On 06/03/18 00:41, Stuart Henderson wrote:
diff below updates to git-2.16.4, ok? I deliberately skipped regen'ing plist so that it can be backported directly to 6.3-stable.
ok benoit@
(someone who actually likes git can update to 2.17.x if appropriate :) 2.16.4 fixes these: * Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting "../" into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235). Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans. * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). and 2.16.3 fixed these: * "git status" after moving a path in the working tree (hence making it appear "removed") and then adding with the -N option (hence making that appear "added") detected it as a rename, but did not report the old and new pathnames correctly. * "git commit --fixup" did not allow "-m<message>" option to be used at the same time; allow it to annotate resulting commit with more text. * When resetting the working tree files recursively, the working tree of submodules are now also reset to match. * Fix for a commented-out code to adjust it to a rather old API change around object ID. * When there are too many changed paths, "git diff" showed a warning message but in the middle of a line. * The http tracing code, often used to debug connection issues, learned to redact potentially sensitive information from its output so that it can be more safely sharable. * Crash fix for a corner case where an error codepath tried to unlock what it did not acquire lock on. * The split-index mode had a few corner case bugs fixed. * Assorted fixes to "git daemon". * Completion of "git merge -s<strategy>" (in contrib/) did not work well in non-C locale. * Workaround for segfault with more recent versions of SVN. * Recently introduced leaks in fsck have been plugged. * Travis CI integration now builds the executable in 'script' phase to follow the established practice, rather than during 'before_script' phase. This allows the CI categorize the failures better ('failed' is project's fault, 'errored' is build environment's). Index: Makefile =================================================================== RCS file: /cvs/ports/devel/git/Makefile,v retrieving revision 1.188 diff -u -p -r1.188 Makefile --- Makefile 15 May 2018 15:15:58 -0000 1.188 +++ Makefile 2 Jun 2018 22:40:51 -0000 @@ -4,7 +4,7 @@ COMMENT-main = GIT - Tree History Storag COMMENT-svn = GIT - subversion interoperability tools COMMENT-x11 = GIT - graphical tools-V = 2.16.2+V = 2.16.4 DISTNAME = git-${V} PKGNAME-main = ${DISTNAME} PKGNAME-svn = git-svn-${V} Index: distinfo =================================================================== RCS file: /cvs/ports/devel/git/distinfo,v retrieving revision 1.142 diff -u -p -r1.142 distinfo --- distinfo 4 Mar 2018 10:31:58 -0000 1.142 +++ distinfo 2 Jun 2018 22:40:51 -0000 @@ -1,4 +1,4 @@ -SHA256 (git-2.16.2.tar.gz) = msxDObeiq0hO6mnXBZIycWgrcFgBUhnPWn5u2N7ltfs= -SHA256 (git-manpages-2.16.2.tar.gz) = b+KA0G24cunG9DWinTBcDRxtaKb6an9aZrSAAT9IP5M= -SIZE (git-2.16.2.tar.gz) = 7282111 -SIZE (git-manpages-2.16.2.tar.gz) = 677458 +SHA256 (git-2.16.4.tar.gz) = 6HCevNo9eTzZM8pVAEgUlZu45vpRi1s39gLZiB5InS4= +SHA256 (git-manpages-2.16.4.tar.gz) = bO4IVtt53t2uRTHG3ibJwJD7PT0OMS/WlX4eH4PJxmI= +SIZE (git-2.16.4.tar.gz) = 7290813 +SIZE (git-manpages-2.16.4.tar.gz) = 678200 Index: patches/patch-Makefile =================================================================== RCS file: /cvs/ports/devel/git/patches/patch-Makefile,v retrieving revision 1.76 diff -u -p -r1.76 patch-Makefile --- patches/patch-Makefile 20 Jan 2018 09:24:57 -0000 1.76 +++ patches/patch-Makefile 2 Jun 2018 22:40:51 -0000 @@ -2,7 +2,7 @@ $OpenBSD: patch-Makefile,v 1.76 2018/01/ Index: Makefile --- Makefile.orig +++ Makefile -@@ -2461,7 +2461,7 @@ export TEST_NO_MALLOC_CHECK +@@ -2463,7 +2463,7 @@ export TEST_NO_MALLOC_CHECK### Testing rules Index: patches/patch-config_mak_uname=================================================================== RCS file: /cvs/ports/devel/git/patches/patch-config_mak_uname,v retrieving revision 1.4 diff -u -p -r1.4 patch-config_mak_uname --- patches/patch-config_mak_uname 2 Dec 2017 15:24:31 -0000 1.4 +++ patches/patch-config_mak_uname 2 Jun 2018 22:40:51 -0000 @@ -5,7 +5,7 @@ OpenBSD wants DIR_HAS_BSD_GROUP_SEMANTIC Index: config.mak.uname --- config.mak.uname.orig +++ config.mak.uname -@@ -212,6 +212,7 @@ endif +@@ -211,6 +211,7 @@ endif ifeq ($(uname_S),OpenBSD) NO_STRCASESTR = YesPlease NO_MEMMEM = YesPlease Index: patches/patch-t_test-lib_sh =================================================================== RCS file: /cvs/ports/devel/git/patches/patch-t_test-lib_sh,v retrieving revision 1.26 diff -u -p -r1.26 patch-t_test-lib_sh --- patches/patch-t_test-lib_sh 20 Jan 2018 09:24:57 -0000 1.26 +++ patches/patch-t_test-lib_sh 2 Jun 2018 22:40:51 -0000 @@ -20,7 +20,7 @@ Index: t/test-lib.sh # if --tee was passed, write the output not only to the terminal, but # additionally to the file test-results/$BASENAME.out, too. case "$GIT_TEST_TEE_STARTED, $* " in -@@ -1035,6 +1040,15 @@ case $uname_s in +@@ -1036,6 +1041,15 @@ case $uname_s in test_set_prereq CYGWIN test_set_prereq SED_STRIPS_CR test_set_prereq GREP_STRIPS_CR
