commit libgit2 for openSUSE:Factory

Thu, 14 Jul 2022 07:33:32 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libgit2 for openSUSE:Factory checked 
in at 2022-07-14 16:33:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libgit2 (Old)
 and      /work/SRC/openSUSE:Factory/.libgit2.new.1523 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libgit2"

Thu Jul 14 16:33:17 2022 rev:50 rq:988913 version:1.4.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/libgit2/libgit2.changes  2022-04-16 
00:12:51.297537396 +0200
+++ /work/SRC/openSUSE:Factory/.libgit2.new.1523/libgit2.changes        
2022-07-14 16:33:21.484576446 +0200
@@ -1,0 +2,14 @@
+Tue Jul 12 18:50:16 UTC 2022 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- update to 1.4.4:
+  * Compatibility with git's changes to address CVE 2022-29187. As
+    a follow up to CVE 2022-24765, now not only is the working
+    directory of a non-bare repository examined for its ownership,
+    but the .git directory and the .git file (if present) are also
+    examined for their ownership [boo#1201431]
+  * A fix for compatibility with git's (new) behavior for
+    CVE 2022-24765 allows users on POSIX systems to access a git
+    repository that is owned by them when they are running in sudo
+- enable reproducible builds
+
+-------------------------------------------------------------------

Old:
----
  libgit2-1.4.3.tar.gz

New:
----
  libgit2-1.4.4.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libgit2.spec ++++++
--- /var/tmp/diff_new_pack.CpbY95/_old  2022-07-14 16:33:21.908576844 +0200
+++ /var/tmp/diff_new_pack.CpbY95/_new  2022-07-14 16:33:21.916576851 +0200
@@ -19,7 +19,7 @@
 
 %define sover 1_4
 Name:           libgit2
-Version:        1.4.3
+Version:        1.4.4
 Release:        0
 Summary:        C git library
 License:        GPL-2.0-only WITH GCC-exception-2.0
@@ -69,6 +69,7 @@
 %cmake \
        -DUSE_SSH:BOOL=ON \
        -DREGEX_BACKEND=pcre2 \
+       -DENABLE_REPRODUCIBLE_BUILDS=ON \
        %{nil}
 %cmake_build
 

++++++ libgit2-1.4.3.tar.gz -> libgit2-1.4.4.tar.gz ++++++
++++ 14113 lines of diff (skipped)

Reply via email to