SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libgit2-1_1-1.1.0-1.101.i586.rpm :

* Thu Nov 26 2020 Marcus Rueckert - require library required by pkg-config file
* Mon Oct 19 2020 Andreas Stieger - update to 1.1.0:
* The refs/remotes/origin/HEAD file will be created at clone time to point to the origin\'s default branch
* libgit2 now uses the __atomic_ intrinsics instead of __sync_ intrinsics on supported gcc and clang versions
* The init.defaultBranch setting is now respected and master is no longer the hardcoded as the default branch name
* Patch files that do not contain an index line can now be parsed
* Configuration files with multi-line values can now contain quotes split across multiple lines
* Servers that request an upgrade to a newer HTTP version are silently ignored instead of erroneously failing
* Users can pass NULL to the options argument to git_describe_commit
* Clones and fetches of very large packfiles now succeeds on 32-bit platforms
* Custom reference database backends can now handle the repository\'s HEAD correctly
* Repositories with a large number of packfiles no longer exhaust the number of file descriptors
* The test framework now supports TAP output when the -t flag is specified
* The test framework can now specify an exact match to a test function using a trailing $
* All checkout types support GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH
* git_blame now can ignore whitespace changes using the option GIT_BLAME_IGNORE_WHITESPACE
* Several new examples have been created, including an examples for commit, add and push
* Mode changes during rename are now supported in patch application
* git_checkout_head now correctly removes untracked files in a subdirectory when the FORCE | REMOVE_UNTRACKED options are specified
* Sat Jun 20 2020 Andreas Stieger - update to 1.0.1:
* Improve merge efficiency
* git_worktree_prune_init_options restored for backward compatibility
* Configuration files that are unreadable due to permissions are now silently ignored, and treated as if they do not exist
* v4 index files are now correctly written
* Improve compatibility with some servers including Gerrit
* Wed Apr 01 2020 Bjørn Lie - Update to version 1.0.0:
* CMake was converted to make use of the GNUInstallDirs module for both our pkgconfig and install targets in favor of our custom build options BIN_INSTALL_DIR, LIB_INSTALL_DIR and INCLUDE_INSTALL_DIR. Instead, you can now use CMakes standard variables CMAKE_INSTALL_BINDIR, CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR.
* Some CMake build options accepted either a specific value or a boolean value to disable the option altogether or use automatic detection. We only accepted \"ON\" or \"OFF\", but none of the other values CMake recognizes as boolean. This was aligned with CMake\'s understanding of booleans.
* The installed pkgconfig file contained incorrect values for both libdir and includedir variables.
* If using pcre2 for regular expressions, then we incorrectly added \"pcre2\" instead of \"pcre2-8\" to our pkgconfig dependencies, which was corrected.
* Fixed building the bundled ntlmclient dependency on FreeBSD, OpenBSD and SunOS.
* When writing symlinks on Windows, we incorrectly handled relative symlink targets, which was corrected.
* When using the HTTP protocol via macOS\' SecureTransport implementation, reads could stall at the end of the session and only continue after a timeout of 60 seconds was reached.
* The filesystem-based reference callback didn\'t corectly initialize the backend version.
* A segmentation fault was fixed when calling git_blame_buffer() for files that were modified and added to the index.
* A backwards-incompatible change was introduced when we moved some structures from \"git2/credentials.h\" into \"git2/sys/credentials.h\". This was fixed in the case where you do not use hard deprecation.
* Improved error handling in various places.- Change sover define to 1_0 and in baselibs following upstream changes.
* Wed Apr 01 2020 Bjørn Lie - Update to version 0.28.5:
* Fix an out-of-bounds read when applying patches that do not end with a newline.
* Fix an out-of-bounds read when decoding specially crafted binary patches.
* Fix an out-of-bounds read when receiving a specially crafted \"OK\" packet via the smarthttp transport.
* Fix lifetime for parsed patches depending on the lifetime of the parsed buffe.
* Several fixes when parsing and applying patches.
* Fix computed patch IDs for patches that have no newline at end of file.
* Fix applying patches to trees that add new files.
* Do not read configuration from a user\'s home directory if running in a sandboxed environment.
* Fix handling of nested ignore rules overriding wildcard unignores in parent directories.
* Fix reference locks not being correctly honored on Unix systems.
* Follow 308 redirects when fetching or pushing from remote repositories on Windows.
* Fix a race when detaching the libgit2 library on Windows.
* Update the \"binary\" gitattribute macro to match git\'s change to \"-diff -merge -text -crlf\".
* Refuse to delete the HEAD reference.
* Fixes for several memory leaks.
* When fetching from an anonymous remote using a URL with authentication information provided in the URL (eg https://foo:barAATTexample.com/repo), we would erroneously include the literal URL in the FETCH_HEAD file. We now remove that to match git\'s behavior.
* Wed Dec 11 2019 Andreas Stieger - libgit2 0.28.4:
* CVE-2019-1348: the fast-import stream command \"feature export-marks=path\" allows writing to arbitrary file paths. As libgit2 does not offer any interface for fast-import, it is not susceptible to this vulnerability. (boo#1158785)
* CVE-2019-1349: by using NTFS 8.3 short names, backslashes or alternate filesystreams, it is possible to cause submodules to be written into pre-existing directories during a recursive clone using git. As libgit2 rejects cloning into non-empty directories by default, it is not susceptible to this vulnerability. (boo#1158787)
* CVE-2019-1350: recursive clones may lead to arbitrary remote code executing due to improper quoting of command line arguments. As libgit2 uses libssh2, which does not require us to perform command line parsing, it is not susceptible to this vulnerability. (boo#1158788)
* CVE-2019-1351: Windows provides the ability to substitute drive letters with arbitrary letters, including multi-byte Unicode letters. To fix any potential issues arising from interpreting such paths as relative paths, we have extended detection of DOS drive prefixes to accomodate for such cases. (boo#1158790)
* CVE-2019-1352: by using NTFS-style alternative file streams for the \".git\" directory, it is possible to overwrite parts of the repository. While this has been fixed in the past for Windows, the same vulnerability may also exist on other systems that write to NTFS filesystems. We now reject any paths starting with \".git:\" on all systems. (boo#1158790)
* CVE-2019-1353: by using NTFS-style 8.3 short names, it was possible to write to the \".git\" directory and thus overwrite parts of the repository, leading to possible remote code execution. While this problem was already fixed in the past for Windows, other systems accessing NTFS filesystems are vulnerable to this issue too. We now enable NTFS protecions by default on all systems to fix this attack vector. (boo#1158791)
* CVE-2019-1354: on Windows, backslashes are not a valid part of a filename but are instead interpreted as directory separators. As other platforms allowed to use such paths, it was possible to write such invalid entries into a Git repository and was thus an attack vector to write into the \".git\" dierctory. We now reject any entries starting with \".git\" on all systems. (boo#1158792)
* CVE-2019-1387: it is possible to let a submodule\'s git directory point into a sibling\'s submodule directory, which may result in overwriting parts of the Git repository and thus lead to arbitrary command execution. As libgit2 doesn\'t provide any way to do submodule clones natively, it is not susceptible to this vulnerability. Users of libgit2 that have implemented recursive submodule clones manually are encouraged to review their implementation for this vulnerability. (boo#1158793)
* Wed Dec 11 2019 Andreas Stieger - libgit2 0.28.3:
* A carefully constructed commit object with a very large number of parents may have lead to out-of-bounds writes or potential denial of service (boo#1158981)
* Tue Jul 23 2019 Tomáš Chvátal - Update to 0.28.2:
* Fix include directory ordering when using bundled dependencies.
* Fix infinite loop when searching for a non-existing repository with Windows-style paths including drive prefixes.
* Fix symlinks to directories on Windows.
* Fix paths with a trailing \"/\" not always being treated as directories when computing ignores.
* Fix false negatives when computing ignores where ignore rules that are a prefix to a negative ignore rule exist.
* Fix patches with CRLF line endings not being parsed correctly.
* Fix segfault when parsing patches with file addition (deletion) where the added (deleted) file name contains a space.
* Fix assertion failure when trying to write to a non-existent locked configuration file.
* Thu Feb 14 2019 Marcus Rueckert - Update to version 0.28.1: - The deprecated functions (git_buf_free and the giterr_ family of functions) are now exported properly. In the v0.28 release, they were not given the correct external attributes and they did not have the correct linkage visibility in the v0.28 library.
* Wed Feb 13 2019 bjorn.lieAATTgmail.com- Update to version 0.28.0:
* Changes or improvements: - The library is now always built with cdecl calling conventions on Windows; the ability to build a stdcall library has been removed. - Reference log creation now honors core.logallrefupdates=always. - Fix some issues with the error-reporting in the OpenSSL backend. - HTTP proxy support is now builtin; libcurl is no longer used to support proxies and is removed as a dependency. - Certificate and credential callbacks can now return GIT_PASSTHROUGH to decline to act; libgit2 will behave as if there was no callback set in the first place. - The line-ending filtering logic - when checking out files - has been updated to match newer git (>= git 2.9) for proper interoperability. - Symbolic links are now supported on Windows when core.symlinks is set to true. - Submodules with names which attempt to perform path traversal now have their configuration ignored. Such names were blindly appended to the $GIT_DIR/modules and a malicious name could lead to an attacker writing to an arbitrary location. This matches git\'s handling of CVE-2018-11235. - Object validation is now performed during tree creation in the git_index_write_tree_to API. - Configuration variable may now be specified on the same line as a section header; previously this was erroneously a parser error. - When an HTTP server supports both NTLM and Negotiate authentication mechanisms, we would previously fail to authenticate with any mechanism. - The GIT_OPT_SET_PACK_MAX_OBJECTS option can now set the maximum number of objects allowed in a packfile being downloaded; this can help limit the maximum memory used when fetching from an untrusted remote. - Line numbers in diffs loaded from patch files were not being populated; they are now included in the results. - The repository\'s index is reloaded from disk at the beginning of git_merge operations to ensure that it is up-to-date. - Mailmap handling APIs have been introduced, and the new commit APIs git_commit_committer_with_mailmap and git_commit_author_with_mailmap will use the mailmap to resolve the committer and author information. In addition, blame will use the mailmap given when the GIT_BLAME_USE_MAILMAP option. - Ignore handling for files in ignored folders would be ignored. - Worktrees can now be backed by bare repositories. - Trailing spaces are supported in .gitignore files, these spaces were previously (and erroneously) treated as part of the pattern. - The library can now be built with mbedTLS support for HTTPS. - The diff status character \'T\' will now be presented by the git_diff_status_char API for diff entries that change type. - Revision walks previously would sometimes include commits that should have been ignored; this is corrected. - Revision walks are now more efficient when the output is unsorted; we now avoid walking all the way to the beginning of history unnecessarily. - Error-handling around index extension loading has been fixed. We were previously always misreporting a truncated index.
* API additions: - The index may now be iterated atomically using git_index_iterator. - Remote objects can now be created with extended options using the git_remote_create_with_opts API. - Diff objects can now be applied as changes to the working directory, index or both, emulating the git apply command. Additionally, git_apply_to_tree can apply those changes to a tree object as a fully in-memory operation. - You can now swap out memory allocators via the GIT_OPT_SET_ALLOCATOR option with git_libgit2_opts(). - You can now ensure that functions do not discard unwritten changes to the index via the GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY option to git_libgit2_opts(). This will cause functions that implicitly re-read the index (eg, git_checkout) to fail if you have staged changes to the index but you have not written the index to disk. (Unless the checkout has the FORCE flag specified.) - At present, this defaults to off, but we intend to enable this more broadly in the future, as a warning or error. We encourage you to examine your code to ensure that you are not relying on the current behavior that implicitly removes staged changes. - Reference specifications can be parsed from an arbitrary string with the git_refspec_parse API. - You can now get the name and path of worktrees using the git_worktree_name and git_worktree_path APIs, respectively. - The ref field has been added to git_worktree_add_options to enable the creation of a worktree from a pre-existing branch. - It\'s now possible to analyze merge relationships between any two references, not just against HEAD, using git_merge_analysis_for_ref.
* API removals: - The git_buf_free API is deprecated; it has been renamed to git_buf_dispose for consistency. The git_buf_free API will be retained for backward compatibility for the foreseeable future. - The git_otype enumeration and its members are deprecated and have been renamed for consistency. The GIT_OBJ_ enumeration values are now prefixed with GIT_OBJECT_. The old enumerations and macros will be retained for backward compatibility for the foreseeable future. - Several index-related APIs have been renamed for consistency. The GIT_IDXENTRY_ enumeration values and macros have been renamed to be prefixed with GIT_INDEX_ENTRY_. The GIT_INDEXCAP enumeration values are now prefixed with GIT_INDEX_CAPABILITY_. The old enumerations and macros will be retained for backward compatibility for the foreseeable future. - The error functions and enumeration values have been renamed for consistency. The giterr_ functions and values prefix have been renamed to be prefixed with git_error_; similarly, the GITERR_ constants have been renamed to be prefixed with GIT_ERROR_. The old enumerations and macros will be retained for backward compatibility for the foreseeable future.
* Breaking API changes: - The default checkout strategy changed from DRY_RUN to SAFE. - Adding a symlink as .gitmodules into the index from the workdir or checking out such files is not allowed as this can make a Git implementation write outside of the repository and bypass the fsck checks for CVE-2018-11235.- Bump sover to 28 following upstreams changes.
  
ICM