SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libgit2-1_3-1.3.0-1.96.x86_64.rpm :

* Wed Oct 20 2021 Matej Cepl - Update to 1.3.0: - This release includes only minor new features that will be helpful for users to have an orderly transition to the v2.0 lineage. - Complete list is available on https://github.com/libgit2/libgit2/blob/main/docs/changelog.md#v13
* Thu Sep 02 2021 Andreas Stieger - update to 1.2.0:
* Add support for commit graphs
* Add support for multi-pack indexes
* And core.longpaths support
* Add support for additional SSH hostkey types
* Add NO_PROXY environment variable support
* Developer visible changes and bug fixes
* Fri Jul 16 2021 Dirk Müller - update to 1.1.1:
* Fixes a bug where decompressing packfiles could fail in rare instances.
* Ensure worktree paths are validated in more cases.
* Builds without thread-safety (`THREADSAFE=OFF`) are supported again.
* Builds without mmap (`NO_MMAP`) are supported again.
* mbedTLS is supported in non-default locations.
* Malformed branch names or missing branches on remotes are ignored.
* Use compiler intrinsics to detect arithmetic overflows in more cases.
* The configuration cache functions properly on systems with strict alignment.
* A missing options initializer function (`git_blob_filter_options_init`) was added for `git_blob_filter_options`.
* Several documentation fixes.
* Thu Nov 26 2020 Marcus Rueckert - require library required by pkg-config file
* Mon Oct 19 2020 Andreas Stieger - update to 1.1.0:
* The refs/remotes/origin/HEAD file will be created at clone time to point to the origin\'s default branch
* libgit2 now uses the __atomic_ intrinsics instead of __sync_ intrinsics on supported gcc and clang versions
* The init.defaultBranch setting is now respected and master is no longer the hardcoded as the default branch name
* Patch files that do not contain an index line can now be parsed
* Configuration files with multi-line values can now contain quotes split across multiple lines
* Servers that request an upgrade to a newer HTTP version are silently ignored instead of erroneously failing
* Users can pass NULL to the options argument to git_describe_commit
* Clones and fetches of very large packfiles now succeeds on 32-bit platforms
* Custom reference database backends can now handle the repository\'s HEAD correctly
* Repositories with a large number of packfiles no longer exhaust the number of file descriptors
* The test framework now supports TAP output when the -t flag is specified
* The test framework can now specify an exact match to a test function using a trailing $
* All checkout types support GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH
* git_blame now can ignore whitespace changes using the option GIT_BLAME_IGNORE_WHITESPACE
* Several new examples have been created, including an examples for commit, add and push
* Mode changes during rename are now supported in patch application
* git_checkout_head now correctly removes untracked files in a subdirectory when the FORCE | REMOVE_UNTRACKED options are specified
* Sat Jun 20 2020 Andreas Stieger - update to 1.0.1:
* Improve merge efficiency
* git_worktree_prune_init_options restored for backward compatibility
* Configuration files that are unreadable due to permissions are now silently ignored, and treated as if they do not exist
* v4 index files are now correctly written
* Improve compatibility with some servers including Gerrit
* Wed Apr 01 2020 Bjørn Lie - Update to version 1.0.0:
* CMake was converted to make use of the GNUInstallDirs module for both our pkgconfig and install targets in favor of our custom build options BIN_INSTALL_DIR, LIB_INSTALL_DIR and INCLUDE_INSTALL_DIR. Instead, you can now use CMakes standard variables CMAKE_INSTALL_BINDIR, CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR.
* Some CMake build options accepted either a specific value or a boolean value to disable the option altogether or use automatic detection. We only accepted \"ON\" or \"OFF\", but none of the other values CMake recognizes as boolean. This was aligned with CMake\'s understanding of booleans.
* The installed pkgconfig file contained incorrect values for both libdir and includedir variables.
* If using pcre2 for regular expressions, then we incorrectly added \"pcre2\" instead of \"pcre2-8\" to our pkgconfig dependencies, which was corrected.
* Fixed building the bundled ntlmclient dependency on FreeBSD, OpenBSD and SunOS.
* When writing symlinks on Windows, we incorrectly handled relative symlink targets, which was corrected.
* When using the HTTP protocol via macOS\' SecureTransport implementation, reads could stall at the end of the session and only continue after a timeout of 60 seconds was reached.
* The filesystem-based reference callback didn\'t corectly initialize the backend version.
