diff options
author | Li Zhou <li.zhou@windriver.com> | 2020-04-27 17:17:49 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-05-07 17:32:09 +0100 |
commit | 3412c7b7131fb3b94075d5c654df1908701f64a2 (patch) | |
tree | 17c4ee96873fe37302420e14d1716ac0cc32d6df /meta/recipes-devtools/git/git.inc | |
parent | cfcd63e044c66b22fcddcbd55df0c2316fe06051 (diff) | |
download | poky-3412c7b7131fb3b94075d5c654df1908701f64a2.tar.gz |
git: Security Advisory - git - CVE-2020-11008
Backport the 1st -- 9th patches listed by
<https://github.com/git/git/compare/v2.17.4...v2.17.5>
to solve CVE-2020-11008.
Also backport the 2nd -- 4th patches listed by
<https://github.com/git/git/compare/v2.17.3...v2.17.4>
for CVE-2020-5260 (not necessary, and only the 1st patch is necessary
for this CVE), because some of the above 9 patches are based on them.
(From OE-Core rev: 63c7f76912f097cdfb95296778c42887b7336925)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/git/git.inc')
-rw-r--r-- | meta/recipes-devtools/git/git.inc | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc index 176423e972..a0ce1626a1 100644 --- a/meta/recipes-devtools/git/git.inc +++ b/meta/recipes-devtools/git/git.inc | |||
@@ -9,6 +9,18 @@ PROVIDES_append_class-native = " git-replacement-native" | |||
9 | SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ | 9 | SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ |
10 | ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \ | 10 | ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \ |
11 | file://CVE-2020-5260.patch \ | 11 | file://CVE-2020-5260.patch \ |
12 | file://0001-t-lib-credential-use-test_i18ncmp-to-check-stderr.patch \ | ||
13 | file://0002-credential-detect-unrepresentable-values-when-parsin.patch \ | ||
14 | file://0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch \ | ||
15 | file://CVE-2020-11008-1.patch \ | ||
16 | file://CVE-2020-11008-2.patch \ | ||
17 | file://CVE-2020-11008-3.patch \ | ||
18 | file://CVE-2020-11008-4.patch \ | ||
19 | file://CVE-2020-11008-5.patch \ | ||
20 | file://CVE-2020-11008-6.patch \ | ||
21 | file://CVE-2020-11008-7.patch \ | ||
22 | file://CVE-2020-11008-8.patch \ | ||
23 | file://CVE-2020-11008-9.patch \ | ||
12 | " | 24 | " |
13 | 25 | ||
14 | S = "${WORKDIR}/git-${PV}" | 26 | S = "${WORKDIR}/git-${PV}" |