pkgsrc.se | The NetBSD package collection

./devel/git-base, GIT Tree History Storage Tool (base package)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2018Q1, Version: 2.16.4, Package name: git-base-2.16.4, Maintainer: pkgsrc-users

Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.

Git is easy to learn and has a tiny footprint with lightning fast
performance. It outclasses SCM tools like Subversion, CVS, Perforce,
and ClearCase with features like cheap local branching, convenient
staging areas, and multiple workflows.

This package contains only the git program (and subcommands). It does
not contain man pages or the tk-based repository browser.

Required to run:
[lang/perl5] [devel/pcre2] [devel/p5-Error] [security/p5-Authen-SASL] [www/curl] [mail/p5-Net-SMTP-SSL] [mail/p5-Email-Valid] [mail/p5-MailTools]

Required to build:
[pkgtools/cwrappers]

Master sites:

https://www.kernel.org/pub/software/scm/git/ (Download)

SHA1: de89995ea1551755f41ca621a375b6ad42264421
RMD160: aa3c1ec4090d0c4d75946ad5b49cd2fd530fe1b0
Filesize: 4851.809 KB

Version history: (Expand)

(2018-06-08) Updated to version: git-base-2.16.4
(2018-04-04) Package added to pkgsrc.se, version git-base-2.16.3 (created)

CVS history: (Expand)

2018-06-08 12:39:05 by Benny Siegert | Files touched by this commit (2)

Log message:
Pullup ticket #5769 - requested by leot
devel/git: security fix

This was submitted as a manual patch.

---
   git: Update devel/git to 2.16.4

   Changes:
   Git v2.16.4 Release Notes
   =========================
   This release is to forward-port the fixes made in the v2.13.7 version
   of Git.  See its release notes for details.

   [...2.13.7 release notes...:]

    * Submodule "names" come from the untrusted .gitmodules file, but we
      blindly append them to $GIT_DIR/modules to create our on-disk repo
      paths. This means you can do bad things by putting "../" into the
      name. We now enforce some rules for submodule names which will cause
      Git to ignore these malicious names (CVE-2018-11235).

      Credit for finding this vulnerability and the proof of concept from
      which the test script was adapted goes to Etienne Stalmans.

    * It was possible to trick the code that sanity-checks paths on NTFS
      into reading random piece of memory (CVE-2018-11233).

   Credit for fixing for these bugs goes to Jeff King, Johannes
   Schindelin and others.