Re: [UPDATE] devel/libgit2 0.27.2 -> 0.27.5 (CVE)

Sat, 10 Nov 2018 11:00:02 -0800 

On Sat, Nov 03, 2018 at 04:09:16PM +0100, Hiltjo Posthuma wrote:
> Hi,
> 
> This updates libgit2 from 0.27.2 to 0.27.5.
> 
> CVE-2018-17456 (<0.27.5):
> https://github.com/libgit2/libgit2/releases/tag/v0.27.5
> 
> CVE-2018-10887 (<0.27.3):
> CVE-2018-10888 (<0.27.3):
> https://github.com/libgit2/libgit2/releases/tag/v0.27.3
> 
> 
> Briefly tested and build on amd64.
> 
> Patch below:
> 
> 
> diff --git a/devel/libgit2/libgit2/Makefile b/devel/libgit2/libgit2/Makefile
> index 5e1c58af709..9aa49155d30 100644
> --- a/devel/libgit2/libgit2/Makefile
> +++ b/devel/libgit2/libgit2/Makefile
> @@ -4,7 +4,7 @@ COMMENT=              the Git library, take 2
>  
>  GH_ACCOUNT =         libgit2
>  GH_PROJECT =         libgit2
> -GH_TAGNAME =         v0.27.2
> +GH_TAGNAME =         v0.27.5
>  
>  SHARED_LIBS +=  git2                      11.0 # 0.25
>  
> diff --git a/devel/libgit2/libgit2/distinfo b/devel/libgit2/libgit2/distinfo
> index 7d806c3df4b..a58b26d0398 100644
> --- a/devel/libgit2/libgit2/distinfo
> +++ b/devel/libgit2/libgit2/distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (libgit/libgit2-0.27.2.tar.gz) = 
> /6zb1ViK6wPpjjhmp+LOrORocjpDm9ybsBNi/hQPqeU=
> -SIZE (libgit/libgit2-0.27.2.tar.gz) = 4770842
> +SHA256 (libgit/libgit2-0.27.5.tar.gz) = 
> FfJ3X08yWVHZE57ZBlArbHH+5nh8ramwRfWZQHLMvTM=
> +SIZE (libgit/libgit2-0.27.5.tar.gz) = 4775158
> 
> -- 
> Kind regards,
> Hiltjo
> 

Ping + below a patch to bump to the latest version 0.27.7 (no CVEs this time,
but some security fixes).

https://github.com/libgit2/libgit2/releases/tag/v0.27.7

Lightly tested on amd64.


diff --git a/devel/libgit2/libgit2/Makefile b/devel/libgit2/libgit2/Makefile
index 5e1c58af709..c23e48df9af 100644
--- a/devel/libgit2/libgit2/Makefile
+++ b/devel/libgit2/libgit2/Makefile
@@ -4,7 +4,7 @@ COMMENT=                the Git library, take 2
 
 GH_ACCOUNT =           libgit2
 GH_PROJECT =           libgit2
-GH_TAGNAME =           v0.27.2
+GH_TAGNAME =           v0.27.7
 
 SHARED_LIBS +=  git2                      11.0 # 0.25
 
diff --git a/devel/libgit2/libgit2/distinfo b/devel/libgit2/libgit2/distinfo
index 7d806c3df4b..008dee0de56 100644
--- a/devel/libgit2/libgit2/distinfo
+++ b/devel/libgit2/libgit2/distinfo
@@ -1,2 +1,2 @@
-SHA256 (libgit/libgit2-0.27.2.tar.gz) = 
/6zb1ViK6wPpjjhmp+LOrORocjpDm9ybsBNi/hQPqeU=
-SIZE (libgit/libgit2-0.27.2.tar.gz) = 4770842
+SHA256 (libgit/libgit2-0.27.7.tar.gz) = 
GlQ1pIN1mxzZb+sSsRq7UjGwaIAW21Bs5ZRxePa6JTE=
+SIZE (libgit/libgit2-0.27.7.tar.gz) = 4782856

-- 
Kind regards,
Hiltjo

Reply via email to