Unverified Commit 465bbf88 by Edward Thomson Committed by GitHub

Merge pull request #6270 from libgit2/ethomson/v1.4.3

v1.4.3 release
parents ff85adf0 0e5eff4d
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
cmake_minimum_required(VERSION 3.5.1) cmake_minimum_required(VERSION 3.5.1)
project(libgit2 VERSION "1.4.0" LANGUAGES C) project(libgit2 VERSION "1.4.3" LANGUAGES C)
# Add find modules to the path # Add find modules to the path
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake") set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake")
......
v1.4.3
------
🔒 This is a security release to provide compatibility with git's changes to address [CVE 2022-24765](https://github.blog/2022-04-12-git-security-vulnerability-announced/).
**libgit2 is not directly affected** by this vulnerability, because libgit2 does not directly invoke any executable. But we are providing these changes as a security release for any users that use libgit2 for repository discovery and then _also_ use git on that repository. In this release, we will now validate that the user opening the repository is the same user that owns the on-disk repository. This is to match git's behavior.
In addition, we are providing several correctness fixes where invalid input can lead to a crash. These may prevent possible denial of service attacks. At this time there are not known exploits to these issues.
Full list of changes:
* Validate repository directory ownership (v1.4) by @ethomson in https://github.com/libgit2/libgit2/pull/6267
* midx: Fix an undefined behavior (left-shift signed overflow) by @lhchavez in https://github.com/libgit2/libgit2/pull/6260
* fetch: support OID refspec without dst by @ethomson in https://github.com/libgit2/libgit2/pull/6251
* Fix crash when regenerating a patch with unquoted spaces in filename by @jorio in https://github.com/libgit2/libgit2/pull/6244
All users of the v1.4 release line are recommended to upgrade.
**Full Changelog**: https://github.com/libgit2/libgit2/compare/v1.4.2...v1.4.3
v1.4.2 v1.4.2
------ ------
......
...@@ -7,10 +7,10 @@ ...@@ -7,10 +7,10 @@
#ifndef INCLUDE_git_version_h__ #ifndef INCLUDE_git_version_h__
#define INCLUDE_git_version_h__ #define INCLUDE_git_version_h__
#define LIBGIT2_VERSION "1.4.2" #define LIBGIT2_VERSION "1.4.3"
#define LIBGIT2_VER_MAJOR 1 #define LIBGIT2_VER_MAJOR 1
#define LIBGIT2_VER_MINOR 4 #define LIBGIT2_VER_MINOR 4
#define LIBGIT2_VER_REVISION 2 #define LIBGIT2_VER_REVISION 3
#define LIBGIT2_VER_PATCH 0 #define LIBGIT2_VER_PATCH 0
#define LIBGIT2_SOVERSION "1.4" #define LIBGIT2_SOVERSION "1.4"
......
{ {
"name": "libgit2", "name": "libgit2",
"version": "1.4.0", "version": "1.4.3",
"repo": "https://github.com/libgit2/libgit2", "repo": "https://github.com/libgit2/libgit2",
"description": " A cross-platform, linkable library implementation of Git that you can use in your application.", "description": " A cross-platform, linkable library implementation of Git that you can use in your application.",
"install": "mkdir build && cd build && cmake .. && cmake --build ." "install": "mkdir build && cd build && cmake .. && cmake --build ."
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment