2666aac03a
* Fix some security bugs
Changelog:
0.26.3
This is a bugfix release. It includes the following non-exclusive list of
improvements, which have been backported from the master branch:
Fix cloning of the libgit2 project with git clone --recursive by removing an
invalid submodule from our testing data.
Fix endianness of the port in p_getaddrinfo().
Fix handling of negative gitignore rules with wildcards.
Fix handling of case-insensitive negative gitignore rules.
Fix resolving references to a tag if the reference is stored with its fully
resolved OID in the packed-refs file.
Fix checkout not treating worktree files as modified when only their mode has
changed.
Fix rename detection with GIT_DIFF_FIND_RENAMES_FROM_REWRITES.
Enable Windows 7 and earlier to use TLS 1.2.
0.26.2
This is a security release fixing memory handling issues when reading crafted
repository index files. The issues allow for possible denial of service due to
allocation of large memory and out-of-bound reads.
As the index is never transferred via the network, exploitation requires an
attacker to have access to the local repository.
0.26.1
This is a security release that includes an update to the bundled zlib
to update it to 1.2.11. Users who build the bundled zlib are vulnerable
to security issues in the prior version.
This does not affect you if you rely on a system-installed version of zlib.
All users of v0.26.0 who use the bundled zlib should upgrade to this release.
|
||
|---|---|---|
| .. | ||
| buildlink3.mk | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||