From 1e6433acdf25493c49de247ff08ad11293e0c87ead4860b3a8609714b09bb57e Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 14 Feb 2019 15:28:32 +0000 Subject: [PATCH 1/2] Accepting request 674749 from GNOME:Factory - Update to version 0.28.0: * Changes or improvements: - The library is now always built with cdecl calling conventions on Windows; the ability to build a stdcall library has been removed. - Reference log creation now honors core.logallrefupdates=always. - Fix some issues with the error-reporting in the OpenSSL backend. - HTTP proxy support is now builtin; libcurl is no longer used to support proxies and is removed as a dependency. - Certificate and credential callbacks can now return GIT_PASSTHROUGH to decline to act; libgit2 will behave as if there was no callback set in the first place. - The line-ending filtering logic - when checking out files - has been updated to match newer git (>= git 2.9) for proper interoperability. - Symbolic links are now supported on Windows when core.symlinks is set to true. - Submodules with names which attempt to perform path traversal now have their configuration ignored. Such names were blindly appended to the $GIT_DIR/modules and a malicious name could lead to an attacker writing to an arbitrary location. This matches git's handling of CVE-2018-11235. - Object validation is now performed during tree creation in the git_index_write_tree_to API. - Configuration variable may now be specified on the same line as a section header; previously this was erroneously a parser error. - When an HTTP server supports both NTLM and Negotiate authentication mechanisms, we would previously fail to authenticate with any mechanism. - The GIT_OPT_SET_PACK_MAX_OBJECTS option can now set the maximum number of objects allowed in a packfile being downloaded; this can help limit the maximum memory used when fetching from an untrusted remote. - Line numbers in diffs loaded from patch files were not being populated; they are now included in the results. - The repository's index is reloaded from disk at the beginning of git_merge operations to ensure that it is up-to-date. - Mailmap handling APIs have been introduced, and the new commit APIs git_commit_committer_with_mailmap and git_commit_author_with_mailmap will use the mailmap to resolve the committer and author information. In addition, blame will use the mailmap given when the GIT_BLAME_USE_MAILMAP option. - Ignore handling for files in ignored folders would be ignored. - Worktrees can now be backed by bare repositories. - Trailing spaces are supported in .gitignore files, these spaces were previously (and erroneously) treated as part of the pattern. - The library can now be built with mbedTLS support for HTTPS. - The diff status character 'T' will now be presented by the git_diff_status_char API for diff entries that change type. - Revision walks previously would sometimes include commits that should have been ignored; this is corrected. - Revision walks are now more efficient when the output is unsorted; we now avoid walking all the way to the beginning of history unnecessarily. - Error-handling around index extension loading has been fixed. We were previously always misreporting a truncated index. * API additions: - The index may now be iterated atomically using git_index_iterator. - Remote objects can now be created with extended options using the git_remote_create_with_opts API. - Diff objects can now be applied as changes to the working directory, index or both, emulating the git apply command. Additionally, git_apply_to_tree can apply those changes to a tree object as a fully in-memory operation. - You can now swap out memory allocators via the GIT_OPT_SET_ALLOCATOR option with git_libgit2_opts(). - You can now ensure that functions do not discard unwritten changes to the index via the GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY option to git_libgit2_opts(). This will cause functions that implicitly re-read the index (eg, git_checkout) to fail if you have staged changes to the index but you have not written the index to disk. (Unless the checkout has the FORCE flag specified.) - At present, this defaults to off, but we intend to enable this more broadly in the future, as a warning or error. We encourage you to examine your