Commit 8a9c19ca authored by Sergei Lukin's avatar Sergei Lukin Committed by Leonardo Arena

main/libgit2: security upgrade to 0.25.1 - fixes #6739

CVE-2016-10128: smart_pkt: verify packet length exceeds PKT_LEN_SIZE
CVE-2016-10129: smart_pkt: treat empty packet lines as error
CVE-2016-10130: http: check certificate validity before clobbering the error variable
parent 7c959f50
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Pierre-Gilas MILLON <pgmillon@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libgit2
pkgver=0.24.3
pkgrel=1
pkgver=0.25.1
pkgrel=0
pkgdesc="A linkable library for Git"
url="https://libgit2.github.com/"
arch="all"
......@@ -14,10 +15,17 @@ makedepends="$depends_dev python2 cmake zlib-dev libressl-dev"
subpackages="$pkgname-dev"
provides="$pkgname-libs" # for backward compatibility with v3.4
replaces="$pkgname-libs" # for backward compatibility with v3.4
source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz"
source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz
libressl.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 0.25.1-r0:
# - CVE-2016-10128
# - CVE-2016-10129
# - CVE-2016-10130
# 0.24.3-r0:
# - CVE-2016-8568
# - CVE-2016-8569
......@@ -40,6 +48,9 @@ package() {
-C "$builddir" install || return 1
}
md5sums="df626711b16bd5e7021123cbf1655399 libgit2-0.24.3.tar.gz"
sha256sums="0a24e6a51dbf3beecb0ebcd2cafb1e09b1212e910be6477b5de03c84a5586754 libgit2-0.24.3.tar.gz"
sha512sums="cb7b482664a5527e2d7c8f7c98755fd578f5331bc39fa2a5c8b841508e075b06b936f2c4a55cb4d10fe5d1677b596387bb16d68c220f1f23fce0a894b092f8c4 libgit2-0.24.3.tar.gz"
md5sums="3b285ce94200f00c34962711f001b192 libgit2-0.25.1.tar.gz
cbe35a6ce1ae8e87426af0c172fdaafd libressl.patch"
sha256sums="7ae8e699ff7ff9a1fa702249140ee31ea6fd556bf7968e84e38165870667bcb1 libgit2-0.25.1.tar.gz
4f9f801c6b50a731d96a2f0f75497b2ae5762ee0be0ef626964c63a50d1c40dc libressl.patch"
sha512sums="bbd0d27c95406b548185ce02e2a9288a9dcb8c3b28476ba20f4f4917f6bd67f1ddee80de3054d30b79cdb9d973c3061a15ea7847c79bfa4e0c62e41d5195cb99 libgit2-0.25.1.tar.gz
3674957d09207b11d268ba9fcb442a081b8efe318d0e8501b7afa0ae2397efc9aff8572b1ffd9f2286c46a06a647fbe943c2cc7e8f97d1a0288e74010846d439 libressl.patch"
diff -ru src.orig/libgit2-0.25.1/src/openssl_stream.h src/libgit2-0.25.1/src/openssl_stream.h
--- libgit2-0.25.1/src/copenssl_stream.h.orig
+++ libgit2-0.25.1/src/openssl_stream.h
@@ -27,7 +27,7 @@
-# if OPENSSL_VERSION_NUMBER < 0x10100000L
+# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name)
{
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment