Unnamed repository; edit this file 'description' to name the repository. http://cgit.wit.com/jcarr/git2go/atom?h=v0.1.1 2024-12-18T04:04:22Z 2024-12-18T04:04:22Z Jeff Carr jcarr@wit.com 2024-12-18T04:04:22Z urn:sha1:a4ee4aafbc897621e4fc20c53ac9ba3017b1c2fe Signed-off-by: Jeff Carr <jcarr@wit.com> 2024-12-17T21:02:44Z Jeff Carr jcarr@wit.com 2024-12-17T21:02:44Z urn:sha1:cf84056045bde16df39a3218baf8aa46be290554 2024-12-17T21:01:59Z Jeff Carr jcarr@wit.com 2024-12-17T21:01:59Z urn:sha1:585a8dbbe57e3538ad2acaef58c3bf8bb238e000 2024-12-17T19:19:35Z Jeff Carr jcarr@wit.com 2024-12-17T19:19:35Z urn:sha1:d5a0e0056f7c73290bd75e214886c9b57cbd021f 2024-12-16T23:50:57Z Jeff Carr jcarr@wit.com 2024-12-16T23:50:57Z urn:sha1:530f3618a8f4c7d9c8d3981548112439b22e09e7 go install go.wit.com/apps/go-clone@latest go install go.wit.com/apps/go-mod-clean@latest go-clone --recusive go.wit.com/lib/git2go Signed-off-by: Jeff Carr <jcarr@wit.com> 2022-12-09T20:43:11Z Roland Shoemaker roland@golang.org 2022-12-09T20:43:11Z urn:sha1:e65b1c188ccb9b4aa4863ec702c3985c382f53db The golang.org/x/crypto/openpgp library has been deprecated for over a year now (see golang.org/issue/44226, and the deprecation notice in the package documentation). The library is unmaintained and has a number of API and usability issues. ProtonMail maintains a community fork which is actively maintained, and for most cases is a drop-in replacement. This change switches usages of golang.org/x/crypto/openpgp/... with github.com/ProtonMail/go-crypto/openpgp/..., the only other code changes are adding a nil packet.Config to a openpgp.CheckArmoredDetachedSignature call. (This change is part of a wider effort by the Go Security team to remove usages of golang.org/x/crypto/openpgp from the Go ecosystem.) 2022-10-05T01:12:23Z lhchavez lhchavez@lhchavez.com 2022-10-05T01:12:23Z urn:sha1:4b14d29c207e9969ea62a7fe07d490b036c14722 This has been failing for a while because of some changes in `git`. 2022-10-04T14:50:57Z Sanskar Jaiswal hey@aryan.lol 2022-10-04T14:50:57Z urn:sha1:c1ec21d89caa0cdb0aefd6f6b8f95648418a3543 Update libgit2 to v1.5.0. Replace `SmartProxyOptions()` with `SmartRemoteConnectOptions()`. Fixes: https://github.com/libgit2/git2go/issues/899 Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com> Co-authored-by: lhchavez <lhchavez@lhchavez.com> 2022-07-13T11:50:31Z Calin clns@users.noreply.github.com 2022-07-13T11:50:31Z urn:sha1:9db5de109c166aa802b85cfae2dced3c4728a00d This prevents error "read/write on closed pipe". Go's http.client::send() always closes req.Body, so if the first request attempt is unsuccessful, any subsequent requests after calling the `CredentialsCallback` will attempt to read/write on a closed pipe. 2022-04-14T14:09:59Z lhchavez lhchavez@lhchavez.com 2022-04-14T14:09:59Z urn:sha1:7bff4ca7addde8cc54c38f5db1e50fa420189a20 🔒 This is a security release to provide compatibility with git's changes to address [CVE 2022-24765](https://github.blog/2022-04-12-git-security-vulnerability-announced/). libgit2 (and by extension git2go) are not directly affected by this vulnerability, because libgit2 does not directly invoke any executable. But we are providing these changes as a security release for any users that use libgit2 for repository discovery and then also use git on that repository. In this release, we will now validate that the user opening the repository is the same user that owns the on-disk repository. This is to match git's behavior. In addition, we are providing several correctness fixes where invalid input can lead to a crash. These may prevent possible denial of service attacks. At this time there are not known exploits to these issues.