rpms/git-lfs
7
0
Fork 0
Code Issues Pull Requests Releases Activity
Git extension for versioning large files
19 Commits 9 Branches 69 Tags 1.5 MiB
Shell 100%
8add3116c9
Go to file
RHEL Packaging Agent 8add3116c9 Fix CVE-2026-39821 in vendored golang.org/x/net idna package 
Add a minimal targeted patch (Patch3) to fix CVE-2026-39821 in the
vendored golang.org/x/net IDNA package. The patch adds an all-ASCII
rejection check in the process() method so that xn-- labels that
decode to pure ASCII are properly rejected with an A3 error. This
addresses a specification bug in UTS 46 (corrected in revision 33).

The upstream unicode16 version guard was intentionally removed since
RHEL 8 ships Go 1.21 with Unicode 15.0.0, ensuring the fix is
always active.

CVE: CVE-2026-39821
Upstream patches:
 - 8c4c965e02.patch
Resolves: RHEL-183731

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-06-12 11:20:36 +00:00
.fmf re-import sources as agreed with the maintainer 2023-06-29 17:56:36 +02:00
.gitignore Update to version 3.4.1 2024-01-03 10:36:13 +01:00
ci.fmf re-import sources as agreed with the maintainer 2023-06-29 17:56:36 +02:00
gating.yaml Bring gating.yaml over from Brew dist-git 2023-03-10 10:39:26 -08:00
gen-manpages.sh Update to version 3.4.1 2024-01-03 10:36:13 +01:00
git-lfs-3.4.1-cve-2024-53263.patch Backport CVE-2024-53263 fixes 2025-01-17 09:58:54 +01:00
git-lfs-3.4.1-cve-2025-26625.patch Backport CVE-2025-26625 fixes 2025-12-04 09:16:12 +01:00
git-lfs-3.4.1-cve-2026-39821.patch Fix CVE-2026-39821 in vendored golang.org/x/net idna package 2026-06-12 11:20:36 +00:00
git-lfs.spec Fix CVE-2026-39821 in vendored golang.org/x/net idna package 2026-06-12 11:20:36 +00:00
sources Update to version 3.4.1 2024-01-03 10:36:13 +01:00