CVS commit: [pkgsrc-2020Q1] pkgsrc/devel

["Benny Siegert" <bsiegert%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Fri Apr 17 12:20:48 UTC 2020

Modified Files:
        pkgsrc/devel/git [pkgsrc-2020Q1]: Makefile.version
        pkgsrc/devel/git-base [pkgsrc-2020Q1]: distinfo

Log Message:
Pullup ticket #6159 - requested by leot
devel/git-base: security fix

(via patch)

---
   git: Update to 2.25.3

   Changes:
   2.25.3
   ------
   This release is to address the security issue: CVE-2020-5260

    * With a crafted URL that contains a newline in it, the credential
      helper machinery can be fooled to give credential information for
      a wrong host.  The attack has been made impossible by forbidding
      a newline character in any value passed via the credential
      protocol.

   Credit for finding the vulnerability goes to Felix Wilhelm of Google
   Project Zero.


To generate a diff of this commit:
cvs rdiff -u -r1.85 -r1.85.2.1 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.97 -r1.97.2.1 pkgsrc/devel/git-base/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/git/Makefile.version
diff -u pkgsrc/devel/git/Makefile.version:1.85 pkgsrc/devel/git/Makefile.version:1.85.2.1
--- pkgsrc/devel/git/Makefile.version:1.85      Thu Mar 19 17:08:06 2020
+++ pkgsrc/devel/git/Makefile.version   Fri Apr 17 12:20:47 2020
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile.version,v 1.85 2020/03/19 17:08:06 adam Exp $
+# $NetBSD: Makefile.version,v 1.85.2.1 2020/04/17 12:20:47 bsiegert Exp $
 #
 # used by devel/git/Makefile.common
 # used by devel/git-cvs/Makefile
 # used by devel/git-svn/Makefile
 
-GIT_VERSION=   2.25.2
+GIT_VERSION=   2.25.3

Index: pkgsrc/devel/git-base/distinfo
diff -u pkgsrc/devel/git-base/distinfo:1.97 pkgsrc/devel/git-base/distinfo:1.97.2.1
--- pkgsrc/devel/git-base/distinfo:1.97 Thu Mar 19 22:30:30 2020
+++ pkgsrc/devel/git-base/distinfo      Fri Apr 17 12:20:48 2020
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.97 2020/03/19 22:30:30 rillig Exp $
+$NetBSD: distinfo,v 1.97.2.1 2020/04/17 12:20:48 bsiegert Exp $
 
-SHA1 (git-2.25.2.tar.xz) = 1ffefbd7b82d514d188d323ba700df42f14a400d
-RMD160 (git-2.25.2.tar.xz) = 03e2b8a9c041cb9b20cbe848a0babc3e602abaa8
-SHA512 (git-2.25.2.tar.xz) = 5f24bb060165a7397286588cfa32a3e77a98059058363699f7873a2efbb77419dc8985a9b8ae05166035e24db586c379b55c7049a5b6a436c554a7f621a51a23
-Size (git-2.25.2.tar.xz) = 5877576 bytes
+SHA1 (git-2.25.3.tar.xz) = 925036762cefe2da375cc458e93ed346b4504eeb
+RMD160 (git-2.25.3.tar.xz) = 8490494c86a60a3d4f144740cc46fe16a00abc6a
+SHA512 (git-2.25.3.tar.xz) = 1ea2f0727baa29200f33469463c3b6db04a2e228e83ff552faa47fefe31063d92966d7502b2f13546c36cfc2756d42d71a26e41141c0fb972af9d6760f3aa471
+Size (git-2.25.3.tar.xz) = 5878708 bytes
 SHA1 (patch-Documentation_Makefile) = 6025adac0fbb4b403f3954e6dac9d690dfb22daa
 SHA1 (patch-Makefile) = 73741b9d9a1b32bb47db48a7c546c4ff10fb41d6
 SHA1 (patch-builtin_receive-pack.c) = 271df08d874a11b41f33aade64352040bc028fa2