+libgit2 (0.24.2-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+ * Bump Standards-Version to 3.9.8
+ * Add commit-always-initialize-commit-message.patch fixes CVE-2016-8568,
+ CVE-2016-8569
+ * Set debian hardening compile flags.
+ * Force timezone to GMT.
+
+ -- Russell Sim <russell.sim@gmail.com> Sun, 23 Oct 2016 14:30:45 +1100
+
libgit2 (0.24.1-2) unstable; urgency=medium
* Team upload.
python-minimal (>= 2.4.0), pkg-config,
cmake, libz-dev, libcurl4-gnutls-dev,
libssh2-1-dev, libhttp-parser-dev
-Standards-Version: 3.9.7
+Standards-Version: 3.9.8
Homepage: http://libgit2.github.com/
Vcs-Git: https://anonscm.debian.org/cgit/collab-maint/libgit2.git/
Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/libgit2.git/
--- /dev/null
+From a719ef5e6d4a1a8ec53469c7914032ed67922772 Mon Sep 17 00:00:00 2001
+From: Patrick Steinhardt <ps@pks.im>
+Date: Fri, 7 Oct 2016 09:31:41 +0200
+Subject: [PATCH] commit: always initialize commit message
+
+When parsing a commit, we will treat all bytes left after parsing
+the headers as the commit message. When no bytes are left, we
+leave the commit's message uninitialized. While uncommon to have
+a commit without message, this is the right behavior as Git
+unfortunately allows for empty commit messages.
+
+Given that this scenario is so uncommon, most programs acting on
+the commit message will never check if the message is actually
+set, which may lead to errors. To work around the error and not
+lay the burden of checking for empty commit messages to the
+developer, initialize the commit message with an empty string
+when no commit message is given.
+---
+ src/commit.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/commit.c b/src/commit.c
+index 99a8085..76e6dcb 100644
+--- a/src/commit.c
++++ b/src/commit.c
+@@ -459,10 +459,11 @@ int git_commit__parse(void *_commit, git_odb_object *odb_obj)
+ buffer = buffer_start + header_len + 1;
+
+ /* extract commit message */
+- if (buffer <= buffer_end) {
++ if (buffer <= buffer_end)
+ commit->raw_message = git__strndup(buffer, buffer_end - buffer);
+- GITERR_CHECK_ALLOC(commit->raw_message);
+- }
++ else
++ commit->raw_message = git__strdup("");
++ GITERR_CHECK_ALLOC(commit->raw_message);
+
+ return 0;
+
+--
+2.8.1
+
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
TEST_TMPDIR := $(CURDIR)/tmp-test
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
override_dh_auto_configure:
dh_auto_configure --builddirectory=build-debian-release -- \
override_dh_auto_test:
mkdir -p build-debian-release/tmp
- dh_auto_test --builddirectory=build-debian-release
+ TZ=/usr/share/zoneinfo/Etc/GMT dh_auto_test --builddirectory=build-debian-release
mkdir -p build-debian-devel/tmp
- dh_auto_test --builddirectory=build-debian-devel
+ TZ=/usr/share/zoneinfo/Etc/GMT dh_auto_test --builddirectory=build-debian-devel
override_dh_strip:
dh_strip --dbgsym-migration='libgit2-dbg (<< 0.24.0-2~)'
projects / libgit2.git / commitdiff