<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools/git, branch nanbield</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=nanbield</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=nanbield'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2023-09-02T17:23:05+00:00</updated>
<entry>
<title>git: upgrade 2.41.0 -&gt; 2.42.0</title>
<updated>2023-09-02T17:23:05+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2023-08-31T02:30:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7fa37228dd42a061949d7ab689e397b3581b51f0'/>
<id>urn:sha1:7fa37228dd42a061949d7ab689e397b3581b51f0</id>
<content type='text'>
(From OE-Core rev: a2524932909680cb3e8ed146f650e7acaa9dbbe7)

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>git: upgrade 2.39.3 -&gt; 2.41.0</title>
<updated>2023-07-25T14:27:33+00:00</updated>
<author>
<name>Trevor Gamblin</name>
<email>tgamblin@baylibre.com</email>
</author>
<published>2023-07-21T16:07:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=915d601b1cc4865fe1804670881805cc86c664e0'/>
<id>urn:sha1:915d601b1cc4865fe1804670881805cc86c664e0</id>
<content type='text'>
Changelog for 2.41.0: https://github.com/git/git/blob/master/Documentation/RelNotes/2.41.0.txt
Changelog for 2.40.0: https://github.com/git/git/blob/master/Documentation/RelNotes/2.40.0.txt

git-add--interactive was removed in 2.40.0 in favor of git add -i, which
caused the AUH upgrade failure as that PERLTOOLS entry was no longer
relevant.

(From OE-Core rev: 60ff9714328ada93029bde6623f64977178a2de0)

Signed-off-by: Trevor Gamblin &lt;tgamblin@baylibre.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS</title>
<updated>2023-07-21T10:52:26+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2023-07-20T07:19:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=c15e506a4674e558922c5a75512ca2b5c296cd44'/>
<id>urn:sha1:c15e506a4674e558922c5a75512ca2b5c296cd44</id>
<content type='text'>
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
  version

(From OE-Core rev: 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Reviewed-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>git: upgrade to 2.39.3</title>
<updated>2023-06-06T06:41:42+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2023-06-05T15:33:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=83d458d9583c80c810526570220abb1f071df0b4'/>
<id>urn:sha1:83d458d9583c80c810526570220abb1f071df0b4</id>
<content type='text'>
This minor point release fixes CVE-2023-25652 and CVE-2023-29007.

(From OE-Core rev: 469c28924ab9debe810e3277b27ad936781e7ce5)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>git: upgrade 2.39.1 -&gt; 2.39.2</title>
<updated>2023-02-20T15:18:30+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2023-02-19T19:30:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=eb5f230d54b96fd69c6115140733ac4ca480dc17'/>
<id>urn:sha1:eb5f230d54b96fd69c6115140733ac4ca480dc17</id>
<content type='text'>
(From OE-Core rev: 513146bc11e97a6aecb09567253c2ef0aadc09bf)

Signed-off-by: Alexander Kanavin &lt;alex@linutronix.de&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>git: ignore CVE-2022-41953</title>
<updated>2023-02-01T14:05:15+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2023-01-30T12:07:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8b4d0c8cb85ffbacf978c66e71d7ff5fabb03e48'/>
<id>urn:sha1:8b4d0c8cb85ffbacf978c66e71d7ff5fabb03e48</id>
<content type='text'>
This is specific to Git-for-Windows.

(From OE-Core rev: c8849af809e0213d43e18e5d01067eeeb61b330d)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>git: upgrade to 2.39.1</title>
<updated>2023-02-01T14:05:15+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2023-01-30T12:07:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1a9437920a60937547e3d7b92e081111179cbe98'/>
<id>urn:sha1:1a9437920a60937547e3d7b92e081111179cbe98</id>
<content type='text'>
This fixes CVE-2022-41903 and CVE-2022-23521.

(From OE-Core rev: 8395d2512c5335635fff3ce2043ac71fe1948c42)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>git: upgrade 2.38.1 -&gt; 2.39.0</title>
<updated>2022-12-22T23:05:50+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2022-12-21T02:59:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=76091a50098e93f7b253db43e6ad11472b98cbab'/>
<id>urn:sha1:76091a50098e93f7b253db43e6ad11472b98cbab</id>
<content type='text'>
(From OE-Core rev: 19fab341337c353bc6c8d796f92868d6148229c8)

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>make: update 4.3 -&gt; 4.4</title>
<updated>2022-11-15T09:38:37+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2022-11-14T19:00:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d2b7bf95fccb6c09b1a5d727f01b3c7b7b3de125'/>
<id>urn:sha1:d2b7bf95fccb6c09b1a5d727f01b3c7b7b3de125</id>
<content type='text'>
Deleted patches:
make/0001-makeinst-Do-not-undef-POSIX-on-clang-arm.patch
(modified bit removed upstream)
make/0001-src-dir.c-fix-buffer-overflow-warning.patch
make/0002-w32-compat-dirent.c-follow-header.patch
make/0003-posixfcn-fcntl-gnulib-make-emulated.patch
(fixed upstream)
make/0002-modules-fcntl-allow-being-detected-by-importing-proj.patch
(code removed upstream)

License-update: formatting

(From OE-Core rev: fe9650c1766707067482206a3ed3288ba44c1050)

Signed-off-by: Alexander Kanavin &lt;alex@linutronix.de&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>git: upgrade 2.37.3 -&gt; 2.38.1</title>
<updated>2022-10-26T11:28:40+00:00</updated>
<author>
<name>Tim Orling</name>
<email>ticotimo@gmail.com</email>
</author>
<published>2022-10-24T17:07:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=6100383cc4695d667137ce278406dea10e241339'/>
<id>urn:sha1:6100383cc4695d667137ce278406dea10e241339</id>
<content type='text'>
Fixes CVE-2022-39260

Git v2.38.1 Release Notes
=========================

This release merges the security fix that appears in v2.30.6; see
the release notes for that version for details.

Excerpt from 2.30.6 release notes:

 * CVE-2022-39260:
   An overly-long command string given to `git shell` can result in
   overflow in `split_cmdline()`, leading to arbitrary heap writes and
   remote code execution when `git shell` is exposed and the directory
   `$HOME/git-shell-commands` exists.

   `git shell` is taught to refuse interactive commands that are
   longer than 4MiB in size. `split_cmdline()` is hardened to reject
   inputs larger than 2GiB.

Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub.
The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau.

For 2.38.0 changes, see:
https://github.com/git/git/blob/master/Documentation/RelNotes/2.38.0.txt

(From OE-Core rev: b304768711374066db320fe87960be81f54a8424)

Signed-off-by: Tim Orling &lt;tim.orling@konsulko.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