code to ensure that you are not relying on the current behavior that implicitly removes staged changes. - Reference specifications can be parsed from an arbitrary string with the git_refspec_parse API. - You can now get the name and path of worktrees using the git_worktree_name and git_worktree_path APIs, respectively. - The ref field has been added to git_worktree_add_options to enable the creation of a worktree from a pre-existing branch. - It's now possible to analyze merge relationships between any two references, not just against HEAD, using git_merge_analysis_for_ref. * API removals: - The git_buf_free API is deprecated; it has been renamed to git_buf_dispose for consistency. The git_buf_free API will be retained for backward compatibility for the foreseeable future. - The git_otype enumeration and its members are deprecated and have been renamed for consistency. The GIT_OBJ_ enumeration values are now prefixed with GIT_OBJECT_. The old enumerations and macros will be retained for backward compatibility for the foreseeable future. - Several index-related APIs have been renamed for consistency. The GIT_IDXENTRY_ enumeration values and macros have been renamed to be prefixed with GIT_INDEX_ENTRY_. The GIT_INDEXCAP enumeration values are now prefixed with GIT_INDEX_CAPABILITY_. The old enumerations and macros will be retained for backward compatibility for the foreseeable future. - The error functions and enumeration values have been renamed for consistency. The giterr_ functions and values prefix have been renamed to be prefixed with git_error_; similarly, the GITERR_ constants have been renamed to be prefixed with GIT_ERROR_. The old enumerations and macros will be retained for backward compatibility for the foreseeable future. * Breaking API changes: - The default checkout strategy changed from DRY_RUN to SAFE. - Adding a symlink as .gitmodules into the index from the workdir or checking out such files is not allowed as this can make a Git implementation write outside of the repository and bypass the fsck checks for CVE-2018-11235. - Bump sover to 28 following upstreams changes. OBS-URL: https://build.opensuse.org/request/show/674749 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgit2?expand=0&rev=74 --- baselibs.conf | 2 +- libgit2-0.27.7.tar.gz | 3 - libgit2-0.28.0.tar.gz | 3 + libgit2.changes | 129 ++++++++++++++++++++++++++++++++++++++++++ libgit2.spec | 8 +-- 5 files changed, 137 insertions(+), 8 deletions(-) delete mode 100644 libgit2-0.27.7.tar.gz create mode 100644 libgit2-0.28.0.tar.gz diff --git a/baselibs.conf b/baselibs.conf index cf8c034..458f0ac 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1 +1 @@ -libgit2-27 +libgit2-28 diff --git a/libgit2-0.27.7.tar.gz b/libgit2-0.27.7.tar.gz deleted file mode 100644 index 8e53d9f..0000000 --- a/libgit2-0.27.7.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1a5435a483759b1cd96feb12b11abb5231b0688016db506ce5947178f6ba2531 -size 4782856 diff --git a/libgit2-0.28.0.tar.gz b/libgit2-0.28.0.tar.gz new file mode 100644 index 0000000..149fe43 --- /dev/null +++ b/libgit2-0.28.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9d60d64dc77085e8e530e5c66314057eafe0c06e4a7a61149a70ff3e0688f284 +size 4986225 diff --git a/libgit2.changes b/libgit2.changes index f377e95..e107246 100644 --- a/libgit2.changes +++ b/libgit2.changes @@ -1,3 +1,132 @@ +------------------------------------------------------------------- +Wed Feb 13 10:20:24 UTC 2019 - bjorn.lie@gmail.com + +- Update to version 0.28.0: + * Changes or improvements: + - The library is now always built with cdecl calling + conventions on Windows; the ability to build a stdcall + library has been removed. + - Reference log creation now honors + core.logallrefupdates=always. + - Fix some issues with the error-reporting in the OpenSSL + backend. + - HTTP proxy support is now builtin; libcurl is no longer used + to support proxies and is removed as a dependency. + - Certificate and credential callbacks can now return + GIT_PASSTHROUGH to decline to act; libgit2 will behave as if + there was no callback set in the first place. + - The line-ending filtering logic - when checking out files - + has been updated to match newer git (>= git 2.9) for proper + interoperability. + - Symbolic links are now supported