pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2018Q1]: pkgsrc/devel Pullup ticket #5769 - requested by leot
details: https://anonhg.NetBSD.org/pkgsrc/rev/3660ed253d84
branches: pkgsrc-2018Q1
changeset: 309084:3660ed253d84
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Fri Jun 08 10:39:05 2018 +0000
description:
Pullup ticket #5769 - requested by leot
devel/git: security fix
This was submitted as a manual patch.
---
git: Update devel/git to 2.16.4
Changes:
Git v2.16.4 Release Notes
=========================
This release is to forward-port the fixes made in the v2.13.7 version
of Git. See its release notes for details.
[...2.13.7 release notes...:]
* Submodule "names" come from the untrusted .gitmodules file, but we
blindly append them to $GIT_DIR/modules to create our on-disk repo
paths. This means you can do bad things by putting "../" into the
name. We now enforce some rules for submodule names which will cause
Git to ignore these malicious names (CVE-2018-11235).
Credit for finding this vulnerability and the proof of concept from
which the test script was adapted goes to Etienne Stalmans.
* It was possible to trick the code that sanity-checks paths on NTFS
into reading random piece of memory (CVE-2018-11233).
Credit for fixing for these bugs goes to Jeff King, Johannes
Schindelin and others.
diffstat:
devel/git-base/distinfo | 10 +++++-----
devel/git/Makefile.version | 4 ++--
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (31 lines):
diff -r 71d317ac18c9 -r 3660ed253d84 devel/git-base/distinfo
--- a/devel/git-base/distinfo Fri Jun 08 10:07:08 2018 +0000
+++ b/devel/git-base/distinfo Fri Jun 08 10:39:05 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.78 2018/03/24 08:09:40 adam Exp $
+$NetBSD: distinfo,v 1.78.2.1 2018/06/08 10:39:05 bsiegert Exp $
-SHA1 (git-2.16.3.tar.xz) = e54fbd04232e8b949764b414c46aea73cca16af0
-RMD160 (git-2.16.3.tar.xz) = 65229a65b041dc7cf0ee028b79f60f0eb424c1db
-SHA512 (git-2.16.3.tar.xz) = 73520cf3500b2d13b77eb1e5ec0d60263aad07732d25631732f0d986abd023f97b8a6db4abff64d342cb053018289b5f7a3e32f10b86bd9092a37ee0585adc8a
-Size (git-2.16.3.tar.xz) = 4966248 bytes
+SHA1 (git-2.16.4.tar.xz) = de89995ea1551755f41ca621a375b6ad42264421
+RMD160 (git-2.16.4.tar.xz) = aa3c1ec4090d0c4d75946ad5b49cd2fd530fe1b0
+SHA512 (git-2.16.4.tar.xz) = f54e431e78289349dcb927ec34873dfb801c49a41cbb3d0138346d603af26bd7d86f9ac95e7a61a4831017f3503f33374510ccf68b0e62b0691fc5a43283f1ac
+Size (git-2.16.4.tar.xz) = 4968252 bytes
SHA1 (patch-aa) = a58f3c2f45c1fbafd751d10b9ef34e6c9afc2c6f
SHA1 (patch-ac) = e5d2112d158fe493a89b244a10d2e4b998a23d98
SHA1 (patch-ae) = 9bc2e6c7f0a8fbc385b6ffda638d3245a62dc5ca
diff -r 71d317ac18c9 -r 3660ed253d84 devel/git/Makefile.version
--- a/devel/git/Makefile.version Fri Jun 08 10:07:08 2018 +0000
+++ b/devel/git/Makefile.version Fri Jun 08 10:39:05 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile.version,v 1.69 2018/03/24 08:09:40 adam Exp $
+# $NetBSD: Makefile.version,v 1.69.2.1 2018/06/08 10:39:05 bsiegert Exp $
#
# used by devel/git/Makefile.common
# used by devel/git-cvs/Makefile
# used by devel/git-svn/Makefile
-GIT_VERSION= 2.16.3
+GIT_VERSION= 2.16.4
Home |
Main Index |
Thread Index |
Old Index