Conversation
|
Thanks for the contribution! Unfortunately we can't verify the commit author(s): Dmitrii Kuragin <d***@A***.com>. One possible solution is to add that email to your GitHub account. Alternatively you can change your commits to another email and force push the change. After getting your commits associated with your GitHub account, sign the Salesforce Inc. Contributor License Agreement and this Pull Request will be revalidated. |
sstepashka
force-pushed
the
upgrade-libgit2
branch
from
05e3a10 to
ddd007e
Compare
|
I believe it also fixes #94 since zlib is a part of libgit2. |
|
@twarit-waikar PTAL? |
|
The decision to upgrade is probably good. I should really fix the CI builds at this point... |
|
@sstepashka Could you rebase this branch? I sent some minor CI changes to make your build checks pass the next time they run after the rebase |
Recently we face a crash with heap corruption and it seems was reported in [CVE-2024-24577](https://nvd.nist.gov/vuln/detail/cve-2024-24577). The upgrade to the latest version fixes the issue for us. Steps: ``` cd vendor rm -rf libgit2 curl -L -O https://github.com/libgit2/libgit2/archive/refs/tags/v1.8.5.tar.gz tar -xzf v1.8.5.tar.gz mv libgit2-1.8.5 libgit2 rm v1.8.5.tar.gz git add libgit2 ```
sstepashka
force-pushed
the
upgrade-libgit2
branch
from
ddd007e to
e3b7654
Compare
|
@twarit-waikar It is done. We just hit the heap corruption crash, that's the main reason for the update. And it seems the heap corrupotion crash and the CVE are the same problem. Updating solved the problem completely. |
|
@twarit-waikar Are we sure this does the right thing? https://github.com/salesforce/p4-fusion/actions/runs/22627294521/workflow?pr=97#L14-L20 |
|
@twarit-waikar friendly ping? |
2 participants
Recently we face a crash with heap corruption and it seems was reported in CVE-2024-24577. The upgrade to the latest version fixes the issue for us.
Steps: