| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| disable-online-tests.patch | disable-online-tests Skip tests that needs an active internet connection |
Utkarsh Gupta <utkarsh@debian.org> | no | 2022-08-28 | ||
| fix-unit-tests.patch | Fix unit tests | =?utf-8?q?Timo_R=C3=B6hling?= <roehling@debian.org> | no | 2022-08-28 | ||
| handle-bashism.patch | Use bash for shell script with bashisms | =?utf-8?q?Timo_R=C3=B6hling?= <roehling@debian.org> | no | 2022-08-28 | ||
| disable-flaky-stat-tests.patch | Ignore test failures because of stat() | =?utf-8?q?Timo_R=C3=B6hling?= <roehling@debian.org> | no | 2022-08-31 | ||
| backports/CVE-2024-24575.patch | revparse: fix parsing bug for trailing @ When parsing a revspec that ends with a trailing `@`, explicitly stop parsing. Introduce a sentinel variable to explicitly stop parsing. Prior to this, we would set `spec` to `HEAD`, but were looping on the value of `spec[pos]`, so we would continue walking the (new) `spec` at offset `pos`, looking for a NUL. This is obviously an out-of-bounds read. Credit to Michael Rodler (@f0rki) and Amazon AWS Security. |
=?utf-8?q?Timo_R=C3=B6hling?= <roehling@debian.org> | no | debian | upstream, https://github.com/libgit2/libgit2/commit/c9d31b711e8906cf248566f43142f20b03e20cbf | 2024-02-08 |
| backports/CVE-2024-24577.patch | index: correct index has_dir_name check `has_dir_name` is used to check for directory/file collisions, and attempts to determine whether the index contains a file with a directory name that is a proper subset of the new index entry that we're trying to add. To determine directory name, the function would walk the path string backwards to identify a `/`, stopping at the end of the string. However, the function assumed that the strings did not start with a `/`. If the paths contain only a single `/` at the beginning of the string, then the function would continue the loop, erroneously, when they should have stopped at the first character. Correct the order of the tests to terminate properly. Credit to Michael Rodler (@f0rki) and Amazon AWS Security. |
Edward Thomson <ethomson@edwardthomson.com> | no | debian | upstream, https://github.com/libgit2/libgit2/commit/eb4c1716cd92bf56f2770653a915d5fc01eab8f3 | 2023-12-16 |