Sat Nov 25 08:49:05 2017 UTC ()
Pullup ticket #5646 - requested by he
devel/git-base: security fix
Revisions pulled up:
- devel/git-base/Makefile 1.46
- devel/git-base/distinfo 1.71-1.72
- devel/git/Makefile.version 1.62-1.63
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Sep 27 06:37:47 UTC 2017
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: Makefile distinfo
Log Message:
git: update to 2.14.2
Fixes since v2.14.1
* Because recent Git for Windows do come with a real msgfmt, the
build procedure for git-gui has been updated to use it instead of a
hand-rolled substitute.
* "%C(color name)" in the pretty print format always produced ANSI
color escape codes, which was an early design mistake. They now
honor the configuration (e.g. "color.ui = never") and also tty-ness
of the output medium.
* The http.{sslkey,sslCert} configuration variables are to be
interpreted as a pathname that honors "~[username]/" prefix, but
weren't, which has been fixed.
* Numerous bugs in walking of reflogs via "log -g" and friends have
been fixed.
* "git commit" when seeing an totally empty message said "you did not
edit the message", which is clearly wrong. The message has been
corrected.
* When a directory is not readable, "gitweb" fails to build the
project list. Work this around by skipping such a directory.
* A recently added test for the "credential-cache" helper revealed
that EOF detection done around the time the connection to the cache
daemon is torn down were flaky. This was fixed by reacting to
ECONNRESET and behaving as if we got an EOF.
* Some versions of GnuPG fail to kill gpg-agent it auto-spawned
and such a left-over agent can interfere with a test. Work it
around by attempting to kill one before starting a new test.
* "git log --tag=no-such-tag" showed log starting from HEAD, which
has been fixed---it now shows nothing.
* The "tag.pager" configuration variable was useless for those who
actually create tag objects, as it interfered with the use of an
editor. A new mechanism has been introduced for commands to enable
pager depending on what operation is being carried out to fix this,
and then "git tag -l" is made to run pager by default.
* "git push --recurse-submodules $there HEAD:$target" was not
propagated down to the submodules, but now it is.
* Commands like "git rebase" accepted the --rerere-autoupdate option
from the command line, but did not always use it. This has been
fixed.
* "git clone --recurse-submodules --quiet" did not pass the quiet
option down to submodules.
* "git am -s" has been taught that some input may end with a trailer
block that is not Signed-off-by: and it should refrain from adding
an extra blank line before adding a new sign-off in such a case.
* "git svn" used with "--localtime" option did not compute the tz
offset for the timestamp in question and instead always used the
current time, which has been corrected.
* Memory leaks in a few error codepaths have been plugged.
* bash 4.4 or newer gave a warning on NUL byte in command
substitution done in "git stash"; this has been squelched.
* "git grep -L" and "git grep --quiet -L" reported different exit
codes; this has been corrected.
* When handshake with a subprocess filter notices that the process
asked for an unknown capability, Git did not report what program
the offending subprocess was running. This has been corrected.
* "git apply" that is used as a better "patch -p1" failed to apply a
taken from a file with CRLF line endings to a file with CRLF line
endings. The root cause was because it misused convert_to_git()
that tried to do "safe-crlf" processing by looking at the index
entry at the same path, which is a nonsense---in that mode, "apply"
is not working on the data in (or derived from) the index at all.
This has been fixed.
* Killing "git merge --edit" before the editor returns control left
the repository in a state with MERGE_MSG but without MERGE_HEAD,
which incorrectly tells the subsequent "git commit" that there was
a squash merge in progress. This has been fixed.
* "git archive" did not work well with pathspecs and the
export-ignore attribute.
* "git cvsserver" no longer is invoked by "git daemon" by default,
as it is old and largely unmaintained.
* Various Perl scripts did not use safe_pipe_capture() instead of
backticks, leaving them susceptible to end-user input. They have
been corrected.
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Oct 24 06:43:24 UTC 2017
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: distinfo
Log Message:
git: updated to 2.14.3
Git v2.14.3 Release Notes
Fixes since v2.14.2
* A helper function to read a single whole line into strbuf
mistakenly triggered OOM error at EOF under certain conditions,
which has been fixed.
* In addition to "cc: <a@dd.re.ss> # cruft", "cc: a@dd.re.ss # cruft"
was taught to "git send-email" as a valid way to tell it that it
needs to also send a carbon copy to <a@dd.re.ss> in the trailer
section.
* Fix regression to "gitk --bisect" by a recent update.
* Unlike "git commit-tree < file", "git commit-tree -F file" did not
pass the contents of the file verbatim and instead completed an
incomplete line at the end, if exists. The latter has been updated
to match the behaviour of the former.
* "git archive", especially when used with pathspec, stored an empty
directory in its output, even though Git itself never does so.
This has been fixed.
* API error-proofing which happens to also squelch warnings from GCC.
* "git gc" tries to avoid running two instances at the same time by
reading and writing pid/host from and to a lock file; it used to
use an incorrect fscanf() format when reading, which has been
corrected.
