diff options
| author | taca <taca@pkgsrc.org> | 2018-09-23 15:11:42 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2018-09-23 15:11:42 +0000 |
| commit | fa821ed4c7787073836ecf164a1d2ed40abcd4c2 (patch) | |
| tree | d58fe13dbf00201688cbc222670f06f795002938 /devel/libgit2 | |
| parent | 7e33cd02455fd7b3cc4e9b7537a293154ccf31e4 (diff) | |
| download | pkgsrc-fa821ed4c7787073836ecf164a1d2ed40abcd4c2.tar.gz | |
devel/libgit2: update to 0.27.4
v0.27.4
-------
This is a security release fixing out-of-bounds reads when
processing smart-protocol "ng" packets.
When parsing an "ng" packet, we keep track of both the current position
as well as the remaining length of the packet itself. But instead of
taking care not to exceed the length, we pass the current pointer's
position to `strchr`, which will search for a certain character until
hitting NUL. It is thus possible to create a crafted packet which
doesn't contain a NUL byte to trigger an out-of-bounds read.
The issue was discovered by the oss-fuzz project, issue 9406.
v0.27.3
-------
This is a security release fixing out-of-bounds reads when
reading objects from a packfile. This corresponds to
CVE-2018-10887 and CVE-2018-10888, which were both reported by
Riccardo Schirone.
When packing objects into a single so-called packfile, objects
may not get stored as complete copies but instead as deltas
against another object "base". A specially crafted delta object
could trigger an integer overflow and thus bypass our input
validation, which may result in copying memory before or after
the base object into the final deflated object. This may lead to
objects containing copies of system memory being written into the
object database. As the hash of those objects cannot be easily
controlled by the attacker, it is unlikely that any of those
objects will be valid and referenced by the commit graph.
Note that the error could also be triggered by the function
`git_apply__patch`. But as this function is not in use outside of
our test suite, it is not a possible attack vector.
Diffstat (limited to 'devel/libgit2')
| -rw-r--r-- | devel/libgit2/Makefile | 5 | ||||
| -rw-r--r-- | devel/libgit2/distinfo | 10 |
2 files changed, 7 insertions, 8 deletions
diff --git a/devel/libgit2/Makefile b/devel/libgit2/Makefile index 9a7e959f9c6..714d29a30f6 100644 --- a/devel/libgit2/Makefile +++ b/devel/libgit2/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.27 2018/08/16 18:54:41 adam Exp $ +# $NetBSD: Makefile,v 1.28 2018/09/23 15:11:42 taca Exp $ -DISTNAME= libgit2-0.27.1 -PKGREVISION= 1 +DISTNAME= libgit2-0.27.4 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_GITHUB:=libgit2/} GITHUB_TAG= v${PKGVERSION_NOREV} diff --git a/devel/libgit2/distinfo b/devel/libgit2/distinfo index 10ce714a13a..3f3782825eb 100644 --- a/devel/libgit2/distinfo +++ b/devel/libgit2/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.12 2018/06/05 18:48:22 wiz Exp $ +$NetBSD: distinfo,v 1.13 2018/09/23 15:11:42 taca Exp $ -SHA1 (libgit2-0.27.1.tar.gz) = 2ce74b2dcec76ee0467a26c0cda8153bd29a2ad4 -RMD160 (libgit2-0.27.1.tar.gz) = 46dd959617292cebdbcb031ef49f62acd6e5e62f -SHA512 (libgit2-0.27.1.tar.gz) = 4cdee4aec0f0c7b36226ee29276b8802d6b59817f95b1357f35225c23a8d6de70242b2dd9a5fb3b765c3242f4ed1848933e20fc24899071d8b443d46c43ce99d -Size (libgit2-0.27.1.tar.gz) = 4765926 bytes +SHA1 (libgit2-0.27.4.tar.gz) = 47392972e2c9689dbce0cf68b1e678fcc9915c2a +RMD160 (libgit2-0.27.4.tar.gz) = 6efb878890e638d2f780f80351827a46b0a63510 +SHA512 (libgit2-0.27.4.tar.gz) = d27db86eb1b9f0d4057f8538ba1985ee76c3ca106e57d417fa9bff79d575f91a07ad28693112b58dc1d61d68116a82e6a145f12276158f2806b6c4964d741f61 +Size (libgit2-0.27.4.tar.gz) = 4772254 bytes |