pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/devel
Module Name: pkgsrc
Committed By: leot
Date: Mon Apr 20 20:03:32 UTC 2020
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: distinfo
Log Message:
git: Update to 2.26.2
Changes:
2.26.2
------
This release is to address the security issue: CVE-2020-11008
* With a crafted URL that contains a newline or empty host, or lacks
a scheme, the credential helper machinery can be fooled into
providing credential information that is not appropriate for the
protocol in use and host being contacted.
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
credentials are not for a host of the attacker's choosing; instead,
they are for some unspecified host (based on how the configured
credential helper handles an absent "host" parameter).
The attack has been made impossible by refusing to work with
under-specified credential patterns.
Credit for finding the vulnerability goes to Carlo Arenas.
To generate a diff of this commit:
cvs rdiff -u -r1.87 -r1.88 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.99 -r1.100 pkgsrc/devel/git-base/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/devel/git/Makefile.version
diff -u pkgsrc/devel/git/Makefile.version:1.87 pkgsrc/devel/git/Makefile.version:1.88
--- pkgsrc/devel/git/Makefile.version:1.87 Tue Apr 14 18:27:31 2020
+++ pkgsrc/devel/git/Makefile.version Mon Apr 20 20:03:32 2020
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile.version,v 1.87 2020/04/14 18:27:31 leot Exp $
+# $NetBSD: Makefile.version,v 1.88 2020/04/20 20:03:32 leot Exp $
#
# used by devel/git/Makefile.common
# used by devel/git-cvs/Makefile
# used by devel/git-svn/Makefile
-GIT_VERSION= 2.26.1
+GIT_VERSION= 2.26.2
Index: pkgsrc/devel/git-base/distinfo
diff -u pkgsrc/devel/git-base/distinfo:1.99 pkgsrc/devel/git-base/distinfo:1.100
--- pkgsrc/devel/git-base/distinfo:1.99 Tue Apr 14 18:27:31 2020
+++ pkgsrc/devel/git-base/distinfo Mon Apr 20 20:03:32 2020
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.99 2020/04/14 18:27:31 leot Exp $
+$NetBSD: distinfo,v 1.100 2020/04/20 20:03:32 leot Exp $
-SHA1 (git-2.26.1.tar.xz) = 9ec4ef53d157cb376aaedc0ca529d3857c3f8bf6
-RMD160 (git-2.26.1.tar.xz) = a5ec065b66bfc3bb8baa42f7f864e73595d99fc6
-SHA512 (git-2.26.1.tar.xz) = 1defa0d94e26e474abd47ec8a0c43c05152e10a5aca5f1aee7480ef0db9f5abd03275fefb7c4e0ee816199c87c0b2a13c164c5f7aa5ff36cafdacf27b3573785
-Size (git-2.26.1.tar.xz) = 6006104 bytes
+SHA1 (git-2.26.2.tar.xz) = bdb5eb6c014d7c372be70782a5155d964abe2c08
+RMD160 (git-2.26.2.tar.xz) = d73cfb9020e0a346c954d607b5301e2dd0d9b818
+SHA512 (git-2.26.2.tar.xz) = 5d92d07b171c5cd6e89a29c1211c73c1c900cd51c74d690aebfb4a3d0e93b541b09b42b6d6a1a82f5c3d953096771f9a8605c63be139f559f58698c1a0eabcfc
+Size (git-2.26.2.tar.xz) = 6007864 bytes
SHA1 (patch-Documentation_Makefile) = 6025adac0fbb4b403f3954e6dac9d690dfb22daa
SHA1 (patch-Makefile) = 73741b9d9a1b32bb47db48a7c546c4ff10fb41d6
SHA1 (patch-builtin_receive-pack.c) = 271df08d874a11b41f33aade64352040bc028fa2
Home |
Main Index |
Thread Index |
Old Index