* The test linter has been taught that we do not like "echo -e".
* Code cmp.std.c nitpick.
* "git describe --match" learned to take multiple patterns in v2.13
series, but the feature ignored the patterns after the first one
and did not work at all. This has been fixed.
* "git cat-file --textconv" started segfaulting recently, which
has been corrected.
* The built-in pattern to detect the "function header" for HTML did
not match <H1>..<H6> elements without any attributes, which has
been fixed.
* "git mailinfo" was loose in decoding quoted printable and produced
garbage when the two letters after the equal sign are not
hexadecimal. This has been fixed.
* The documentation for '-X<option>' for merges was misleadingly
written to suggest that "-s theirs" exists, which is not the case.
* Spell the name of our system as "Git" in the output from
request-pull script.
* Fixes for a handful memory access issues identified by valgrind.
* Backports a moral equivalent of 2015 fix to the poll emulation from
the upstream gnulib to fix occasional breakages on HPE NonStop.
* In the "--format=..." option of the "git for-each-ref" command (and
its friends, i.e. the listing mode of "git branch/tag"), "%(atom:)"
(e.g. "%(refname:)", "%(body:)" used to error out. Instead, treat
them as if the colon and an empty string that follows it were not
there.
* Users with "color.ui = always" in their configuration were broken
by a recent change that made plumbing commands to pay attention to
them as the patch created internally by "git add -p" were colored
(heh) and made unusable. This has been fixed.
* "git branch -M a b" while on a branch that is completely unrelated
to either branch a or branch b misbehaved when multiple worktree
was in use. This has been fixed.
* "git fast-export" with -M/-C option issued "copy" instruction on a
path that is simultaneously modified, which was incorrect.
* The checkpoint command "git fast-import" did not flush updates to
refs and marks unless at least one object was created since the
last checkpoint, which has been corrected, as these things can
happen without any new object getting created.
* The scripts to drive TravisCI has been reorganized and then an
optimization to avoid spending cycles on a branch whose tip is
tagged has been implemented.
* "git fetch <there> <src>:<dst>" allows an object name on the <src>
side when the other side accepts such a request since Git v2.5, but
the documentation was left stale.
* A regression in 2.11 that made the code to read the list of
alternate object stores overrun the end of the string has been
fixed.
Also contains various documentation updates and code clean-ups.
(bsiegert)
diff -r1.61 -r1.61.4.1 pkgsrc/devel/git/Makefile.version
diff -r1.45 -r1.45.4.1 pkgsrc/devel/git-base/Makefile
diff -r1.70 -r1.70.4.1 pkgsrc/devel/git-base/distinfo
--- pkgsrc/devel/git/Makefile.version 2017/08/12 22:05:15 1.61
+++ pkgsrc/devel/git/Makefile.version 2017/11/25 08:49:05 1.61.4.1
| @@ -1,7 +1,7 @@ | | | @@ -1,7 +1,7 @@ |
| 1 | # $NetBSD: Makefile.version,v 1.61 2017/08/12 22:05:15 adam Exp $ | | 1 | # $NetBSD: Makefile.version,v 1.61.4.1 2017/11/25 08:49:05 bsiegert Exp $ |
| 2 | # | | 2 | # |
| 3 | # used by devel/git/Makefile.common | | 3 | # used by devel/git/Makefile.common |
| 4 | # used by devel/git-cvs/Makefile | | 4 | # used by devel/git-cvs/Makefile |
| 5 | # used by devel/git-svn/Makefile | | 5 | # used by devel/git-svn/Makefile |
| 6 | | | 6 | |
| 7 | GIT_VERSION= 2.14.1 | | 7 | GIT_VERSION= 2.14.3 |
--- pkgsrc/devel/git-base/Makefile 2017/08/24 20:03:10 1.45
+++ pkgsrc/devel/git-base/Makefile 2017/11/25 08:49:05 1.45.4.1
| @@ -1,16 +1,15 @@ | | | @@ -1,16 +1,15 @@ |
| 1 | # $NetBSD: Makefile,v 1.45 2017/08/24 20:03:10 adam Exp $ | | 1 | # $NetBSD: Makefile,v 1.45.4.1 2017/11/25 08:49:05 bsiegert Exp $ |
| 2 | | | 2 | |
| 3 | PKGREVISION= 2 | | | |
| 4 | .include "../../devel/git/Makefile.common" | | 3 | .include "../../devel/git/Makefile.common" |
| 5 | | | 4 | |
| 6 | PKGNAME= git-base-${GIT_VERSION} | | 5 | PKGNAME= git-base-${GIT_VERSION} |
| 7 | COMMENT= GIT Tree History Storage Tool (base package) | | 6 | COMMENT= GIT Tree History Storage Tool (base package) |
| 8 | | | 7 | |
| 9 | CONFLICTS+= scmgit-base-[0-9]* | | 8 | CONFLICTS+= scmgit-base-[0-9]* |
| 10 | SUPERSEDES+= scmgit-base-[0-9]* | | 9 | SUPERSEDES+= scmgit-base-[0-9]* |
| 11 | | | 10 | |
| 12 | DEPENDS+= p5-Error>=0.17015:../../devel/p5-Error | | 11 | DEPENDS+= p5-Error>=0.17015:../../devel/p5-Error |
| 13 | # for git-send-email | | 12 | # for git-send-email |
| 14 | #DEPENDS+= {perl>=5.13.8,p5-MIME-Base64>=3.13}:../../converters/p5-MIME-Base64 | | 13 | #DEPENDS+= {perl>=5.13.8,p5-MIME-Base64>=3.13}:../../converters/p5-MIME-Base64 |
| 15 | DEPENDS+= p5-Email-Valid>=0.190:../../mail/p5-Email-Valid | | 14 | DEPENDS+= p5-Email-Valid>=0.190:../../mail/p5-Email-Valid |
| 16 | DEPENDS+= p5-MailTools>=2.11:../../mail/p5-MailTools | | 15 | DEPENDS+= p5-MailTools>=2.11:../../mail/p5-MailTools |
--- pkgsrc/devel/git-base/distinfo 2017/08/12 22:05:15 1.70
+++ pkgsrc/devel/git-base/distinfo 2017/11/25 08:49:05 1.70.4.1
| @@ -1,15 +1,15 @@ | | | @@ -1,15 +1,15 @@ |
| 1 | $NetBSD: distinfo,v 1.70 2017/08/12 22:05:15 adam Exp $ | | 1 | $NetBSD: distinfo,v 1.70.4.1 2017/11/25 08:49:05 bsiegert Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (git-2.14.1.tar.xz) = 33af2185b1a99ea6581f270d0bb497ca1ca015a8 | | 3 | SHA1 (git-2.14.3.tar.xz) = 47f7889ff046cbd37a4aeb20c8e65f2f19df9b14 |
| 4 | RMD160 (git-2.14.1.tar.xz) = 20883121f8b167d52cd54107e78a9d8a0a7502a9 | | 4 | RMD160 (git-2.14.3.tar.xz) = f88e0b91da03e8475dbf5550bbc1d4b826d536cd |
| 5 | SHA512 (git-2.14.1.tar.xz) = bee35ad9c6a0d0588045ec2fe5f6987cb1eeb3961cdf33cd9b51ae52017969131ea4ec09908f9b30944f85b0daa99614fb42c248c9c8dac5f21a90e2866c33b4 | | 5 | SHA512 (git-2.14.3.tar.xz) = e32e9ff904cbc2a77d78ca08953e3b69ac527c333a898dd053806e3d7e684ad4ae153ae7663b7ff9c16e2414c3189878a2e6c95fe9320b4af6cb1e7fa5102643 |
| 6 | Size (git-2.14.1.tar.xz) = 4791876 bytes | | 6 | Size (git-2.14.3.tar.xz) = 4802252 bytes |
| 7 | SHA1 (patch-aa) = a58f3c2f45c1fbafd751d10b9ef34e6c9afc2c6f | | 7 | SHA1 (patch-aa) = a58f3c2f45c1fbafd751d10b9ef34e6c9afc2c6f |
| 8 | SHA1 (patch-ac) = e5d2112d158fe493a89b244a10d2e4b998a23d98 | | 8 | SHA1 (patch-ac) = e5d2112d158fe493a89b244a10d2e4b998a23d98 |
| 9 | SHA1 (patch-ae) = 9bc2e6c7f0a8fbc385b6ffda638d3245a62dc5ca | | 9 | SHA1 (patch-ae) = 9bc2e6c7f0a8fbc385b6ffda638d3245a62dc5ca |
| 10 | SHA1 (patch-af) = 06460f220b4703a1ff98809006ec1aed5017bb23 | | 10 | SHA1 (patch-af) = 06460f220b4703a1ff98809006ec1aed5017bb23 |
| 11 | SHA1 (patch-ag) = 4f0b9a5745203ea7ef369c8272b3ea7c644762f0 | | 11 | SHA1 (patch-ag) = 4f0b9a5745203ea7ef369c8272b3ea7c644762f0 |
| 12 | SHA1 (patch-ah) = f22a2160631fb624e9e20616c68ad1a4aa2bebc7 | | 12 | SHA1 (patch-ah) = f22a2160631fb624e9e20616c68ad1a4aa2bebc7 |
| 13 | SHA1 (patch-ai) = 56b63d4790a11f5eb128186ad5efdd1bcf102f2e | | 13 | SHA1 (patch-ai) = 56b63d4790a11f5eb128186ad5efdd1bcf102f2e |
| 14 | SHA1 (patch-config.mak.uname) = 5316873147acf5b6ef29e426946280bb6441c886 | | 14 | SHA1 (patch-config.mak.uname) = 5316873147acf5b6ef29e426946280bb6441c886 |
| 15 | SHA1 (patch-wrapper.c) = 1fb629ec301d0431cb5bebd716b1c3a7ae45577f | | 15 | SHA1 (patch-wrapper.c) = 1fb629ec301d0431cb5bebd716b1c3a7ae45577f |