[OE-core][kirkstone 11/23] libgit2: uprade 1.4.3 -> 1.4.4

Tue, 21 Feb 2023 06:41:39 -0800 

This is a security release with multiple changes.

This provides compatibility with git's changes to address CVE 2022-29187. As a 
follow up to CVE 2022-24765, now not only is the working directory of a 
non-bare repository examined for its ownership, but the .git directory and the 
.git file (if present) are also examined for their ownership.

A fix for compatibility with git's (new) behavior for CVE 2022-24765 allows 
users on POSIX systems to access a git repository that is owned by them when 
they are running in sudo.

A fix for further compatibility with git's (existing) behavior for CVE 
2022-24765 allows users on Windows to access a git repository that is owned by 
the Administrator when running with escalated privileges (using runas 
Administrator).

The bundled zlib is updated to v1.2.12, as prior versions had memory corruption 
bugs. It is not known that there is a security vulnerability in libgit2 based 
on these bugs, but we are updating to be cautious.

Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
 .../libgit2/{libgit2_1.4.3.bb => libgit2_1.4.4.bb}              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/libgit2/{libgit2_1.4.3.bb => libgit2_1.4.4.bb} 
(91%)

diff --git a/meta/recipes-support/libgit2/libgit2_1.4.3.bb 
b/meta/recipes-support/libgit2/libgit2_1.4.4.bb
similarity index 91%
rename from meta/recipes-support/libgit2/libgit2_1.4.3.bb
rename to meta/recipes-support/libgit2/libgit2_1.4.4.bb
index 7e27b5b018..a6f4d8d7f2 100644
--- a/meta/recipes-support/libgit2/libgit2_1.4.3.bb
+++ b/meta/recipes-support/libgit2/libgit2_1.4.4.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=e5a9227de4cb6afb5d35ed7b0fdf480d"
 DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
 
 SRC_URI = 
"git://github.com/libgit2/libgit2.git;branch=maint/v1.4;protocol=https"
-SRCREV = "465bbf88ea939a965fbcbade72870c61f815e457"
+SRCREV = "3b7d756ccfaf9ec2922d2db22e6cc98f8ab6580c"
 
 S = "${WORKDIR}/git"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177511): 
https://lists.openembedded.org/g/openembedded-core/message/177511
Mute This Topic: https://lists.openembedded.org/mt/97109732/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to