From 59fba56eb50089bdf77424753a56e08716c01327 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Wed, 30 May 2018 00:06:02 +0100
Subject: [PATCH 1/7] Update libgit2 to v0.27.1 (b0d9952)

---
 LibGit2Sharp/LibGit2Sharp.csproj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/LibGit2Sharp/LibGit2Sharp.csproj b/LibGit2Sharp/LibGit2Sharp.csproj
index fc15f0e2f..6e966a5c9 100644
--- a/LibGit2Sharp/LibGit2Sharp.csproj
+++ b/LibGit2Sharp/LibGit2Sharp.csproj
@@ -32,7 +32,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="LibGit2Sharp.NativeBinaries" Version="[1.0.210]" PrivateAssets="none" />
+    <PackageReference Include="LibGit2Sharp.NativeBinaries" Version="[1.0.217]" PrivateAssets="none" />
     <PackageReference Include="Nerdbank.GitVersioning" Version="2.1.23" PrivateAssets="all" />
     <PackageReference Include="SourceLink.Create.GitHub" Version="2.8.0" PrivateAssets="all" />
     <DotNetCliToolReference Include="dotnet-sourcelink-git" Version="2.8.0" />

From 28a0ab3f09b232f499dcc94656f37c5d118f2db6 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Wed, 30 May 2018 00:11:27 +0100
Subject: [PATCH 2/7] Update release notes for v0.25.1

---
 CHANGES.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 6ec51a0e1..c9b6cba42 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -10,6 +10,28 @@
   - Windows (x86/amd64): <https://ci.appveyor.com/project/libgit2/libgit2sharp>
   - Linux/Mac OS X: <https://travis-ci.org/libgit2/libgit2sharp>
 
+## v0.25.1 - ([diff](https://github.com/libgit2/libgit2sharp/compare/v0.25..v0.25.1))
+
+This is a security release fixing insufficient validation of submodule
+names (CVE-2018-11235, reported by Etienne Stalmans) and disallows
+`.gitmodules` files as symlinks.  This includes [libgit2
+v0.27.1](https://github.com/libgit2/libgit2/releases/tag/v0.27.1),
+whose release notes follow.
+
+While submodule names come from the untrusted `.gitmodules` file, we
+blindly append the name to `$GIT_DIR/modules` to construct the final
+path of the submodule repository. In case the name contains e.g. `../`,
+an adversary would be able to escape your repository and write data at
+arbitrary paths. In accordance with git, we now enforce some rules for
+submodule names which will cause libgit2 to ignore these malicious names.
+
+Adding a symlink as .gitmodules into the index from the workdir or
+checking out such files is not allowed as this can make a Git
+implementation write outside of the repository and bypass the fsck
+checks for CVE-2018-11235.
+
+libgit2 (and LibGit2Sharp) is not susceptible to CVE-2018-11233.
+
 ## v0.25 - ([diff](https://github.com/libgit2/libgit2sharp/compare/v0.24..v0.25))
 
 LibGit2Sharp is now .NET Core 2.0+ and .NET Framework compatible.

From 5199c83d37f7baf5a775eacaffd66322b1d90ef1 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Wed, 30 May 2018 11:48:57 +0100
Subject: [PATCH 3/7] v0.25: update version.json

---
 version.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/version.json b/version.json
index 557aaf883..8e1e46945 100644
--- a/version.json
+++ b/version.json
@@ -1,9 +1,9 @@
 {
   "$schema": "https://raw.githubusercontent.com/AArnott/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-  "version": "0.25.0",
+  "version": "0.25.2",
   "publicReleaseRefSpec": [
-    "^refs/heads/master$", // we release out of master
-    "^refs/heads/v\\d+(?:\\.\\d+)?$" // we also release out of vNN branches
+    "^refs/heads/master$",                  // we release out of master
+    "^refs/heads/maint/v\\d+(?:\\.\\d+)?$"  // and maint/vNN branches
   ],
   "cloudBuild": {
     "buildNumber": {

From 4af76d6dcb8e94a5cf1f00d37f98b81956741327 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Sun, 7 Oct 2018 19:29:14 +0100
Subject: [PATCH 4/7] Update NativeBinaries to 1.0.235

---
 LibGit2Sharp/LibGit2Sharp.csproj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/LibGit2Sharp/LibGit2Sharp.csproj b/LibGit2Sharp/LibGit2Sharp.csproj
index 6e966a5c9..47a520703 100644
--- a/LibGit2Sharp/LibGit2Sharp.csproj
+++ b/LibGit2Sharp/LibGit2Sharp.csproj
@@ -32,7 +32,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="LibGit2Sharp.NativeBinaries" Version="[1.0.217]" PrivateAssets="none" />
+    <PackageReference Include="LibGit2Sharp.NativeBinaries" Version="[1.0.235]" PrivateAssets="none" />
     <PackageReference Include="Nerdbank.GitVersioning" Version="2.1.23" PrivateAssets="all" />
     <PackageReference Include="SourceLink.Create.GitHub" Version="2.8.0" PrivateAssets="all" />
     <DotNetCliToolReference Include="dotnet-sourcelink-git" Version="2.8.0" />

