Update libgit2 to pull in securtiy fixes.
Changelog summary:
- A bug in git_revparse_single is fixed that could cause a Denial of
Service attack. This fixes CVE-2024-24575
- A bug in git_index_add is fixed that could lead to arbitrary code execution.
This fixes CVE-2024-24577
- A bug in the smart transport negotiation could have caused an out-of-bounds
read.
(From OE-Core rev: 7191dcae3853728dbb95c4901c2fdb73f9066a66)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
Bug fixes
-----------
proxy: Return an error for invalid proxy URLs instead of crashing.
ssh: fix known_hosts leak in _git_ssh_setup_conn
repository: make cleanup safe for re-use with grafts
fix: Add missing include for oidarray.
Revert "CMake: Search for ssh2 instead of libssh2."
Compatibility improvements
--------------------------
stransport: macOS: replace errSSLNetworkTimeout, with hard-coded value
(From OE-Core rev: 2f919229df9248b91c4a3be2ea4d267163044978)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
LIB_INSTALL_DIR was removed in libgit2 1.0 when they moved to using
GNUInstallDirs.
BUILD_CLAR is now BUILD_TESTS as of libgit2 1.4.
(From OE-Core rev: 9d321a4abf2ee35647293f5ec7e4c354974b45c6)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade libgit2 to v1.6.3.
The new version now has git_fs_path_basename_r() which is based
on BSD-2-Clause.
(From OE-Core rev: 16e837f16774893246c028f3d4a588bdc5187094)
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The LICENSE did not have complete information.
Some examples of missing license:
Zlib: deps/zlib/
ISC: tests/clar/clar.c
LGPL-2.1-or-later: src/libgit2/xdiff/xdiffi.c
CC0-1.0: src/util/rand.c
(From OE-Core rev: 5560a0e15bd860a59671a66cc76ad1bb7e07c9d1)
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
Validate repository directory ownership (v1.4)
midx: Fix an undefined behavior (left-shift signed overflow)
fetch: support OID refspec without dst
Fix crash when regenerating a patch with unquoted spaces in filename
(From OE-Core rev: bef09c61ee32df214fb8cf6000e0314ff3a38156)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a bugfix release with the following changes:
====================================================
remote: do store the update_tips callback error value
win32: find_system_dirs does not return GIT_ENOTFOUND
(From OE-Core rev: c8f1727fd3f9583e25ac4dab0194b508758d7eaa)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
