linux/poky.git/meta/recipes-devtools/git, branch mickledore Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=mickledore 2023-06-30T14:07:59+00:00 git: upgrade to 2.39.3 2023-06-30T14:07:59+00:00 Ross Burton ross.burton@arm.com 2023-06-05T15:33:33+00:00 urn:sha1:2eef87a66b0bda2e4cfe8c87cf12af8f7166636f This minor point release fixes CVE-2023-25652 and CVE-2023-29007. (From OE-Core rev: ebe205b32fd959b3d7281ec95ac7f7cf88e37ed2) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 469c28924ab9debe810e3277b27ad936781e7ce5) Signed-off-by: Steve Sakoman <steve@sakoman.com> git: ignore CVE-2023-25815 2023-06-06T14:05:58+00:00 Archana Polampalli archana.polampalli@windriver.com 2023-05-31T09:06:06+00:00 urn:sha1:1236cc74fc6d5ad09bdbb945d667a7a92cdaa983 This is specific to Git-for-Windows. (From OE-Core rev: 0bdeec9951e8e2c4f645475be98b7a0176438c9b) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> git: upgrade 2.39.1 -> 2.39.2 2023-02-20T15:18:30+00:00 Alexander Kanavin alex.kanavin@gmail.com 2023-02-19T19:30:59+00:00 urn:sha1:eb5f230d54b96fd69c6115140733ac4ca480dc17 (From OE-Core rev: 513146bc11e97a6aecb09567253c2ef0aadc09bf) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> git: ignore CVE-2022-41953 2023-02-01T14:05:15+00:00 Ross Burton ross.burton@arm.com 2023-01-30T12:07:08+00:00 urn:sha1:8b4d0c8cb85ffbacf978c66e71d7ff5fabb03e48 This is specific to Git-for-Windows. (From OE-Core rev: c8849af809e0213d43e18e5d01067eeeb61b330d) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> git: upgrade to 2.39.1 2023-02-01T14:05:15+00:00 Ross Burton ross.burton@arm.com 2023-01-30T12:07:07+00:00 urn:sha1:1a9437920a60937547e3d7b92e081111179cbe98 This fixes CVE-2022-41903 and CVE-2022-23521. (From OE-Core rev: 8395d2512c5335635fff3ce2043ac71fe1948c42) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> git: upgrade 2.38.1 -> 2.39.0 2022-12-22T23:05:50+00:00 Wang Mingyu wangmy@fujitsu.com 2022-12-21T02:59:09+00:00 urn:sha1:76091a50098e93f7b253db43e6ad11472b98cbab (From OE-Core rev: 19fab341337c353bc6c8d796f92868d6148229c8) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> make: update 4.3 -> 4.4 2022-11-15T09:38:37+00:00 Alexander Kanavin alex.kanavin@gmail.com 2022-11-14T19:00:54+00:00 urn:sha1:d2b7bf95fccb6c09b1a5d727f01b3c7b7b3de125 Deleted patches: make/0001-makeinst-Do-not-undef-POSIX-on-clang-arm.patch (modified bit removed upstream) make/0001-src-dir.c-fix-buffer-overflow-warning.patch make/0002-w32-compat-dirent.c-follow-header.patch make/0003-posixfcn-fcntl-gnulib-make-emulated.patch (fixed upstream) make/0002-modules-fcntl-allow-being-detected-by-importing-proj.patch (code removed upstream) License-update: formatting (From OE-Core rev: fe9650c1766707067482206a3ed3288ba44c1050) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> git: upgrade 2.37.3 -> 2.38.1 2022-10-26T11:28:40+00:00 Tim Orling ticotimo@gmail.com 2022-10-24T17:07:20+00:00 urn:sha1:6100383cc4695d667137ce278406dea10e241339 Fixes CVE-2022-39260 Git v2.38.1 Release Notes ========================= This release merges the security fix that appears in v2.30.6; see the release notes for that version for details. Excerpt from 2.30.6 release notes: * CVE-2022-39260: An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub. The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau. For 2.38.0 changes, see: https://github.com/git/git/blob/master/Documentation/RelNotes/2.38.0.txt (From OE-Core rev: b304768711374066db320fe87960be81f54a8424) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> git: upgrade 2.37.2 -> 2.37.3 2022-09-17T06:47:07+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2022-09-15T08:21:21+00:00 urn:sha1:5b59f218fd4f8841b89f66fc82878d5a9ed24135 (From OE-Core rev: 75567ae2f18fc93c7ba554e3d95b85fd320c0166) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> git: upgrade 2.37.1 -> 2.37.2 2022-08-21T21:51:42+00:00 Alexander Kanavin alex.kanavin@gmail.com 2022-08-19T07:26:59+00:00 urn:sha1:23afabfa5f8f1534aeb793fb3562f93ca95fdd14 (From OE-Core rev: a9387251165673cbb05e7fbed7a829f1183fe824) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>