Package: libgit2 | Debian Sources

Package: libgit2 / 1.5.1+ds-1+deb12u1

Metadata

Package	Version	Patches format
libgit2	1.5.1+ds-1+deb12u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
disable online tests.patch \| (download)	tests/libgit2/CMakeLists.txt \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	disable-online-tests Skip tests that needs an active internet connection
fix unit tests.patch \| (download)	tests/libgit2/CMakeLists.txt \| 2 1 + 1 - 0 ! tests/libgit2/network/url/parse.c \| 67 6 + 61 - 0 ! 2 files changed, 7 insertions(+), 62 deletions(-)	fix unit tests
handle bashism.patch \| (download)	tests/resources/push.sh \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	use bash for shell script with bashisms
disable flaky stat tests.patch \| (download)	tests/libgit2/repo/init.c \| 14 8 + 6 - 0 ! tests/libgit2/repo/template.c \| 19 11 + 8 - 0 ! tests/util/copy.c \| 12 8 + 4 - 0 ! tests/util/mkdir.c \| 2 2 + 0 - 0 ! 4 files changed, 29 insertions(+), 18 deletions(-)	ignore test failures because of stat()
backports/CVE 2024 24575.patch \| (download)	src/libgit2/revparse.c \| 5 4 + 1 - 0 ! 1 file changed, 4 insertions(+), 1 deletion(-)	revparse: fix parsing bug for trailing @ When parsing a revspec that ends with a trailing `@`, explicitly stop parsing. Introduce a sentinel variable to explicitly stop parsing. Prior to this, we would set `spec` to `HEAD`, but were looping on the value of `spec[pos]`, so we would continue walking the (new) `spec` at offset `pos`, looking for a NUL. This is obviously an out-of-bounds read. Credit to Michael Rodler (@f0rki) and Amazon AWS Security. Bug-Debian: https://bugs.debian.org/1063415
backports/CVE 2024 24577.patch \| (download)	src/libgit2/index.c \| 7 5 + 2 - 0 ! 1 file changed, 5 insertions(+), 2 deletions(-)	index: correct index has_dir_name check `has_dir_name` is used to check for directory/file collisions, and attempts to determine whether the index contains a file with a directory name that is a proper subset of the new index entry that we're trying to add. To determine directory name, the function would walk the path string backwards to identify a `/`, stopping at the end of the string. However, the function assumed that the strings did not start with a `/`. If the paths contain only a single `/` at the beginning of the string, then the function would continue the loop, erroneously, when they should have stopped at the first character. Correct the order of the tests to terminate properly. Credit to Michael Rodler (@f0rki) and Amazon AWS Security. Bug-Debian: https://bugs.debian.org/1063416

1