diff options
author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-10-06 16:40:54 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-10-11 08:29:16 +0300 |
commit | 67c78c45d846bd794ac123310c4caf63b399d5a5 (patch) | |
tree | ca4ea7eb1c64b1bb4e788f1462871454d150b660 /NOTICE | |
parent | 85c6330bd945fc8aa4562e60b5e175fd7f0f6cb2 (diff) |
Makefile: Upgrade libgit2 to v1.5.0
Upstream has released libgit2 v1.5.0 on July 14th already, but so far we
had been blocked from upgrading as Git2go didn't yet support it. This
has now changed with the release of Git2go v34, so let's upgrade both so
that we run with the latest version.
Notable upstream changes include:
- Initial work on support for SHA256 as object hash.
- Fixes for CVE 2022-24765 and CVE 2022-29187, which could lead to
arbitrary code execution in repositories not owned by the current
user. libgit2 was not directly impacted, but the fixes now align
behaviour with Git and thus refuses to open repositories owned by
a different user.
- Several fixes for MIDX files, which might be beneficial with our
plans to start using them.
- The rename-detection limit for merges was bumped from 200 to 1000
files to match Git's behaviour.
There are many other changes, but due to our limited use of libgit2 most
of them aren't relevant to us.
Diffstat (limited to 'NOTICE')
-rw-r--r-- | NOTICE | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -18695,7 +18695,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -LICENSE - github.com/libgit2/git2go/v33 +LICENSE - github.com/libgit2/git2go/v34 The MIT License Copyright (c) 2013 The git2go contributors |