Mon Oct 7 09:14:48 2019 UTC ()
Pullup ticket #6068 - requested by nia
devel/libgit2: security fix

Revisions pulled up:
- devel/libgit2/Makefile                                        1.40
- devel/libgit2/distinfo                                        1.18

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Sun Oct  6 12:18:30 UTC 2019

   Modified Files:
   	pkgsrc/devel/libgit2: Makefile distinfo

   Log Message:
   libgit2: Update to 0.28.3

   This is a security release fixing the following issues:

       A carefully constructed commit object with a very large number
       of parents may lead to potential out-of-bounds writes or
       potential denial of service.

       The ProgramData configuration file is always read for compatibility
       with Git for Windows and Portable Git installations. The ProgramData
       location is not necessarily writable only by administrators, so we
       now ensure that the configuration file is owned by the administrator
       or the current user.


(bsiegert)
diff -r1.39 -r1.39.2.1 pkgsrc/devel/libgit2/Makefile
diff -r1.17 -r1.17.4.1 pkgsrc/devel/libgit2/distinfo
cvs diff -r1.39 -r1.39.2.1 pkgsrc/devel/libgit2/Makefile (expand / switch to unified diff)

--- pkgsrc/devel/libgit2/Makefile 2019/08/22 12:23:02 1.39
+++ pkgsrc/devel/libgit2/Makefile 2019/10/07 09:14:47 1.39.2.1
@@ -1,17 +1,16 @@ @@ -1,17 +1,16 @@
1# $NetBSD: Makefile,v 1.39 2019/08/22 12:23:02 ryoon Exp $ 1# $NetBSD: Makefile,v 1.39.2.1 2019/10/07 09:14:47 bsiegert Exp $
2 2
3DISTNAME= libgit2-0.28.2 3DISTNAME= libgit2-0.28.3
4PKGREVISION= 3 
5CATEGORIES= devel 4CATEGORIES= devel
6MASTER_SITES= ${MASTER_SITE_GITHUB:=libgit2/} 5MASTER_SITES= ${MASTER_SITE_GITHUB:=libgit2/}
7GITHUB_TAG= v${PKGVERSION_NOREV} 6GITHUB_TAG= v${PKGVERSION_NOREV}
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://libgit2.org/ 9HOMEPAGE= https://libgit2.org/
11COMMENT= Portable, pure C implementation of the Git core methods 10COMMENT= Portable, pure C implementation of the Git core methods
12LICENSE= gnu-gpl-v2 # linking exception (linking allowed in more ways) 11LICENSE= gnu-gpl-v2 # linking exception (linking allowed in more ways)
13 12
14EXTRACT_USING= bsdtar 13EXTRACT_USING= bsdtar
15USE_CMAKE= yes 14USE_CMAKE= yes
16USE_LANGUAGES= c99 15USE_LANGUAGES= c99
17USE_TOOLS+= pkg-config 16USE_TOOLS+= pkg-config
cvs diff -r1.17 -r1.17.4.1 pkgsrc/devel/libgit2/distinfo (expand / switch to unified diff)

--- pkgsrc/devel/libgit2/distinfo 2019/05/27 14:35:25 1.17
+++ pkgsrc/devel/libgit2/distinfo 2019/10/07 09:14:47 1.17.4.1
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.17 2019/05/27 14:35:25 wiz Exp $ 1$NetBSD: distinfo,v 1.17.4.1 2019/10/07 09:14:47 bsiegert Exp $
2 2
3SHA1 (libgit2-0.28.2.tar.gz) = 85025d651696a83c4d2a45932235ed1146c95cbc 3SHA1 (libgit2-0.28.3.tar.gz) = fb3c394b36e17ebb2cea42a2c407e899f90509a9
4RMD160 (libgit2-0.28.2.tar.gz) = 18fbe97266d064b8857618066e156a4297fbcff4 4RMD160 (libgit2-0.28.3.tar.gz) = 76e988d9229a58ff9f1e39e33a33317cb806f33e
5SHA512 (libgit2-0.28.2.tar.gz) = 0879c162e2e1dc00eadfbda22cd1f9d3a95b4ec2b653c108983f37c2f695140882de4d50d7cbc04ced247125a4e9fe6df16130e1267891aecdb2411d920db5c6 5SHA512 (libgit2-0.28.3.tar.gz) = 15444823b7d4885f7b8c3982f8905efc4a75913de016a9b2e0a24d5ce9746e6a549dffd5469036529557feff2ce7ece9328266eb312c80b96091ce0f65ee97ee
6Size (libgit2-0.28.2.tar.gz) = 4987586 bytes 6Size (libgit2-0.28.3.tar.gz) = 4988580 bytes