* A segmentation fault was fixed when calling git_blame_buffer() for files that were modified and added to the index.
* A backwards-incompatible change was introduced when we moved some structures from \"git2/credentials.h\" into \"git2/sys/credentials.h\". This was fixed in the case where you do not use hard deprecation.
* Improved error handling in various places.- Change sover define to 1_0 and in baselibs following upstream changes.
* Wed Apr 01 2020 Bjørn Lie - Update to version 0.28.5:
* Fix an out-of-bounds read when applying patches that do not end with a newline.
* Fix an out-of-bounds read when decoding specially crafted binary patches.
* Fix an out-of-bounds read when receiving a specially crafted \"OK\" packet via the smarthttp transport.
* Fix lifetime for parsed patches depending on the lifetime of the parsed buffe.
* Several fixes when parsing and applying patches.
* Fix computed patch IDs for patches that have no newline at end of file.
* Fix applying patches to trees that add new files.
* Do not read configuration from a user\'s home directory if running in a sandboxed environment.
* Fix handling of nested ignore rules overriding wildcard unignores in parent directories.
* Fix reference locks not being correctly honored on Unix systems.
* Follow 308 redirects when fetching or pushing from remote repositories on Windows.
* Fix a race when detaching the libgit2 library on Windows.
* Update the \"binary\" gitattribute macro to match git\'s change to \"-diff -merge -text -crlf\".
* Refuse to delete the HEAD reference.
* Fixes for several memory leaks.
* When fetching from an anonymous remote using a URL with authentication information provided in the URL (eg https://foo:barAATTexample.com/repo), we would erroneously include the literal URL in the FETCH_HEAD file. We now remove that to match git\'s behavior.
* Wed Dec 11 2019 Andreas Stieger - libgit2 0.28.4:
* CVE-2019-1348: the fast-import stream command \"feature export-marks=path\" allows writing to arbitrary file paths. As libgit2 does not offer any interface for fast-import, it is not susceptible to this vulnerability. (boo#1158785)
* CVE-2019-1349: by using NTFS 8.3 short names, backslashes or alternate filesystreams, it is possible to cause submodules to be written into pre-existing directories during a recursive clone using git. As libgit2 rejects cloning into non-empty directories by default, it is not susceptible to this vulnerability. (boo#1158787)
* CVE-2019-1350: recursive clones may lead to arbitrary remote code executing due to improper quoting of command line arguments. As libgit2 uses libssh2, which does not require us to perform command line parsing, it is not susceptible to this vulnerability. (boo#1158788)
* CVE-2019-1351: Windows provides the ability to substitute drive letters with arbitrary letters, including multi-byte Unicode letters. To fix any potential issues arising from interpreting such paths as relative paths, we have extended detection of DOS drive prefixes to accomodate for such cases. (boo#1158790)
* CVE-2019-1352: by using NTFS-style alternative file streams for the \".git\" directory, it is possible to overwrite parts of the repository. While this has been fixed in the past for Windows, the same vulnerability may also exist on other systems that write to NTFS filesystems. We now reject any paths starting with \".git:\" on all systems. (boo#1158790)
* CVE-2019-1353: by using NTFS-style 8.3 short names, it was possible to write to the \".git\" directory and thus overwrite parts of the repository, leading to possible remote code execution. While this problem was already fixed in the past for Windows, other systems accessing NTFS filesystems are vulnerable to this issue too. We now enable NTFS protecions by default on all systems to fix this attack vector. (boo#1158791)
* CVE-2019-1354: on Windows, backslashes are not a valid part of a filename but are instead interpreted as directory separators. As other platforms allowed to use such paths, it was possible to write such invalid entries into a Git repository and was thus an attack vector to write into the \".git\" dierctory. We now reject any entries starting with \".git\" on all systems. (boo#1158792)
* CVE-2019-1387: it is possible to let a submodule\'s git directory point into a sibling\'s submodule directory, which may result in overwriting parts of the Git repository and thus lead to arbitrary command execution. As libgit2 doesn\'t provide any way to do submodule clones natively, it is not susceptible to this vulnerability. Users of libgit2 that have implemented recursive submodule clones manually are encouraged to review their implementation for this vulnerability. (boo#1158793)
* Wed Dec 11 2019 Andreas Stieger - libgit2 0.28.3:
* A carefully constructed commit object with a very large number of parents may have lead to out-of-bounds writes or potential denial of service (boo#1158981)
  
ICM