refs.h | 68 | include/git2/sys/refs.h | |
| 69 | include/git2/sys/remote.h | |||
| 67 | include/git2/sys/repository.h | 70 | include/git2/sys/repository.h | |
| 68 | include/git2/sys/stream.h | 71 | include/git2/sys/stream.h | |
| 72 | include/git2/sys/time.h | |||
| 69 | include/git2/sys/transport.h | 73 | include/git2/sys/transport.h | |
| 70 | include/git2/tag.h | 74 | include/git2/tag.h | |
| 71 | include/git2/trace.h | 75 | include/git2/trace.h | |
| 72 | include/git2/transaction.h | 76 | include/git2/transaction.h | |
| 73 | include/git2/transport.h | 77 | include/git2/transport.h | |
| 74 | include/git2/tree.h | 78 | include/git2/tree.h | |
| 75 | include/git2/types.h | 79 | include/git2/types.h | |
| 76 | include/git2/version.h | 80 | include/git2/version.h | |
| 77 | lib/libgit2.so | 81 | lib/libgit2.so | |
| 78 | lib/libgit2.so.0.24.0 | 82 | lib/libgit2.so.0.25.1 | |
| 79 | lib/libgit2.so.24 | 83 | lib/libgit2.so.25 | |
| 80 | lib/pkgconfig/libgit2.pc | 84 | lib/pkgconfig/libgit2.pc |
| @@ -1,6 +1,6 @@ | @@ -1,6 +1,6 @@ | |||
| 1 | $NetBSD: distinfo,v 1.7 2016/08/30 10:24:40 jperkin Exp $ | 1 | $NetBSD: distinfo,v 1.7.4.1 2017/01/13 20:34:41 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (libgit2-0.24.1.tar.gz) = 198ac53d713c521d940951ab5d6b90b75b941918 | 3 | SHA1 (libgit2-0.25.1.tar.gz) = c65238d0e0a698b202a3a886d003228cac6dacc3 | |
| 4 | RMD160 (libgit2-0.24.1.tar.gz) = c9c75373fedb66c1732d472dda05dfc4fe40d5fa | 4 | RMD160 (libgit2-0.25.1.tar.gz) = a9f3315d22f79e1955761f156117105781aea442 | |
| 5 | SHA512 (libgit2-0.24.1.tar.gz) = 7ad06cef694a293eb90569b042270425f1d012c1c9de8db595dd841942072110bc5342f0d9782479abbba355f5db170b9dad778e79dd23857003e9668cdc1e13 | 5 | SHA512 (libgit2-0.25.1.tar.gz) = bbd0d27c95406b548185ce02e2a9288a9dcb8c3b28476ba20f4f4917f6bd67f1ddee80de3054d30b79cdb9d973c3061a15ea7847c79bfa4e0c62e41d5195cb99 | |
| 6 | Size (libgit2-0.24.1.tar.gz) = 4173317 bytes | 6 | Size (libgit2-0.25.1.tar.gz) = 4252130 bytes |