From 2cf2e54b318090776e5e4423758dc4a37ea29c47 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Mon, 8 Oct 2018 11:12:11 +0100
Subject: [PATCH 5/7] Prepare for v0.25.3 release

---
 CHANGES.md   | 10 ++++++++++
 version.json |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index c9b6cba42..bb5149ec0 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -10,6 +10,16 @@
   - Windows (x86/amd64): <https://ci.appveyor.com/project/libgit2/libgit2sharp>
   - Linux/Mac OS X: <https://travis-ci.org/libgit2/libgit2sharp>
 
+## v0.25.3 - ([diff](https://github.com/libgit2/libgit2sharp/compare/v0.25.2..v0.25.3))
+
+This is a security release fixing a number of possible security issues,
+including hardening validation for submodule validation to help protect
+against CVE 2018-17456, and a number of possible errors found by fuzzing
+the libgit2 native library.
+
+This release includes [libgit2
+v0.27.5](https://github.com/libgit2/libgit2/releases/tag/v0.27.5).
+
 ## v0.25.1 - ([diff](https://github.com/libgit2/libgit2sharp/compare/v0.25..v0.25.1))
 
 This is a security release fixing insufficient validation of submodule
diff --git a/version.json b/version.json
index 8e1e46945..d067fdeec 100644
--- a/version.json
+++ b/version.json
@@ -1,6 +1,6 @@
 {
   "$schema": "https://raw.githubusercontent.com/AArnott/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-  "version": "0.25.2",
+  "version": "0.25.3",
   "publicReleaseRefSpec": [
     "^refs/heads/master$",                  // we release out of master
     "^refs/heads/maint/v\\d+(?:\\.\\d+)?$"  // and maint/vNN branches

From 34ab01f4f2d5b5ba240146f7686fe314024e2fcf Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Wed, 28 Nov 2018 14:43:47 -0800
Subject: [PATCH 6/7] Update NativeBinaries to libgit2 0.27.7 (plus transport
 fix)

---
 LibGit2Sharp/LibGit2Sharp.csproj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/LibGit2Sharp/LibGit2Sharp.csproj b/LibGit2Sharp/LibGit2Sharp.csproj
index 47a520703..5cc0bdd16 100644
--- a/LibGit2Sharp/LibGit2Sharp.csproj
+++ b/LibGit2Sharp/LibGit2Sharp.csproj
@@ -32,7 +32,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="LibGit2Sharp.NativeBinaries" Version="[1.0.235]" PrivateAssets="none" />
+    <PackageReference Include="LibGit2Sharp.NativeBinaries" Version="[1.0.252]" PrivateAssets="none" />
     <PackageReference Include="Nerdbank.GitVersioning" Version="2.1.23" PrivateAssets="all" />
     <PackageReference Include="SourceLink.Create.GitHub" Version="2.8.0" PrivateAssets="all" />
     <DotNetCliToolReference Include="dotnet-sourcelink-git" Version="2.8.0" />

From a2c59b7842ac88971fbd47986bd1597738f09416 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Thu, 29 Nov 2018 03:12:04 -0800
Subject: [PATCH 7/7] Prepare for v0.25.4

---
 CHANGES.md   | 7 +++++++
 version.json | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index bb5149ec0..304bd378d 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -10,6 +10,13 @@
   - Windows (x86/amd64): <https://ci.appveyor.com/project/libgit2/libgit2sharp>
   - Linux/Mac OS X: <https://travis-ci.org/libgit2/libgit2sharp>
 
+## v0.25.4 - ([diff](https://github.com/libgit2/libgit2sharp/compare/v0.25.3..v0.25.4))
+
+This is a security and bugfix release that fixes a number of minor
+possible security issues, including possible errors during the parsing
+of commit and tag information.  In addition, a number of performance
+improvements and bugfixes are included in the underlying native library.
+
 ## v0.25.3 - ([diff](https://github.com/libgit2/libgit2sharp/compare/v0.25.2..v0.25.3))
 
 This is a security release fixing a number of possible security issues,
diff --git a/version.json b/version.json
index d067fdeec..0a9443242 100644
--- a/version.json
+++ b/version.json
@@ -1,6 +1,6 @@
 {
   "$schema": "https://raw.githubusercontent.com/AArnott/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-  "version": "0.25.3",
+  "version": "0.25.4",
   "publicReleaseRefSpec": [
     "^refs/heads/master$",                  // we release out of master
     "^refs/heads/maint/v\\d+(?:\\.\\d+)?$"  // and maint/vNN branches

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://github.com/libgit2/libgit2sharp/compare/master...maint/v0.25.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://github.com/libgit2/libgit2sharp/compare/master...maint/v0.25.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://github.com/libgit2/libgit2sharp/compare/master...maint/v0.25.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://github.com/libgit2/libgit2sharp/compare/master...maint/v0.25.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>