summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/git/git.inc
diff options
context:
space:
mode:
authorHitendra Prajapati <hprajapati@mvista.com>2023-05-17 12:44:37 +0530
committerSteve Sakoman <steve@sakoman.com>2023-05-25 05:49:26 -1000
commit1824a583fa72cd1debe39cc0cf352171b3a795a3 (patch)
tree1f1f197c88d902d7cf748c05ab1b5c53f73c9015 /meta/recipes-devtools/git/git.inc
parent967c2d41452ccb42fe832837bc96c2719328ec9f (diff)
downloadpoky-1824a583fa72cd1debe39cc0cf352171b3a795a3.tar.gz
git: fix CVE-2023-25652
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. References: https://nvd.nist.gov/vuln/detail/CVE-2023-25652 Upstream-Status: Backport from https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b (From OE-Core rev: 6747482316b8f7839a09bf041d8c11b559f84b44) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/git/git.inc')
-rw-r--r--meta/recipes-devtools/git/git.inc1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc
index 8b864053eb..e64472ea28 100644
--- a/meta/recipes-devtools/git/git.inc
+++ b/meta/recipes-devtools/git/git.inc
@@ -29,6 +29,7 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
29 file://CVE-2023-22490-3.patch \ 29 file://CVE-2023-22490-3.patch \
30 file://CVE-2023-23946.patch \ 30 file://CVE-2023-23946.patch \
31 file://CVE-2023-29007.patch \ 31 file://CVE-2023-29007.patch \
32 file://CVE-2023-25652.patch \
32 " 33 "
33S = "${WORKDIR}/git-${PV}" 34S = "${WORKDIR}/git-${PV}"
34 35