Subject: CVS commit: pkgsrc/devel/git-lfs
From: Benny Siegert
Date: 2023-12-22 20:14:43
Message id: 20231222191443.444E1FA42@cvs.NetBSD.org
Log Message:
git-lfs: update to 3.4.1 (security)

This fixes the following vulnerability:

Vulnerability: GO-2023-1571
    Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
  More info: https://pkg.go.dev/vuln/GO-2023-1571
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.0.0-20211112202133-69e39bad7dc2
    Fixed in: golang.org/x/net@v0.7.0

3.4.1
-----
This is a bugfix release which resolves a bug introduced in the
v3.4.0 release, where Git LFS may crash if the Git credential manager
returns credentials containing one or more empty fields.

3.4.0
-----
This release is a feature release which includes support for generating
shell scripts for command-line tab-completion of Git LFS commands with
the new git-lfs-completion(1) command, providing multiple headers to Git
credential helpers (a new feature as of Git 2.41), and installing Git LFS
with a Git configuration file stored under the XDG configuration path.
Files:
RevisionActionfile
1.72modifypkgsrc/devel/git-lfs/Makefile
1.16modifypkgsrc/devel/git-lfs/distinfo
1.5modifypkgsrc/devel/git-lfs/go-modules.mk
1.1addpkgsrc/devel/git-lfs/patches/patch-go.mod
1.1addpkgsrc/devel/git-lfs/patches/patch-go.sum