on Windows when + core.symlinks is set to true. + - Submodules with names which attempt to perform path traversal + now have their configuration ignored. Such names were blindly + appended to the $GIT_DIR/modules and a malicious name could + lead to an attacker writing to an arbitrary location. This + matches git's handling of CVE-2018-11235. + - Object validation is now performed during tree creation in + the git_index_write_tree_to API. + - Configuration variable may now be specified on the same line + as a section header; previously this was erroneously a parser + error. + - When an HTTP server supports both NTLM and Negotiate + authentication mechanisms, we would previously fail to + authenticate with any mechanism. + - The GIT_OPT_SET_PACK_MAX_OBJECTS option can now set the + maximum number of objects allowed in a packfile being + downloaded; this can help limit the maximum memory used when + fetching from an untrusted remote. + - Line numbers in diffs loaded from patch files were not being + populated; they are now included in the results. + - The repository's index is reloaded from disk at the beginning + of git_merge operations to ensure that it is up-to-date. + - Mailmap handling APIs have been introduced, and the new + commit APIs git_commit_committer_with_mailmap and + git_commit_author_with_mailmap will use the mailmap to + resolve the committer and author information. In addition, + blame will use the mailmap given when the + GIT_BLAME_USE_MAILMAP option. + - Ignore handling for files in ignored folders would be + ignored. + - Worktrees can now be backed by bare repositories. + - Trailing spaces are supported in .gitignore files, these + spaces were previously (and erroneously) treated as part of + the pattern. + - The library can now be built with mbedTLS support for HTTPS. + - The diff status character 'T' will now be presented by the + git_diff_status_char API for diff entries that change type. + - Revision walks previously would sometimes include commits + that should have been ignored; this is corrected. + - Revision walks are now more efficient when the output is + unsorted; we now avoid walking all the way to the beginning + of history unnecessarily. + - Error-handling around index extension loading has been fixed. + We were previously always misreporting a truncated index. + * API additions: + - The index may now be iterated atomically using + git_index_iterator. + - Remote objects can now be created with extended options using + the git_remote_create_with_opts API. + - Diff objects can now be applied as changes to the working + directory, index or both, emulating the git apply command. + Additionally, git_apply_to_tree can apply those changes to a + tree object as a fully in-memory operation. + - You can now swap out memory allocators via the + GIT_OPT_SET_ALLOCATOR option with git_libgit2_opts(). + - You can now ensure that functions do not discard unwritten + changes to the index via the + GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY option to + git_libgit2_opts(). This will cause functions that implicitly + re-read the index (eg, git_checkout) to fail if you have + staged changes to the index but you have not written the + index to disk. (Unless the checkout has the FORCE flag + specified.) + - At present, this defaults to off, but we intend to enable + this more broadly in the future, as a warning or error. We + encourage you to examine your code to ensure that you are not + relying on the current behavior that implicitly removes + staged changes. + - Reference specifications can be parsed from an arbitrary + string with the git_refspec_parse API. + - You can now get the name and path of worktrees using the + git_worktree_name and git_worktree_path APIs, respectively. + - The ref field has been added to git_worktree_add_options to + enable the creation of a worktree from a pre-existing branch. + - It's now possible to analyze merge relationships between any + two references, not just against HEAD, using + git_merge_analysis_for_ref. + * API removals: + - The git_buf_free API is deprecated; it has been renamed to + git_buf_dispose for consistency. The git_buf_free API will be + retained for backward compatibility for the foreseeable + future. + - The git_otype enumeration and its