libgit2: upgrade 1.5.0 -> 1.5.1

Fixes: libgit2, when compiled using the optional, included libssh2 backend, fails to verify SSH keys by default. Description: When using an SSH remote with the optional, included libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificate_check field of libgit2's git_remote_callbacks structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Beginning in libgit2 v1.4.5 and v1.5.1, libgit2 will now perform host key checking by default. Users can still override the default behavior using the certificate_check function. The libgit2 security team would like to thank the Julia and Rust security teams for responsibly disclosing this vulnerability and assisting with fixing the vulnerability. (From OE-Core rev: 63cb8eb147088ae171ffa2b6005410742e50e4e6) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f59486310cf33c586671a16cf52862c19c3c4c31) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Alexander Kanavin <alex.kanavin@gmail.com> 2023-02-08 08:21:42 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-02-24 16:41:51 +0000
commit: c4d3f42c7cac91eca77141b04895ee41e6b50694 (patch)
tree: 6caa1afbcc6f719fa25fe748d032745cfa2bdbc3
parent: 4a74d441fecead448e771c4672f478a810ecd658 (diff)
download: poky-c4d3f42c7cac91eca77141b04895ee41e6b50694.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/meta/recipes-support/libgit2/libgit2_1.5.0.bb b/meta/recipes-support/libgit2/libgit2_1.5.1.bb
index ee4d79b11a..59866ce385 100644
--- a/meta/recipes-support/libgit2/libgit2_1.5.0.bb
+++ b/meta/recipes-support/libgit2/libgit2_1.5.1.bb
@@ -5,8 +5,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=112e6bb421dea73cd41de09e777f2d2c"
 DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
-SRC_URI = "git://github.com/libgit2/libgit2.git;branch=main;protocol=https"
+SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.5;protocol=https"
-SRCREV = "fbea439d4b6fc91c6b619d01b85ab3b7746e4c19"
+SRCREV = "42e5db98b963ae503229c63e44e06e439df50e56"
 S = "${WORKDIR}/git"
author	Alexander Kanavin <alex.kanavin@gmail.com>	2023-02-08 08:21:42 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-02-24 16:41:51 +0000
commit	c4d3f42c7cac91eca77141b04895ee41e6b50694 (patch)
tree	6caa1afbcc6f719fa25fe748d032745cfa2bdbc3
parent	4a74d441fecead448e771c4672f478a810ecd658 (diff)
download	poky-c4d3f42c7cac91eca77141b04895ee41e6b50694.tar.gz

diff --git a/meta/recipes-support/libgit2/libgit2_1.5.0.bb b/meta/recipes-support/libgit2/libgit2_1.5.1.bb index ee4d79b11a..59866ce385 100644 --- a/meta/recipes-support/libgit2/libgit2_1.5.0.bb +++ b/meta/recipes-support/libgit2/libgit2_1.5.1.bb
@@ -5,8 +5,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=112e6bb421dea73cd41de09e777f2d2c"
5		5
6	DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"	6	DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
7		7
8	SRC_URI = "git://github.com/libgit2/libgit2.git;branch=main;protocol=https"	8	SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.5;protocol=https"
9	SRCREV = "fbea439d4b6fc91c6b619d01b85ab3b7746e4c19"	9	SRCREV = "42e5db98b963ae503229c63e44e06e439df50e56"
10		10
11	S = "${WORKDIR}/git"	11	S = "${WORKDIR}/git"
12		12