[1/1] package/libgit2: security bump to 1.5.1

Message ID	20230124125528.5801-1-nicolas.cavallari@green-communications.fr
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> From: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> To: buildroot@buildroot.org Date: Tue, 24 Jan 2023 13:55:28 +0100 Message-Id: <20230124125528.5801-1-nicolas.cavallari@green-communications.fr> MIME-Version: 1.0 UI-OutboundReport: notjunk:1;M01:P0:SXmQZo7ysms=;TydNuCWvM4QMLrH4EYNjA1dfkWm Lp7UDxgNEvr+Xnnmrh9I6z7lvn4488dfPdRGmUR+2nXFRmgBBKm0231CG6v+S2Z4+HCg1RM1d vFVdMVOPzJSqule7f0B6+NrWOPeEj3u5ClbP8Z2hSuhRAHzT84SkrusuDmhBJWHkZuW20vRNH th5b37DwNHhJ/+GKe6lCP8E+MIiCN60DBBmGJqG7LNFiLlfYCxi5VwPWtfd28EkREMRsWbdON bDHfoI6wje6xMEJrCe9E16hIIPG/UIIxq8A+rI7OJp5ai08fLEel+NWbhhtCyWzGDUMu1UPGR F+Fd90+MOUFGJb6A7i3iPbGmYTCoSdClVO6CajbJVkeYmNneWOxN6RO1KgacBiNddPpLMYGQS LWjqkyMQJlo0RVhN/1tTJHNE1OF/7/jDY9fsw/SF7GqNp2W7jtHM/Ag7lIi22GgmJVPHmFSvk EwakMljZddxdWmFuVy7Ci3Ned1gTLvqFXNddrLojKAhwcX4mDWAG8k/8YKC9IDkUVCbai0bT2 oORrm8jgmKF34GMf3lSHRaxtKIkj5V6Fvhmsdyy2gZMqy2GWh/5OCcCDoEV+7L6g0aRMC0IME aL7Ly45DjeN253nYrMtb3BoC5cZHZuJEIP8LCcOEkTMfJBmwOKA2EfuQU+Gr2LHDg10n1p10q aCM+Uod5b5byL7I+gf6EVLk5oxFWjkwn+mG9NSr0Pw== Subject: [Buildroot] [PATCH 1/1] package/libgit2: security bump to 1.5.1 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[1/1] package/libgit2: security bump to 1.5.1 \| expand [1/1] package/libgit2: security bump to 1.5.1

Message ID

20230124125528.5801-1-nicolas.cavallari@green-communications.fr

State

Accepted

Headers

From: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
To: buildroot@buildroot.org
Date: Tue, 24 Jan 2023 13:55:28 +0100
Message-Id: <20230124125528.5801-1-nicolas.cavallari@green-communications.fr>
MIME-Version: 1.0
UI-OutboundReport: notjunk:1;M01:P0:SXmQZo7ysms=;TydNuCWvM4QMLrH4EYNjA1dfkWm
 Lp7UDxgNEvr+Xnnmrh9I6z7lvn4488dfPdRGmUR+2nXFRmgBBKm0231CG6v+S2Z4+HCg1RM1d
 vFVdMVOPzJSqule7f0B6+NrWOPeEj3u5ClbP8Z2hSuhRAHzT84SkrusuDmhBJWHkZuW20vRNH
 th5b37DwNHhJ/+GKe6lCP8E+MIiCN60DBBmGJqG7LNFiLlfYCxi5VwPWtfd28EkREMRsWbdON
 bDHfoI6wje6xMEJrCe9E16hIIPG/UIIxq8A+rI7OJp5ai08fLEel+NWbhhtCyWzGDUMu1UPGR
 F+Fd90+MOUFGJb6A7i3iPbGmYTCoSdClVO6CajbJVkeYmNneWOxN6RO1KgacBiNddPpLMYGQS
 LWjqkyMQJlo0RVhN/1tTJHNE1OF/7/jDY9fsw/SF7GqNp2W7jtHM/Ag7lIi22GgmJVPHmFSvk
 EwakMljZddxdWmFuVy7Ci3Ned1gTLvqFXNddrLojKAhwcX4mDWAG8k/8YKC9IDkUVCbai0bT2
 oORrm8jgmKF34GMf3lSHRaxtKIkj5V6Fvhmsdyy2gZMqy2GWh/5OCcCDoEV+7L6g0aRMC0IME
 aL7Ly45DjeN253nYrMtb3BoC5cZHZuJEIP8LCcOEkTMfJBmwOKA2EfuQU+Gr2LHDg10n1p10q
 aCM+Uod5b5byL7I+gf6EVLk5oxFWjkwn+mG9NSr0Pw==
Subject: [Buildroot] [PATCH 1/1] package/libgit2: security bump to 1.5.1
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[1/1] package/libgit2: security bump to 1.5.1 | expand

Commit Message

Nicolas Cavallari Jan. 24, 2023, 12:55 p.m. UTC

Fixes CVE-2023-22742: when compiled with BR2_PACKAGE_LIBSSH2,
libgit2 fails to verify SSH keys by default.

https://github.com/libgit2/libgit2/blob/v1.5.1/docs/changelog.md

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
---
 package/libgit2/libgit2.hash | 2 +-
 package/libgit2/libgit2.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

tested with test-pkg -a with
BR2_PACKAGE_LIBGIT2=y
BR2_PACKAGE_LIBSSH2=y
BR2_PACKAGE_LIBZLIB=y

Comments

Peter Korsgaard Jan. 26, 2023, 1:25 p.m. UTC | #1

>>>>> "Nicolas" == Nicolas Cavallari <nicolas.cavallari@green-communications.fr> writes:

 > Fixes CVE-2023-22742: when compiled with BR2_PACKAGE_LIBSSH2,
 > libgit2 fails to verify SSH keys by default.

 > https://github.com/libgit2/libgit2/blob/v1.5.1/docs/changelog.md

 > Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>

Committed, thanks.

Peter Korsgaard Feb. 5, 2023, 5:09 p.m. UTC | #2

>>>>> "Nicolas" == Nicolas Cavallari <nicolas.cavallari@green-communications.fr> writes:

 > Fixes CVE-2023-22742: when compiled with BR2_PACKAGE_LIBSSH2,
 > libgit2 fails to verify SSH keys by default.

 > https://github.com/libgit2/libgit2/blob/v1.5.1/docs/changelog.md

 > Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>

Committed to 2022.11.x and 2022.02.x, thanks.

diff --git a/package/libgit2/libgit2.hash b/package/libgit2/libgit2.hash
index fb760fd4cc..e834525df5 100644
--- a/package/libgit2/libgit2.hash
+++ b/package/libgit2/libgit2.hash
@@ -1,3 +1,3 @@ 
 # Locally calculated
-sha256  8de872a0f201b33d9522b817c92e14edb4efad18dae95cf156cf240b2efff93e  libgit2-1.5.0.tar.gz
+sha256  7074f1e2697992b82402501182db254fe62d64877b12f6e4c64656516f4cde88  libgit2-1.5.1.tar.gz
 sha256  0fc09da43d666b5b0cf5695defc3100d5cf387936b260ebab37e396d7e0dbc83  COPYING
diff --git a/package/libgit2/libgit2.mk b/package/libgit2/libgit2.mk
index 9409011eb4..c962c8030f 100644
--- a/package/libgit2/libgit2.mk
+++ b/package/libgit2/libgit2.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-LIBGIT2_VERSION = 1.5.0
+LIBGIT2_VERSION = 1.5.1
 LIBGIT2_SITE = $(call github,libgit2,libgit2,v$(LIBGIT2_VERSION))
 LIBGIT2_LICENSE = \
 	GPL-2.0 with linking exception, \

[1/1] package/libgit2: security bump to 1.5.1

Commit Message

Comments

Patch