members are deprecated and + have been renamed for consistency. The GIT_OBJ_ enumeration + values are now prefixed with GIT_OBJECT_. The old + enumerations and macros will be retained for backward + compatibility for the foreseeable future. + - Several index-related APIs have been renamed for consistency. + The GIT_IDXENTRY_ enumeration values and macros have been + renamed to be prefixed with GIT_INDEX_ENTRY_. The + GIT_INDEXCAP enumeration values are now prefixed with + GIT_INDEX_CAPABILITY_. The old enumerations and macros will + be retained for backward compatibility for the foreseeable + future. + - The error functions and enumeration values have been renamed + for consistency. The giterr_ functions and values prefix have + been renamed to be prefixed with git_error_; similarly, + the GITERR_ constants have been renamed to be prefixed with + GIT_ERROR_. The old enumerations and macros will be retained + for backward compatibility for the foreseeable future. + * Breaking API changes: + - The default checkout strategy changed from DRY_RUN to SAFE. + - Adding a symlink as .gitmodules into the index from the + workdir or checking out such files is not allowed as this can + make a Git implementation write outside of the repository and + bypass the fsck checks for CVE-2018-11235. +- Bump sover to 28 following upstreams changes. + ------------------------------------------------------------------- Mon Nov 5 18:22:36 UTC 2018 - astieger@suse.com diff --git a/libgit2.spec b/libgit2.spec index 9101e70..b8dba40 100644 --- a/libgit2.spec +++ b/libgit2.spec @@ -1,7 +1,7 @@ # # spec file for package libgit2 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2011, Sascha Peilicke # # All modifications and additions to the file contributed by third parties @@ -13,13 +13,13 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%define sover 27 +%define sover 28 Name: libgit2 -Version: 0.27.7 +Version: 0.28.0 Release: 0 Summary: C git library License: GPL-2.0 WITH GCC-exception-2.0 From ff9e1dcc63a8ae2d25162015f2e6d822d9bf43bde97ba6fd9e768a7cad03e7f5 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 14 Feb 2019 20:46:14 +0000 Subject: [PATCH 2/2] Accepting request 676231 from home:darix:apps - Update to version 0.28.1: - The deprecated functions (git_buf_free and the giterr_ family of functions) are now exported properly. In the v0.28 release, they were not given the correct external attributes and they did not have the correct linkage visibility in the v0.28 library. OBS-URL: https://build.opensuse.org/request/show/676231 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgit2?expand=0&rev=75 --- libgit2-0.28.0.tar.gz | 3 --- libgit2-0.28.1.tar.gz | 3 +++ libgit2.changes | 10 ++++++++++ libgit2.spec | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) delete mode 100644 libgit2-0.28.0.tar.gz create mode 100644 libgit2-0.28.1.tar.gz diff --git a/libgit2-0.28.0.tar.gz b/libgit2-0.28.0.tar.gz deleted file mode 100644 index 149fe43..0000000 --- a/libgit2-0.28.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9d60d64dc77085e8e530e5c66314057eafe0c06e4a7a61149a70ff3e0688f284 -size 4986225 diff --git a/libgit2-0.28.1.tar.gz b/libgit2-0.28.1.tar.gz new file mode 100644 index 0000000..0c03761 --- /dev/null +++ b/libgit2-0.28.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0ca11048795b0d6338f2e57717370208c2c97ad66c6d5eac0c97a8827d13936b +size 4987204 diff --git a/libgit2.changes b/libgit2.changes index e107246..c2af818 100644 --- a/libgit2.changes +++ b/libgit2.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Feb 14 19:09:18 UTC 2019 - Marcus Rueckert + +- Update to version 0.28.1: + - The deprecated functions (git_buf_free and the giterr_ family + of functions) are now exported properly. In the v0.28 release, + they were not given the correct external attributes and they + did not have the correct linkage visibility in the v0.28 + library. + ------------------------------------------------------------------- Wed Feb 13 10:20:24 UTC 2019 - bjorn.lie@gmail.com diff --git a/libgit2.spec b/libgit2.spec index b8dba40..3c01a5f 100644 --- a/libgit2.spec +++ b/libgit2.spec @@ -19,7 +19,7 @@ %define sover 28 Name: libgit2 -Version: 0.28.0 +Version: 0.28.1 Release: 0 Summary: C git library License: GPL-2.0 WITH GCC-exception-2.0