- libgit2 0.27.3:
* CVE-2018-10887 (bsc#1100613), CVE-2018-10888 (bsc#1100612):
Specially crafted delta object in packfiles could trigger an
integer overflow, bypassing input validation and causing the
object database to contain copies of system memory. This may
allow denial of service or, potentially, an information leak
- includes changes from 0.27.2:
* various API and correctnes fixes
* Fixes related to handling of .gitmodules
- includes changes from 0.27.1:
* CVE-2018-11235: insufficient validation of submodule names from
.gitmodules allowed writes to arbitrary paths (bsc#1095219)
* disallow .gitmodules files as symlinks.
OBS-URL: https://build.opensuse.org/request/show/621935
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgit2?expand=0&rev=64
- Update to 0.26.3:
* Fix cloning of the libgit2 project with git clone --recursive by removing an
invalid submodule from our testing data.
* Fix endianness of the port in p_getaddrinfo().
* Fix handling of negative gitignore rules with wildcards.
* Fix handling of case-insensitive negative gitignore rules.
* Fix resolving references to a tag if the reference is stored with its fully
resolved OID in the packed-refs file.
* Fix checkout not treating worktree files as modified when only their mode has
changed.
* Fix rename detection with GIT_DIFF_FIND_RENAMES_FROM_REWRITES.
* Fixes memory handling issues when reading crafted repository index files.
The issues allow for possible denial of service due to allocation of large
memory and out-of-bound reads.
(CVE-2018-8098 bnc#1085257 CVE-2018-8099 bnc#1085256)
* Updates the bundled zlib to 1.2.11. Users who build the bundled zlib are
vulnerable to security issues in the prior version.
OBS-URL: https://build.opensuse.org/request/show/586751
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgit2?expand=0&rev=56
libgit2 0.24.6, including the following security fixes:
* bsc#1019036: edge cases in the Git Smart Protocol can lead to
attempting to parse outside of the buffer
CVE-2016-10128,CVE-2016-10129
* bsc#1019037: MITM possible due to lack of parameter for
certificate parameter
CVE-2016-10130,CVE-2017-5338,CVE-2017-5339
- includes changes from 0.24.5:
* add support for OpenSSL 1.1.0 for BIO filter
OBS-URL: https://build.opensuse.org/request/show/449627
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgit2?expand=0&rev=46
- Update to version 0.20.0:
+ Blame APIs.
+ Filter APIs.
+ Public git_buffer APIs.
+ Merge conflict support in Checkout.
+ Simplified Clone options and git_clone_into.
+ Config iterator APIs and updated Config multivar API.
+ Diff API reorganization and renaming, with Patch API split off.
+ Indexer API renaming and improvements.
+ ODB backend API cleanup.
+ Improves progress callbacks for Packbuilder, Push, Fetch (and
any other Remote operation).
+ Public Pathspec matching APIs.
+ Reflog API and RefDB Backend API cleanup.
+ Remote API extensions.
+ SSH Transport configuration cleanup.
+ Submodule status improvements.
+ Pluggable Transport APIs.
+ Lots of other small features (e.g. decomposed unicode support on
MacOS, revwalk simplifying by first parent),
+ Bug fixes (e.g. junction support on Win32, redirect handling
in HTTP transport) and performance improvements.
+ Lots of new examples (init, status, log, blame, etc.) and
relicensing of example code under CC0 license.
OBS-URL: https://build.opensuse.org/request/show/208340
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgit2?expand=0&rev=18
- Update to version 0.19.0:
+ New (threadsafe) cache for objects.
+ Iterator for Status.
+ New Merge APIs.
+ SSH support on *NIX.
+ Function context on diff.
+ Namespaces support.
+ Index add/update/remove with wildcard support.
+ Iterator for References.
+ Fetch and push refspecs for Remotes.
+ Rename support in Status.
+ New 'sys/` namespace for external headers with low-level APIs.
OBS-URL: https://build.opensuse.org/request/show/182548
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgit2?expand=0&rev=16
