[Buildroot] [git commit branch/2019.02.x] package/libgit2: security bump to version 0.27.9

Peter Korsgaard peter at korsgaard.com
Mon Sep 2 14:01:05 UTC 2019


commit: https://git.buildroot.net/buildroot/commit/?id=e017a95431d7f24585081213fa677fd194506798
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2019.02.x

Fixes the following security issues:

    A carefully constructed commit object with a very large number
    of parents may lead to potential out-of-bounds writes or
    potential denial of service.

    The ProgramData configuration file is always read for compatibility
    with Git for Windows and Portable Git installations. The ProgramData
    location is not necessarily writable only by administrators, so we
    now ensure that the configuration file is owned by the administrator
    or the current user.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari at green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
(cherry picked from commit bee5ab6c9d68c7ddb04d64e2ebe714eca882b2f3)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/libgit2/libgit2.hash | 2 +-
 package/libgit2/libgit2.mk   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/libgit2/libgit2.hash b/package/libgit2/libgit2.hash
index 29b829291c..2d06c26d2d 100644
--- a/package/libgit2/libgit2.hash
+++ b/package/libgit2/libgit2.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	8313873d49dc01e8b880ec334d7430ae67496a89aaa8c6e7bbd3affb47a00c76  libgit2-v0.27.8.tar.gz
+sha256	adf17310b590e6e7618f070c742b5ee028aeeed2c60099bc4190c386b5060de1  libgit2-0.27.9.tar.gz
 sha256	d9a8038088df84fde493fa33a0f1e537252eeb9642122aa4b862690197152813  COPYING
diff --git a/package/libgit2/libgit2.mk b/package/libgit2/libgit2.mk
index 6c64aa67c8..25a93d72f3 100644
--- a/package/libgit2/libgit2.mk
+++ b/package/libgit2/libgit2.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-LIBGIT2_VERSION = v0.27.8
-LIBGIT2_SITE = $(call github,libgit2,libgit2,$(LIBGIT2_VERSION))
+LIBGIT2_VERSION = 0.27.9
+LIBGIT2_SITE = $(call github,libgit2,libgit2,v$(LIBGIT2_VERSION))
 LIBGIT2_LICENSE = GPL-2.0 with linking exception
 LIBGIT2_LICENSE_FILES = COPYING
 LIBGIT2_INSTALL_STAGING = YES


More information about the buildroot mailing list