./devel/git-lfs, Git extension for versioning large files

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.6.1, Package name: git-lfs-3.6.1, Maintainer: pkgsrc-users

Git Large File Storage (LFS) replaces large files such as audio samples,
videos, datasets, and graphics with text pointers inside Git, while storing
the file contents on a remote server.


Required to build:
[pkgtools/cwrappers] [lang/go114]

Master sites:

Filesize: 679.913 KB

Version history: (Expand)

CVS history: (Expand)


   2025-01-14 23:46:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
git-lfs: updated to 3.6.1

3.6.1 (3 December 2024)

This release introduces a security fix for Linux, macOS, and Windows
systems, which has been assigned CVE-2024-53263.

When Git LFS requests credentials from Git for a remote host, it passes
portions of the host's URL to the `git-credential(1)` command without
checking for embedded line-ending control characters, and then sends any
credentials it receives back from the Git credential helper to the
remote host.  By inserting URL-encoded control characters such as
line feed (LF) or carriage return (CR) characters into the URL, an
attacker may be able to retrieve a user's Git credentials.

By default Git LFS will now report an error if a line-ending control
character (LF or CR) or a null byte (NUL) is found in any value Git LFS
would otherwise pass to the `git-credential(1)` command.

For users who depend on the ability to pass bare carriage return
characters in a Git credential request, Git LFS will now honour the
`credential.protectProtocol` Git configuration option.  If this option
is set to `false`, Git LFS will allow carriage return characters in the
values it sends to the `git-credential(1)` command.  This option will be
introduced in Git as part of the remedy for the vulnerability in Git
designated as CVE-2024-52006.

Git LFS v3.6.1 will be released in coordination with releases from
several other projects including Git, Git for Windows, and Git Credential
Manager (GCM).

We would like to extend a special thanks to the following open-source
contributors:

* @Ry0taK for reporting this to us responsibly

Bugs

* Reject bare line-ending control characters in Git credential requests
   2024-11-25 11:33:35 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
git-lfs: updated to 3.6.0

3.6.0

This release is a feature release which includes support for multi-stage
authentication with Git credential helpers (requires Git 2.46.0) and
relative worktree paths (requires Git 2.48.0), a new object transfer batch
size configuration option, better path handling when installing on Windows,
more POSIX-compliant hook scripts, and improved performance with sparse
checkouts, partial clones, and Git remotes with large numbers of tags.
   2024-09-06 20:49:02 by Benny Siegert | Files touched by this commit (180) | Package updated
Log message:
Revbump all Go packages after go122 update
   2024-08-11 17:57:15 by Benny Siegert | Files touched by this commit (176) | Package updated
Log message:
Revbump all Go packages after update
   2024-08-06 03:02:35 by Tobias Nygren | Files touched by this commit (5) | Package updated
Log message:
git-lfs: update to 3.5.1

- FETCH_HEAD as a remote source (from a plain git fetch)
- better support for detection of the system gitattributes file
- configuration options for the SSH protocol
- bugfixes
   2024-07-03 08:59:36 by Benny Siegert | Files touched by this commit (169) | Package updated
Log message:
Revbump all Go packages after go122 security update
   2024-06-13 15:47:13 by Benny Siegert | Files touched by this commit (169) | Package updated
Log message:
Revbump all Go packages after go122 update
   2024-06-01 16:03:06 by Benny Siegert | Files touched by this commit (168) 
Log message:
Revbump all Go packages, default Go version is now 1.22.