[Buildroot] [git commit branch/2023.11.x] package/libgit2: security bump to version 1.7.2
Peter Korsgaard
peter at korsgaard.com
Thu Mar 21 20:27:36 UTC 2024
commit: https://git.buildroot.net/buildroot/commit/?id=f423b50a28b8af169c50ad717d54fd18479b31f9
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.11.x
Fixes the following security issues:
- CVE-2024-24575 (infinite loop DoS on revision lookup) and
- CVE-2024-24577 (heap out of bound write on index update)
https://github.com/libgit2/libgit2/releases/tag/v1.7.2
Signed-off-by: Nicolas Cavallari <nicolas.cavallari at green-communications.fr>
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit b7eb1dcbb65682b2e800b6523688102ffb4d4821)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/libgit2/libgit2.hash | 2 +-
package/libgit2/libgit2.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libgit2/libgit2.hash b/package/libgit2/libgit2.hash
index 76d599b81e..022fb35a9c 100644
--- a/package/libgit2/libgit2.hash
+++ b/package/libgit2/libgit2.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 17d2b292f21be3892b704dddff29327b3564f96099a1c53b00edc23160c71327 libgit2-1.7.1.tar.gz
+sha256 de384e29d7efc9330c6cdb126ebf88342b5025d920dcb7c645defad85195ea7f libgit2-1.7.2.tar.gz
sha256 6f3c2cd59b057e366c1acc073b038135c52d77892bb33bd4d931c5369d3f062b COPYING
diff --git a/package/libgit2/libgit2.mk b/package/libgit2/libgit2.mk
index 92563d24bb..16934e5391 100644
--- a/package/libgit2/libgit2.mk
+++ b/package/libgit2/libgit2.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBGIT2_VERSION = 1.7.1
+LIBGIT2_VERSION = 1.7.2
LIBGIT2_SITE = $(call github,libgit2,libgit2,v$(LIBGIT2_VERSION))
LIBGIT2_LICENSE = \
GPL-2.0 with linking exception, \
More information about the buildroot
mailing list