From fffc281e6ecd7c460869e6098b30928334eb8b10 Mon Sep 17 00:00:00 2001
From: Baruch Siach <baruch@tkos.co.il>
Date: Tue, 7 Aug 2018 08:33:20 +0300
Subject: libgit2: security bump to version 0.27.4

Fixes CVE-2018-10887 and CVE-2018-10888: out-of-bounds reads when
reading objects from a packfile.

Also fixes out-of-bounds reads when processing smart-protocol "ng"
packets (no known CVE yet).

Drop upstream patch.

Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-By: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/libgit2/libgit2.hash | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'package/libgit2/libgit2.hash')

diff --git a/package/libgit2/libgit2.hash b/package/libgit2/libgit2.hash
index 43d8f9930e..41ab87bf4d 100644
--- a/package/libgit2/libgit2.hash
+++ b/package/libgit2/libgit2.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	837b11927bc5f64e7f9ab0376f57cfe3ca5aa52ffd2007ac41184b21124fb086  libgit2-v0.27.1.tar.gz
+sha256	0b7ca31cb959ff1b22afa0da8621782afe61f99242bf716c403802ffbdb21d51  libgit2-v0.27.4.tar.gz
 sha256	d9a8038088df84fde493fa33a0f1e537252eeb9642122aa4b862690197152813  COPYING
-- 
cgit v1.2.3