buildroot/package/libgit2, branch 2019.02-op-build OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build 2018-08-08T14:20:10+00:00 libgit2: security bump to version 0.27.4 2018-08-08T14:20:10+00:00 Baruch Siach baruch@tkos.co.il 2018-08-07T05:33:20+00:00 urn:sha1:fffc281e6ecd7c460869e6098b30928334eb8b10 Fixes CVE-2018-10887 and CVE-2018-10888: out-of-bounds reads when reading objects from a packfile. Also fixes out-of-bounds reads when processing smart-protocol "ng" packets (no known CVE yet). Drop upstream patch. Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Reviewed-By: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> libgit2: fix build with LibreSSL 2.7 2018-06-04T20:47:06+00:00 Nicolas Cavallari nicolas.cavallari@green-communications.fr 2018-06-01T15:42:00+00:00 urn:sha1:bd30292bd3b6a979e43095079d13fb94d74bdb34 By using a patch from upstream's master branch. Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> libgit2: bump version to 0.27.1 2018-06-04T20:46:17+00:00 Nicolas Cavallari nicolas.cavallari@green-communications.fr 2018-06-01T15:41:59+00:00 urn:sha1:d1e383d365c0eeb327312823e67c3c2ae92e0e8f Fixes a security vulnerability similar to git's CVE-2018-11235 This release changes some configuration options, so tweak them accordingly. Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> libgit2: do not use a bundled zlib 2018-06-04T20:45:35+00:00 Nicolas Cavallari nicolas.cavallari@green-communications.fr 2018-06-01T15:41:58+00:00 urn:sha1:15c3ffabeaa6bbf26749f7667cbe53eca56c00a0 libgit2 depends on zlib. If libgit2's build system does not find a system zlib, then it compiles a bundled version of it, which is not really great. So instead, add zlib as a mandatory dependency. Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> libgit2: new package 2018-05-20T20:24:37+00:00 Nicolas Cavallari nicolas.cavallari@green-communications.fr 2018-02-14T11:13:51+00:00 urn:sha1:02f6e638c877ebc5b1d142bee077d6a241b99474 Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> [Thomas: - Do not select BR2_PACKAGE_ZLIB, because zlib is an optional dependency. - Handle optional dependencies in a more usual way in libgit2.mk: group the addition in _DEPENDENCIES and in _CONF_OPTS for a given library together. - libgit2 can optionally use libssh2, not libssh. - Add the optional dependency on zlib. - Always pass USE_ICONV=ON, the detection works perfectly fine, with both a C library providing iconv support built-in, and with libiconv. If neither provides iconv, it gets disabled automatically as expected. - Add libiconv as an optional dependency.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>